first commit

2025-08-07 13:15:31 +01:00
commit d903893b4c
21854 changed files with 4461308 additions and 0 deletions
--- a/scripts/ldap_mass_sync.php
+++ b/scripts/ldap_mass_sync.php
@ -0,0 +1,223 @@
+<?php
+/**
+ * ---------------------------------------------------------------------
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ * Copyright (C) 2015-2020 Teclib' and contributors.
+ *
+ * http://glpi-project.org
+ *
+ * based on GLPI - Gestionnaire Libre de Parc Informatique
+ * Copyright (C) 2003-2014 by the INDEPNET Development Team.
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * GLPI is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GLPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GLPI. If not, see <http://www.gnu.org/licenses/>.
+ * ---------------------------------------------------------------------
+ */
+
+// Ensure current directory when run from crontab
+chdir(__DIR__);
+
+if (isset($_SERVER['argv'])) {
+   for ($i=1; $i<$_SERVER['argc']; $i++) {
+      $it    = explode("=", $_SERVER['argv'][$i], 2);
+      $it[0] = preg_replace('/^--/', '', $it[0]);
+
+      $_GET[$it[0]] = (isset($it[1]) ? $it[1] : true);
+   }
+}
+
+echo "Usage of this script is deprecated, please use 'bin/console ldap:sync' command.\n";
+
+if ((isset($_SERVER['argv']) && in_array('help', $_SERVER['argv']))
+    || isset($_GET['help'])) {
+   echo "Usage: php -q -f ldap_mass_sync.php [action=<option>]  [ldapservers_id=ID]\n";
+   echo "Options values:\n";
+   echo "0: import users only\n";
+   echo "1: synchronize existing users only\n";
+   echo "2: import & synchronize users\n";
+   echo "before-days: restrict user import or synchronization to the last x days\n";
+   echo "after-days: restrict user import or synchronization until the last x days\n";
+   echo "ldap_filter: ldap filter to use for the search. Value must be quoted and properly escaped for your shell\n";
+   exit (0);
+}
+
+include ('../inc/includes.php');
+
+// Default action : synchro
+// - possible option :
+//  - 0 : import new users
+//  - 1 : synchronize users
+//  - 2 : force synchronization of all the users (even if ldap timestamp wasn't modified)
+$options['action']         = AuthLDAP::ACTION_SYNCHRONIZE;
+$options['ldapservers_id'] = NOT_AVAILABLE;
+$options['ldap_filter']    = '';
+$options['before-days']    = 0;
+$options['after-days']     = 0;
+$options['script']         = 1;
+
+foreach ($_GET as $key => $value) {
+   $options[$key] = $value;
+}
+
+if ($options['before-days'] && $options['after-days']) {
+   echo "You cannot use options before-days and after-days at the same time.";
+   exit(1);
+}
+
+if ($options['before-days']) {
+   $options['begin_date'] = date('Y-m-d H:i:s', time()-$options['before-days']*DAY_TIMESTAMP);
+   $options['end_date']   = '';
+   unset($options['before-days']);
+}
+if ($options['after-days']) {
+   $options['begin_date'] = '';
+   $options['end_date']   = date('Y-m-d H:i:s', time()-$options['after-days']*DAY_TIMESTAMP);
+   unset($options['after-days']);
+}
+
+if (!Toolbox::canUseLdap() || !countElementsInTable('glpi_authldaps')) {
+   echo "LDAP extension is not active or no LDAP directory defined";
+}
+
+$sql = "SELECT `id`, `name`
+        FROM `glpi_authldaps`
+        WHERE `is_active` = 1";
+
+//Get the ldap server's id by his name
+if ($options['ldapservers_id'] != NOT_AVAILABLE) {
+   $sql .= " AND `id` = '" . $options['ldapservers_id']."'";
+}
+
+$result = $DB->query($sql);
+
+if (($DB->numrows($result) == 0)
+    && ($_GET["ldapservers_id"] != NOT_AVAILABLE)) {
+   echo "LDAP Server not found";
+} else {
+   foreach ($DB->request($sql) as $data) {
+      echo "Processing LDAP Server: ".$data['name'].", ID: ".$data['id']." \n";
+      $options['ldapservers_id'] = $data['id'];
+      import ($options);
+   }
+}
+
+
+/**
+ * Function to import or synchronise all the users from an ldap directory
+ *
+ * @param $options   array
+**/
+function import(array $options) {
+   global $CFG_GLPI;
+
+   $results = [AuthLDAP::USER_IMPORTED     => 0,
+                    AuthLDAP::USER_SYNCHRONIZED => 0,
+                    AuthLDAP::USER_DELETED_LDAP => 0];
+   //The ldap server id is passed in the script url (parameter server_id)
+   $limitexceeded = false;
+   $actions_to_do = [];
+
+   switch ($options['action']) {
+      case AuthLDAP::ACTION_IMPORT :
+         $actions_to_do = [AuthLDAP::ACTION_IMPORT];
+        break;
+
+      case AuthLDAP::ACTION_SYNCHRONIZE :
+         $actions_to_do = [AuthLDAP::ACTION_SYNCHRONIZE];
+        break;
+
+      case AuthLDAP::ACTION_ALL :
+         $actions_to_do = [AuthLDAP::ACTION_IMPORT, AuthLDAP::ACTION_ALL];
+        break;
+   }
+
+   foreach ($actions_to_do as $action_to_do) {
+      $options['mode']         = $action_to_do;
+      $options['authldaps_id'] = $options['ldapservers_id'];
+      $authldap = new \AuthLDAP();
+      $authldap->getFromDB($options['authldaps_id']);
+      $users                   = AuthLDAP::getAllUsers($options, $results, $limitexceeded);
+      $contact_ok              = true;
+
+      if (is_array($users)) {
+         foreach ($users as $user) {
+            //check if user exists
+            $user_sync_field = null;
+            if ($authldap->isSyncFieldEnabled()) {
+               $sync_field = $authldap->fields['sync_field'];
+               if (isset($user[$sync_field])) {
+                  $user_sync_field = $authldap::getFieldValue($user, $sync_field);
+               }
+            }
+            $dbuser = $authldap->getLdapExistingUser(
+               $user['user'],
+               $options['authldaps_id'],
+               $user_sync_field
+            );
+
+            if ($dbuser && $action_to_do == AuthLDAP::ACTION_IMPORT) {
+               continue;
+            }
+
+            $user_field = 'name';
+            $id_field = $authldap->fields['login_field'];
+            $value = $user['user'];
+            if ($authldap->isSyncFieldEnabled() && (!$dbuser || !empty($dbuser->fields['sync_field']))) {
+               $value = $user_sync_field;
+               $user_field = 'sync_field';
+               $id_field   = $authldap->fields['sync_field'];
+            }
+
+            $result = AuthLDAP::ldapImportUserByServerId(
+               [
+                  'method'             => AuthLDAP::IDENTIFIER_LOGIN,
+                  'value'              => $value,
+                  'identifier_field'   => $id_field,
+                  'user_field'         => $user_field
+               ],
+               $action_to_do,
+               $options['ldapservers_id']
+            );
+
+            if ($result) {
+               $results[$result['action']] += 1;
+            }
+            echo ".";
+         }
+      } else if (!$users) {
+         $contact_ok = false;
+      }
+   }
+
+   if ($limitexceeded) {
+      echo "\nLDAP Server size limit exceeded";
+      if ($CFG_GLPI['user_deleted_ldap']) {
+         echo ": user deletion disabled\n";
+      }
+      echo "\n";
+   }
+   if ($contact_ok) {
+      echo "\nImported: ".$results[AuthLDAP::USER_IMPORTED]."\n";
+      echo "Synchronized: ".$results[AuthLDAP::USER_SYNCHRONIZED]."\n";
+      echo "Deleted from LDAP: ".$results[AuthLDAP::USER_DELETED_LDAP]."\n";
+   } else {
+      echo "Cannot contact LDAP server!\n";
+   }
+   echo "\n\n";
+}