is_bind_ok() == 0) { LOGGER($host['ldap_binddn'] . ": failed bind to " . $host['ldap_host']); return array(); } LOGGER($host['ldap_binddn'] . ": successful bind to " . $host['ldap_host']); LOGGER("LDAP type: " . $host['type']); if($host['type'] == "AD") { $attrs = array("cn", "samaccountname", "proxyaddresses", "member", "mail"); $mailAttr = "proxyaddresses"; $mailAttrs = array("mail", "proxyaddresses"); $memberAttrs = array("member"); } $query = $ldap->query($host['ldap_basedn'], "$mailAttr=*", $attrs ); LOGGER("LDAP query: $mailAttr=* for basedn:" . $host['ldap_basedn']); foreach ($query->rows as $result) { $emails = ""; if(!isset($result['cn']) || !isset($result['dn']) ) { continue; } foreach($mailAttrs as $__mail_attr) { if(isset($result[$__mail_attr]) ) { if(is_array($result[$__mail_attr]) ) { for($i = 0; $i < $result[$__mail_attr]['count']; $i++) { LOGGER("found email entry: " . $result['dn'] . " => $__mail_attr:" . $result[$__mail_attr][$i]); if(preg_match("/^smtp\:/i", $result[$__mail_attr][$i])) { $emails .= strtolower(preg_replace("/^smtp\:/i", "", $result[$__mail_attr][$i])) . "\n"; } } } else { LOGGER("found email entry: " . $result['dn'] . " => $__mail_attr:" . $result[$__mail_attr]); $emails .= strtolower(preg_replace("/smtp\:/i", "", $result[$__mail_attr])) . "\n"; } } } $__emails = explode("\n", $emails); $members = ""; foreach($memberAttrs as $__member_attr) { if(isset($result[$__member_attr]) ) { if(is_array($result[$__member_attr]) ) { for($i = 0; $i < $result[$__member_attr]['count']; $i++) { LOGGER("found member entry: " . $result['dn'] . " => $__member_attr:" . $result[$__member_attr][$i]); $members .= $result[$__member_attr][$i] . "\n"; } } else { LOGGER("found member entry: " . $result['dn'] . " => $__member_attr:" . $result[$__member_attr]); $members .= $result[$__member_attr] . "\n"; } } } $data[] = array( 'username' => preg_replace("/\n{1,}$/", "", $__emails[0]), 'realname' => $result['cn'], 'dn' => $result['dn'], 'samaccountname' => isset($result['samaccountname']) ? $result['samaccountname'] : '', 'emails' => preg_replace("/\n{1,}$/", "", $emails), 'members' => preg_replace("/\n{1,}$/", "", $members) ); } LOGGER("found " . count($data) . " users"); return $data; } public function fill_remote_table($host = array(), $domain = '') { if($domain == '') { return 0; } /* * if the 't_remote' table has no entry for your domain and we read some users * let's put the connection info to the 't_remote' table needed for proxying * the authentication requests */ $query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_REMOTE . " WHERE remotedomain=?", array($domain)); if(isset($query->row['num'])) { if($query->row['num'] == 0) { $query = $this->db->query("INSERT INTO " . TABLE_REMOTE . " (remotedomain, remotehost, basedn, binddn) VALUES(?,?,?,?)", array($domain, $host['ldap_host'], $host['ldap_basedn'], $host['ldap_binddn'])); } else { $query = $this->db->query("UPDATE " . TABLE_REMOTE . " SET remotehost=?, basedn=?, binddn=? WHERE remotedomain=?", array($host['ldap_host'], $host['ldap_basedn'], $host['ldap_binddn'], $domain)); } LOGGER("SQL exec:" . $query->query); } return 1; } public function process_users($users = array(), $globals = array()) { $late_add = array(); $uids = array(); $exclude = array(); $newuser = 0; $deleteduser = 0; $n = 0; LOGGER("running process_users() ..."); /* build a list of DNs to exclude from the import */ while (list($k, $v) = each($globals)) { if(preg_match("/^reject_/", $k)) { $exclude[$v] = $v; } } foreach ($users as $_user) { if(strlen($_user['dn']) > DN_MAX_LEN) { LOGGER("ERR: too long entry: " . $_user['dn']); } if(in_array($_user['dn'], $exclude) ) { LOGGER("excluding from import:" . $_user['dn']); continue; } /* Does this DN exist in the user table ? */ $__user = $this->model_user_user->get_user_by_dn($_user['dn']); if(isset($__user['uid'])) { array_push($uids, $__user['uid']); /* if so, then verify the email addresses */ $changed = 0; $emails = $this->model_user_user->get_emails_by_uid($__user['uid']); /* first let's add the new email addresses */ $ldap_emails = explode("\n", $_user['emails']); $sql_emails = explode("\n", $emails); foreach ($ldap_emails as $email) { if(!in_array($email, $sql_emails)) { $rc = $this->model_user_user->add_email($__user['uid'], $email); $changed++; /* in case of an error add it to the $late_add array() */ if($rc == 0) { $late_add[] = array( 'uid' => $__user['uid'], 'email' => $email ); } } } /* delete emails not present in the user's LDAP entry */ foreach ($sql_emails as $email) { if(!in_array($email, $ldap_emails)) { $rc = $this->model_user_user->remove_email($__user['uid'], $email); $changed++; } } LOGGER($_user['dn'] . ": exists, changed=$changed"); if($changed > 0) { $n++; } } else { /* update DN field if it's an existing user */ if(($cuid = $this->model_user_user->get_uid_by_name($_user['username'])) > 0) { $this->model_user_user->update_dn_by_uid($cuid, $_user['dn']); continue; } /* or add the new user */ $user = $this->createNewUserArray($_user['dn'], $_user['username'], $_user['realname'], $_user['emails'], $_user['samaccountname'], $globals); $user['folder'] = ''; array_push($uids, $user['uid']); $rc = $this->model_user_user->add_user($user); if($rc == 1) { $newuser++; } } } /* add the rest to the email table */ foreach ($late_add as $new) { $rc = $this->model_user_user->add_email($new['uid'], $new['email']); if($rc == 1) { $newuser++; } } /* delete accounts not present in the LDAP directory */ if(count($uids) > 0) { $uidlist = implode("','", $uids); $query = $this->db->query("SELECT uid, username FROM " . TABLE_USER . " WHERE domain=? AND dn != '*' AND dn LIKE '%" . $globals['ldap_basedn'] . "' AND dn is NOT NULL AND uid NOT IN ('$uidlist')", array($globals['domain']) ); foreach ($query->rows as $deleted) { $deleteduser++; $this->model_user_user->delete_user($deleted['uid']); } } /* try to add new membership entries */ reset($users); foreach ($users as $user) { if($user['members']) { $group = $this->model_user_user->get_user_by_dn($user['dn']); $members = explode("\n", $user['members']); if(count($members) > 0) { if(isset($group['uid'])) { $query = $this->db->query("DELETE FROM " . TABLE_EMAIL_LIST . " WHERE gid=?", array($group['uid']) ); } foreach ($members as $member) { if(validemail($member)) { $__user = $this->model_user_user->get_user_by_email($member); } else { $__user = $this->model_user_user->get_user_by_dn($member); } if(isset($group['uid']) && isset($__user['uid'])) { $query = $this->db->query("INSERT INTO " . TABLE_EMAIL_LIST . " (uid, gid) VALUES(?,?)", array((int)$__user['uid'], $group['uid'])); } } } } } return array($newuser, $deleteduser); } private function createNewUserArray($dn = '', $username = '', $realname = '', $emails = '', $samaccountname = '', $globals = array()) { $user = array(); $user['uid'] = $this->model_user_user->get_next_uid(); $user['gid'] = $globals['gid']; $user['email'] = $emails; if(USE_EMAIL_AS_USERNAME == 1) { $email = explode("\n", $emails); $user['username'] = $email[0]; } else { $user['username'] = $username . $user['uid']; } $user['password'] = '*'; $user['realname'] = $realname; if($realname == '') { $user['realname'] = $username; } $user['domain'] = $globals['domain']; $user['dn'] = $dn; $user['policy_group'] = $globals['policy_group']; $user['isadmin'] = 0; $user['whitelist'] = ''; $user['blacklist'] = ''; $user['group'] = 0; $user['samaccountname'] = $samaccountname; return $user; } public function trash_password($users = array()) { foreach ($users as $user) { $query = $this->db->query("UPDATE " . TABLE_USER . " SET password='*' WHERE dn=?", array($user['dn'])); $rc = $this->db->countAffected(); LOGGER("setting default password for " . $user['dn'] . " (rc=$rc)"); } } public function count_email_addresses() { $query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_EMAIL); if(isset($query->row['num'])) { return $query->row['num']; } return 0; } } ?>