mirror of
				https://git.code.sf.net/p/seeddms/code
				synced 2025-10-25 10:11:18 +00:00 
			
		
		
		
	check for sync of groups from ldap
This commit is contained in:
		
							parent
							
								
									5de8c66d1f
								
							
						
					
					
						commit
						5a0410f68e
					
				|  | @ -29,7 +29,7 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { | |||
| 	var $settings; | ||||
| 
 | ||||
| 	protected function addUser($username, $info) { | ||||
| 		return $dms->addUser($username, null, $info['cn'][0], $info['mail'][0], $settings->_language, $settings->_theme, "", 0); | ||||
| 		return $this->dms->addUser($username, null, $info['cn'][0], $info['mail'][0], $settings->_language, $settings->_theme, "", 0); | ||||
| 	} | ||||
| 
 | ||||
| 	protected function updateUser($user, $info) { | ||||
|  | @ -41,6 +41,41 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { | |||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	protected function syncGroups($user, $ldapgroups) { | ||||
| 		$groupnames = []; | ||||
| 		$count = 0; | ||||
| 		if(isset($ldapgroups['count'])) | ||||
| 			$count = (int) $ldapgroups['count']; | ||||
| 		for ($i = 0; $i < $count; $i++) { | ||||
| 			$tmp = ldap_explode_dn($ldapgroups[$i], 1); | ||||
| 			if (!in_array($tmp[0], $groupnames)) { | ||||
| 				$groupnames[] = $tmp[0]; | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| 		/* Remove user from all groups not listed in LDAP */ | ||||
| 		$usergroups = $user->getGroups(); | ||||
| 		foreach($usergroups as $usergroup) { | ||||
| 			if(!in_array($usergroup->getName(), $groupnames)) | ||||
| 				$user->leaveGroup($usergroup); | ||||
| 		} | ||||
| 
 | ||||
| 		/* Add new groups and make user a member of it */ | ||||
| 		if($groupnames) { | ||||
| 			foreach($groupnames as $groupname) { | ||||
| 				$group = $this->dms->getGroupByName($groupname); | ||||
| 				if($group) { /* Group already exists, just join it */ | ||||
| 					$user->joinGroup($group); | ||||
| 				} else { /* Add group and join it */ | ||||
| 					$newgroup = $this->dms->addGroup($groupname, 'Added during LDAP Authentication'); | ||||
| 					if($newgroup) { | ||||
| 						$user->joinGroup($newgroup); | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
|   public function __construct($dms, $settings) { /* {{{ */ | ||||
|     $this->dms = $dms; | ||||
|     $this->settings = $settings; | ||||
|  | @ -164,6 +199,19 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication { | |||
| 						} else { | ||||
| 							$this->updateUser($user, $info[0]); | ||||
| 						} | ||||
| 						/* | ||||
| 						$this->syncGroups($user, [ | ||||
| 							'count'=>4, | ||||
| 							0=>'CN=vergussmaschine_networkfolder,OU=groups,OU=sanube,DC=SALLABERGER,DC=local', | ||||
| 							1=>'CN=Limesurvey,OU=groups,OU=sanube,DC=SALLABERGER,DC=local', | ||||
| 							2=>'CN=Altium365,OU=groups,OU=sanube,DC=SALLABERGER,DC=local', | ||||
| 							3=>'CN=Domain Admins,OU=groups,OU=sanube,DC=SALLABERGER,DC=local' | ||||
| 						] | ||||
| 						); | ||||
| 						 */ | ||||
| 						if(!empty($settings->_ldapGroupField) && !empty($info[0][$settings->_ldapGroupField])) { | ||||
| 							$this->syncGroups($user, $info[0][$settings->_ldapGroupField]); | ||||
| 						} | ||||
| 					} | ||||
| 				} | ||||
| 			} | ||||
|  |  | |||
|  | @ -337,6 +337,9 @@ class Settings { /* {{{ */ | |||
| 	// Used only by AD <username>@_ldapAccountDomainName will be used for a bind
 | ||||
| 	// when the user is validated
 | ||||
| 	var $_ldapAccountDomainName = ""; | ||||
| 	// Name of the ldap field containing the groups of the user, e.g. memeberOf
 | ||||
| 	// This field must contain the DN of the groups
 | ||||
| 	var $_ldapGroupField = ""; | ||||
| 	// Type of Ldap server: 0 = ldap; 1 = AD
 | ||||
| 	var $_ldapType = 1; | ||||
| 	// Additional filter when searching for the user. If not set, the user will be searched
 | ||||
|  | @ -653,6 +656,7 @@ class Settings { /* {{{ */ | |||
| 				$this->_ldapBindPw = strVal($connectorNode["bindPw"]); | ||||
| 				$this->_ldapType = 0; | ||||
| 				$this->_ldapFilter = strVal($connectorNode["filter"]); | ||||
| 				$this->_ldapGroupField = strVal($connectorNode["groupField"]); | ||||
| 			} | ||||
| 			else if ($params['enable'] && ($typeConn == "AD")) | ||||
| 			{ | ||||
|  | @ -664,6 +668,7 @@ class Settings { /* {{{ */ | |||
| 				$this->_ldapType = 1; | ||||
| 				$this->_ldapFilter = strVal($connectorNode["filter"]); | ||||
| 				$this->_ldapAccountDomainName = strVal($connectorNode["accountDomainName"]); | ||||
| 				$this->_ldapGroupField = strVal($connectorNode["groupField"]); | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Uwe Steinmann
						Uwe Steinmann