extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-21 23:43:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

* LDAP/Univention: periodic account-import for Univention (mailPrimaryAddress), use LDAP account-filter for reading accounts too

Browse Source 
also set chunk-size for reading to 500 was somehow 5, probably from debugging
This commit is contained in:
ralf 2023-03-25 21:36:39 +01:00
parent fdb41a2276
commit 4136150cdb
3 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
api/src/Accounts/Import.php
View File

@ -59,7 +59,7 @@ class Import
$GLOBALS['egw_info']['server'] += Api\Config::read('phpgwapi'); $GLOBALS['egw_info']['server'] += Api\Config::read('phpgwapi');
} }
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads'])) if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads', 'univention']))
{ {
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!"); throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
} }
@ -154,7 +154,7 @@ class Import
{ {
try { try {
// determine from where we migrate to what // determine from where we migrate to what
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads'])) if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads', 'univention']))
{ {
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!"); throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
} }
@ -168,7 +168,7 @@ class Import
} }
if (!$initial_import && empty($GLOBALS['egw_info']['server']['account_import_lastrun'])) if (!$initial_import && empty($GLOBALS['egw_info']['server']['account_import_lastrun']))
{ {
throw new \InvalidArgumentException(lang("You need to run the inital import first!")); throw new \InvalidArgumentException(lang("You need to run the initial import first!"));
} }
Api\Accounts::cache_invalidate(); // to not get any cached data eg. from the wrong backend Api\Accounts::cache_invalidate(); // to not get any cached data eg. from the wrong backend
@ -215,7 +215,7 @@ class Import
$last_modified = null; $last_modified = null;
$start_import = time(); $start_import = time();
$cookie = ''; $cookie = '';
$start = ['', 5, &$cookie]; // cookie must be a reference! $start = ['', 500, &$cookie]; // cookie must be a reference!
do do
{ {
foreach ($this->contacts->search('', false, '', 'account_lid', '', '', 'AND', $start, $filter) as $contact) foreach ($this->contacts->search('', false, '', 'account_lid', '', '', 'AND', $start, $filter) as $contact)
@ -402,7 +402,7 @@ class Import
} }
} }
// if requested, also set memberships // if requested, also set memberships
if ($type === 'users+groups' && !$dry_run) if (in_array('groups', explode('+', $type)) && !$dry_run)
{ {
// LDAP backend does not query it automatic // LDAP backend does not query it automatic
if (!isset($account['memberships'])) if (!isset($account['memberships']))
@ -884,9 +884,14 @@ class Import
{ {
if (!($account = $this->accounts->read($ldap_id))) if (!($account = $this->accounts->read($ldap_id)))
{ {
$this->logger("Failed reading user '$account_lid' (#$ldap_id) from LDAP, maybe he is not contained in filter --> ignored", 'detail'); $this->logger("Failed reading user '$account_lid' (#$ldap_id) from LDAP to set as member of group '$group', maybe he is not contained in filter --> ignored", 'detail');
continue; continue;
} }
// LDAP backend does not query it automatic
if (!isset($account['memberships']))
{
$account['memberships'] = $this->accounts->memberships($ldap_id);
}
if (!($contact = $this->contacts->read($account['person_id']))) if (!($contact = $this->contacts->read($account['person_id'])))
{ {
$this->logger("Error reading contact-data of user '$account_lid' (#$ldap_id)", 'error'); $this->logger("Error reading contact-data of user '$account_lid' (#$ldap_id)", 'error');
@ -926,11 +931,11 @@ class Import
$this->accounts_sql->set_memberships(array_filter(array_map(function($account_lid) $this->accounts_sql->set_memberships(array_filter(array_map(function($account_lid)
{ {
return $this->accounts_sql->name2id($account_lid); return $this->accounts_sql->name2id($account_lid);
}, $account['memberships'])), $sql_account['account_id']); }, $account['memberships'] ?? [])), $sql_account['account_id']);
} }
else else
{ {
if (!($memberships = $this->accounts_sql->memberships($account_id))) if (($memberships = $this->accounts_sql->memberships($account_id)) === false)
{ {
$this->logger("Error reading memberships of (existing) user '$account_lid' (#$account_id)!", 'error'); $this->logger("Error reading memberships of (existing) user '$account_lid' (#$account_id)!", 'error');
$errors++; $errors++;

7
api/src/Accounts/Ldap.php
View File

@ -555,7 +555,10 @@ class Ldap
*/ */
protected function _read_user($account_id) protected function _read_user($account_id)
{ {
$sri = ldap_search($this->ds, $this->user_context, '(&(objectclass=posixAccount)(uidnumber=' . (int)$account_id.'))', // add account_filter to filter (user has to be '*', as we otherwise only search uid's)
$account_filter = str_replace(array('%user', '%domain'), array('*', $GLOBALS['egw_info']['user']['domain']), $this->account_filter);
$sri = ldap_search($this->ds, $this->user_context, '(&(objectclass=posixAccount)(uidnumber=' . (int)$account_id.")$account_filter)",
array('dn','uidnumber','uid','gidnumber','givenname','sn','cn',static::MAIL_ATTR,'userpassword','telephonenumber', array('dn','uidnumber','uid','gidnumber','givenname','sn','cn',static::MAIL_ATTR,'userpassword','telephonenumber',
'shadowexpire','shadowlastchange','homedirectory','loginshell','createtimestamp','modifytimestamp')); 'shadowexpire','shadowlastchange','homedirectory','loginshell','createtimestamp','modifytimestamp'));
@ -582,7 +585,7 @@ class Ldap
// both status and expires are encoded in the single shadowexpire value in LDAP // both status and expires are encoded in the single shadowexpire value in LDAP
// - if it's unset an account is enabled AND does never expire // - if it's unset an account is enabled AND does never expire
// - if it's set to 0, the account is disabled // - if it's set to 0, the account is disabled
// - if it's set to > 0, it will or already has expired --> acount is active if it not yet expired // - if it's set to > 0, it will or already has expired --> account is active if it not yet expired
// shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60) // shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60)
'account_status' => isset($data['shadowexpire']) && $data['shadowexpire'][0]*24*3600+$utc_diff < time() ? false : 'A', 'account_status' => isset($data['shadowexpire']) && $data['shadowexpire'][0]*24*3600+$utc_diff < time() ? false : 'A',
'account_expires' => isset($data['shadowexpire']) && $data['shadowexpire'][0] ? $data['shadowexpire'][0]*24*3600+$utc_diff : -1, // LDAP date is in UTC 'account_expires' => isset($data['shadowexpire']) && $data['shadowexpire'][0] ? $data['shadowexpire'][0]*24*3600+$utc_diff : -1, // LDAP date is in UTC

1
setup/templates/default/config.tpl
View File

@ -464,6 +464,7 @@
<select name="newsettings[account_import_source]"> <select name="newsettings[account_import_source]">
<option value="ads" {selected_account_import_source_ads}>ADS</option> <option value="ads" {selected_account_import_source_ads}>ADS</option>
<option value="ldap" {selected_account_import_source_ldap}>LDAP</option> <option value="ldap" {selected_account_import_source_ldap}>LDAP</option>
<option value="univention" {selected_account_import_source_univention}>Univention (LDAP)</option>
</select> </select>
</td> </td>
</tr> </tr>