mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 01:13:25 +01:00
need to report expired accounts as NOT active and add ability to copy shadowExpire attribute from LDAP to AD (not done by samba-tool classicupgrade!)
This commit is contained in:
Ralf Becker
parent
da0aa5864c
commit
025c6a4c22
@ -103,6 +103,7 @@ class addressbook_ads extends addressbook_ldap
|
||||
'account_id' => 'objectsid',
|
||||
'account_lid' => 'samaccountname',
|
||||
'contact_uid' => 'objectguid',
|
||||
'accountexpires', 'useraccountcontrol', // needed to exclude deactivated or expired accounts
|
||||
);
|
||||
|
||||
foreach($this->schema2egw as $schema => $attributes)
|
||||
@ -182,6 +183,9 @@ class addressbook_ads extends addressbook_ldap
|
||||
// ignore system accounts
|
||||
if ($contact['account_id'] < accounts_ads::MIN_ACCOUNT_ID) return false;
|
||||
|
||||
// ignore deactivated or expired accounts
|
||||
if (!$this->accounts_ads->user_active($data)) return false;
|
||||
|
||||
$this->_inetorgperson2egw($contact, $data);
|
||||
}
|
||||
|
||||
|
||||
@ -544,6 +544,8 @@ class accounts
|
||||
/**
|
||||
* test if an account is expired
|
||||
*
|
||||
* Can be used static if array with user-data is supplied
|
||||
*
|
||||
* @param array $data=null array with account data, not specifying the account is depricated!!!
|
||||
* @return boolean true=expired (no more login possible), false otherwise
|
||||
*/
|
||||
@ -559,6 +561,8 @@ class accounts
|
||||
/**
|
||||
* Test if an account is active - NOT deactivated or expired
|
||||
*
|
||||
* Can be used static if array with user-data is supplied
|
||||
*
|
||||
* @param int|array $data account_id or array with account-data
|
||||
* @return boolean false if account does not exist, is expired or decativated, true otherwise
|
||||
*/
|
||||
@ -566,7 +570,7 @@ class accounts
|
||||
{
|
||||
if (!is_array($data)) $data = $this->read($data);
|
||||
|
||||
return $data && !($this->is_expired($data) || $data['account_status'] != 'A');
|
||||
return $data && !(self::is_expired($data) || $data['account_status'] != 'A');
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -486,11 +486,30 @@ class accounts_ads
|
||||
'account_modified' => !isset($data['whenchanged'][0]) ? null :
|
||||
self::_when2ts($data['whenchanged'][0]),
|
||||
);
|
||||
// expired accounts are NOT active
|
||||
if ($user['account_expires'] !== -1 && $user['account_expires'] < time())
|
||||
{
|
||||
$user['account_status'] = false;
|
||||
}
|
||||
$user['person_id'] = $user['account_guid']; // id of contact
|
||||
//error_log(__METHOD__."(".array2string($data).") returning ".array2string($user));
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if user is active
|
||||
*
|
||||
* @param array $data values for attributes 'useraccountcontrol' and 'accountexpires'
|
||||
* @return boolean true if user is active, false otherwise
|
||||
*/
|
||||
public function user_active(array $data)
|
||||
{
|
||||
$user = $this->_ldap2user($data);
|
||||
$active = accounts::is_active($user);
|
||||
//error_log(__METHOD__."(cn={$data['cn'][0]}, useraccountcontrol={$data['useraccountcontrol'][0]}, accountexpires={$data['accountexpires'][0]}) user=".array2string($user)." returning ".array2string($active));
|
||||
return $active;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reads the data of one user
|
||||
*
|
||||
|
||||
@ -400,7 +400,7 @@ function pear_check($package,$args)
|
||||
}
|
||||
if ($pear_available && $package)
|
||||
{
|
||||
$file = str_replace('_','/',$package).'.php';
|
||||
$file = str_replace('_','/',$package == 'Mail_Mime' ? 'Mail_mime' : $package).'.php';
|
||||
|
||||
$available = @include_once($file);
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
* setup/setup-cli.php [--dry-run] --setup-cmd-ldap <domain>,<config-user>,<config-pw> sub_command=copy2ad \
|
||||
* ldap_base=dc=local ldap_root_dn=cn=admin,dc=local ldap_root_pw=secret ldap_host=localhost \
|
||||
* ads_domain=samba4.intern [ads_admin_user=Administrator] ads_admin_pw=secret ads_host=ad.samba4.intern [ads_connection=(ssl|tls)] \
|
||||
* attributes=@inetOrgPerson,{smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop
|
||||
* attributes=@inetOrgPerson,accountExpires=shadowExpire,{smtp:}proxyAddresses=mail,{smtp:}proxyAddresses=mailalias,{quota:}proxyAddresses=mailuserquota,{forward:}proxyaddresses=maildrop
|
||||
*
|
||||
* - copies from samba-tool clasicupgrade not copied inetOrgPerson attributes and mail attributes to AD
|
||||
*/
|
||||
@ -333,6 +333,14 @@ class setup_cmd_ldap extends setup_cmd
|
||||
if ($value)
|
||||
{
|
||||
$to = isset($rename[$attr]) ? $rename[$attr] : $attr;
|
||||
// special handling for copying shadowExpires to accountExpires (not set or 0 is handled by classicupgrade!)
|
||||
if ($attr == 'shadowexpire' && strtolower($to) == 'accountexpires')
|
||||
{
|
||||
if (is_null($utc_diff)) $utc_diff = date('Z');
|
||||
$value = $value*24*3600+$utc_diff; // ldap time to unixTime
|
||||
$update['accountexpires'] = accounts_ads::convertUnixTimeToWindowsTime($value);
|
||||
continue;
|
||||
}
|
||||
unset($prefix);
|
||||
if ($to[0] == '{') // eg. {smtp:}proxyAddresses=forwardTo
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user