check for sync of groups from ldap

2025-05-13 13:11:31 +00:00 · 2023-08-17 13:51:02 +02:00 · 2023-08-17 13:51:02 +02:00 · 5a0410f68e
commit 5a0410f68e
parent 5de8c66d1f
2 changed files with 54 additions and 1 deletions
--- a/inc/inc.ClassLdapAuthentication.php
+++ b/inc/inc.ClassLdapAuthentication.php
@ -29,7 +29,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
 	var $settings;
 	protected function addUser($username, $info) {
-		return $dms->addUser($username, null, $info['cn'][0], $info['mail'][0], $settings->_language, $settings->_theme, "", 0);
+		return $this->dms->addUser($username, null, $info['cn'][0], $info['mail'][0], $settings->_language, $settings->_theme, "", 0);
 	}
 	protected function updateUser($user, $info) {
@ -41,6 +41,41 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
 		}
 	}
 	protected function syncGroups($user, $ldapgroups) {
 		$groupnames = [];
 		$count = 0;
 		if(isset($ldapgroups['count']))
 			$count = (int) $ldapgroups['count'];
 		for ($i = 0; $i < $count; $i++) {
 			$tmp = ldap_explode_dn($ldapgroups[$i], 1);
 			if (!in_array($tmp[0], $groupnames)) {
 				$groupnames[] = $tmp[0];
 			}
 		}
 		/* Remove user from all groups not listed in LDAP */
 		$usergroups = $user->getGroups();
 		foreach($usergroups as $usergroup) {
 			if(!in_array($usergroup->getName(), $groupnames))
 				$user->leaveGroup($usergroup);
 		}
 		/* Add new groups and make user a member of it */
 		if($groupnames) {
 			foreach($groupnames as $groupname) {
 				$group = $this->dms->getGroupByName($groupname);
 				if($group) { /* Group already exists, just join it */
 					$user->joinGroup($group);
 				} else { /* Add group and join it */
 					$newgroup = $this->dms->addGroup($groupname, 'Added during LDAP Authentication');
 					if($newgroup) {
 						$user->joinGroup($newgroup);
 					}
 				}
 			}
 		}
 	}
  public function __construct($dms, $settings) { /* {{{ */
    $this->dms = $dms;
    $this->settings = $settings;
@ -164,6 +199,19 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
 						} else {
 							$this->updateUser($user, $info[0]);
 						}
 						/*
 						$this->syncGroups($user, [
 							'count'=>4,
 							0=>'CN=vergussmaschine_networkfolder,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
 							1=>'CN=Limesurvey,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
 							2=>'CN=Altium365,OU=groups,OU=sanube,DC=SALLABERGER,DC=local',
 							3=>'CN=Domain Admins,OU=groups,OU=sanube,DC=SALLABERGER,DC=local'
 						]
 						);
 						 */
 						if(!empty($settings->_ldapGroupField) && !empty($info[0][$settings->_ldapGroupField])) {
 							$this->syncGroups($user, $info[0][$settings->_ldapGroupField]);
 						}
 					}
 				}
 			}
--- a/inc/inc.ClassSettings.php
+++ b/inc/inc.ClassSettings.php
@ -337,6 +337,9 @@ class Settings { /* {{{ */
 	// Used only by AD <username>@_ldapAccountDomainName will be used for a bind
 	// when the user is validated
 	var $_ldapAccountDomainName = "";
 	// Name of the ldap field containing the groups of the user, e.g. memeberOf
 	// This field must contain the DN of the groups
 	var $_ldapGroupField = "";
 	// Type of Ldap server: 0 = ldap; 1 = AD
 	var $_ldapType = 1;
 	// Additional filter when searching for the user. If not set, the user will be searched
@ -653,6 +656,7 @@ class Settings { /* {{{ */
 				$this->_ldapBindPw = strVal($connectorNode["bindPw"]);
 				$this->_ldapType = 0;
 				$this->_ldapFilter = strVal($connectorNode["filter"]);
 				$this->_ldapGroupField = strVal($connectorNode["groupField"]);
 			}
 			else if ($params['enable'] && ($typeConn == "AD"))
 			{
@ -664,6 +668,7 @@ class Settings { /* {{{ */
 				$this->_ldapType = 1;
 				$this->_ldapFilter = strVal($connectorNode["filter"]);
 				$this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]);
 				$this->_ldapGroupField = strVal($connectorNode["groupField"]);
 			}
 		}