224 lines
		
	
	
		
			7.3 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			224 lines
		
	
	
		
			7.3 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| /**
 | |
|  * ---------------------------------------------------------------------
 | |
|  * GLPI - Gestionnaire Libre de Parc Informatique
 | |
|  * Copyright (C) 2015-2020 Teclib' and contributors.
 | |
|  *
 | |
|  * http://glpi-project.org
 | |
|  *
 | |
|  * based on GLPI - Gestionnaire Libre de Parc Informatique
 | |
|  * Copyright (C) 2003-2014 by the INDEPNET Development Team.
 | |
|  *
 | |
|  * ---------------------------------------------------------------------
 | |
|  *
 | |
|  * LICENSE
 | |
|  *
 | |
|  * This file is part of GLPI.
 | |
|  *
 | |
|  * GLPI is free software; you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU General Public License as published by
 | |
|  * the Free Software Foundation; either version 2 of the License, or
 | |
|  * (at your option) any later version.
 | |
|  *
 | |
|  * GLPI is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * along with GLPI. If not, see <http://www.gnu.org/licenses/>.
 | |
|  * ---------------------------------------------------------------------
 | |
|  */
 | |
| 
 | |
| // Ensure current directory when run from crontab
 | |
| chdir(__DIR__);
 | |
| 
 | |
| if (isset($_SERVER['argv'])) {
 | |
|    for ($i=1; $i<$_SERVER['argc']; $i++) {
 | |
|       $it    = explode("=", $_SERVER['argv'][$i], 2);
 | |
|       $it[0] = preg_replace('/^--/', '', $it[0]);
 | |
| 
 | |
|       $_GET[$it[0]] = (isset($it[1]) ? $it[1] : true);
 | |
|    }
 | |
| }
 | |
| 
 | |
| echo "Usage of this script is deprecated, please use 'bin/console ldap:sync' command.\n";
 | |
| 
 | |
| if ((isset($_SERVER['argv']) && in_array('help', $_SERVER['argv']))
 | |
|     || isset($_GET['help'])) {
 | |
|    echo "Usage: php -q -f ldap_mass_sync.php [action=<option>]  [ldapservers_id=ID]\n";
 | |
|    echo "Options values:\n";
 | |
|    echo "0: import users only\n";
 | |
|    echo "1: synchronize existing users only\n";
 | |
|    echo "2: import & synchronize users\n";
 | |
|    echo "before-days: restrict user import or synchronization to the last x days\n";
 | |
|    echo "after-days: restrict user import or synchronization until the last x days\n";
 | |
|    echo "ldap_filter: ldap filter to use for the search. Value must be quoted and properly escaped for your shell\n";
 | |
|    exit (0);
 | |
| }
 | |
| 
 | |
| include ('../inc/includes.php');
 | |
| 
 | |
| // Default action : synchro
 | |
| // - possible option :
 | |
| //  - 0 : import new users
 | |
| //  - 1 : synchronize users
 | |
| //  - 2 : force synchronization of all the users (even if ldap timestamp wasn't modified)
 | |
| $options['action']         = AuthLDAP::ACTION_SYNCHRONIZE;
 | |
| $options['ldapservers_id'] = NOT_AVAILABLE;
 | |
| $options['ldap_filter']    = '';
 | |
| $options['before-days']    = 0;
 | |
| $options['after-days']     = 0;
 | |
| $options['script']         = 1;
 | |
| 
 | |
| foreach ($_GET as $key => $value) {
 | |
|    $options[$key] = $value;
 | |
| }
 | |
| 
 | |
| if ($options['before-days'] && $options['after-days']) {
 | |
|    echo "You cannot use options before-days and after-days at the same time.";
 | |
|    exit(1);
 | |
| }
 | |
| 
 | |
| if ($options['before-days']) {
 | |
|    $options['begin_date'] = date('Y-m-d H:i:s', time()-$options['before-days']*DAY_TIMESTAMP);
 | |
|    $options['end_date']   = '';
 | |
|    unset($options['before-days']);
 | |
| }
 | |
| if ($options['after-days']) {
 | |
|    $options['begin_date'] = '';
 | |
|    $options['end_date']   = date('Y-m-d H:i:s', time()-$options['after-days']*DAY_TIMESTAMP);
 | |
|    unset($options['after-days']);
 | |
| }
 | |
| 
 | |
| if (!Toolbox::canUseLdap() || !countElementsInTable('glpi_authldaps')) {
 | |
|    echo "LDAP extension is not active or no LDAP directory defined";
 | |
| }
 | |
| 
 | |
| $sql = "SELECT `id`, `name`
 | |
|         FROM `glpi_authldaps`
 | |
|         WHERE `is_active` = 1";
 | |
| 
 | |
| //Get the ldap server's id by his name
 | |
| if ($options['ldapservers_id'] != NOT_AVAILABLE) {
 | |
|    $sql .= " AND `id` = '" . $options['ldapservers_id']."'";
 | |
| }
 | |
| 
 | |
| $result = $DB->query($sql);
 | |
| 
 | |
| if (($DB->numrows($result) == 0)
 | |
|     && ($_GET["ldapservers_id"] != NOT_AVAILABLE)) {
 | |
|    echo "LDAP Server not found";
 | |
| } else {
 | |
|    foreach ($DB->request($sql) as $data) {
 | |
|       echo "Processing LDAP Server: ".$data['name'].", ID: ".$data['id']." \n";
 | |
|       $options['ldapservers_id'] = $data['id'];
 | |
|       import ($options);
 | |
|    }
 | |
| }
 | |
| 
 | |
| 
 | |
| /**
 | |
|  * Function to import or synchronise all the users from an ldap directory
 | |
|  *
 | |
|  * @param $options   array
 | |
| **/
 | |
| function import(array $options) {
 | |
|    global $CFG_GLPI;
 | |
| 
 | |
|    $results = [AuthLDAP::USER_IMPORTED     => 0,
 | |
|                     AuthLDAP::USER_SYNCHRONIZED => 0,
 | |
|                     AuthLDAP::USER_DELETED_LDAP => 0];
 | |
|    //The ldap server id is passed in the script url (parameter server_id)
 | |
|    $limitexceeded = false;
 | |
|    $actions_to_do = [];
 | |
| 
 | |
|    switch ($options['action']) {
 | |
|       case AuthLDAP::ACTION_IMPORT :
 | |
|          $actions_to_do = [AuthLDAP::ACTION_IMPORT];
 | |
|         break;
 | |
| 
 | |
|       case AuthLDAP::ACTION_SYNCHRONIZE :
 | |
|          $actions_to_do = [AuthLDAP::ACTION_SYNCHRONIZE];
 | |
|         break;
 | |
| 
 | |
|       case AuthLDAP::ACTION_ALL :
 | |
|          $actions_to_do = [AuthLDAP::ACTION_IMPORT, AuthLDAP::ACTION_ALL];
 | |
|         break;
 | |
|    }
 | |
| 
 | |
|    foreach ($actions_to_do as $action_to_do) {
 | |
|       $options['mode']         = $action_to_do;
 | |
|       $options['authldaps_id'] = $options['ldapservers_id'];
 | |
|       $authldap = new \AuthLDAP();
 | |
|       $authldap->getFromDB($options['authldaps_id']);
 | |
|       $users                   = AuthLDAP::getAllUsers($options, $results, $limitexceeded);
 | |
|       $contact_ok              = true;
 | |
| 
 | |
|       if (is_array($users)) {
 | |
|          foreach ($users as $user) {
 | |
|             //check if user exists
 | |
|             $user_sync_field = null;
 | |
|             if ($authldap->isSyncFieldEnabled()) {
 | |
|                $sync_field = $authldap->fields['sync_field'];
 | |
|                if (isset($user[$sync_field])) {
 | |
|                   $user_sync_field = $authldap::getFieldValue($user, $sync_field);
 | |
|                }
 | |
|             }
 | |
|             $dbuser = $authldap->getLdapExistingUser(
 | |
|                $user['user'],
 | |
|                $options['authldaps_id'],
 | |
|                $user_sync_field
 | |
|             );
 | |
| 
 | |
|             if ($dbuser && $action_to_do == AuthLDAP::ACTION_IMPORT) {
 | |
|                continue;
 | |
|             }
 | |
| 
 | |
|             $user_field = 'name';
 | |
|             $id_field = $authldap->fields['login_field'];
 | |
|             $value = $user['user'];
 | |
|             if ($authldap->isSyncFieldEnabled() && (!$dbuser || !empty($dbuser->fields['sync_field']))) {
 | |
|                $value = $user_sync_field;
 | |
|                $user_field = 'sync_field';
 | |
|                $id_field   = $authldap->fields['sync_field'];
 | |
|             }
 | |
| 
 | |
|             $result = AuthLDAP::ldapImportUserByServerId(
 | |
|                [
 | |
|                   'method'             => AuthLDAP::IDENTIFIER_LOGIN,
 | |
|                   'value'              => $value,
 | |
|                   'identifier_field'   => $id_field,
 | |
|                   'user_field'         => $user_field
 | |
|                ],
 | |
|                $action_to_do,
 | |
|                $options['ldapservers_id']
 | |
|             );
 | |
| 
 | |
|             if ($result) {
 | |
|                $results[$result['action']] += 1;
 | |
|             }
 | |
|             echo ".";
 | |
|          }
 | |
|       } else if (!$users) {
 | |
|          $contact_ok = false;
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    if ($limitexceeded) {
 | |
|       echo "\nLDAP Server size limit exceeded";
 | |
|       if ($CFG_GLPI['user_deleted_ldap']) {
 | |
|          echo ": user deletion disabled\n";
 | |
|       }
 | |
|       echo "\n";
 | |
|    }
 | |
|    if ($contact_ok) {
 | |
|       echo "\nImported: ".$results[AuthLDAP::USER_IMPORTED]."\n";
 | |
|       echo "Synchronized: ".$results[AuthLDAP::USER_SYNCHRONIZED]."\n";
 | |
|       echo "Deleted from LDAP: ".$results[AuthLDAP::USER_DELETED_LDAP]."\n";
 | |
|    } else {
 | |
|       echo "Cannot contact LDAP server!\n";
 | |
|    }
 | |
|    echo "\n\n";
 | |
| }
 |