mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 01:13:25 +01:00
* LDAP/Univention: periodic account-import for Univention (mailPrimaryAddress), use LDAP account-filter for reading accounts too
also set chunk-size for reading to 500 was somehow 5, probably from debugging
This commit is contained in:
parent
fdb41a2276
commit
4136150cdb
@ -59,7 +59,7 @@ class Import
|
||||
$GLOBALS['egw_info']['server'] += Api\Config::read('phpgwapi');
|
||||
}
|
||||
|
||||
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads']))
|
||||
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads', 'univention']))
|
||||
{
|
||||
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
|
||||
}
|
||||
@ -154,7 +154,7 @@ class Import
|
||||
{
|
||||
try {
|
||||
// determine from where we migrate to what
|
||||
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads']))
|
||||
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads', 'univention']))
|
||||
{
|
||||
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
|
||||
}
|
||||
@ -168,7 +168,7 @@ class Import
|
||||
}
|
||||
if (!$initial_import && empty($GLOBALS['egw_info']['server']['account_import_lastrun']))
|
||||
{
|
||||
throw new \InvalidArgumentException(lang("You need to run the inital import first!"));
|
||||
throw new \InvalidArgumentException(lang("You need to run the initial import first!"));
|
||||
}
|
||||
|
||||
Api\Accounts::cache_invalidate(); // to not get any cached data eg. from the wrong backend
|
||||
@ -215,7 +215,7 @@ class Import
|
||||
$last_modified = null;
|
||||
$start_import = time();
|
||||
$cookie = '';
|
||||
$start = ['', 5, &$cookie]; // cookie must be a reference!
|
||||
$start = ['', 500, &$cookie]; // cookie must be a reference!
|
||||
do
|
||||
{
|
||||
foreach ($this->contacts->search('', false, '', 'account_lid', '', '', 'AND', $start, $filter) as $contact)
|
||||
@ -402,7 +402,7 @@ class Import
|
||||
}
|
||||
}
|
||||
// if requested, also set memberships
|
||||
if ($type === 'users+groups' && !$dry_run)
|
||||
if (in_array('groups', explode('+', $type)) && !$dry_run)
|
||||
{
|
||||
// LDAP backend does not query it automatic
|
||||
if (!isset($account['memberships']))
|
||||
@ -884,9 +884,14 @@ class Import
|
||||
{
|
||||
if (!($account = $this->accounts->read($ldap_id)))
|
||||
{
|
||||
$this->logger("Failed reading user '$account_lid' (#$ldap_id) from LDAP, maybe he is not contained in filter --> ignored", 'detail');
|
||||
$this->logger("Failed reading user '$account_lid' (#$ldap_id) from LDAP to set as member of group '$group', maybe he is not contained in filter --> ignored", 'detail');
|
||||
continue;
|
||||
}
|
||||
// LDAP backend does not query it automatic
|
||||
if (!isset($account['memberships']))
|
||||
{
|
||||
$account['memberships'] = $this->accounts->memberships($ldap_id);
|
||||
}
|
||||
if (!($contact = $this->contacts->read($account['person_id'])))
|
||||
{
|
||||
$this->logger("Error reading contact-data of user '$account_lid' (#$ldap_id)", 'error');
|
||||
@ -926,11 +931,11 @@ class Import
|
||||
$this->accounts_sql->set_memberships(array_filter(array_map(function($account_lid)
|
||||
{
|
||||
return $this->accounts_sql->name2id($account_lid);
|
||||
}, $account['memberships'])), $sql_account['account_id']);
|
||||
}, $account['memberships'] ?? [])), $sql_account['account_id']);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!($memberships = $this->accounts_sql->memberships($account_id)))
|
||||
if (($memberships = $this->accounts_sql->memberships($account_id)) === false)
|
||||
{
|
||||
$this->logger("Error reading memberships of (existing) user '$account_lid' (#$account_id)!", 'error');
|
||||
$errors++;
|
||||
|
@ -555,7 +555,10 @@ class Ldap
|
||||
*/
|
||||
protected function _read_user($account_id)
|
||||
{
|
||||
$sri = ldap_search($this->ds, $this->user_context, '(&(objectclass=posixAccount)(uidnumber=' . (int)$account_id.'))',
|
||||
// add account_filter to filter (user has to be '*', as we otherwise only search uid's)
|
||||
$account_filter = str_replace(array('%user', '%domain'), array('*', $GLOBALS['egw_info']['user']['domain']), $this->account_filter);
|
||||
|
||||
$sri = ldap_search($this->ds, $this->user_context, '(&(objectclass=posixAccount)(uidnumber=' . (int)$account_id.")$account_filter)",
|
||||
array('dn','uidnumber','uid','gidnumber','givenname','sn','cn',static::MAIL_ATTR,'userpassword','telephonenumber',
|
||||
'shadowexpire','shadowlastchange','homedirectory','loginshell','createtimestamp','modifytimestamp'));
|
||||
|
||||
@ -582,7 +585,7 @@ class Ldap
|
||||
// both status and expires are encoded in the single shadowexpire value in LDAP
|
||||
// - if it's unset an account is enabled AND does never expire
|
||||
// - if it's set to 0, the account is disabled
|
||||
// - if it's set to > 0, it will or already has expired --> acount is active if it not yet expired
|
||||
// - if it's set to > 0, it will or already has expired --> account is active if it not yet expired
|
||||
// shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60)
|
||||
'account_status' => isset($data['shadowexpire']) && $data['shadowexpire'][0]*24*3600+$utc_diff < time() ? false : 'A',
|
||||
'account_expires' => isset($data['shadowexpire']) && $data['shadowexpire'][0] ? $data['shadowexpire'][0]*24*3600+$utc_diff : -1, // LDAP date is in UTC
|
||||
|
@ -464,6 +464,7 @@
|
||||
<select name="newsettings[account_import_source]">
|
||||
<option value="ads" {selected_account_import_source_ads}>ADS</option>
|
||||
<option value="ldap" {selected_account_import_source_ldap}>LDAP</option>
|
||||
<option value="univention" {selected_account_import_source_univention}>Univention (LDAP)</option>
|
||||
</select>
|
||||
</td>
|
||||
</tr>
|
||||
|
Loading…
Reference in New Issue
Block a user