fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-3221

Browse Source
This commit is contained in:
Roly Rudy Gutierrez Pinto
2017-09-12 17:00:06 -04:00
parent 8699650919
commit e28e99d3d7
1 changed files with 245 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
workflow/engine/classes/LdapAdvanced.php
View File

@@ -41,21 +41,17 @@ class LdapAdvanced
* @var Object
*/
private static $instance = null;
private $arrayObjectClassFilter = array(
"user" => "|(objectclass=inetorgperson)(objectclass=organizationalperson)(objectclass=person)(objectclass=user)",
"group" => "|(objectclass=posixgroup)(objectclass=group)(objectclass=groupofuniquenames)",
"department" => "|(objectclass=organizationalunit)"
);
private $arrayAttributes = array(
"ldap" => array("uid" => "uid", "member" => "memberuid"), //OpenLDAP
"ad" => array("uid" => "samaccountname", "member" => "member"), //Active Directory
"ds" => array("uid" => "uid", "member" => "uniquemember") //389 DS
);
private $arrayAttributesForUser = array("dn", "uid", "samaccountname", "givenname", "sn", "cn", "mail", "userprincipalname", "useraccountcontrol", "accountexpires", "manager");
private $frontEnd = false;
private $debug = false;
public $arrayAuthenticationSourceUsersByUid = array();
@@ -64,7 +60,6 @@ class LdapAdvanced
public $arrayDepartmentUsersByUsername = array();
public $arrayGroupUsersByUid = array();
public $arrayGroupUsersByUsername = array();
private $arrayDepartmentUserSynchronizedChecked = array();
private $arrayUserUpdateChecked = array();
@@ -73,6 +68,7 @@ class LdapAdvanced
*/
public function __construct()
{
}
/**
@@ -299,8 +295,8 @@ class LdapAdvanced
public function progressBar($total, $count)
{
try {
$p = (int)(($count * 100) / $total);
$n = (int)($p / 2);
$p = (int) (($count * 100) / $total);
$n = (int) ($p / 2);
return "[" . str_repeat("|", $n) . str_repeat(" ", 50 - $n) . "] $p%";
} catch (Exception $e) {
@@ -371,7 +367,6 @@ class LdapAdvanced
unset($arrayCharacter[124]); //|
unset($arrayCharacter[126]); //~
unset($arrayCharacter[127]); //DEL
//Return
return array_unique($arrayCharacter);
} catch (Exception $e) {
@@ -459,7 +454,7 @@ class LdapAdvanced
$logFile = PATH_DATA . "log/ldapAdvanced.log";
if (!file_exists($logFile) || is_writable($logFile)) {
$fpt= fopen($logFile, "a");
$fpt = fopen($logFile, "a");
$ldapErrorMsg = "";
$ldapErrorNr = 0;
@@ -517,7 +512,7 @@ class LdapAdvanced
$ldapcnn = ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']);
$ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"] ;
$ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"];
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
@@ -623,7 +618,7 @@ class LdapAdvanced
do {
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : "";
$username = (isset($arrayUserLdap[$uidUserIdentifier])) ? $arrayUserLdap[$uidUserIdentifier] : "";
$countUser++;
@@ -704,11 +699,11 @@ class LdapAdvanced
$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
}
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"])) ? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
$filterUsers = trim($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"]);
$filter = ($filterUsers != "")? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
$filter = ($filterUsers != "") ? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
@@ -748,7 +743,7 @@ class LdapAdvanced
$ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
$filter = ($filterUsers != "")? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
$filter = ($filterUsers != "") ? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
$filter = "(&$filter($uidUserIdentifier=$char*))";
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
@@ -805,13 +800,9 @@ class LdapAdvanced
* @return array Return array data
*/
private function __ldapGroupSynchronizeMembers(
$ldapcnn,
array $arrayAuthSourceData,
$groupUid,
array $arrayGroupLdap,
$memberAttribute,
array $arrayData = []
) {
$ldapcnn, array $arrayAuthSourceData, $groupUid, array $arrayGroupLdap, $memberAttribute, array $arrayData = []
)
{
try {
unset($arrayData['countMembers']);
@@ -820,12 +811,12 @@ class LdapAdvanced
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_USERS_FILTER'] = '';
}
$uidUserIdentifier = (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER']))?
$uidUserIdentifier = (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'])) ?
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] : 'uid';
$filterUsers = trim($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_USERS_FILTER']);
$filter = ($filterUsers != '')? $filterUsers : '(' . $this->arrayObjectClassFilter['user'] . ')';
$filter = ($filterUsers != '') ? $filterUsers : '(' . $this->arrayObjectClassFilter['user'] . ')';
if (isset($arrayGroupLdap[$memberAttribute])) {
if (!is_array($arrayGroupLdap[$memberAttribute])) {
@@ -850,9 +841,9 @@ class LdapAdvanced
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : '';
$username = (isset($arrayUserLdap[$uidUserIdentifier])) ? $arrayUserLdap[$uidUserIdentifier] : '';
$arrayData['countUser']++;
$arrayData['countUser'] ++;
if ((is_array($username) && !empty($username)) || trim($username) != '') {
$arrayData = $this->groupSynchronizeUser(
@@ -862,8 +853,7 @@ class LdapAdvanced
//Progress bar
$this->frontEndShow(
'BAR',
'Groups: ' . $arrayData['i'] . '/' . $arrayData['n'] . ' ' .
'BAR', 'Groups: ' . $arrayData['i'] . '/' . $arrayData['n'] . ' ' .
$this->progressBar($arrayData['totalUser'], $arrayData['countUser'])
);
}
@@ -954,18 +944,13 @@ class LdapAdvanced
}
$arrayData = $this->__ldapGroupSynchronizeMembers(
$ldapcnn,
$arrayAuthenticationSourceData,
$arrayGroupData['GRP_UID'],
$arrayGroupLdap,
$memberAttribute2,
array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
$ldapcnn, $arrayAuthenticationSourceData, $arrayGroupData['GRP_UID'], $arrayGroupLdap, $memberAttribute2, array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
);
$totalUser = $arrayData['totalUser'];
$countUser = $arrayData['countUser'];
$limitMemberRange = (isset($arrayData['countMembers']))? $arrayData['countMembers'] : 0;
$limitMemberRange = (isset($arrayData['countMembers'])) ? $arrayData['countMembers'] : 0;
if ($flagMemberRange) {
for ($start = $limitMemberRange; true; $start += $limitMemberRange) {
@@ -992,12 +977,7 @@ class LdapAdvanced
}
$arrayData = $this->__ldapGroupSynchronizeMembers(
$ldapcnn,
$arrayAuthenticationSourceData,
$arrayGroupData['GRP_UID'],
$arrayGroupLdap,
$memberAttribute2,
array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
$ldapcnn, $arrayAuthenticationSourceData, $arrayGroupData['GRP_UID'], $arrayGroupLdap, $memberAttribute2, array_merge($arrayData, ['totalUser' => $totalUser, 'countUser' => $countUser])
);
$totalUser = $arrayData['totalUser'];
@@ -1098,20 +1078,17 @@ class LdapAdvanced
$usrName = $row["USR_USERNAME"];
$usrUid = $row["USR_UID"];
$userDn = $strUser;
//Get the AuthSource properties
//Check if the dn in the database record matches with the dn for the ldap account
$verifiedUser = $this->searchUserByUid(
$usrName,
$arrayAuthSource["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]
);
try {
$verifiedUser = $this->searchUserByUid($usrName, $arrayAuthSource["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]);
if (empty($verifiedUser) || trim($verifiedUser["sDN"]) == null) {
return -1;
}
$userDn = $strUser;
if ($verifiedUser["sDN"] != $strUser || $setAttributes==1) {
if ($verifiedUser["sDN"] != $strUser || $setAttributes == 1) {
$userDn = $verifiedUser['sDN'];
//Update data
@@ -1134,6 +1111,12 @@ class LdapAdvanced
BasePeer::doUpdate($c1, $c2, $con);
}
} catch (Exception $e) {
$context = Bootstrap::getDefaultContextLog();
$context["action"] = "ldapSynchronize";
$context["authSource"] = $arrayAuthSource;
Bootstrap::registerMonolog("ldapSynchronize", 400, $e->getMessage(), $context, $context["workspace"], "processmaker.log");
}
//Check ldap connection for user
$arrayAuthSource["AUTH_ANONYMOUS"] = "0";
@@ -1169,7 +1152,7 @@ class LdapAdvanced
$c1->add(RbacUsersPeer::USR_AUTH_USER_DN, $strUser);
// update set
$c2 = new Criteria("rbac");
$c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $verifiedUser["sDN"]);
$c2->add(RbacUsersPeer::USR_AUTH_USER_DN, $userDn);
$c2->add(RbacUsersPeer::USR_STATUS, $statusRbac);
BasePeer::doUpdate($c1, $c2, $con);
$columnsWf = array();
@@ -1186,7 +1169,7 @@ class LdapAdvanced
}
//Check if the user is in the terminated organizational unit
if ($this->userIsTerminated($usrName, $attributes["AUTH_SOURCE_RETIRED_OU"])) {
if (!empty($verifiedUser) && $this->userIsTerminated($usrName, $attributes["AUTH_SOURCE_RETIRED_OU"])) {
$this->deactivateUser($usrName);
$this->log($ldapcnn, "user $strUser is member of Remove OU, deactivating this user.");
@@ -1203,7 +1186,7 @@ class LdapAdvanced
$this->log($ldapcnn, "failure authentication for user $strUser");
}
return $validUserPass ;
return $validUserPass;
}
/**
@@ -1217,17 +1200,17 @@ class LdapAdvanced
public function getUserDataFromAttribute($username, array $arrayAttributes)
{
try {
$keyMail = (isset($arrayAttributes["mail"]))? "mail" : ((isset($arrayAttributes["userprincipalname"]))? "userprincipalname" : "nomail");
$keyMail = (isset($arrayAttributes["mail"])) ? "mail" : ((isset($arrayAttributes["userprincipalname"])) ? "userprincipalname" : "nomail");
return array(
"sUsername" => trim((is_array($username))? $username[0] : $username),
"sPassword" => trim((isset($arrayAttributes["userpassword"]))? ((is_array($arrayAttributes["userpassword"]))? $arrayAttributes["userpassword"][0] : $arrayAttributes["userpassword"]) : ""),
"sFullname" => trim((isset($arrayAttributes["cn"]))? ((is_array($arrayAttributes["cn"]))? $arrayAttributes["cn"][0] : $arrayAttributes["cn"]) : ""),
"sFirstname" => trim((isset($arrayAttributes["givenname"]))? ((is_array($arrayAttributes["givenname"]))? $arrayAttributes["givenname"][0] : $arrayAttributes["givenname"]) : ""),
"sLastname" => trim((isset($arrayAttributes["sn"]))? ((is_array($arrayAttributes["sn"]))? $arrayAttributes["sn"][0] : $arrayAttributes["sn"]) : ""),
"sEmail" => trim((isset($arrayAttributes[$keyMail]))? ((is_array($arrayAttributes[$keyMail]))? $arrayAttributes[$keyMail][0] : $arrayAttributes[$keyMail]) : ""),
"sUsername" => trim((is_array($username)) ? $username[0] : $username),
"sPassword" => trim((isset($arrayAttributes["userpassword"])) ? ((is_array($arrayAttributes["userpassword"])) ? $arrayAttributes["userpassword"][0] : $arrayAttributes["userpassword"]) : ""),
"sFullname" => trim((isset($arrayAttributes["cn"])) ? ((is_array($arrayAttributes["cn"])) ? $arrayAttributes["cn"][0] : $arrayAttributes["cn"]) : ""),
"sFirstname" => trim((isset($arrayAttributes["givenname"])) ? ((is_array($arrayAttributes["givenname"])) ? $arrayAttributes["givenname"][0] : $arrayAttributes["givenname"]) : ""),
"sLastname" => trim((isset($arrayAttributes["sn"])) ? ((is_array($arrayAttributes["sn"])) ? $arrayAttributes["sn"][0] : $arrayAttributes["sn"]) : ""),
"sEmail" => trim((isset($arrayAttributes[$keyMail])) ? ((is_array($arrayAttributes[$keyMail])) ? $arrayAttributes[$keyMail][0] : $arrayAttributes[$keyMail]) : ""),
"sDN" => trim($arrayAttributes["dn"]),
"sManagerDN" => trim((isset($arrayAttributes["manager"]))? ((is_array($arrayAttributes["manager"]))? $arrayAttributes["manager"][0] : $arrayAttributes["manager"]) : "")
"sManagerDN" => trim((isset($arrayAttributes["manager"])) ? ((is_array($arrayAttributes["manager"])) ? $arrayAttributes["manager"][0] : $arrayAttributes["manager"]) : "")
);
} catch (Exception $e) {
throw $e;
@@ -1247,7 +1230,7 @@ class LdapAdvanced
$countUser = 0;
$keyword = trim(trim($keyword), "*");
$keyword = ($keyword != "")? "*$keyword*" : "*";
$keyword = ($keyword != "") ? "*$keyword*" : "*";
$paged = !is_null($start) && !is_null($limit);
@@ -1261,8 +1244,7 @@ class LdapAdvanced
$attributeUserSet = array();
$attributeSetAdd = array();
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
&& !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"]) && !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
) {
foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"] as $value) {
$attributeSetAdd[] = $value['attributeLdap'];
@@ -1281,11 +1263,11 @@ class LdapAdvanced
$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
}
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"])) ? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
$filterUsers = trim($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"]);
$filter = ($filterUsers != "")? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
$filter = ($filterUsers != "") ? $filterUsers : "(" . $this->arrayObjectClassFilter["user"] . ")";
$filter = "(&$filter(|(dn=$keyword)(uid=$keyword)(samaccountname=$keyword)(givenname=$keyword)(sn=$keyword)(cn=$keyword)(mail=$keyword)(userprincipalname=$keyword)))";
$oSearch = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));
@@ -1300,18 +1282,18 @@ class LdapAdvanced
if ($entries > 0) {
$oEntry = ldap_first_entry($ldapcnn, $oSearch);
$countEntries=0;
$countEntries = 0;
$flagNextRecord = true;
do {
$aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry);
$sUsername = (isset($aAttr[$uidUserIdentifier]))? $aAttr[$uidUserIdentifier] : "";
$sUsername = (isset($aAttr[$uidUserIdentifier])) ? $aAttr[$uidUserIdentifier] : "";
if ((is_array($sUsername) && !empty($sUsername)) || trim($sUsername) != "") {
$countUser++;
/*Active Directory userAccountControl Values
/* Active Directory userAccountControl Values
Normal Day to Day Values:
512 - Enable Account
514 - Disable account
@@ -1373,8 +1355,8 @@ class LdapAdvanced
foreach ($attributeUserSet as $key => $value) {
if ($key == 'USR_STATUS') {
$aUserAttributes[$key] = ($userCountControl != '') ? $userCountControl : 'ACTIVE';
} elseif (isset($aAttr[ $value ])) {
$aUserAttributes[$key] = $aAttr[ $value ];
} elseif (isset($aAttr[$value])) {
$aUserAttributes[$key] = $aAttr[$value];
}
}
@@ -1407,7 +1389,7 @@ class LdapAdvanced
}
//Return
return ($paged)? array("numRecTotal" => $totalUser, "data" => $arrayUser) : $arrayUser;
return ($paged) ? array("numRecTotal" => $totalUser, "data" => $arrayUser) : $arrayUser;
}
/**
@@ -1442,8 +1424,7 @@ class LdapAdvanced
$attributeUserSet = array();
$attributeSetAdd = array();
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
&& !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
if (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"]) && !empty($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"])
) {
foreach ($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_GRID_ATTRIBUTE"] as $value) {
$attributeSetAdd[] = $value["attributeLdap"];
@@ -1451,7 +1432,7 @@ class LdapAdvanced
}
}
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"])) ? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
$filter2 = "";
@@ -1474,7 +1455,7 @@ class LdapAdvanced
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : "";
$username = (isset($arrayUserLdap[$uidUserIdentifier])) ? $arrayUserLdap[$uidUserIdentifier] : "";
if ((is_array($username) && !empty($username)) || trim($username) != "") {
$userCountControl = "";
@@ -1510,7 +1491,7 @@ class LdapAdvanced
foreach ($attributeUserSet as $key => $value) {
if ($key == "USR_STATUS") {
$aUserAttributes[$key] = ($userCountControl != "")? $userCountControl : "ACTIVE";
$aUserAttributes[$key] = ($userCountControl != "") ? $userCountControl : "ACTIVE";
} else {
if (isset($arrayUserLdap[$value])) {
$aUserAttributes[$key] = $arrayUserLdap[$value];
@@ -1589,7 +1570,7 @@ class LdapAdvanced
$aData[$value['attributeUser']] = str_replace("*", "'", $user[$value['attributeUser']]);
if ($value['attributeUser'] == 'USR_STATUS') {
$evalValue = $aData[$value['attributeUser']];
$statusValue = (isset($user['USR_STATUS'])) ? $user['USR_STATUS'] :'ACTIVE';
$statusValue = (isset($user['USR_STATUS'])) ? $user['USR_STATUS'] : 'ACTIVE';
$aData[$value['attributeUser']] = $statusValue;
}
}
@@ -1597,7 +1578,7 @@ class LdapAdvanced
}
//req - accountexpires
if (isset($user["USR_DUE_DATE"]) && $user["USR_DUE_DATE"]!='') {
if (isset($user["USR_DUE_DATE"]) && $user["USR_DUE_DATE"] != '') {
$aData["USR_DUE_DATE"] = $this->convertDateADtoPM($user["USR_DUE_DATE"]);
}
//end
@@ -1693,7 +1674,7 @@ class LdapAdvanced
if (isset($arrayEntryData['ou']) && !is_array($arrayEntryData['ou'])) {
$arrayDepartment[] = [
'dn' => $arrayEntryData['dn'],
'parent' => (isset($unitsEqual[1]))? implode(',', $unitsEqual) : '',
'parent' => (isset($unitsEqual[1])) ? implode(',', $unitsEqual) : '',
'ou' => trim($arrayEntryData['ou']),
'users' => 0
];
@@ -1714,7 +1695,7 @@ class LdapAdvanced
$str .= ' ' . $dep['ou'];
}
$this->log($ldapcnn, 'found '. count($arrayDepartment) . ' departments: ' . $str);
$this->log($ldapcnn, 'found ' . count($arrayDepartment) . ' departments: ' . $str);
//Return
return $arrayDepartment;
@@ -1842,7 +1823,6 @@ class LdapAdvanced
return $terminated;
}
/* activate an user previously deactivated
if user is now in another department, we need the second parameter, the depUid
@@ -1850,10 +1830,11 @@ class LdapAdvanced
@param string optional department DN
@param string optional DepUid
*/
public function activateUser($userUid, $userDn = null, $depUid = null)
{
if (!class_exists('RbacUsers')) {
require_once(PATH_RBAC.'model/RbacUsers.php');
require_once(PATH_RBAC . 'model/RbacUsers.php');
}
$con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME);
@@ -1893,7 +1874,7 @@ class LdapAdvanced
public function deactivateUser($userUid)
{
if (!class_exists('RbacUsers')) {
require_once(PATH_RBAC.'model/RbacUsers.php');
require_once(PATH_RBAC . 'model/RbacUsers.php');
}
$con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME);
@@ -1924,11 +1905,11 @@ class LdapAdvanced
public function getTerminatedOu()
{
if (trim($this->sAuthSource)!='') {
if (trim($this->sAuthSource) != '') {
$rbac = &RBAC::getSingleton();
$aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
$attributes = $aAuthSource['AUTH_SOURCE_DATA'];
$this->sTerminatedOu = isset($attributes['AUTH_SOURCE_RETIRED_OU'])?$attributes['AUTH_SOURCE_RETIRED_OU']:'';
$this->sTerminatedOu = isset($attributes['AUTH_SOURCE_RETIRED_OU']) ? $attributes['AUTH_SOURCE_RETIRED_OU'] : '';
}
return $this->sTerminatedOu;
@@ -1943,7 +1924,7 @@ class LdapAdvanced
*/
public function getAuthSources()
{
require_once(PATH_RBAC.'model/AuthenticationSource.php');
require_once(PATH_RBAC . 'model/AuthenticationSource.php');
$oCriteria = new Criteria('rbac');
$aAuthSources = array();
@@ -1957,7 +1938,7 @@ class LdapAdvanced
$aRow = $oDataset->getRow();
if ($aRow['AUTH_SOURCE_PROVIDER'] == 'ldapAdvanced') {
$aRow["AUTH_SOURCE_DATA"] = ($aRow["AUTH_SOURCE_DATA"] != "")? unserialize($aRow["AUTH_SOURCE_DATA"]) : array();
$aRow["AUTH_SOURCE_DATA"] = ($aRow["AUTH_SOURCE_DATA"] != "") ? unserialize($aRow["AUTH_SOURCE_DATA"]) : array();
$aAuthSources[] = $aRow;
}
@@ -2057,7 +2038,7 @@ class LdapAdvanced
}
if (count($result) >= 1) {
$result[ count($result) -1 ]['DEP_LAST'] = 1;
$result[count($result) - 1]['DEP_LAST'] = 1;
}
return $result;
@@ -2108,7 +2089,7 @@ class LdapAdvanced
{
$aUsers = array(); //empty array is the default result
$attributes = $aAuthSource["AUTH_SOURCE_DATA"];
$this->sTerminatedOu = isset($attributes['AUTH_SOURCE_RETIRED_OU'])? trim($attributes['AUTH_SOURCE_RETIRED_OU']) : '';
$this->sTerminatedOu = isset($attributes['AUTH_SOURCE_RETIRED_OU']) ? trim($attributes['AUTH_SOURCE_RETIRED_OU']) : '';
if ($this->sTerminatedOu == '') {
return $aUsers;
@@ -2128,7 +2109,7 @@ class LdapAdvanced
public function deactiveArrayOfUsers($aUsers)
{
if (!class_exists('RbacUsers')) {
require_once(PATH_RBAC.'model/RbacUsers.php');
require_once(PATH_RBAC . 'model/RbacUsers.php');
}
if (!class_exists('Users')) {
@@ -2343,7 +2324,7 @@ class LdapAdvanced
$str .= ' ' . $group['cn'];
}
$this->log($ldapcnn, 'found '. count($arrayGroup) . ' groups: ' . $str);
$this->log($ldapcnn, 'found ' . count($arrayGroup) . ' groups: ' . $str);
//Return
return $arrayGroup;
@@ -2357,7 +2338,6 @@ class LdapAdvanced
* @param <type> $currentDN
* @return <type>
*/
public function getGrpUidIfExistsDN($currentDN)
{
try {
@@ -2478,8 +2458,8 @@ class LdapAdvanced
public function convertDateADtoPM($dateAD)
{
$unixTimestamp = ($dateAD / 10000000) - 11644560000;
$datePM = date('Y-m-d', mktime(0, 0, 0, date('m'), '01', date('Y') + 2));//(date('Y') + 10)."-12-01";
if ($unixTimestamp >0) {
$datePM = date('Y-m-d', mktime(0, 0, 0, date('m'), '01', date('Y') + 2)); //(date('Y') + 10)."-12-01";
if ($unixTimestamp > 0) {
$dateAux = date("Y-m-d", $unixTimestamp);
$yearAux = date("Y", $unixTimestamp);
if (strlen(trim($yearAux)) <= 4) {
@@ -2531,7 +2511,7 @@ class LdapAdvanced
$userUid = $arrayUserData["USR_UID"];
$found = true;
$arrayData["already"]++;
$arrayData["already"] ++;
$arrayData["alreadyUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
}
@@ -2539,7 +2519,6 @@ class LdapAdvanced
//If user DO NOT exists in this department.. do:
//If exists with another AuthSource -> impossible
//If exists in another department, but in PM and for this authsource, we need to move it
//$arrayNewUserData = $this->searchUserByUid($arrayUserLdap["sUsername"]);
$arrayNewUserData = $arrayUserLdap;
@@ -2560,7 +2539,7 @@ class LdapAdvanced
$this->activateUser($arrayUserData["USR_UID"], $arrayNewUserData["sDN"], $departmentUid);
$arrayData["moved"]++;
$arrayData["moved"] ++;
$arrayData["movedUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
$this->setArrayAuthenticationSourceUser($userUid, $arrayNewUserData); //INITIALIZE DATA //Update User
@@ -2572,14 +2551,14 @@ class LdapAdvanced
//Impossible
$userUid = $arrayUserData["USR_UID"];
$arrayData["impossible"]++;
$arrayData["impossible"] ++;
$arrayData["impossibleUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
} else {
//User not exists
//Create User
$userUid = $this->createUserAndActivate($arrayNewUserData, $departmentUid);
$arrayData["created"]++;
$arrayData["created"] ++;
$arrayData["createdUsers"] .= $arrayNewUserData["sUsername"] . " ";
$this->setArrayAuthenticationSourceUser($userUid, $arrayNewUserData); //INITIALIZE DATA //Add User
@@ -2638,7 +2617,7 @@ class LdapAdvanced
$userUid = $arrayUserData["USR_UID"];
$found = true;
$arrayData["already"]++;
$arrayData["already"] ++;
$arrayData["alreadyUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
}
@@ -2646,7 +2625,6 @@ class LdapAdvanced
//If user DO NOT exists in this group.. do:
//If exists with another AuthSource -> impossible
//If exists in another group, but in PM and for this authsource, we need to move it
//$arrayNewUserData = $this->searchUserByUid($arrayUserLdap["sUsername"]);
$arrayNewUserData = $arrayUserLdap;
@@ -2661,7 +2639,7 @@ class LdapAdvanced
$group->addUserToGroup($groupUid, $userUid);
$arrayData["moved"]++;
$arrayData["moved"] ++;
$arrayData["movedUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
$this->setArrayAuthenticationSourceUser($userUid, $arrayNewUserData); //INITIALIZE DATA //Update User
@@ -2673,7 +2651,7 @@ class LdapAdvanced
//Impossible
$userUid = $arrayUserData["USR_UID"];
$arrayData["impossible"]++;
$arrayData["impossible"] ++;
$arrayData["impossibleUsers"] .= $arrayUserData["USR_USERNAME"] . " ";
} else {
//User not exists
@@ -2682,7 +2660,7 @@ class LdapAdvanced
$group->addUserToGroup($groupUid, $userUid);
$arrayData["created"]++;
$arrayData["created"] ++;
$arrayData["createdUsers"] .= $arrayNewUserData["sUsername"] . " ";
$this->setArrayAuthenticationSourceUser($userUid, $arrayNewUserData); //INITIALIZE DATA //Add User
@@ -2752,7 +2730,7 @@ class LdapAdvanced
}
//Search User from LDAP Server
$uidUserIdentifier = (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER']))?
$uidUserIdentifier = (isset($arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'])) ?
$arrayAuthSourceData['AUTH_SOURCE_DATA']['AUTH_SOURCE_IDENTIFIER_FOR_USER'] : 'uid';
$arrayAttribute = array_merge($this->arrayAttributesForUser, array_values($arrayAttributesToSync));
@@ -2767,10 +2745,10 @@ class LdapAdvanced
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
$username = (isset($arrayUserLdap[$uidUserIdentifier]))? $arrayUserLdap[$uidUserIdentifier] : '';
$username = (isset($arrayUserLdap[$uidUserIdentifier])) ? $arrayUserLdap[$uidUserIdentifier] : '';
if ((is_array($username) && !empty($username)) || trim($username) != '') {
$username = trim((is_array($username))? $username[0] : $username);
$username = trim((is_array($username)) ? $username[0] : $username);
if (isset($arrayUser[$username])) {
if (!isset($this->arrayUserUpdateChecked[$username])) {
@@ -2783,12 +2761,12 @@ class LdapAdvanced
$attributeName = strtolower($value);
if (isset($arrayUserLdap[$attributeName])) {
$ldapAttributeValue = trim((is_array($arrayUserLdap[$attributeName]))? $arrayUserLdap[$attributeName][0] : $arrayUserLdap[$attributeName]);
$ldapAttributeValue = trim((is_array($arrayUserLdap[$attributeName])) ? $arrayUserLdap[$attributeName][0] : $arrayUserLdap[$attributeName]);
switch ($fieldName) {
case 'USR_STATUS':
if ($attributeName == 'useraccountcontrol') {
$ldapAttributeValue = (preg_match('/^(?:' . '512|544|66048|66080' . ')$/', $ldapAttributeValue))? (($arrayUser[$username][$fieldName] == 'VACATION')? 'VACATION' : 'ACTIVE') : 'INACTIVE';
$ldapAttributeValue = (preg_match('/^(?:' . '512|544|66048|66080' . ')$/', $ldapAttributeValue)) ? (($arrayUser[$username][$fieldName] == 'VACATION') ? 'VACATION' : 'ACTIVE') : 'INACTIVE';
}
break;
case 'USR_DUE_DATE':
@@ -2815,8 +2793,7 @@ class LdapAdvanced
}
} else {
$this->log(
$ldapcnn,
'User is repeated: Username "' . $username .'", DN "' . $arrayUserLdap['dn'] . '"'
$ldapcnn, 'User is repeated: Username "' . $username . '", DN "' . $arrayUserLdap['dn'] . '"'
);
}
@@ -2845,12 +2822,9 @@ class LdapAdvanced
* @return array
*/
private function __ldapUsersUpdateData(
$ldapcnn,
array $arrayAuthSourceData,
$filterUsers,
array $arrayUserUid,
array $arrayData
) {
$ldapcnn, array $arrayAuthSourceData, $filterUsers, array $arrayUserUid, array $arrayData
)
{
try {
$totalUser = $arrayData['totalUser'];
$countUser = $arrayData['countUser'];
@@ -2894,8 +2868,7 @@ class LdapAdvanced
//Progress bar
$this->frontEndShow(
'BAR',
'Update Users data: ' . $countUser . '/' . $totalUser . ' ' . $this->progressBar($totalUser, $countUser)
'BAR', 'Update Users data: ' . $countUser . '/' . $totalUser . ' ' . $this->progressBar($totalUser, $countUser)
);
}
} while ($entry = ldap_next_entry($ldapcnn, $entry));
@@ -2939,7 +2912,7 @@ class LdapAdvanced
$limit = $this->__getPageSizeLimitByData($arrayAuthenticationSourceData);
$count = 0;
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"])) ? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
$filterUsers = "";
$arrayUserUid = array();
@@ -3013,7 +2986,7 @@ class LdapAdvanced
$countEntries = ldap_count_entries($ldapcnn, $searchResult);
if ($countEntries > 0) {
$limit = ($countEntries > $limit)? $limit : $countEntries;
$limit = ($countEntries > $limit) ? $limit : $countEntries;
}
}