|
Server : Apache System : Linux vps.urbanovitalino.adv.br 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 x86_64 User : urbanovitalinoad ( 1001) PHP Version : 7.3.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/urbanovitalinoad/public_html/servicedesk/scripts/ |
Upload File : |
<?php
/**
* ---------------------------------------------------------------------
* GLPI - Gestionnaire Libre de Parc Informatique
* Copyright (C) 2015-2021 Teclib' and contributors.
*
* http://glpi-project.org
*
* based on GLPI - Gestionnaire Libre de Parc Informatique
* Copyright (C) 2003-2014 by the INDEPNET Development Team.
*
* ---------------------------------------------------------------------
*
* LICENSE
*
* This file is part of GLPI.
*
* GLPI is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GLPI is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GLPI. If not, see <http://www.gnu.org/licenses/>.
* ---------------------------------------------------------------------
*/
// Ensure current directory when run from crontab
chdir(__DIR__);
if (isset($_SERVER['argv'])) {
for ($i=1; $i<$_SERVER['argc']; $i++) {
$it = explode("=", $_SERVER['argv'][$i], 2);
$it[0] = preg_replace('/^--/', '', $it[0]);
$_GET[$it[0]] = (isset($it[1]) ? $it[1] : true);
}
}
echo "Usage of this script is deprecated, please use 'bin/console ldap:sync' command.\n";
if ((isset($_SERVER['argv']) && in_array('help', $_SERVER['argv']))
|| isset($_GET['help'])) {
echo "Usage: php -q -f ldap_mass_sync.php [action=<option>] [ldapservers_id=ID]\n";
echo "Options values:\n";
echo "0: import users only\n";
echo "1: synchronize existing users only\n";
echo "2: import & synchronize users\n";
echo "before-days: restrict user import or synchronization to the last x days\n";
echo "after-days: restrict user import or synchronization until the last x days\n";
echo "ldap_filter: ldap filter to use for the search. Value must be quoted and properly escaped for your shell\n";
exit (0);
}
include ('../inc/includes.php');
// Default action : synchro
// - possible option :
// - 0 : import new users
// - 1 : synchronize users
// - 2 : force synchronization of all the users (even if ldap timestamp wasn't modified)
$options['action'] = AuthLDAP::ACTION_SYNCHRONIZE;
$options['ldapservers_id'] = NOT_AVAILABLE;
$options['ldap_filter'] = '';
$options['before-days'] = 0;
$options['after-days'] = 0;
$options['script'] = 1;
foreach ($_GET as $key => $value) {
$options[$key] = $value;
}
if ($options['before-days'] && $options['after-days']) {
echo "You cannot use options before-days and after-days at the same time.";
exit(1);
}
if ($options['before-days']) {
$options['begin_date'] = date('Y-m-d H:i:s', time()-$options['before-days']*DAY_TIMESTAMP);
$options['end_date'] = '';
unset($options['before-days']);
}
if ($options['after-days']) {
$options['begin_date'] = '';
$options['end_date'] = date('Y-m-d H:i:s', time()-$options['after-days']*DAY_TIMESTAMP);
unset($options['after-days']);
}
if (!Toolbox::canUseLdap() || !countElementsInTable('glpi_authldaps')) {
echo "LDAP extension is not active or no LDAP directory defined";
}
$sql = "SELECT `id`, `name`
FROM `glpi_authldaps`
WHERE `is_active` = 1";
//Get the ldap server's id by his name
if ($options['ldapservers_id'] != NOT_AVAILABLE) {
$sql .= " AND `id` = '" . $options['ldapservers_id']."'";
}
$result = $DB->query($sql);
if (($DB->numrows($result) == 0)
&& ($_GET["ldapservers_id"] != NOT_AVAILABLE)) {
echo "LDAP Server not found";
} else {
foreach ($DB->request($sql) as $data) {
echo "Processing LDAP Server: ".$data['name'].", ID: ".$data['id']." \n";
$options['ldapservers_id'] = $data['id'];
import ($options);
}
}
/**
* Function to import or synchronise all the users from an ldap directory
*
* @param $options array
**/
function import(array $options) {
global $CFG_GLPI;
$results = [AuthLDAP::USER_IMPORTED => 0,
AuthLDAP::USER_SYNCHRONIZED => 0,
AuthLDAP::USER_DELETED_LDAP => 0];
//The ldap server id is passed in the script url (parameter server_id)
$limitexceeded = false;
$actions_to_do = [];
switch ($options['action']) {
case AuthLDAP::ACTION_IMPORT :
$actions_to_do = [AuthLDAP::ACTION_IMPORT];
break;
case AuthLDAP::ACTION_SYNCHRONIZE :
$actions_to_do = [AuthLDAP::ACTION_SYNCHRONIZE];
break;
case AuthLDAP::ACTION_ALL :
$actions_to_do = [AuthLDAP::ACTION_IMPORT, AuthLDAP::ACTION_ALL];
break;
}
foreach ($actions_to_do as $action_to_do) {
$options['mode'] = $action_to_do;
$options['authldaps_id'] = $options['ldapservers_id'];
$authldap = new \AuthLDAP();
$authldap->getFromDB($options['authldaps_id']);
$users = AuthLDAP::getAllUsers($options, $results, $limitexceeded);
$contact_ok = true;
if (is_array($users)) {
foreach ($users as $user) {
//check if user exists
$user_sync_field = null;
if ($authldap->isSyncFieldEnabled()) {
$sync_field = $authldap->fields['sync_field'];
if (isset($user[$sync_field])) {
$user_sync_field = $authldap::getFieldValue($user, $sync_field);
}
}
$dbuser = $authldap->getLdapExistingUser(
$user['user'],
$options['authldaps_id'],
$user_sync_field
);
if ($dbuser && $action_to_do == AuthLDAP::ACTION_IMPORT) {
continue;
}
$user_field = 'name';
$id_field = $authldap->fields['login_field'];
$value = $user['user'];
if ($authldap->isSyncFieldEnabled() && (!$dbuser || !empty($dbuser->fields['sync_field']))) {
$value = $user_sync_field;
$user_field = 'sync_field';
$id_field = $authldap->fields['sync_field'];
}
$result = AuthLDAP::ldapImportUserByServerId(
[
'method' => AuthLDAP::IDENTIFIER_LOGIN,
'value' => $value,
'identifier_field' => $id_field,
'user_field' => $user_field
],
$action_to_do,
$options['ldapservers_id']
);
if ($result) {
$results[$result['action']] += 1;
}
echo ".";
}
} else if (!$users) {
$contact_ok = false;
}
}
if ($limitexceeded) {
echo "\nLDAP Server size limit exceeded";
if ($CFG_GLPI['user_deleted_ldap']) {
echo ": user deletion disabled\n";
}
echo "\n";
}
if ($contact_ok) {
echo "\nImported: ".$results[AuthLDAP::USER_IMPORTED]."\n";
echo "Synchronized: ".$results[AuthLDAP::USER_SYNCHRONIZED]."\n";
echo "Deleted from LDAP: ".$results[AuthLDAP::USER_DELETED_LDAP]."\n";
} else {
echo "Cannot contact LDAP server!\n";
}
echo "\n\n";
}