d9/d60/sync__groups__ldap2dolibarr_8php_source.html

#!/usr/bin/env php

<?php

if (!defined('NOSESSION')) {

  define('NOSESSION', '1');

}


$sapi_type = php_sapi_name();

$script_file = basename(__FILE__);

$path = __DIR__.'/';


// Test if batch mode

if (substr($sapi_type, 0, 3) == 'cgi') {

  echo "Error: You are using PHP for CGI. To execute ".$script_file." from command line, you must use PHP for CLI mode.\n";

  exit(-1);

}


require_once $path."../../htdocs/master.inc.php";

require_once DOL_DOCUMENT_ROOT."/core/lib/date.lib.php";

require_once DOL_DOCUMENT_ROOT."/core/class/ldap.class.php";

require_once DOL_DOCUMENT_ROOT."/user/class/user.class.php";

require_once DOL_DOCUMENT_ROOT."/user/class/usergroup.class.php";


$langs->loadLangs(array("main", "errors"));


// Global variables

$version = DOL_VERSION;

$error = 0;

$forcecommit = 0;

$confirmed = 0;


/*

 * Main

 */


@set_time_limit(0);

print "***** ".$script_file." (".$version.") pid=".dol_getmypid()." *****\n";

dol_syslog($script_file." launched with arg ".join(',', $argv));


// List of fields to get from LDAP

$required_fields = array(getDolGlobalString('LDAP_KEY_GROUPS'), getDolGlobalString('LDAP_GROUP_FIELD_FULLNAME'), getDolGlobalString('LDAP_GROUP_FIELD_DESCRIPTION'), getDolGlobalString('LDAP_GROUP_FIELD_GROUPMEMBERS'));


// Remove from required_fields all entries not configured in LDAP (empty) and duplicated

$required_fields = array_unique(array_values(array_filter($required_fields, "dolValidElement")));


if (!isset($argv[1])) {

  // print "Usage: $script_file (nocommitiferror|commitiferror) [id_group]\n";

  print "Usage:  $script_file (nocommitiferror|commitiferror) [--server=ldapserverhost] [--excludeuser=user1,user2...] [-y]\n";

  exit(-1);

}


foreach ($argv as $key => $val) {

  if ($val == 'commitiferror') {

    $forcecommit = 1;

  }

  if (preg_match('/--server=([^\s]+)$/', $val, $reg)) {

    $conf->global->LDAP_SERVER_HOST = $reg[1];

  }

  if (preg_match('/--excludeuser=([^\s]+)$/', $val, $reg)) {

    $excludeuser = explode(',', $reg[1]);

  }

  if (preg_match('/-y$/', $val, $reg)) {

    $confirmed = 1;

  }

}


print "Mails sending disabled (useless in batch mode)\n";

$conf->global->MAIN_DISABLE_ALL_MAILS = 1; // On bloque les mails

print "\n";

print "----- Synchronize all records from LDAP database:\n";

print "host=" . getDolGlobalString('LDAP_SERVER_HOST')."\n";

print "port=" . getDolGlobalString('LDAP_SERVER_PORT')."\n";

print "login=" . getDolGlobalString('LDAP_ADMIN_DN')."\n";

print "pass=".preg_replace('/./i', '*', getDolGlobalString('LDAP_ADMIN_PASS'))."\n";

print "DN to extract=" . getDolGlobalString('LDAP_GROUP_DN')."\n";

if (getDolGlobalString('LDAP_GROUP_FILTER')) {

  print 'Filter=(' . getDolGlobalString('LDAP_GROUP_FILTER').')'."\n"; // Note: filter is defined into function getRecords

} else {

  print 'Filter=(' . getDolGlobalString('LDAP_KEY_GROUPS').'=*)'."\n";

}

print "----- To Dolibarr database:\n";

print "type=".$conf->db->type."\n";

print "host=".$conf->db->host."\n";

print "port=".$conf->db->port."\n";

print "login=".$conf->db->user."\n";

print "database=".$conf->db->name."\n";

print "----- Options:\n";

print "commitiferror=".$forcecommit."\n";

print "Mapped LDAP fields=".join(',', $required_fields)."\n";

print "\n";


if (!$confirmed) {

  print "Hit Enter to continue or CTRL+C to stop...\n";

  $input = trim(fgets(STDIN));

}


if (!getDolGlobalString('LDAP_GROUP_DN')) {

  print $langs->trans("Error").': '.$langs->trans("LDAP setup for groups not defined inside Dolibarr");

  exit(-1);

}


$ldap = new Ldap();

$result = $ldap->connect_bind();

if ($result >= 0) {

  $justthese = array();


  // We disable synchro Dolibarr-LDAP

  $conf->global->LDAP_SYNCHRO_ACTIVE = 0;


  $ldaprecords = $ldap->getRecords('*', getDolGlobalString('LDAP_GROUP_DN'), getDolGlobalString('LDAP_KEY_GROUPS'), $required_fields, 'group', array(getDolGlobalString('LDAP_GROUP_FIELD_GROUPMEMBERS')));

  if (is_array($ldaprecords)) {

    $db->begin();


    // Warning $ldapuser has a key in lowercase

    foreach ($ldaprecords as $key => $ldapgroup) {

      $group = new UserGroup($db);

      $group->fetch('', $ldapgroup[getDolGlobalString('LDAP_KEY_GROUPS')]);

      $group->name = $ldapgroup[getDolGlobalString('LDAP_GROUP_FIELD_FULLNAME')];

      $group->nom = $group->name; // For backward compatibility

      $group->note = $ldapgroup[getDolGlobalString('LDAP_GROUP_FIELD_DESCRIPTION')];

      $group->entity = $conf->entity;


      // print_r($ldapgroup);


      if ($group->id > 0) { // Group update

        print $langs->transnoentities("GroupUpdate").' # '.$key.': name='.$group->name;

        $res = $group->update();


        if ($res > 0) {

          print ' --> Updated group id='.$group->id.' name='.$group->name;

        } else {

          $error++;

          print ' --> '.$res.' '.$group->error;

        }

        print "\n";

      } else { // Group creation

        print $langs->transnoentities("GroupCreate").' # '.$key.': name='.$group->name;

        $res = $group->create();


        if ($res > 0) {

          print ' --> Created group id='.$group->id.' name='.$group->name;

        } else {

          $error++;

          print ' --> '.$res.' '.$group->error;

        }

        print "\n";

      }


      // print_r($group);


      // Gestion des utilisateurs associés au groupe

      // 1 - Association des utilisateurs du groupe LDAP au groupe Dolibarr

      $userList = array();

      $userIdList = array();

      foreach ($ldapgroup[getDolGlobalString('LDAP_GROUP_FIELD_GROUPMEMBERS')] as $tmpkey => $userdn) {

        if ($tmpkey === 'count') {

          continue;

        }

        if (empty($userList[$userdn])) { // Récupération de l'utilisateur

          // Schéma rfc2307: les membres sont listés dans l'attribut memberUid sous form de login uniquement

          if (getDolGlobalString('LDAP_GROUP_FIELD_GROUPMEMBERS') === 'memberUid') {

            $userKey = array($userdn);

          } else { // Pour les autres schémas, les membres sont listés sous forme de DN complets

            $userFilter = explode(',', $userdn);

            $userKey = $ldap->getAttributeValues('('.$userFilter[0].')', getDolGlobalString('LDAP_KEY_USERS'));

          }

          if (!is_array($userKey)) {

            continue;

          }


          $fuser = new User($db);


          if (getDolGlobalString('LDAP_KEY_USERS') == getDolGlobalString('LDAP_FIELD_SID')) {

            $fuser->fetch('', '', $userKey[0]); // Chargement du user concerné par le SID

          } elseif (getDolGlobalString('LDAP_KEY_USERS') == getDolGlobalString('LDAP_FIELD_LOGIN')) {

            $fuser->fetch('', $userKey[0]); // Chargement du user concerné par le login

          }


          $userList[$userdn] = $fuser;

        } else {

          $fuser = &$userList[$userdn];

        }


        $userIdList[$userdn] = $fuser->id;


        // Ajout de l'utilisateur dans le groupe

        if (!in_array($fuser->id, array_keys($group->members))) {

          $fuser->SetInGroup($group->id, $group->entity);

          echo $fuser->login.' added'."\n";

        }

      }


      // 2 - Suppression des utilisateurs du groupe Dolibarr qui ne sont plus dans le groupe LDAP

      foreach ($group->members as $guser) {

        if (!in_array($guser->id, $userIdList)) {

          $guser->RemoveFromGroup($group->id, $group->entity);

          echo $guser->login.' removed'."\n";

        }

      }

    }


    if (!$error || $forcecommit) {

      if (!$error) {

        print $langs->transnoentities("NoErrorCommitIsDone")."\n";

      } else {

        print $langs->transnoentities("ErrorButCommitIsDone")."\n";

      }

      $db->commit();

    } else {

      print $langs->transnoentities("ErrorSomeErrorWereFoundRollbackIsDone", $error)."\n";

      $db->rollback();

    }

    print "\n";

  } else {

    dol_print_error('', $ldap->error);

    $error++;

  }

} else {

  dol_print_error('', $ldap->error);

  $error++;

}


exit($error);


function dolValidElement($element)

{

  return (trim($element) != '');

}


Ldap
Class to manage LDAP features.
Definition ldap.class.php:35

UserGroup
Class to manage user groups.
Definition usergroup.class.php:41

User
Class to manage Dolibarr users.
Definition user.class.php:48

dol_getmypid
dol_getmypid()
Return getmypid() or random PID when function is disabled Some web hosts disable this php function fo...
Definition functions.lib.php:10552

dol_print_error
dol_print_error($db='', $error='', $errors=null)
Displays error message system with all the information to facilitate the diagnosis and the escalation...
Definition functions.lib.php:5352

getDolGlobalString
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition functions.lib.php:151

dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:1862

dolValidElement
dolValidElement($element)
Function to say if a value is empty or not.
Definition sync_groups_ldap2dolibarr.php:256