fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-3221

Browse Source
This commit is contained in:
Roly Rudy Gutierrez Pinto
2017-09-12 17:00:06 -04:00
parent 8699650919
commit e28e99d3d7
1 changed files with 245 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
workflow/engine/classes/LdapAdvanced.php
View File

@@ -41,21 +41,17 @@ class LdapAdvanced
* @var Object
*/
private static $instance = null;
private $arrayObjectClassFilter = array(
"user" => "|(objectclass=inetorgperson)(objectclass=organizationalperson)(objectclass=person)(objectclass=user)",
"group" => "|(objectclass=posixgroup)(objectclass=group)(objectclass=groupofuniquenames)",
"department" => "|(objectclass=organizationalunit)"
);
private $arrayAttributes = array(
"ldap" => array("uid" => "uid", "member" => "memberuid"), //OpenLDAP
"ad" => array("uid" => "samaccountname", "member" => "member"), //Active Directory
"ds" => array("uid" => "uid", "member" => "uniquemember") //389 DS
);
private $arrayAttributesForUser = array("dn", "uid", "samaccountname", "givenname", "sn", "cn", "mail", "userprincipalname", "useraccountcontrol", "accountexpires", "manager");
private $frontEnd = false;
private $debug = false;
public $arrayAuthenticationSourceUsersByUid = array();
@@ -64,7 +60,6 @@ class LdapAdvanced
public $arrayDepartmentUsersByUsername = array();
public $arrayGroupUsersByUid = array();
public $arrayGroupUsersByUsername = array();
private $arrayDepartmentUserSynchronizedChecked = array();
private $arrayUserUpdateChecked = array();
@@ -73,6 +68,7 @@ class LdapAdvanced
*/
public function __construct()
{
}
/**
@@ -371,7 +367,6 @@ class LdapAdvanced
unset($arrayCharacter[124]); //|
unset($arrayCharacter[126]); //~
unset($arrayCharacter[127]); //DEL
//Return
return array_unique($arrayCharacter);
} catch (Exception $e) {
@@ -805,13 +800,9 @@ class LdapAdvanced
* @return array Return array data
*/
private function __ldapGroupSynchronizeMembers(
$ldapcnn,
array $arrayAuthSourceData,
$groupUid,
array $arrayGroupLdap,
$memberAttribute,
array $arrayData = []
) {
$ldapcnn, array $arrayAuthSourceData, $groupUid, array $arrayGroupLdap, $memberAttribute, array $arrayData = []
)
{
try {
unset($arrayData['countMembers']);
@@ -862,8 +853,7 @@ class LdapAdvanced
//Progress bar
$this->frontEndShow(
'BAR',
'Groups: ' . $arrayData['i'] . '/' . $arrayData['n'] . ' ' .
'BAR', 'Groups: ' . $arrayData['i'] . '/' . $arrayData['n'] . ' ' .
$this->progressBar($arrayData['totalUser'], $arrayData['countUser'])
);
}
@@ -954,12 +944,7 @@ class LdapAdvanced
}
$arrayData = $this->__ldapGroupSynchronizeMembers(
$ldapcnn,
$arrayAuthenticationSourceData,
$arrayGroupData['GRP_UID'],
$arrayGroupLdap,
$memberAttribute2,
array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
$ldapcnn, $arrayAuthenticationSourceData, $arrayGroupData['GRP_UID'], $arrayGroupLdap, $memberAttribute2, array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
);
$totalUser = $arrayData['totalUser'];
@@ -992,12 +977,7 @@ class LdapAdvanced
}
$arrayData = $this->__ldapGroupSynchronizeMembers(
$ldapcnn,
$arrayAuthenticationSourceData,
$arrayGroupData['GRP_UID'],
$arrayGroupLdap,
$memberAttribute2,
array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
$ldapcnn, $arrayAuthenticationSourceData, $arrayGroupData['GRP_UID'], $arrayGroupLdap, $memberAttribute2, array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
);
$totalUser = $arrayData['totalUser'];
@@ -1098,19 +1078,16 @@ class LdapAdvanced
$usrName = $row["USR_USERNAME"];
$usrUid = $row["USR_UID"];
$userDn = $strUser;
//Get the AuthSource properties
//Check if the dn in the database record matches with the dn for the ldap account
$verifiedUser = $this->searchUserByUid(
$usrName,
$arrayAuthSource["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]
);
try {
$verifiedUser = $this->searchUserByUid($usrName, $arrayAuthSource["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]);
if (empty($verifiedUser) || trim($verifiedUser["sDN"]) == null) {
return -1;
}
$userDn = $strUser;
if ($verifiedUser["sDN"] != $strUser || $setAttributes == 1) {
$userDn = $verifiedUser['sDN'];
@@ -1134,6 +1111,12 @@ class LdapAdvanced
BasePeer::doUpdate($c1, $c2, $con);
}
} catch (Exception $e) {
$context = Bootstrap::getDefaultContextLog();
$context["action"] = "ldapSynchronize";
$context["authSource"] = $arrayAuthSource;
Bootstrap::registerMonolog("ldapSynchronize", 400, $e->getMessage(), $context, $context["workspace"], "processmaker.log");
}
//Check ldap connection for user
$arrayAuthSource["AUTH_ANONYMOUS"] = "0";
@@ -1169,7 +1152,7 @@ class LdapAdvanced
$c1->add(RbacUsersPeer::USR_AUTH_USER_DN, $strUser);
// update set
$c2 = new Criteria("rbac");
$c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $verifiedUser["sDN"]);
$c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $userDn);
$c2->add(RbacUsersPeer::USR_STATUS, $statusRbac);
BasePeer::doUpdate($c1, $c2, $con);
$columnsWf = array();
@@ -1186,7 +1169,7 @@ class LdapAdvanced
}
//Check if the user is in the terminated organizational unit
if ($this->userIsTerminated($usrName, $attributes["AUTH_SOURCE_RETIRED_OU"])) {
if (!empty($verifiedUser) && $this->userIsTerminated($usrName, $attributes["AUTH_SOURCE_RETIRED_OU"])) {
$this->deactivateUser($usrName);
$this->log($ldapcnn, "user $strUser is member of Remove OU, deactivating this user.");
@@ -1261,8 +1244,7 @@ class LdapAdvanced
$attributeUserSet = array();
$attributeSetAdd = array();
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
&& !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"]) && !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
) {
foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"] as $value) {
$attributeSetAdd[] = $value['attributeLdap'];
@@ -1442,8 +1424,7 @@ class LdapAdvanced
$attributeUserSet = array();
$attributeSetAdd = array();
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
&& !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"]) && !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
) {
foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"] as $value) {
$attributeSetAdd[] = $value["attributeLdap"];
@@ -1842,7 +1823,6 @@ class LdapAdvanced
return $terminated;
}
/* activate an user previously deactivated
if user is now in another department, we need the second parameter, the depUid
@@ -1850,6 +1830,7 @@ class LdapAdvanced
@param string optional department DN
@param string optional DepUid
*/
public function activateUser($userUid, $userDn = null, $depUid = null)
{
if (!class_exists('RbacUsers')) {
@@ -2357,7 +2338,6 @@ class LdapAdvanced
* @param <type> $currentDN
* @return <type>
*/
public function getGrpUidIfExistsDN($currentDN)
{
try {
@@ -2539,7 +2519,6 @@ class LdapAdvanced
//If user DO NOT exists in this department.. do:
//If exists with another AuthSource -> impossible
//If exists in another department, but in PM and for this authsource, we need to move it
//$arrayNewUserData = $this->searchUserByUid($arrayUserLdap["sUsername"]);
$arrayNewUserData = $arrayUserLdap;
@@ -2646,7 +2625,6 @@ class LdapAdvanced
//If user DO NOT exists in this group.. do:
//If exists with another AuthSource -> impossible
//If exists in another group, but in PM and for this authsource, we need to move it
//$arrayNewUserData = $this->searchUserByUid($arrayUserLdap["sUsername"]);
$arrayNewUserData = $arrayUserLdap;
@@ -2815,8 +2793,7 @@ class LdapAdvanced
}
} else {
$this->log(
$ldapcnn,
'User is repeated: Username "' . $username .'", DN "' . $arrayUserLdap['dn'] . '"'
$ldapcnn, 'User is repeated: Username "' . $username . '", DN "' . $arrayUserLdap['dn'] . '"'
);
}
@@ -2845,12 +2822,9 @@ class LdapAdvanced
* @return array
*/
private function __ldapUsersUpdateData(
$ldapcnn,
array $arrayAuthSourceData,
$filterUsers,
array $arrayUserUid,
array $arrayData
) {
$ldapcnn, array $arrayAuthSourceData, $filterUsers, array $arrayUserUid, array $arrayData
)
{
try {
$totalUser = $arrayData['totalUser'];
$countUser = $arrayData['countUser'];
@@ -2894,8 +2868,7 @@ class LdapAdvanced
//Progress bar
$this->frontEndShow(
'BAR',
'Update Users data: ' . $countUser . '/' . $totalUser . ' ' . $this->progressBar($totalUser, $countUser)
'BAR', 'Update Users data: ' . $countUser . '/' . $totalUser . ' ' . $this->progressBar($totalUser, $countUser)
);
}
} while ($entry = ldap_next_entry($ldapcnn, $entry));