piler/webui/model/user/import.php

358 lines
11 KiB
PHP
Raw Permalink Normal View History

2012-02-08 23:14:28 +01:00
<?php
class ModelUserImport extends Model {
2012-06-22 15:22:02 +02:00
public function query_remote_users($host) {
2012-02-08 23:14:28 +01:00
$data = array();
2012-06-22 15:22:02 +02:00
LOGGER("running query_remote_users() ...");
2012-02-08 23:14:28 +01:00
$attrs = array("cn", "mail", "mailAlternateAddress", "memberdn", "memberaddr");
$mailAttr = 'mail';
$mailAttrs = array("mail", "mailalternateaddress");
$memberAttrs = array("memberdn");
2013-01-05 16:42:36 +01:00
$filter="$mailAttr=*";
2012-02-08 23:14:28 +01:00
$ldap = new LDAP($host['ldap_host'], $host['ldap_binddn'], $host['ldap_bindpw']);
if($ldap->is_bind_ok() == 0) {
LOGGER($host['ldap_binddn'] . ": failed bind to " . $host['ldap_host']);
return array();
}
LOGGER($host['ldap_binddn'] . ": successful bind to " . $host['ldap_host']);
LOGGER("LDAP type: " . $host['type']);
if($host['type'] == "AD") {
2013-01-05 16:42:36 +01:00
$attrs = array("cn", "samaccountname", "proxyaddresses", "member", "mail", "displayname");
2012-02-08 23:14:28 +01:00
$mailAttr = "proxyaddresses";
2012-08-16 14:30:44 +02:00
$mailAttrs = array("mail", "proxyaddresses");
2012-02-08 23:14:28 +01:00
$memberAttrs = array("member");
2013-01-05 16:42:36 +01:00
$filter="(&(objectClass=user)($mailAttr=*))";
2012-02-08 23:14:28 +01:00
}
2013-01-05 16:42:36 +01:00
$query = $ldap->query($host['ldap_basedn'], $filter, $attrs );
2012-02-08 23:14:28 +01:00
LOGGER("LDAP query: $mailAttr=* for basedn:" . $host['ldap_basedn']);
foreach ($query->rows as $result) {
$emails = "";
if(!isset($result['cn']) || !isset($result['dn']) ) { continue; }
foreach($mailAttrs as $__mail_attr) {
if(isset($result[$__mail_attr]) ) {
if(is_array($result[$__mail_attr]) ) {
for($i = 0; $i < $result[$__mail_attr]['count']; $i++) {
LOGGER("found email entry: " . $result['dn'] . " => $__mail_attr:" . $result[$__mail_attr][$i]);
2013-03-06 20:11:34 +01:00
$emails .= strtolower(preg_replace("/^smtp\:/i", "", $result[$__mail_attr][$i])) . "\n";
2012-02-08 23:14:28 +01:00
}
}
else {
LOGGER("found email entry: " . $result['dn'] . " => $__mail_attr:" . $result[$__mail_attr]);
$emails .= strtolower(preg_replace("/smtp\:/i", "", $result[$__mail_attr])) . "\n";
}
}
}
$__emails = explode("\n", $emails);
$members = "";
foreach($memberAttrs as $__member_attr) {
if(isset($result[$__member_attr]) ) {
if(is_array($result[$__member_attr]) ) {
for($i = 0; $i < $result[$__member_attr]['count']; $i++) {
LOGGER("found member entry: " . $result['dn'] . " => $__member_attr:" . $result[$__member_attr][$i]);
$members .= $result[$__member_attr][$i] . "\n";
}
}
else {
LOGGER("found member entry: " . $result['dn'] . " => $__member_attr:" . $result[$__member_attr]);
$members .= $result[$__member_attr] . "\n";
}
}
}
2013-01-05 16:42:36 +01:00
$realname = '';
if($host['type'] == "AD") {
$realname = $result['displayname'];
} else {
$realname = $result['cn'];
}
2012-02-08 23:14:28 +01:00
$data[] = array(
'username' => preg_replace("/\n{1,}$/", "", $__emails[0]),
2013-01-05 16:42:36 +01:00
'realname' => $realname,
'dn' => $result['dn'],
'samaccountname' => isset($result['samaccountname']) ? $result['samaccountname'] : '',
'emails' => preg_replace("/\n{1,}$/", "", $emails),
'members' => preg_replace("/\n{1,}$/", "", $members)
2012-02-08 23:14:28 +01:00
);
}
LOGGER("found " . count($data) . " users");
return $data;
}
2012-06-22 15:22:02 +02:00
public function fill_remote_table($host = array(), $domain = '') {
2012-02-08 23:14:28 +01:00
if($domain == '') { return 0; }
/*
* if the 't_remote' table has no entry for your domain and we read some users
* let's put the connection info to the 't_remote' table needed for proxying
* the authentication requests
*/
$query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_REMOTE . " WHERE remotedomain=?", array($domain));
if(isset($query->row['num'])) {
if($query->row['num'] == 0) {
$query = $this->db->query("INSERT INTO " . TABLE_REMOTE . " (remotedomain, remotehost, basedn, binddn) VALUES(?,?,?,?)", array($domain, $host['ldap_host'], $host['ldap_basedn'], $host['ldap_binddn']));
}
else {
$query = $this->db->query("UPDATE " . TABLE_REMOTE . " SET remotehost=?, basedn=?, binddn=? WHERE remotedomain=?", array($host['ldap_host'], $host['ldap_basedn'], $host['ldap_binddn'], $domain));
}
LOGGER("SQL exec:" . $query->query);
}
return 1;
}
2012-06-22 15:22:02 +02:00
public function process_users($users = array(), $globals = array()) {
2012-02-08 23:14:28 +01:00
$late_add = array();
$uids = array();
$exclude = array();
$newuser = 0;
$deleteduser = 0;
$n = 0;
2012-06-22 15:22:02 +02:00
LOGGER("running process_users() ...");
2012-02-08 23:14:28 +01:00
/* build a list of DNs to exclude from the import */
foreach($globals as $k => $v) {
2012-02-08 23:14:28 +01:00
if(preg_match("/^reject_/", $k)) {
$exclude[$v] = $v;
}
}
foreach ($users as $_user) {
if(strlen($_user['dn']) > DN_MAX_LEN) { LOGGER("ERR: too long entry: " . $_user['dn']); }
if(in_array($_user['dn'], $exclude) ) {
LOGGER("excluding from import:" . $_user['dn']);
continue;
}
/* Does this DN exist in the user table ? */
2012-06-22 15:22:02 +02:00
$__user = $this->model_user_user->get_user_by_dn($_user['dn']);
2012-02-08 23:14:28 +01:00
if(isset($__user['uid'])) {
array_push($uids, $__user['uid']);
/* if so, then verify the email addresses */
$changed = 0;
2012-06-22 15:22:02 +02:00
$emails = $this->model_user_user->get_emails_by_uid($__user['uid']);
2012-02-08 23:14:28 +01:00
/* first let's add the new email addresses */
$ldap_emails = explode("\n", $_user['emails']);
$sql_emails = explode("\n", $emails);
foreach ($ldap_emails as $email) {
if(!in_array($email, $sql_emails)) {
2012-06-22 15:22:02 +02:00
$rc = $this->model_user_user->add_email($__user['uid'], $email);
2012-02-08 23:14:28 +01:00
$changed++;
/* in case of an error add it to the $late_add array() */
if($rc == 0) {
$late_add[] = array(
'uid' => $__user['uid'],
'email' => $email
);
}
}
}
/* delete emails not present in the user's LDAP entry */
foreach ($sql_emails as $email) {
if(!in_array($email, $ldap_emails)) {
2012-06-22 15:22:02 +02:00
$rc = $this->model_user_user->remove_email($__user['uid'], $email);
2012-02-08 23:14:28 +01:00
$changed++;
}
}
LOGGER($_user['dn'] . ": exists, changed=$changed");
if($changed > 0) { $n++; }
}
else {
/* update DN field if it's an existing user */
if(($cuid = $this->model_user_user->get_uid_by_name($_user['username'])) > 0) {
$this->model_user_user->update_dn_by_uid($cuid, $_user['dn']);
continue;
}
2012-02-08 23:14:28 +01:00
/* or add the new user */
$user = $this->createNewUserArray($_user['dn'], $_user['username'], $_user['realname'], $_user['emails'], $_user['samaccountname'], $globals);
$user['folder'] = '';
2012-02-08 23:14:28 +01:00
array_push($uids, $user['uid']);
2012-06-22 15:22:02 +02:00
$rc = $this->model_user_user->add_user($user);
2012-02-08 23:14:28 +01:00
if($rc == 1) { $newuser++; }
}
}
/* add the rest to the email table */
foreach ($late_add as $new) {
2012-06-22 15:22:02 +02:00
$rc = $this->model_user_user->add_email($new['uid'], $new['email']);
2012-02-08 23:14:28 +01:00
if($rc == 1) { $newuser++; }
}
/* delete accounts not present in the LDAP directory */
if(count($uids) > 0) {
$uidlist = implode("','", $uids);
$query = $this->db->query("SELECT uid, username FROM " . TABLE_USER . " WHERE domain=? AND dn != '*' AND dn LIKE '%" . $globals['ldap_basedn'] . "' AND dn is NOT NULL AND uid NOT IN ('$uidlist')", array($globals['domain']) );
foreach ($query->rows as $deleted) {
$deleteduser++;
2012-08-16 14:30:44 +02:00
$this->model_user_user->delete_user($deleted['uid']);
2012-02-08 23:14:28 +01:00
}
}
/* try to add new membership entries */
reset($users);
foreach ($users as $user) {
if($user['members']) {
2012-06-22 15:22:02 +02:00
$group = $this->model_user_user->get_user_by_dn($user['dn']);
2012-02-08 23:14:28 +01:00
$members = explode("\n", $user['members']);
if(count($members) > 0) {
if(isset($group['uid'])) {
$query = $this->db->query("DELETE FROM " . TABLE_EMAIL_LIST . " WHERE gid=?", array($group['uid']) );
}
foreach ($members as $member) {
if(validemail($member)) {
2012-06-22 15:22:02 +02:00
$__user = $this->model_user_user->get_user_by_email($member);
2012-02-08 23:14:28 +01:00
} else {
2012-06-22 15:22:02 +02:00
$__user = $this->model_user_user->get_user_by_dn($member);
2012-02-08 23:14:28 +01:00
}
if(isset($group['uid']) && isset($__user['uid'])) {
$query = $this->db->query("INSERT INTO " . TABLE_EMAIL_LIST . " (uid, gid) VALUES(?,?)", array((int)$__user['uid'], $group['uid']));
}
}
}
}
}
return array($newuser, $deleteduser);
}
private function createNewUserArray($dn = '', $username = '', $realname = '', $emails = '', $samaccountname = '', $globals = array()) {
2012-02-08 23:14:28 +01:00
$user = array();
2012-06-22 15:22:02 +02:00
$user['uid'] = $this->model_user_user->get_next_uid();
2012-02-08 23:14:28 +01:00
$user['gid'] = $globals['gid'];
$user['email'] = $emails;
if(USE_EMAIL_AS_USERNAME == 1) {
$email = explode("\n", $emails);
$user['username'] = $email[0];
}
else {
$user['username'] = $username . $user['uid'];
}
$user['password'] = '*';
$user['realname'] = $realname;
if($realname == '') { $user['realname'] = $username; }
$user['domain'] = $globals['domain'];
$user['dn'] = $dn;
$user['policy_group'] = $globals['policy_group'];
$user['isadmin'] = 0;
$user['whitelist'] = '';
$user['blacklist'] = '';
2012-08-06 14:29:25 +02:00
$user['group'] = 0;
$user['samaccountname'] = $samaccountname;
2012-02-08 23:14:28 +01:00
return $user;
}
2012-06-22 15:22:02 +02:00
public function trash_password($users = array()) {
2012-02-08 23:14:28 +01:00
foreach ($users as $user) {
$query = $this->db->query("UPDATE " . TABLE_USER . " SET password='*' WHERE dn=?", array($user['dn']));
$rc = $this->db->countAffected();
LOGGER("setting default password for " . $user['dn'] . " (rc=$rc)");
}
}
public function count_email_addresses() {
$query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_EMAIL);
if(isset($query->row['num'])) { return $query->row['num']; }
return 0;
}
}
?>