mirror of
https://bitbucket.org/jsuto/piler.git
synced 2025-11-04 15:12:27 +01:00
358 lines
11 KiB
PHP
358 lines
11 KiB
PHP
<?php
|
|
|
|
|
|
class ModelUserImport extends Model {
|
|
|
|
|
|
public function query_remote_users($host) {
|
|
$data = array();
|
|
|
|
LOGGER("running query_remote_users() ...");
|
|
|
|
$attrs = array("cn", "mail", "mailAlternateAddress", "memberdn", "memberaddr");
|
|
$mailAttr = 'mail';
|
|
$mailAttrs = array("mail", "mailalternateaddress");
|
|
|
|
$memberAttrs = array("memberdn");
|
|
$filter="$mailAttr=*";
|
|
|
|
$ldap = new LDAP($host['ldap_host'], $host['ldap_binddn'], $host['ldap_bindpw']);
|
|
if($ldap->is_bind_ok() == 0) {
|
|
LOGGER($host['ldap_binddn'] . ": failed bind to " . $host['ldap_host']);
|
|
return array();
|
|
}
|
|
|
|
LOGGER($host['ldap_binddn'] . ": successful bind to " . $host['ldap_host']);
|
|
LOGGER("LDAP type: " . $host['type']);
|
|
|
|
if($host['type'] == "AD") {
|
|
$attrs = array("cn", "samaccountname", "proxyaddresses", "member", "mail", "displayname");
|
|
|
|
$mailAttr = "proxyaddresses";
|
|
$mailAttrs = array("mail", "proxyaddresses");
|
|
|
|
$memberAttrs = array("member");
|
|
$filter="(&(objectClass=user)($mailAttr=*))";
|
|
}
|
|
|
|
|
|
$query = $ldap->query($host['ldap_basedn'], $filter, $attrs );
|
|
LOGGER("LDAP query: $mailAttr=* for basedn:" . $host['ldap_basedn']);
|
|
|
|
foreach ($query->rows as $result) {
|
|
$emails = "";
|
|
|
|
if(!isset($result['cn']) || !isset($result['dn']) ) { continue; }
|
|
|
|
foreach($mailAttrs as $__mail_attr) {
|
|
|
|
if(isset($result[$__mail_attr]) ) {
|
|
|
|
if(is_array($result[$__mail_attr]) ) {
|
|
|
|
for($i = 0; $i < $result[$__mail_attr]['count']; $i++) {
|
|
LOGGER("found email entry: " . $result['dn'] . " => $__mail_attr:" . $result[$__mail_attr][$i]);
|
|
$emails .= strtolower(preg_replace("/^smtp\:/i", "", $result[$__mail_attr][$i])) . "\n";
|
|
}
|
|
}
|
|
else {
|
|
LOGGER("found email entry: " . $result['dn'] . " => $__mail_attr:" . $result[$__mail_attr]);
|
|
$emails .= strtolower(preg_replace("/smtp\:/i", "", $result[$__mail_attr])) . "\n";
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$__emails = explode("\n", $emails);
|
|
|
|
|
|
$members = "";
|
|
|
|
foreach($memberAttrs as $__member_attr) {
|
|
|
|
if(isset($result[$__member_attr]) ) {
|
|
if(is_array($result[$__member_attr]) ) {
|
|
for($i = 0; $i < $result[$__member_attr]['count']; $i++) {
|
|
LOGGER("found member entry: " . $result['dn'] . " => $__member_attr:" . $result[$__member_attr][$i]);
|
|
$members .= $result[$__member_attr][$i] . "\n";
|
|
}
|
|
}
|
|
else {
|
|
LOGGER("found member entry: " . $result['dn'] . " => $__member_attr:" . $result[$__member_attr]);
|
|
$members .= $result[$__member_attr] . "\n";
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
$realname = '';
|
|
if($host['type'] == "AD") {
|
|
$realname = $result['displayname'];
|
|
} else {
|
|
$realname = $result['cn'];
|
|
}
|
|
|
|
|
|
$data[] = array(
|
|
'username' => preg_replace("/\n{1,}$/", "", $__emails[0]),
|
|
'realname' => $realname,
|
|
'dn' => $result['dn'],
|
|
'samaccountname' => isset($result['samaccountname']) ? $result['samaccountname'] : '',
|
|
'emails' => preg_replace("/\n{1,}$/", "", $emails),
|
|
'members' => preg_replace("/\n{1,}$/", "", $members)
|
|
);
|
|
|
|
}
|
|
|
|
LOGGER("found " . count($data) . " users");
|
|
|
|
return $data;
|
|
}
|
|
|
|
|
|
|
|
public function fill_remote_table($host = array(), $domain = '') {
|
|
if($domain == '') { return 0; }
|
|
|
|
/*
|
|
* if the 't_remote' table has no entry for your domain and we read some users
|
|
* let's put the connection info to the 't_remote' table needed for proxying
|
|
* the authentication requests
|
|
*/
|
|
|
|
$query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_REMOTE . " WHERE remotedomain=?", array($domain));
|
|
|
|
if(isset($query->row['num'])) {
|
|
|
|
if($query->row['num'] == 0) {
|
|
$query = $this->db->query("INSERT INTO " . TABLE_REMOTE . " (remotedomain, remotehost, basedn, binddn) VALUES(?,?,?,?)", array($domain, $host['ldap_host'], $host['ldap_basedn'], $host['ldap_binddn']));
|
|
}
|
|
else {
|
|
$query = $this->db->query("UPDATE " . TABLE_REMOTE . " SET remotehost=?, basedn=?, binddn=? WHERE remotedomain=?", array($host['ldap_host'], $host['ldap_basedn'], $host['ldap_binddn'], $domain));
|
|
|
|
}
|
|
|
|
LOGGER("SQL exec:" . $query->query);
|
|
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
|
|
|
|
public function process_users($users = array(), $globals = array()) {
|
|
$late_add = array();
|
|
$uids = array();
|
|
$exclude = array();
|
|
$newuser = 0;
|
|
$deleteduser = 0;
|
|
$n = 0;
|
|
|
|
LOGGER("running process_users() ...");
|
|
|
|
/* build a list of DNs to exclude from the import */
|
|
|
|
while (list($k, $v) = each($globals)) {
|
|
if(preg_match("/^reject_/", $k)) {
|
|
$exclude[$v] = $v;
|
|
}
|
|
}
|
|
|
|
|
|
foreach ($users as $_user) {
|
|
if(strlen($_user['dn']) > DN_MAX_LEN) { LOGGER("ERR: too long entry: " . $_user['dn']); }
|
|
|
|
if(in_array($_user['dn'], $exclude) ) {
|
|
LOGGER("excluding from import:" . $_user['dn']);
|
|
continue;
|
|
}
|
|
|
|
/* Does this DN exist in the user table ? */
|
|
|
|
$__user = $this->model_user_user->get_user_by_dn($_user['dn']);
|
|
|
|
if(isset($__user['uid'])) {
|
|
|
|
array_push($uids, $__user['uid']);
|
|
|
|
|
|
/* if so, then verify the email addresses */
|
|
|
|
$changed = 0;
|
|
$emails = $this->model_user_user->get_emails_by_uid($__user['uid']);
|
|
|
|
/* first let's add the new email addresses */
|
|
|
|
$ldap_emails = explode("\n", $_user['emails']);
|
|
$sql_emails = explode("\n", $emails);
|
|
|
|
foreach ($ldap_emails as $email) {
|
|
if(!in_array($email, $sql_emails)) {
|
|
$rc = $this->model_user_user->add_email($__user['uid'], $email);
|
|
$changed++;
|
|
|
|
/* in case of an error add it to the $late_add array() */
|
|
|
|
if($rc == 0) {
|
|
$late_add[] = array(
|
|
'uid' => $__user['uid'],
|
|
'email' => $email
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
/* delete emails not present in the user's LDAP entry */
|
|
|
|
foreach ($sql_emails as $email) {
|
|
if(!in_array($email, $ldap_emails)) {
|
|
$rc = $this->model_user_user->remove_email($__user['uid'], $email);
|
|
$changed++;
|
|
}
|
|
}
|
|
|
|
LOGGER($_user['dn'] . ": exists, changed=$changed");
|
|
|
|
if($changed > 0) { $n++; }
|
|
}
|
|
else {
|
|
|
|
/* update DN field if it's an existing user */
|
|
|
|
if(($cuid = $this->model_user_user->get_uid_by_name($_user['username'])) > 0) {
|
|
$this->model_user_user->update_dn_by_uid($cuid, $_user['dn']);
|
|
continue;
|
|
}
|
|
|
|
/* or add the new user */
|
|
|
|
$user = $this->createNewUserArray($_user['dn'], $_user['username'], $_user['realname'], $_user['emails'], $_user['samaccountname'], $globals);
|
|
$user['folder'] = '';
|
|
|
|
array_push($uids, $user['uid']);
|
|
|
|
$rc = $this->model_user_user->add_user($user);
|
|
if($rc == 1) { $newuser++; }
|
|
}
|
|
}
|
|
|
|
|
|
/* add the rest to the email table */
|
|
|
|
foreach ($late_add as $new) {
|
|
$rc = $this->model_user_user->add_email($new['uid'], $new['email']);
|
|
if($rc == 1) { $newuser++; }
|
|
}
|
|
|
|
|
|
/* delete accounts not present in the LDAP directory */
|
|
|
|
if(count($uids) > 0) {
|
|
$uidlist = implode("','", $uids);
|
|
$query = $this->db->query("SELECT uid, username FROM " . TABLE_USER . " WHERE domain=? AND dn != '*' AND dn LIKE '%" . $globals['ldap_basedn'] . "' AND dn is NOT NULL AND uid NOT IN ('$uidlist')", array($globals['domain']) );
|
|
|
|
foreach ($query->rows as $deleted) {
|
|
$deleteduser++;
|
|
$this->model_user_user->delete_user($deleted['uid']);
|
|
}
|
|
}
|
|
|
|
|
|
/* try to add new membership entries */
|
|
|
|
reset($users);
|
|
|
|
foreach ($users as $user) {
|
|
if($user['members']) {
|
|
|
|
$group = $this->model_user_user->get_user_by_dn($user['dn']);
|
|
|
|
$members = explode("\n", $user['members']);
|
|
if(count($members) > 0) {
|
|
|
|
if(isset($group['uid'])) {
|
|
$query = $this->db->query("DELETE FROM " . TABLE_EMAIL_LIST . " WHERE gid=?", array($group['uid']) );
|
|
}
|
|
|
|
foreach ($members as $member) {
|
|
if(validemail($member)) {
|
|
$__user = $this->model_user_user->get_user_by_email($member);
|
|
} else {
|
|
$__user = $this->model_user_user->get_user_by_dn($member);
|
|
}
|
|
|
|
if(isset($group['uid']) && isset($__user['uid'])) {
|
|
$query = $this->db->query("INSERT INTO " . TABLE_EMAIL_LIST . " (uid, gid) VALUES(?,?)", array((int)$__user['uid'], $group['uid']));
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
return array($newuser, $deleteduser);
|
|
}
|
|
|
|
|
|
private function createNewUserArray($dn = '', $username = '', $realname = '', $emails = '', $samaccountname = '', $globals = array()) {
|
|
$user = array();
|
|
|
|
$user['uid'] = $this->model_user_user->get_next_uid();
|
|
$user['gid'] = $globals['gid'];
|
|
|
|
$user['email'] = $emails;
|
|
|
|
if(USE_EMAIL_AS_USERNAME == 1) {
|
|
$email = explode("\n", $emails);
|
|
$user['username'] = $email[0];
|
|
}
|
|
else {
|
|
$user['username'] = $username . $user['uid'];
|
|
}
|
|
|
|
|
|
$user['password'] = '*';
|
|
|
|
$user['realname'] = $realname;
|
|
|
|
if($realname == '') { $user['realname'] = $username; }
|
|
|
|
$user['domain'] = $globals['domain'];
|
|
$user['dn'] = $dn;
|
|
$user['policy_group'] = $globals['policy_group'];
|
|
$user['isadmin'] = 0;
|
|
$user['whitelist'] = '';
|
|
$user['blacklist'] = '';
|
|
$user['group'] = 0;
|
|
$user['samaccountname'] = $samaccountname;
|
|
|
|
return $user;
|
|
}
|
|
|
|
|
|
public function trash_password($users = array()) {
|
|
foreach ($users as $user) {
|
|
$query = $this->db->query("UPDATE " . TABLE_USER . " SET password='*' WHERE dn=?", array($user['dn']));
|
|
$rc = $this->db->countAffected();
|
|
LOGGER("setting default password for " . $user['dn'] . " (rc=$rc)");
|
|
}
|
|
}
|
|
|
|
|
|
public function count_email_addresses() {
|
|
$query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_EMAIL);
|
|
|
|
if(isset($query->row['num'])) { return $query->row['num']; }
|
|
|
|
return 0;
|
|
}
|
|
|
|
}
|
|
|
|
?>
|