nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
davical/inc/drivers_ldap.php

298 lines
10 KiB
PHP
Raw Blame History

<?php
/**
* Manages LDAP repository connection
*
* @package rscds
* @category Technical
* @subpackage caldav
* @author Maxime Delorme <mdelorme@tennaxia.net>
* @copyright Maxime Delorme
* @license http://gnu.org/copyleft/gpl.html GNU GPL v2
*/
class ldapDrivers
{
/**#@+
* @access private
*/
/**
* Holds the LDAP connection parameters
*/
var $connect;
/**#@-*/
/**
* Constructor.
* @param array $config The configuration data
*/
function ldapDrivers($config){
$this->__construct($config);
}
/**
* Initializes the LDAP connection
*
* @param array $config The configuration data
*/
function __construct($config)
{
global $c;
$host=$config['host'];
$port=$config['port'];
if(!function_exists('ldap_connect')){
$c->messages[] = i18n("drivers_ldap : function ldap_connect not defined, check your php_ldap module");
$this->valid=false;
return ;
}
if ($port) $this->connect=ldap_connect($host, $port);
else $this->connect=ldap_connect($host);
if (! $this->connect){
$c->messages[] = sprintf(i18n( "drivers_ldap : Unable to connect to LDAP with port %s on host %s"), $port,$host );
$this->valid=false;
return ;
}
//Set LDAP protocol version
if (isset($config['protocolVersion'])) ldap_set_option($this->connect,LDAP_OPT_PROTOCOL_VERSION, $config['protocolVersion']);
//connect as root
if (!ldap_bind($this->connect,$config['bindDN'],$config['passDN'])){
$bindDN = isset($config['bindDN']) ? $config['bindDN'] : 'anonymous';
$passDN = isset($config['passDN']) ? $config['passDN'] : 'anonymous';
$c->messages[] = sprintf(i18n( "drivers_ldap : Unable to bind to LDAP, check your bindDN >%s< and passDN >%s< of your configuration or if your server is reachable"),$bindDN,$passDN );
$c->messages[] = sprintf(i18n( "if your use OpenLDAP 2.X.X maybe, unable to connect to LDAP with port %s on host %s"), $port,$host );
$this->valid=false;
return ;
}
$this->valid = true;
//root to start search
$this->baseDNUsers = $config['baseDNUsers'];
$this->filterUsers = $config['filterUsers'];
$this->baseDNGroups = $config['baseDNGroups'];
$this->filterGroups = $config['filterGroups'];
}
/**
* Retrieve all users from the LDAP directory
*/
function getAllUsers($attributs){
global $c;
$entry = ldap_list($this->connect,$this->baseDNUsers,$this->filterUsers,$attributs);
if (!ldap_first_entry($this->connect,$entry))
$c->messages[] = sprintf(i18n("Error NoUserFound with filter >%s<, attributs >%s< , dn >%s<"),$this->filterUsers,join(', ',$attributs), $this->baseDNUsers);
for($i=ldap_first_entry($this->connect,$entry);
$i&&$arr=ldap_get_attributes($this->connect,$i);
$i=ldap_next_entry($this->connect,$i)
)
{
for($j=0;$j<$arr['count'];$j++){
$row[$arr[$j]] = $arr[$arr[$j]][0];
}
$ret[]=$row;
}
return $ret;
}
/**
* Returns the result of the LDAP query
*
* @param string $filter The filter used to search entries
* @param array $attributs Attributes to be returned
* @param string $passwd password to check
* @return array Contains selected attributes from all entries corresponding to the given filter
*/
function requestUser($filter,$attributs=NULL,$passwd)
{
$entry=NULL;
// We get the DN of the USER
$entry = ldap_search($this->connect,$this->baseDNUsers,$filter,$attributs);
if ( !ldap_first_entry($this->connect,$entry) ){
dbg_error_log( "ERROR", "drivers_ldap : Unable to find the user with filter %s",$filter );
return false;
}
$dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
if(!@ldap_bind($this->connect,$dnUser,$passwd))
return false;
$i=ldap_first_entry($this->connect,$entry);
$arr=ldap_get_attributes($this->connect,$i);
for($i=0;$i<$arr['count'];$i++){
$ret[$arr[$i]]=$arr[$arr[$i]][0];
}
return $ret;
}
}
/**
* A generic function to create and fetch static objects
*/
function getStaticLdap() {
global $c;
// Declare a static variable to hold the object instance
static $instance;
// If the instance is not there, create one
if(!isset($instance)) {
$ldapDrivers =& new ldapDrivers($c->authenticate_hook['config']);
}
return $ldapDrivers;
}
/**
* Check the username / password against the LDAP server
*/
function LDAP_check($username, $password ){
global $c;
$ldapDriver = getStaticLdap();
if ( $ldapDriver->valid ) {
$mapping = $c->authenticate_hook['config']['mapping_field'];
$attributs=array_values($mapping);
// If the config contains a filter that starts with a ( then believe
// them and don't modify it, otherwise wrap the filter.
$filter_munge = "";
if ( preg_match( '/^\(/', $ldapDriver->filterUsers ) ) {
$filter_munge = $ldapDriver->filterUsers;
} else {
$filter_munge = "($ldapDriver->filterUsers)";
}
$filter="(&$filter_munge(".$mapping["username"]."=$username))";
dbg_error_log( "LDAP", "checking user %s for password %s against LDAP",$username,$password );
$valid = $ldapDriver->requestUser($filter,$attributs,$password);
//is a valid user or not
if ( !$valid ) return false;
$ldap_timestamp = $valid[$mapping["updated"]];
foreach($c->authenticate_hook['config']['format_updated'] as $k => $v)
$$k = substr($ldap_timestamp,$v[0],$v[1]);
//ok it is valid is already exist in db ?
$ldap_timestamp = "$Y"."$m"."$d"."$H"."$M"."$S";
if ( $usr = getUserByName($username) ){
//should we update it ?
$db_timestamp = $usr->updated;
$db_timestamp = substr(strtr($db_timestamp, array(':' => '',' '=>'','-'=>'')),0,14);
if($ldap_timestamp <= $db_timestamp){
return $usr;//no need to update
}
//we should update the user record
}
//it doesn't exist so we create the new user or if we should be updated the user record
require_once("RSCDSUser.php");
$user_no = ( isset($usr->user_no) ? $usr->user_no:0);
$user = new RSCDSUser($user_no);
$validUserField = array_keys($user->Fields);
foreach($c->authenticate_hook['config']['default_value'] as $field => $value)
if(in_array($field,$validUserField)) $user->Set($field, $value);
foreach($mapping as $field => $value)
if(in_array($field,$validUserField)) $user->Set($field, $valid[$value]);
$user->Set("updated", "$Y-$m-$d $H:$M:$S");
$user->write();
}
if ( $return = getUserByName($username) ){
return $return;
}
}
/**
* sync LDAP against the DB
*/
function sync_LDAP(){
global $c;
$ldapDriver = getStaticLdap();
if($ldapDriver->valid){
$mapping = $c->authenticate_hook['config']['mapping_field'];
$attributs=array_values($mapping);
$ldap_users_tmp = $ldapDriver->getAllUsers($attributs);
foreach($ldap_users_tmp as $key => $ldap_user){
$ldap_users_info[$ldap_user[$mapping["username"]]] = $ldap_user;
unset($ldap_users_tmp[$key]);
}
$qry = new PgQuery( "SELECT username ,user_no, updated FROM usr ");
$qry->Exec('sync_LDAP',__LINE__,__FILE__);
while($db_user = $qry->Fetch(true)){
$db_users[] = $db_user['username'];
$db_users_info[$db_user['username']] = array('user_no' => $db_user['user_no'], 'updated' => $db_user['updated']);
}
require_once("RSCDSUser.php");
$ldap_users = array_keys($ldap_users_info);
//users only in ldap
$users_to_create = array_diff($ldap_users,$db_users);
//users only in db
$users_to_desactivate = array_diff($db_users,$ldap_users);
//users present in ldap and in the db
$users_to_update = array_intersect($db_users,$ldap_users);
//creation of all users;
if(sizeof($users_to_create)) $c->messages[] = sprintf(i18n('- creating record for users : %s'),join(', ',$users_to_create));
foreach($users_to_create as $username){
$valid=$ldap_users_info[$username];
$ldap_timestamp = $valid[$mapping["updated"]];
foreach($c->authenticate_hook['config']['format_updated'] as $k => $v)
$$k = substr($ldap_timestamp,$v[0],$v[1]);
$user = new RSCDSUser(0);
$validUserField = array_keys($user->Fields);
foreach($c->authenticate_hook['config']['default_value'] as $field => $value)
if(in_array($field,$validUserField)) $user->Set($field, $value);
foreach($mapping as $field => $value)
if(in_array($field,$validUserField)) $user->Set($field, $valid[$value]);
$user->Set("updated", "$Y-$m-$d $H:$M:$S");
$messages = $c->messages;
$user->write();
$c->messages = $messages;
}
//desactivating all users
if(sizeof($users_to_desactivate)){
foreach( $users_to_desactivate AS $v ) {
$usr_in .= ', ' . qpg($v);
}
$usr_in = substr($usr_in,1);
$c->messages[] = sprintf(i18n('- desactivating users : %s'),$usr_in);
$qry = new PgQuery( "UPDATE usr set active = FALSE WHERE lower(username) in ($usr_in)");
$qry->Exec('sync_LDAP',__LINE__,__FILE__);
}
//updating all users
foreach($users_to_update as $key=> $username){
$valid=$ldap_users_info[$username];
$ldap_timestamp = $valid[$mapping["updated"]];
foreach($c->authenticate_hook['config']['format_updated'] as $k => $v)
$$k = substr($ldap_timestamp,$v[0],$v[1]);
$ldap_timestamp = "$Y"."$m"."$d"."$H"."$M"."$S";
$db_timestamp = substr(strtr($db_users_info[$username]['updated'], array(':' => '',' '=>'','-'=>'')),0,14);
if($ldap_timestamp > $db_timestamp){
$user = new RSCDSUser($db_users_info[$username]['user_no']);
$validUserField = array_keys($user->Fields);
foreach($c->authenticate_hook['config']['default_value'] as $field => $value)
if(in_array($field,$validUserField)) $user->Set($field, $value);
foreach($mapping as $field => $value)
if(in_array($field,$validUserField)) $user->Set($field, $valid[$value]);
$user->Set("updated", "$Y-$m-$d $H:$M:$S");
$user->write();
} else {
unset($users_to_update[$key]);
$users_nothing_done[] = $username;
}
}
if(sizeof($users_to_update)) $c->messages[] = sprintf(i18n('- updating user record %s'),join(', ',$users_to_update));
if(sizeof($users_nothing_done))$c->messages[] = sprintf(i18n('- nothing done on %s'),join(', ', $users_nothing_done));
}
}
?>
Reference in New Issue View Git Blame Copy Permalink