2012-02-08 23:14:28 +01:00
< ? php
class ModelUserImport extends Model {
2012-06-22 15:22:02 +02:00
public function query_remote_users ( $host ) {
2012-02-08 23:14:28 +01:00
$data = array ();
2012-06-22 15:22:02 +02:00
LOGGER ( " running query_remote_users() ... " );
2012-02-08 23:14:28 +01:00
$attrs = array ( " cn " , " mail " , " mailAlternateAddress " , " memberdn " , " memberaddr " );
$mailAttr = 'mail' ;
$mailAttrs = array ( " mail " , " mailalternateaddress " );
$memberAttrs = array ( " memberdn " );
$ldap = new LDAP ( $host [ 'ldap_host' ], $host [ 'ldap_binddn' ], $host [ 'ldap_bindpw' ]);
if ( $ldap -> is_bind_ok () == 0 ) {
LOGGER ( $host [ 'ldap_binddn' ] . " : failed bind to " . $host [ 'ldap_host' ]);
return array ();
}
LOGGER ( $host [ 'ldap_binddn' ] . " : successful bind to " . $host [ 'ldap_host' ]);
LOGGER ( " LDAP type: " . $host [ 'type' ]);
if ( $host [ 'type' ] == " AD " ) {
2012-08-16 14:30:44 +02:00
$attrs = array ( " cn " , " proxyaddresses " , " member " , " mail " );
2012-02-08 23:14:28 +01:00
$mailAttr = " proxyaddresses " ;
2012-08-16 14:30:44 +02:00
$mailAttrs = array ( " mail " , " proxyaddresses " );
2012-02-08 23:14:28 +01:00
$memberAttrs = array ( " member " );
}
$query = $ldap -> query ( $host [ 'ldap_basedn' ], " $mailAttr =* " , $attrs );
LOGGER ( " LDAP query: $mailAttr =* for basedn: " . $host [ 'ldap_basedn' ]);
foreach ( $query -> rows as $result ) {
$emails = " " ;
if ( ! isset ( $result [ 'cn' ]) || ! isset ( $result [ 'dn' ]) ) { continue ; }
foreach ( $mailAttrs as $__mail_attr ) {
if ( isset ( $result [ $__mail_attr ]) ) {
if ( is_array ( $result [ $__mail_attr ]) ) {
for ( $i = 0 ; $i < $result [ $__mail_attr ][ 'count' ]; $i ++ ) {
LOGGER ( " found email entry: " . $result [ 'dn' ] . " => $__mail_attr : " . $result [ $__mail_attr ][ $i ]);
if ( preg_match ( " /^smtp \ :/i " , $result [ $__mail_attr ][ $i ])) {
$emails .= strtolower ( preg_replace ( " /^smtp \ :/i " , " " , $result [ $__mail_attr ][ $i ])) . " \n " ;
}
}
}
else {
LOGGER ( " found email entry: " . $result [ 'dn' ] . " => $__mail_attr : " . $result [ $__mail_attr ]);
$emails .= strtolower ( preg_replace ( " /smtp \ :/i " , " " , $result [ $__mail_attr ])) . " \n " ;
}
}
}
$__emails = explode ( " \n " , $emails );
$members = " " ;
foreach ( $memberAttrs as $__member_attr ) {
if ( isset ( $result [ $__member_attr ]) ) {
if ( is_array ( $result [ $__member_attr ]) ) {
for ( $i = 0 ; $i < $result [ $__member_attr ][ 'count' ]; $i ++ ) {
LOGGER ( " found member entry: " . $result [ 'dn' ] . " => $__member_attr : " . $result [ $__member_attr ][ $i ]);
$members .= $result [ $__member_attr ][ $i ] . " \n " ;
}
}
else {
LOGGER ( " found member entry: " . $result [ 'dn' ] . " => $__member_attr : " . $result [ $__member_attr ]);
$members .= $result [ $__member_attr ] . " \n " ;
}
}
}
$data [] = array (
'username' => preg_replace ( " / \n { 1,} $ / " , " " , $__emails [ 0 ]),
'realname' => $result [ 'cn' ],
'dn' => $result [ 'dn' ],
'emails' => preg_replace ( " / \n { 1,} $ / " , " " , $emails ),
'members' => preg_replace ( " / \n { 1,} $ / " , " " , $members )
);
}
LOGGER ( " found " . count ( $data ) . " users " );
return $data ;
}
2012-06-22 15:22:02 +02:00
public function fill_remote_table ( $host = array (), $domain = '' ) {
2012-02-08 23:14:28 +01:00
if ( $domain == '' ) { return 0 ; }
/*
* if the 't_remote' table has no entry for your domain and we read some users
* let 's put the connection info to the ' t_remote ' table needed for proxying
* the authentication requests
*/
$query = $this -> db -> query ( " SELECT COUNT(*) AS num FROM " . TABLE_REMOTE . " WHERE remotedomain=? " , array ( $domain ));
if ( isset ( $query -> row [ 'num' ])) {
if ( $query -> row [ 'num' ] == 0 ) {
$query = $this -> db -> query ( " INSERT INTO " . TABLE_REMOTE . " (remotedomain, remotehost, basedn, binddn) VALUES(?,?,?,?) " , array ( $domain , $host [ 'ldap_host' ], $host [ 'ldap_basedn' ], $host [ 'ldap_binddn' ]));
}
else {
$query = $this -> db -> query ( " UPDATE " . TABLE_REMOTE . " SET remotehost=?, basedn=?, binddn=? WHERE remotedomain=? " , array ( $host [ 'ldap_host' ], $host [ 'ldap_basedn' ], $host [ 'ldap_binddn' ], $domain ));
}
LOGGER ( " SQL exec: " . $query -> query );
}
return 1 ;
}
2012-06-22 15:22:02 +02:00
public function process_users ( $users = array (), $globals = array ()) {
2012-02-08 23:14:28 +01:00
$late_add = array ();
$uids = array ();
$exclude = array ();
$newuser = 0 ;
$deleteduser = 0 ;
$n = 0 ;
2012-06-22 15:22:02 +02:00
LOGGER ( " running process_users() ... " );
2012-02-08 23:14:28 +01:00
/* build a list of DNs to exclude from the import */
while ( list ( $k , $v ) = each ( $globals )) {
if ( preg_match ( " /^reject_/ " , $k )) {
$exclude [ $v ] = $v ;
}
}
foreach ( $users as $_user ) {
if ( strlen ( $_user [ 'dn' ]) > DN_MAX_LEN ) { LOGGER ( " ERR: too long entry: " . $_user [ 'dn' ]); }
if ( in_array ( $_user [ 'dn' ], $exclude ) ) {
LOGGER ( " excluding from import: " . $_user [ 'dn' ]);
continue ;
}
/* Does this DN exist in the user table ? */
2012-06-22 15:22:02 +02:00
$__user = $this -> model_user_user -> get_user_by_dn ( $_user [ 'dn' ]);
2012-02-08 23:14:28 +01:00
if ( isset ( $__user [ 'uid' ])) {
array_push ( $uids , $__user [ 'uid' ]);
/* if so, then verify the email addresses */
$changed = 0 ;
2012-06-22 15:22:02 +02:00
$emails = $this -> model_user_user -> get_emails_by_uid ( $__user [ 'uid' ]);
2012-02-08 23:14:28 +01:00
/* first let's add the new email addresses */
$ldap_emails = explode ( " \n " , $_user [ 'emails' ]);
$sql_emails = explode ( " \n " , $emails );
foreach ( $ldap_emails as $email ) {
if ( ! in_array ( $email , $sql_emails )) {
2012-06-22 15:22:02 +02:00
$rc = $this -> model_user_user -> add_email ( $__user [ 'uid' ], $email );
2012-02-08 23:14:28 +01:00
$changed ++ ;
/* in case of an error add it to the $late_add array() */
if ( $rc == 0 ) {
$late_add [] = array (
'uid' => $__user [ 'uid' ],
'email' => $email
);
}
}
}
/* delete emails not present in the user's LDAP entry */
foreach ( $sql_emails as $email ) {
if ( ! in_array ( $email , $ldap_emails )) {
2012-06-22 15:22:02 +02:00
$rc = $this -> model_user_user -> remove_email ( $__user [ 'uid' ], $email );
2012-02-08 23:14:28 +01:00
$changed ++ ;
}
}
LOGGER ( $_user [ 'dn' ] . " : exists, changed= $changed " );
if ( $changed > 0 ) { $n ++ ; }
}
else {
/* or add the new user */
$user = $this -> createNewUserArray ( $_user [ 'dn' ], $_user [ 'username' ], $_user [ 'realname' ], $_user [ 'emails' ], $globals );
array_push ( $uids , $user [ 'uid' ]);
2012-06-22 15:22:02 +02:00
$rc = $this -> model_user_user -> add_user ( $user );
2012-02-08 23:14:28 +01:00
if ( $rc == 1 ) { $newuser ++ ; }
}
}
/* add the rest to the email table */
foreach ( $late_add as $new ) {
2012-06-22 15:22:02 +02:00
$rc = $this -> model_user_user -> add_email ( $new [ 'uid' ], $new [ 'email' ]);
2012-02-08 23:14:28 +01:00
if ( $rc == 1 ) { $newuser ++ ; }
}
/* delete accounts not present in the LDAP directory */
if ( count ( $uids ) > 0 ) {
$uidlist = implode ( " ',' " , $uids );
$query = $this -> db -> query ( " SELECT uid, username FROM " . TABLE_USER . " WHERE domain=? AND dn != '*' AND dn LIKE '% " . $globals [ 'ldap_basedn' ] . " ' AND dn is NOT NULL AND uid NOT IN (' $uidlist ') " , array ( $globals [ 'domain' ]) );
foreach ( $query -> rows as $deleted ) {
$deleteduser ++ ;
2012-08-16 14:30:44 +02:00
$this -> model_user_user -> delete_user ( $deleted [ 'uid' ]);
2012-02-08 23:14:28 +01:00
}
}
/* try to add new membership entries */
reset ( $users );
foreach ( $users as $user ) {
if ( $user [ 'members' ]) {
2012-06-22 15:22:02 +02:00
$group = $this -> model_user_user -> get_user_by_dn ( $user [ 'dn' ]);
2012-02-08 23:14:28 +01:00
$members = explode ( " \n " , $user [ 'members' ]);
if ( count ( $members ) > 0 ) {
if ( isset ( $group [ 'uid' ])) {
$query = $this -> db -> query ( " DELETE FROM " . TABLE_EMAIL_LIST . " WHERE gid=? " , array ( $group [ 'uid' ]) );
}
foreach ( $members as $member ) {
if ( validemail ( $member )) {
2012-06-22 15:22:02 +02:00
$__user = $this -> model_user_user -> get_user_by_email ( $member );
2012-02-08 23:14:28 +01:00
} else {
2012-06-22 15:22:02 +02:00
$__user = $this -> model_user_user -> get_user_by_dn ( $member );
2012-02-08 23:14:28 +01:00
}
if ( isset ( $group [ 'uid' ]) && isset ( $__user [ 'uid' ])) {
$query = $this -> db -> query ( " INSERT INTO " . TABLE_EMAIL_LIST . " (uid, gid) VALUES(?,?) " , array (( int ) $__user [ 'uid' ], $group [ 'uid' ]));
}
}
}
}
}
return array ( $newuser , $deleteduser );
}
private function createNewUserArray ( $dn = '' , $username = '' , $realname = '' , $emails = '' , $globals = array ()) {
$user = array ();
2012-06-22 15:22:02 +02:00
$user [ 'uid' ] = $this -> model_user_user -> get_next_uid ();
2012-02-08 23:14:28 +01:00
$user [ 'gid' ] = $globals [ 'gid' ];
$user [ 'email' ] = $emails ;
if ( USE_EMAIL_AS_USERNAME == 1 ) {
$email = explode ( " \n " , $emails );
$user [ 'username' ] = $email [ 0 ];
}
else {
$user [ 'username' ] = $username . $user [ 'uid' ];
}
$user [ 'password' ] = '*' ;
$user [ 'realname' ] = $realname ;
if ( $realname == '' ) { $user [ 'realname' ] = $username ; }
$user [ 'domain' ] = $globals [ 'domain' ];
$user [ 'dn' ] = $dn ;
$user [ 'policy_group' ] = $globals [ 'policy_group' ];
$user [ 'isadmin' ] = 0 ;
$user [ 'whitelist' ] = '' ;
$user [ 'blacklist' ] = '' ;
2012-08-06 14:29:25 +02:00
$user [ 'group' ] = 0 ;
2012-02-08 23:14:28 +01:00
return $user ;
}
2012-06-22 15:22:02 +02:00
public function trash_password ( $users = array ()) {
2012-02-08 23:14:28 +01:00
foreach ( $users as $user ) {
$query = $this -> db -> query ( " UPDATE " . TABLE_USER . " SET password='*' WHERE dn=? " , array ( $user [ 'dn' ]));
$rc = $this -> db -> countAffected ();
LOGGER ( " setting default password for " . $user [ 'dn' ] . " (rc= $rc ) " );
}
}
public function count_email_addresses () {
$query = $this -> db -> query ( " SELECT COUNT(*) AS num FROM " . TABLE_EMAIL );
if ( isset ( $query -> row [ 'num' ])) { return $query -> row [ 'num' ]; }
return 0 ;
}
}
?>