HOR-3221

workflow/engine/classes/LdapAdvanced.php

@@ -41,21 +41,17 @@ class LdapAdvanced
      * @var Object
      */
     private static $instance = null;
-
     private $arrayObjectClassFilter = array(
         "user" => "|(objectclass=inetorgperson)(objectclass=organizationalperson)(objectclass=person)(objectclass=user)",
         "group" => "|(objectclass=posixgroup)(objectclass=group)(objectclass=groupofuniquenames)",
         "department" => "|(objectclass=organizationalunit)"
     );
-
     private $arrayAttributes = array(
         "ldap" => array("uid" => "uid", "member" => "memberuid"), //OpenLDAP
         "ad" => array("uid" => "samaccountname", "member" => "member"), //Active Directory
         "ds" => array("uid" => "uid", "member" => "uniquemember") //389 DS
     );
-
     private $arrayAttributesForUser = array("dn", "uid", "samaccountname", "givenname", "sn", "cn", "mail", "userprincipalname", "useraccountcontrol", "accountexpires", "manager");
-
     private $frontEnd = false;
     private $debug = false;
     public $arrayAuthenticationSourceUsersByUid = array();
@@ -64,7 +60,6 @@ class LdapAdvanced
     public $arrayDepartmentUsersByUsername = array();
     public $arrayGroupUsersByUid = array();
     public $arrayGroupUsersByUsername = array();
-
     private $arrayDepartmentUserSynchronizedChecked = array();
     private $arrayUserUpdateChecked = array();
 
@@ -73,6 +68,7 @@ class LdapAdvanced
      */
     public function __construct()
     {
+        
     }
 
     /**
@@ -371,7 +367,6 @@ class LdapAdvanced
             unset($arrayCharacter[124]); //|
             unset($arrayCharacter[126]); //~
             unset($arrayCharacter[127]); //DEL
-
             //Return
             return array_unique($arrayCharacter);
         } catch (Exception $e) {
@@ -805,13 +800,9 @@ class LdapAdvanced
      * @return array Return array data
      */
     private function __ldapGroupSynchronizeMembers(
-        $ldapcnn,
+    $ldapcnn, array $arrayAuthSourceData, $groupUid, array $arrayGroupLdap, $memberAttribute, array $arrayData = []
-        array $arrayAuthSourceData,
+    )
-        $groupUid,
+    {
-        array $arrayGroupLdap,
-        $memberAttribute,
-        array $arrayData = []
-    ) {
         try {
             unset($arrayData['countMembers']);
 
@@ -862,8 +853,7 @@ class LdapAdvanced
 
                                 //Progress bar
                                 $this->frontEndShow(
-                                    'BAR',
+                                        'BAR', 'Groups: ' . $arrayData['i'] . '/' . $arrayData['n'] . ' ' .
-                                    'Groups: ' . $arrayData['i'] . '/' . $arrayData['n'] . ' ' .
                                         $this->progressBar($arrayData['totalUser'], $arrayData['countUser'])
                                 );
                             }
@@ -954,12 +944,7 @@ class LdapAdvanced
                         }
 
                         $arrayData = $this->__ldapGroupSynchronizeMembers(
-                            $ldapcnn,
+                                $ldapcnn, $arrayAuthenticationSourceData, $arrayGroupData['GRP_UID'], $arrayGroupLdap, $memberAttribute2, array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
-                            $arrayAuthenticationSourceData,
-                            $arrayGroupData['GRP_UID'],
-                            $arrayGroupLdap,
-                            $memberAttribute2,
-                            array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
                         );
 
                         $totalUser = $arrayData['totalUser'];
@@ -992,12 +977,7 @@ class LdapAdvanced
                                             }
 
                                             $arrayData = $this->__ldapGroupSynchronizeMembers(
-                                                $ldapcnn,
+                                                    $ldapcnn, $arrayAuthenticationSourceData, $arrayGroupData['GRP_UID'], $arrayGroupLdap, $memberAttribute2, array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
-                                                $arrayAuthenticationSourceData,
-                                                $arrayGroupData['GRP_UID'],
-                                                $arrayGroupLdap,
-                                                $memberAttribute2,
-                                                array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
                                             );
 
                                             $totalUser = $arrayData['totalUser'];
@@ -1098,19 +1078,16 @@ class LdapAdvanced
             $usrName = $row["USR_USERNAME"];
             $usrUid = $row["USR_UID"];
 
+            $userDn = $strUser;
+
             //Get the AuthSource properties
             //Check if the dn in the database record matches with the dn for the ldap account
-            $verifiedUser = $this->searchUserByUid(
+            try {
-                $usrName,
+                $verifiedUser = $this->searchUserByUid($usrName, $arrayAuthSource["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]);
-                $arrayAuthSource["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]
-            );
 
                 if (empty($verifiedUser) || trim($verifiedUser["sDN"]) == null) {
                     return -1;
                 }
-
-            $userDn = $strUser;
-
                 if ($verifiedUser["sDN"] != $strUser || $setAttributes == 1) {
                     $userDn = $verifiedUser['sDN'];
 
@@ -1134,6 +1111,12 @@ class LdapAdvanced
 
                     BasePeer::doUpdate($c1, $c2, $con);
                 }
+            } catch (Exception $e) {
+                $context = Bootstrap::getDefaultContextLog();
+                $context["action"] = "ldapSynchronize";
+                $context["authSource"] = $arrayAuthSource;
+                Bootstrap::registerMonolog("ldapSynchronize", 400, $e->getMessage(), $context, $context["workspace"], "processmaker.log");
+            }
 
             //Check ldap connection for user
             $arrayAuthSource["AUTH_ANONYMOUS"] = "0";
@@ -1169,7 +1152,7 @@ class LdapAdvanced
                 $c1->add(RbacUsersPeer::USR_AUTH_USER_DN, $strUser);
                 // update set
                 $c2 = new Criteria("rbac");
-                $c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $verifiedUser["sDN"]);
+                $c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $userDn);
                 $c2->add(RbacUsersPeer::USR_STATUS, $statusRbac);
                 BasePeer::doUpdate($c1, $c2, $con);
                 $columnsWf = array();
@@ -1186,7 +1169,7 @@ class LdapAdvanced
             }
 
             //Check if the user is in the terminated organizational unit
-            if ($this->userIsTerminated($usrName, $attributes["AUTH_SOURCE_RETIRED_OU"])) {
+            if (!empty($verifiedUser) && $this->userIsTerminated($usrName, $attributes["AUTH_SOURCE_RETIRED_OU"])) {
                 $this->deactivateUser($usrName);
                 $this->log($ldapcnn, "user $strUser is member of Remove OU, deactivating this user.");
 
@@ -1261,8 +1244,7 @@ class LdapAdvanced
         $attributeUserSet = array();
         $attributeSetAdd = array();
 
-        if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
+        if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"]) && !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
-            && !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
         ) {
             foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"] as $value) {
                 $attributeSetAdd[] = $value['attributeLdap'];
@@ -1442,8 +1424,7 @@ class LdapAdvanced
             $attributeUserSet = array();
             $attributeSetAdd = array();
 
-            if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
+            if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"]) && !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
-                && !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
             ) {
                 foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"] as $value) {
                     $attributeSetAdd[] = $value["attributeLdap"];
@@ -1842,7 +1823,6 @@ class LdapAdvanced
 
         return $terminated;
     }
-
     /* activate an user previously deactivated
       if user is now in another department, we need the second parameter, the depUid
 
@@ -1850,6 +1830,7 @@ class LdapAdvanced
       @param string optional department DN
       @param string optional DepUid
      */
+
     public function activateUser($userUid, $userDn = null, $depUid = null)
     {
         if (!class_exists('RbacUsers')) {
@@ -2357,7 +2338,6 @@ class LdapAdvanced
      * @param <type> $currentDN
      * @return <type>
      */
-
     public function getGrpUidIfExistsDN($currentDN)
     {
         try {
@@ -2539,7 +2519,6 @@ class LdapAdvanced
                 //If user DO NOT exists in this department.. do:
                 //If exists with another AuthSource -> impossible
                 //If exists in another department, but in PM and for this authsource, we need to move it
-
                 //$arrayNewUserData = $this->searchUserByUid($arrayUserLdap["sUsername"]);
                 $arrayNewUserData = $arrayUserLdap;
 
@@ -2646,7 +2625,6 @@ class LdapAdvanced
                 //If user DO NOT exists in this group.. do:
                 //If exists with another AuthSource -> impossible
                 //If exists in another group, but in PM and for this authsource, we need to move it
-
                 //$arrayNewUserData = $this->searchUserByUid($arrayUserLdap["sUsername"]);
                 $arrayNewUserData = $arrayUserLdap;
 
@@ -2815,8 +2793,7 @@ class LdapAdvanced
                                 }
                             } else {
                                 $this->log(
-                                    $ldapcnn,
+                                        $ldapcnn, 'User is repeated: Username "' . $username . '", DN "' . $arrayUserLdap['dn'] . '"'
-                                    'User is repeated: Username "' . $username .'", DN "' . $arrayUserLdap['dn'] . '"'
                                 );
                             }
 
@@ -2845,12 +2822,9 @@ class LdapAdvanced
      * @return array
      */
     private function __ldapUsersUpdateData(
-        $ldapcnn,
+    $ldapcnn, array $arrayAuthSourceData, $filterUsers, array $arrayUserUid, array $arrayData
-        array $arrayAuthSourceData,
+    )
-        $filterUsers,
+    {
-        array $arrayUserUid,
-        array $arrayData
-    ) {
         try {
             $totalUser = $arrayData['totalUser'];
             $countUser = $arrayData['countUser'];
@@ -2894,8 +2868,7 @@ class LdapAdvanced
 
                             //Progress bar
                             $this->frontEndShow(
-                                'BAR',
+                                    'BAR', 'Update Users data: ' . $countUser . '/' . $totalUser . ' ' . $this->progressBar($totalUser, $countUser)
-                                'Update Users data: ' . $countUser . '/' . $totalUser . ' ' . $this->progressBar($totalUser, $countUser)
                             );
                         }
                     } while ($entry = ldap_next_entry($ldapcnn, $entry));