14require_once(
"auth-functions.php");
41 $host=$config[
'host'];
42 $port=$config[
'port'];
43 if(!function_exists(
'ldap_connect')){
44 $c->messages[] = i18n(
"drivers_ldap : function ldap_connect not defined, check your php_ldap module");
50 if (isset($config[
'protocolVersion']))
51 ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, $config[
'protocolVersion']);
52 if (isset($config[
'optReferrals']))
53 ldap_set_option($this->connect, LDAP_OPT_REFERRALS, $config[
'optReferrals']);
54 if (isset($config[
'networkTimeout']))
55 ldap_set_option($this->connect, LDAP_OPT_NETWORK_TIMEOUT, $config[
'networkTimeout']);
58 $this->connect=ldap_connect($host, $port);
60 $this->connect=ldap_connect($host);
62 if (! $this->connect){
63 $c->messages[] = sprintf(translate(
'drivers_ldap : Unable to connect to LDAP with port %s on host %s'), $port, $host );
68 dbg_error_log(
"LDAP",
"drivers_ldap : Connected to LDAP server %s",$host );
71 if (isset($config[
'startTLS'])) {
72 if (!ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, 3)) {
73 $c->messages[] = i18n(
'drivers_ldap : Failed to set LDAP to use protocol version 3, TLS not supported');
77 if (!ldap_start_tls($this->connect)) {
78 $c->messages[] = i18n(
'drivers_ldap : Could not start TLS: ldap_start_tls() failed');
85 if (!isset($config[
'scope'])) $config[
'scope'] =
'subtree';
86 switch (strtolower($config[
'scope'])) {
88 $this->ldap_query_one =
'ldap_read';
89 $this->ldap_query_all =
'ldap_read';
92 $this->ldap_query_one =
'ldap_list';
93 $this->ldap_query_all =
'ldap_search';
96 $this->ldap_query_one =
'ldap_search';
97 $this->ldap_query_all =
'ldap_search';
102 if (!ldap_bind($this->connect, (isset($config[
'bindDN']) ? $config[
'bindDN'] :
null), (isset($config[
'passDN']) ? $config[
'passDN'] :
null) ) ){
103 $bindDN = isset($config[
'bindDN']) ? $config[
'bindDN'] :
'anonymous';
104 $passDN = isset($config[
'passDN']) ? $config[
'passDN'] :
'anonymous';
105 dbg_error_log(
"LDAP", i18n(
'drivers_ldap : Failed to bind to host %1$s on port %2$s with bindDN of %3$s'), $host, $port, $bindDN );
106 $c->messages[] = i18n(
'drivers_ldap : Unable to bind to LDAP - check your configuration for bindDN and passDN, and that your LDAP server is reachable');
112 $this->baseDNUsers = is_string($config[
'baseDNUsers']) ? array($config[
'baseDNUsers']) : $config[
'baseDNUsers'];
113 $this->filterUsers = (isset($config[
'filterUsers']) ? $config[
'filterUsers'] :
null);
114 $this->baseDNGroups = (isset($config[
'baseDNGroups']) ? (is_string($config[
'baseDNGroups']) ? array($config[
'baseDNGroups']) : $config[
'baseDNGroups']) :
null);
115 $this->filterGroups = (isset($config[
'filterGroups']) ? $config[
'filterGroups'] :
null);
124 $query = $this->ldap_query_all;
127 foreach($this->baseDNUsers as $baseDNUsers) {
128 $entry = $query($this->connect,$baseDNUsers,$this->filterUsers,$attributes);
130 if (!ldap_first_entry($this->connect,$entry)) {
131 $c->messages[] = sprintf(translate(
'Error NoUserFound with filter >%s<, attributes >%s< , dn >%s<'),
133 join(
', ', $attributes),
137 for($i = ldap_first_entry($this->connect,$entry);
138 $i && $arr = ldap_get_attributes($this->connect,$i);
139 $i = ldap_next_entry($this->connect,$i) ) {
141 for ($j=0; $j < $arr[
'count']; $j++) {
142 $row[$arr[$j]] = $arr[$arr[$j]][0];
156 $query = $this->ldap_query_all;
159 foreach($this->baseDNGroups as $baseDNGroups) {
160 $entry = $query($this->connect,$baseDNGroups,$this->filterGroups,$attributes);
162 if (!ldap_first_entry($this->connect,$entry)) {
163 $c->messages[] = sprintf(translate(
'Error NoGroupFound with filter >%s<, attributes >%s< , dn >%s<'),
165 join(
', ', $attributes),
169 for($i = ldap_first_entry($this->connect,$entry);
170 $i && $arr = ldap_get_attributes($this->connect,$i);
171 $i = ldap_next_entry($this->connect,$i) ) {
172 for ($j=0; $j < $arr[
'count']; $j++) {
173 $row[$arr[$j]] = count($arr[$arr[$j]])>2?$arr[$arr[$j]]:$arr[$arr[$j]][0];
197 $query = $this->ldap_query_one;
198 # ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
200 foreach($this->baseDNUsers as $baseDNUsers) {
201 $entry = $query($this->connect, $baseDNUsers, $filter, $attributes);
203 if (ldap_first_entry($this->connect,$entry) )
206 dbg_error_log(
"LDAP",
"drivers_ldap : Failed to find user with baseDN: %s", $baseDNUsers );
209 if ( !ldap_first_entry($this->connect, $entry) ){
210 dbg_error_log(
"ERROR",
"drivers_ldap : Unable to find the user with filter %s",$filter );
213 dbg_error_log(
"LDAP",
"drivers_ldap : Found a user using filter %s",$filter );
216 $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
218 if ( isset($c->authenticate_hook[
'config'][
'i_use_mode_kerberos']) && $c->authenticate_hook[
'config'][
'i_use_mode_kerberos'] ==
"i_know_what_i_am_doing") {
219 if (isset($_SERVER[
"REMOTE_USER"])) {
220 dbg_error_log(
"LOG",
"drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER[
"REMOTE_USER"]);
221 if ($username != $_SERVER[
"REMOTE_USER"]) {
225 dbg_error_log(
"LOG",
"drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER[
"REDIRECT_REMOTE_USER"]);
226 if ($username != $_SERVER[
"REDIRECT_REMOTE_USER"]) {
231 else if ( empty($passwd) || preg_match(
'/[\x00-\x19]/',$passwd) ) {
233 dbg_error_log(
'LDAP',
'drivers_ldap : user %s supplied empty or invalid password: login rejected', $dnUser );
237 if ( !@ldap_bind($this->connect, $dnUser, $passwd) ) {
238 dbg_error_log(
"LDAP",
"drivers_ldap : Failed to bind to user %s ", $dnUser );
243 dbg_error_log(
"LDAP",
"drivers_ldap : Bound to user %s using password %s", $dnUser,
244 (isset($c->dbg[
'password']) && $c->dbg[
'password'] ? $passwd :
'another delicious password for the debugging monster!') );
246 $i = ldap_first_entry($this->connect,$entry);
247 $arr = ldap_get_attributes($this->connect,$i);
248 for( $i=0; $i<$arr[
'count']; $i++ ) {
249 $ret[$arr[$i]]=$arr[$arr[$i]][0];
260function getStaticLdap() {
266 if(!isset($instance)) {
267 $ldapDriver =
new ldapDriver($c->authenticate_hook[
'config']);
269 if ($ldapDriver->valid) {
270 $instance = $ldapDriver;
274 $ldapDriver = $instance;
284function sync_user_from_LDAP(
Principal &$principal, $mapping, $ldap_values ) {
287 dbg_error_log(
"LDAP",
"Going to sync the user from LDAP" );
289 $fields_to_set = array();
290 $updateable_fields = Principal::updateableFields();
291 foreach( $updateable_fields AS $field ) {
292 if ( isset($mapping[$field]) ) {
293 $tab_part_fields = explode(
',',$mapping[$field]);
294 foreach( $tab_part_fields as $part_field ) {
295 if ( isset($ldap_values[$part_field]) ) {
296 if (isset($fields_to_set[$field]) ) {
297 $fields_to_set[$field] .=
' '.$ldap_values[$part_field];
300 $fields_to_set[$field] = $ldap_values[$part_field];
304 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from LDAP field %s", $field, $fields_to_set[$field], $mapping[$field] );
306 else if ( isset($c->authenticate_hook[
'config'][
'default_value']) && is_array($c->authenticate_hook[
'config'][
'default_value'])
307 && isset($c->authenticate_hook[
'config'][
'default_value'][$field] ) ) {
308 $fields_to_set[$field] = $c->authenticate_hook[
'config'][
'default_value'][$field];
309 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from configured defaults", $field, $c->authenticate_hook[
'config'][
'default_value'][$field] );
313 if ( $principal->Exists() ) {
314 $principal->Update($fields_to_set);
317 $principal->Create($fields_to_set);
318 CreateHomeCollections($principal->username());
319 CreateDefaultRelationships($principal->username());
326function array_values_mapping($mapping){
328 foreach ( $mapping as $field ) {
329 $tab_part_field = explode(
",",$field);
330 foreach( $tab_part_field as $part_field ) {
331 $attributes[] = $part_field;
340function LDAP_check($username, $password ){
343 $ldapDriver = getStaticLdap();
344 if ( !$ldapDriver->valid ) {
346 $ldapDriver = getStaticLdap();
347 if ( !$ldapDriver->valid ) {
348 dbg_error_log(
"ERROR",
"Couldn't contact LDAP server for authentication" );
349 foreach($c->messages as $msg) {
350 dbg_error_log(
"ERROR",
"-> ".$msg );
352 header( sprintf(
"HTTP/1.1 %d %s", 503, translate(
"Authentication server unavailable.")) );
357 $mapping = $c->authenticate_hook[
'config'][
'mapping_field'];
358 if ( isset($mapping[
'active']) && !isset($mapping[
'user_active']) ) {
360 $mapping[
'user_active'] = $mapping[
'active'];
361 unset($mapping[
'active']);
363 if ( isset($mapping[
'updated']) && !isset($mapping[
'modified']) ) {
365 $mapping[
'modified'] = $mapping[
'updated'];
366 unset($mapping[
'updated']);
368 $attributes = array_values_mapping($mapping);
375 if ( preg_match(
'/^\(/', $ldapDriver->filterUsers ) ) {
376 $filter_munge = $ldapDriver->filterUsers;
378 else if ( isset($ldapDriver->filterUsers) && $ldapDriver->filterUsers !=
'' ) {
379 $filter_munge =
"($ldapDriver->filterUsers)";
382 $filter =
"(&$filter_munge(".$mapping[
'username'].
"=$username))";
383 $valid = $ldapDriver->requestUser( $filter, $attributes, $username, $password );
387 dbg_error_log(
"LDAP",
"user %s is not a valid user",$username );
391 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
392 $ldap_timestamp = $valid[$mapping[
'modified']];
394 $ldap_timestamp =
'19700101000000';
400 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v)
401 $$k = substr($ldap_timestamp,$v[0],$v[1]);
403 $ldap_timestamp =
"$Y".
"$m".
"$d".
"$H".
"$M".
"$S";
404 if ($mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
405 $valid[$mapping[
'modified']] =
"$Y-$m-$d $H:$M:$S";
408 $principal =
new Principal(
'username',$username);
409 if ( $principal->Exists() ) {
411 $db_timestamp = $principal->modified;
412 $db_timestamp = substr(strtr($db_timestamp, array(
':' =>
'',
' '=>
'',
'-'=>
'')),0,14);
413 if( $ldap_timestamp <= $db_timestamp ) {
419 dbg_error_log(
"LDAP",
"user %s doesn't exist in local DB, we need to create it",$username );
421 $principal->setUsername($username);
424 sync_user_from_LDAP( $principal, $mapping, $valid );
433function fix_unique_member($list) {
434 $fixed_list = array();
435 foreach ( $list as $member ){
436 array_unshift( $fixed_list, ldap_explode_dn($member,1)[0]);
444function sync_LDAP_groups(){
446 $ldapDriver = getStaticLdap();
447 if ( ! $ldapDriver->valid )
return;
449 $mapping = $c->authenticate_hook[
'config'][
'group_mapping_field'];
451 $attributes = array_values_mapping($mapping);
452 $ldap_groups_tmp = $ldapDriver->getAllGroups($attributes);
454 if (
sizeof($ldap_groups_tmp) == 0 )
return;
456 $member_field = $mapping[
'members'];
457 $dnfix = isset($c->authenticate_hook[
'config'][
'group_member_dnfix']) && $c->authenticate_hook[
'config'][
'group_member_dnfix'];
459 foreach($ldap_groups_tmp as $key => $ldap_group){
460 $group_mapping = $ldap_group[$mapping[
'username']];
461 $ldap_groups_info[$group_mapping] = $ldap_group;
462 if ( is_array($ldap_groups_info[$group_mapping][$member_field]) ) {
463 unset( $ldap_groups_info[$group_mapping][$member_field][
'count'] );
466 $ldap_groups_info[$group_mapping][$member_field] = array($ldap_groups_info[$group_mapping][$member_field]);
468 unset($ldap_groups_tmp[$key]);
470 $db_groups = array();
471 $db_group_members = array();
472 $qry =
new AwlQuery(
"SELECT g.username AS group_name, member.username AS member_name FROM dav_principal g LEFT JOIN group_member ON (g.principal_id=group_member.group_id) LEFT JOIN dav_principal member ON (member.principal_id=group_member.member_id) WHERE g.type_id = 3");
473 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
474 while($db_group = $qry->Fetch()) {
475 $db_groups[$db_group->group_name] = $db_group->group_name;
476 $db_group_members[$db_group->group_name][] = $db_group->member_name;
479 $ldap_groups = array_keys($ldap_groups_info);
482 $groups_to_create = array_diff($ldap_groups,$db_groups);
485 $groups_to_deactivate = array_diff($db_groups,$ldap_groups);
488 $groups_to_update = array_intersect($db_groups,$ldap_groups);
491 $groups_nothing_done[] =
null;
493 if (
sizeof ( $groups_to_create ) ){
494 $validUserFields = awl_get_fields(
'usr');
495 foreach ( $groups_to_create as $k => $group ){
496 if ( isset($c->do_not_sync_group_from_ldap) && isset($c->do_not_sync_group_from_ldap[$group]) ){
497 unset($groups_to_create[$k]);
498 $groups_nothing_done[] = $group;
502 $user = (object) array();
504 if ( isset($c->authenticate_hook[
'config'][
'default_value']) && is_array($c->authenticate_hook[
'config'][
'default_value']) ) {
505 foreach ( $c->authenticate_hook[
'config'][
'default_value'] as $field => $value ) {
506 if ( isset($validUserFields[$field]) ) {
507 $user->{$field} = $value;
508 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from configured defaults", $field, $value );
513 $ldap_values = $ldap_groups_info[$group];
514 foreach ( $mapping as $field => $value ) {
515 dbg_error_log(
"LDAP",
"Considering copying %s", $field );
516 if ( isset($validUserFields[$field]) ) {
517 $user->{$field} = $ldap_values[$value];
518 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from LDAP field %s", $field, $ldap_values[$value], $value );
521 if ($user->fullname==
"") {
522 $user->fullname = $group;
524 if ($user->displayname==
"") {
525 $user->displayname = $group;
527 $user->username = $group;
528 $user->updated =
"now";
530 $principal =
new Principal(
'username',$group);
531 if ( $principal->Exists() ) {
532 $principal->Update($user);
535 $principal->Create($user);
538 $qry =
new AwlQuery(
"UPDATE dav_principal set type_id = 3 WHERE username=:group ",array(
':group'=>$group) );
539 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
540 Principal::cacheDelete(
'username', $group);
542 $groups_to_update[] = $group;
544 $c->messages[] = sprintf( i18n(
'- creating groups : %s'), join(
', ',$groups_to_create) );
547 if (
sizeof ( $groups_to_update ) ){
548 $c->messages[] = sprintf(i18n(
'- updating groups : %s'),join(
', ',$groups_to_update));
549 foreach ( $groups_to_update as $group ){
550 $db_members = array_values ( $db_group_members[$group] );
551 $ldap_members = array_values ( $ldap_groups_info[$group][$member_field] );
552 if ( $member_field ==
'uniqueMember' || $dnfix ) {
553 $ldap_members = fix_unique_member( $ldap_members );
555 $add_users = array_diff ( $ldap_members, $db_members );
556 if (
sizeof ( $add_users ) ){
557 $c->messages[] = sprintf(i18n(
'- adding %s to group : %s'),join(
', ', $add_users ), $group);
558 foreach ( $add_users as $member ){
559 $qry =
new AwlQuery(
"INSERT INTO group_member SELECT g.principal_id AS group_id,u.principal_id AS member_id FROM dav_principal g, dav_principal u WHERE g.username=:group AND u.username=:member",array (
':group'=>$group,
':member'=>$member) );
560 $qry->Exec(
'sync_LDAP_groups',__LINE__,__FILE__);
561 Principal::cacheDelete(
'username', $member);
564 $remove_users = @array_flip( @array_flip( array_diff( $db_members, $ldap_members ) ));
565 if (
sizeof ( $remove_users ) ){
566 $c->messages[] = sprintf(i18n(
'- removing %s from group : %s'),join(
', ', $remove_users ), $group);
567 foreach ( $remove_users as $member ){
568 $qry =
new AwlQuery(
"DELETE FROM group_member USING dav_principal g,dav_principal m WHERE group_id=g.principal_id AND member_id=m.principal_id AND g.username=:group AND m.username=:member",array (
':group'=>$group,
':member'=>$member) );
569 $qry->Exec(
'sync_LDAP_groups',__LINE__,__FILE__);
570 Principal::cacheDelete(
'username', $member);
576 if (
sizeof ( $groups_to_deactivate ) ){
577 foreach ( $groups_to_deactivate as $k => $group ){
578 if ( isset($c->do_not_sync_group_from_ldap) && isset($c->do_not_sync_group_from_ldap[$group]) ){
579 unset($groups_to_deactivate[$k]);
580 $groups_nothing_done[] = $group;
582 $qry =
new AwlQuery(
'UPDATE dav_principal SET user_active=FALSE WHERE username=:group AND type_id = 3',array(
':group'=>$group) );
583 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
584 Principal::cacheFlush(
'username=:group AND type_id = 3', array(
':group'=>$group) );
587 if (
sizeof($groups_to_deactivate) )
588 $c->messages[] = sprintf(i18n(
'- deactivated groups : %s'), join(
', ',$groups_to_deactivate));
590 if (
sizeof($groups_nothing_done) )
591 $c->messages[] = sprintf( i18n(
'- nothing done on : %s'), join(
', ',$groups_nothing_done) );
600 $ldapDriver = getStaticLdap();
601 if ( ! $ldapDriver->valid )
return;
603 $mapping = $c->authenticate_hook[
'config'][
'mapping_field'];
604 $attributes = array_values_mapping($mapping);
605 $ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
607 if (
sizeof($ldap_users_tmp) == 0 )
return;
609 foreach($ldap_users_tmp as $key => $ldap_user){
610 if(!isset($ldap_user[$mapping[
'username']]))
continue;
611 $ldap_users_info[$ldap_user[$mapping[
'username']]] = $ldap_user;
612 unset($ldap_users_tmp[$key]);
614 $qry =
new AwlQuery(
"SELECT username, user_no, modified as updated , user_active FROM dav_principal where type_id=1");
615 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
616 while($db_user = $qry->Fetch()) {
617 $db_users[] = $db_user->username;
618 $db_users_info[$db_user->username] = array(
'user_no' => $db_user->user_no,
'updated' => $db_user->updated,
'user_active' => $db_user->user_active);
622 $ldap_users = array_keys($ldap_users_info);
624 $users_to_create = array_diff($ldap_users,$db_users);
626 $users_to_deactivate = array_diff($db_users,$ldap_users);
628 $users_to_update = array_intersect($db_users,$ldap_users);
631 if (
sizeof($users_to_create) ) {
632 foreach( $users_to_create as $k => $username ) {
633 if ( isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$username]) ) {
634 unset( $users_to_create[$k] );
635 $users_nothing_done[] = $username;
638 $principal =
new Principal(
'username', $username );
639 $valid = $ldap_users_info[$username];
640 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
641 $ldap_timestamp = $valid[$mapping[
'modified']];
643 $ldap_timestamp =
'19700101000000';
646 if ( !empty($c->authenticate_hook[
'config'][
'format_updated']) ) {
650 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v)
651 $$k = substr($ldap_timestamp,$v[0],$v[1]);
652 $ldap_timestamp = $Y.$m.$d.$H.$M.$S;
654 else if ( preg_match(
'{^(\d{8})(\d{6})(Z)?$', $ldap_timestamp, $matches ) ) {
655 $ldap_timestamp = $matches[1].
'T'.$matches[2].$matches[3];
657 else if ( empty($ldap_timestamp) ) {
658 $ldap_timestamp = date(
'c');
660 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
661 $valid[$mapping[
'modified']] = $ldap_timestamp;
664 sync_user_from_LDAP( $principal, $mapping, $valid );
666 $c->messages[] = sprintf( i18n(
'- creating record for users : %s'), join(
', ',$users_to_create) );
673 foreach( $users_to_deactivate as $k => $v ) {
674 if ( isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$v]) ) {
675 unset($users_to_deactivate[$k]);
676 $users_nothing_done[] = $v;
679 if ( $i > 0 ) $paramstring .=
',';
680 $paramstring .=
':u'.$i.
'::text';
681 $params[
':u'.$i++] = strtolower($v);
683 if ( count($params) > 0 ) {
684 $c->messages[] = sprintf(i18n(
'- deactivating users : %s'),join(
', ',$users_to_deactivate));
685 $qry =
new AwlQuery(
'UPDATE usr SET active = FALSE WHERE lower(username) IN ('.$paramstring.
')', $params);
686 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
688 Principal::cacheFlush(
'lower(username) IN ('.$paramstring.
')', $params);
692 if (
sizeof($users_to_update) ) {
693 foreach ( $users_to_update as $key=> $username ) {
694 $principal =
new Principal(
'username', $username );
695 $valid=$ldap_users_info[$username];
696 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
697 $ldap_timestamp = $valid[$mapping[
'modified']];
699 $ldap_timestamp =
'19700101000000';
702 $valid[
'user_no'] = $db_users_info[$username][
'user_no'];
703 $mapping[
'user_no'] =
'user_no';
708 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v) {
709 $$k = substr($ldap_timestamp,$v[0],$v[1]);
711 $ldap_timestamp = $Y.$m.$d.$H.$M.$S;
712 $valid[$mapping[
'modified']] =
"$Y-$m-$d $H:$M:$S";
714 $db_timestamp = substr(strtr($db_users_info[$username][
'updated'], array(
':' =>
'',
' '=>
'',
'-'=>
'')),0,14);
715 if ( $ldap_timestamp > $db_timestamp || !$db_users_info[$username][
'user_active']) {
716 $principal->user_active =
true;
717 sync_user_from_LDAP($principal, $mapping, $valid);
720 unset($users_to_update[$key]);
721 $users_nothing_done[] = $username;
724 if (
sizeof($users_to_update) )
725 $c->messages[] = sprintf(i18n(
'- updating user records : %s'),join(
', ',$users_to_update));
727 if (
sizeof($users_nothing_done) )
728 $c->messages[] = sprintf( i18n(
'- nothing done on : %s'), join(
', ',$users_nothing_done) );
732 $qry =
new AwlQuery(
"SELECT count(*) AS admins FROM usr JOIN role_member USING ( user_no ) JOIN roles USING (role_no) WHERE usr.active=TRUE AND role_name='Admin'");
733 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
734 while ( $db_user = $qry->Fetch() ) {
735 $admins = $db_user->admins;
737 if ( $admins == 0 ) {
738 $c->messages[] = sprintf(i18n(
'Warning: there are no active admin users! You should fix this before logging out. Consider using the $c->do_not_sync_from_ldap configuration setting.'));
requestUser( $filter, $attributes, $username, $passwd)
getAllGroups($attributes)