mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-27 16:29:22 +01:00
need to report expired accounts as NOT active and add ability to copy shadowExpire attribute from LDAP to AD (not done by samba-tool classicupgrade!)
This commit is contained in:
parent
da0aa5864c
commit
025c6a4c22
@ -103,6 +103,7 @@ class addressbook_ads extends addressbook_ldap
|
|||||||
'account_id' => 'objectsid',
|
'account_id' => 'objectsid',
|
||||||
'account_lid' => 'samaccountname',
|
'account_lid' => 'samaccountname',
|
||||||
'contact_uid' => 'objectguid',
|
'contact_uid' => 'objectguid',
|
||||||
|
'accountexpires', 'useraccountcontrol', // needed to exclude deactivated or expired accounts
|
||||||
);
|
);
|
||||||
|
|
||||||
foreach($this->schema2egw as $schema => $attributes)
|
foreach($this->schema2egw as $schema => $attributes)
|
||||||
@ -182,6 +183,9 @@ class addressbook_ads extends addressbook_ldap
|
|||||||
// ignore system accounts
|
// ignore system accounts
|
||||||
if ($contact['account_id'] < accounts_ads::MIN_ACCOUNT_ID) return false;
|
if ($contact['account_id'] < accounts_ads::MIN_ACCOUNT_ID) return false;
|
||||||
|
|
||||||
|
// ignore deactivated or expired accounts
|
||||||
|
if (!$this->accounts_ads->user_active($data)) return false;
|
||||||
|
|
||||||
$this->_inetorgperson2egw($contact, $data);
|
$this->_inetorgperson2egw($contact, $data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -544,6 +544,8 @@ class accounts
|
|||||||
/**
|
/**
|
||||||
* test if an account is expired
|
* test if an account is expired
|
||||||
*
|
*
|
||||||
|
* Can be used static if array with user-data is supplied
|
||||||
|
*
|
||||||
* @param array $data=null array with account data, not specifying the account is depricated!!!
|
* @param array $data=null array with account data, not specifying the account is depricated!!!
|
||||||
* @return boolean true=expired (no more login possible), false otherwise
|
* @return boolean true=expired (no more login possible), false otherwise
|
||||||
*/
|
*/
|
||||||
@ -559,6 +561,8 @@ class accounts
|
|||||||
/**
|
/**
|
||||||
* Test if an account is active - NOT deactivated or expired
|
* Test if an account is active - NOT deactivated or expired
|
||||||
*
|
*
|
||||||
|
* Can be used static if array with user-data is supplied
|
||||||
|
*
|
||||||
* @param int|array $data account_id or array with account-data
|
* @param int|array $data account_id or array with account-data
|
||||||
* @return boolean false if account does not exist, is expired or decativated, true otherwise
|
* @return boolean false if account does not exist, is expired or decativated, true otherwise
|
||||||
*/
|
*/
|
||||||
@ -566,7 +570,7 @@ class accounts
|
|||||||
{
|
{
|
||||||
if (!is_array($data)) $data = $this->read($data);
|
if (!is_array($data)) $data = $this->read($data);
|
||||||
|
|
||||||
return $data && !($this->is_expired($data) || $data['account_status'] != 'A');
|
return $data && !(self::is_expired($data) || $data['account_status'] != 'A');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -486,11 +486,30 @@ class accounts_ads
|
|||||||
'account_modified' => !isset($data['whenchanged'][0]) ? null :
|
'account_modified' => !isset($data['whenchanged'][0]) ? null :
|
||||||
self::_when2ts($data['whenchanged'][0]),
|
self::_when2ts($data['whenchanged'][0]),
|
||||||
);
|
);
|
||||||
|
// expired accounts are NOT active
|
||||||
|
if ($user['account_expires'] !== -1 && $user['account_expires'] < time())
|
||||||
|
{
|
||||||
|
$user['account_status'] = false;
|
||||||
|
}
|
||||||
$user['person_id'] = $user['account_guid']; // id of contact
|
$user['person_id'] = $user['account_guid']; // id of contact
|
||||||
//error_log(__METHOD__."(".array2string($data).") returning ".array2string($user));
|
//error_log(__METHOD__."(".array2string($data).") returning ".array2string($user));
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if user is active
|
||||||
|
*
|
||||||
|
* @param array $data values for attributes 'useraccountcontrol' and 'accountexpires'
|
||||||
|
* @return boolean true if user is active, false otherwise
|
||||||
|
*/
|
||||||
|
public function user_active(array $data)
|
||||||
|
{
|
||||||
|
$user = $this->_ldap2user($data);
|
||||||
|
$active = accounts::is_active($user);
|
||||||
|
//error_log(__METHOD__."(cn={$data['cn'][0]}, useraccountcontrol={$data['useraccountcontrol'][0]}, accountexpires={$data['accountexpires'][0]}) user=".array2string($user)." returning ".array2string($active));
|
||||||
|
return $active;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Reads the data of one user
|
* Reads the data of one user
|
||||||
*
|
*
|
||||||
|
@ -400,7 +400,7 @@ function pear_check($package,$args)
|
|||||||
}
|
}
|
||||||
if ($pear_available && $package)
|
if ($pear_available && $package)
|
||||||
{
|
{
|
||||||
$file = str_replace('_','/',$package).'.php';
|
$file = str_replace('_','/',$package == 'Mail_Mime' ? 'Mail_mime' : $package).'.php';
|
||||||
|
|
||||||
$available = @include_once($file);
|
$available = @include_once($file);
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
* setup/setup-cli.php [--dry-run] --setup-cmd-ldap <domain>,<config-user>,<config-pw> sub_command=copy2ad \
|
* setup/setup-cli.php [--dry-run] --setup-cmd-ldap <domain>,<config-user>,<config-pw> sub_command=copy2ad \
|
||||||
* ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \
|
* ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \
|
||||||
* ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] \
|
* ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] \
|
||||||
* attributes=@inetOrgPerson,{smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop
|
* attributes=@inetOrgPerson,accountExpires=shadowExpire,{smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop
|
||||||
*
|
*
|
||||||
* - copies from samba-tool clasicupgrade not copied inetOrgPerson attributes and mail attributes to AD
|
* - copies from samba-tool clasicupgrade not copied inetOrgPerson attributes and mail attributes to AD
|
||||||
*/
|
*/
|
||||||
@ -333,6 +333,14 @@ class setup_cmd_ldap extends setup_cmd
|
|||||||
if ($value)
|
if ($value)
|
||||||
{
|
{
|
||||||
$to = isset($rename[$attr]) ? $rename[$attr] : $attr;
|
$to = isset($rename[$attr]) ? $rename[$attr] : $attr;
|
||||||
|
// special handling for copying shadowExpires to accountExpires (not set or 0 is handled by classicupgrade!)
|
||||||
|
if ($attr == 'shadowexpire' && strtolower($to) == 'accountexpires')
|
||||||
|
{
|
||||||
|
if (is_null($utc_diff)) $utc_diff = date('Z');
|
||||||
|
$value = $value*24*3600+$utc_diff; // ldap time to unixTime
|
||||||
|
$update['accountexpires'] = accounts_ads::convertUnixTimeToWindowsTime($value);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
unset($prefix);
|
unset($prefix);
|
||||||
if ($to[0] == '{') // eg. {smtp:}proxyAddresses=forwardTo
|
if ($to[0] == '{') // eg. {smtp:}proxyAddresses=forwardTo
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user