Created
May 16, 2020 15:26
-
-
Save Leboubou111/5a0b87643e7a66bc1a5a7dc9ce4c0b4f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env php | |
<?php | |
/** | |
* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org> | |
* Copyright (C) 2006-2012 Laurent Destailleur <eldy@users.sourceforge.net> | |
* | |
* This program is free software; you can redistribute it and/or modify | |
* it under the terms of the GNU General Public License as published by | |
* the Free Software Foundation; either version 3 of the License, or | |
* (at your option) any later version. | |
* | |
* This program is distributed in the hope that it will be useful, | |
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
* GNU General Public License for more details. | |
* | |
* You should have received a copy of the GNU General Public License | |
* along with this program. If not, see <https://www.gnu.org/licenses/>. | |
*/ | |
/** | |
* \file scripts/user/sync_users_ldap2dolibarr.php | |
* \ingroup ldap member | |
* \brief Script to update users into Dolibarr from LDAP | |
*/ | |
$sapi_type = php_sapi_name(); | |
$script_file = basename(__FILE__); | |
$path = __DIR__ . '/'; | |
// Test if batch mode | |
if (substr($sapi_type, 0, 3) == 'cgi') { | |
echo "Error: You are using PHP for CGI. To execute " . $script_file . " from command line, you must use PHP for CLI mode.\n"; | |
exit(- 1); | |
} | |
require_once $path . "../../htdocs/master.inc.php"; | |
require_once DOL_DOCUMENT_ROOT . "/core/lib/date.lib.php"; | |
require_once DOL_DOCUMENT_ROOT . "/core/class/ldap.class.php"; | |
require_once DOL_DOCUMENT_ROOT . "/user/class/user.class.php"; | |
$langs->loadLangs(array("main","errors")); | |
// Global variables | |
$version = DOL_VERSION; | |
$error = 0; | |
$forcecommit = 0; | |
$excludeuser = array(); | |
$confirmed = 0; | |
/* | |
* Main | |
*/ | |
@set_time_limit(0); | |
print "***** " . $script_file . " (" . $version . ") pid=" . dol_getmypid() . " *****\n"; | |
dol_syslog($script_file . " launched with arg " . join(',', $argv)); | |
// List of fields to get from LDAP | |
$required_fields = array( | |
$conf->global->LDAP_KEY_USERS, | |
$conf->global->LDAP_FIELD_FULLNAME, | |
$conf->global->LDAP_FIELD_NAME, | |
$conf->global->LDAP_FIELD_FIRSTNAME, | |
$conf->global->LDAP_FIELD_LOGIN, | |
$conf->global->LDAP_FIELD_LOGIN_SAMBA, | |
$conf->global->LDAP_FIELD_PASSWORD, | |
$conf->global->LDAP_FIELD_PASSWORD_CRYPTED, | |
$conf->global->LDAP_FIELD_PHONE, | |
$conf->global->LDAP_FIELD_FAX, | |
$conf->global->LDAP_FIELD_MOBILE, | |
$conf->global->LDAP_FIELD_ADDRESS, | |
$conf->global->LDAP_FIELD_ZIP, | |
$conf->global->LDAP_FIELD_TOWN, | |
$conf->global->LDAP_FIELD_COUNTRY, | |
$conf->global->LDAP_FIELD_MAIL, | |
$conf->global->LDAP_FIELD_TITLE, | |
$conf->global->LDAP_FIELD_DESCRIPTION, | |
$conf->global->LDAP_FIELD_SID); | |
// Remove from required_fields all entries not configured in LDAP (empty) and duplicated | |
$required_fields = array_unique(array_values(array_filter($required_fields, "dolValidElement"))); | |
if (! isset($argv[1])) { | |
print "Usage: $script_file (nocommitiferror|commitiferror) [--server=ldapserverhost] [--excludeuser=user1,user2...] [-y]\n"; | |
exit(- 1); | |
} | |
foreach ($argv as $key => $val) { | |
if ($val == 'commitiferror') | |
$forcecommit = 1; | |
if (preg_match('/--server=([^\s]+)$/', $val, $reg)) | |
$conf->global->LDAP_SERVER_HOST = $reg[1]; | |
if (preg_match('/--excludeuser=([^\s]+)$/', $val, $reg)) | |
$excludeuser = explode(',', $reg[1]); | |
if (preg_match('/-y$/', $val, $reg)) | |
$confirmed = 1; | |
} | |
print "Mails sending disabled (useless in batch mode)\n"; | |
$conf->global->MAIN_DISABLE_ALL_MAILS = 1; // On bloque les mails | |
print "\n"; | |
print "----- Synchronize all records from LDAP database:\n"; | |
print "host=" . $conf->global->LDAP_SERVER_HOST . "\n"; | |
print "port=" . $conf->global->LDAP_SERVER_PORT . "\n"; | |
print "login=" . $conf->global->LDAP_ADMIN_DN . "\n"; | |
print "pass=" . preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS) . "\n"; | |
print "DN to extract=" . $conf->global->LDAP_USER_DN . "\n"; | |
if (! empty($conf->global->LDAP_FILTER_CONNECTION)) | |
print 'Filter=(' . $conf->global->LDAP_FILTER_CONNECTION . ')' . "\n"; // Note: filter is defined into function getRecords | |
else | |
print 'Filter=(' . $conf->global->LDAP_KEY_USERS . '=*)' . "\n"; | |
print "----- To Dolibarr database:\n"; | |
print "type=" . $conf->db->type . "\n"; | |
print "host=" . $conf->db->host . "\n"; | |
print "port=" . $conf->db->port . "\n"; | |
print "login=" . $conf->db->user . "\n"; | |
print "database=" . $conf->db->name . "\n"; | |
print "----- Options:\n"; | |
print "commitiferror=" . $forcecommit . "\n"; | |
print "excludeuser=" . join(',', $excludeuser) . "\n"; | |
print "Mapped LDAP fields=" . join(',', $required_fields) . "\n"; | |
print "\n"; | |
if (! $confirmed) { | |
print "Hit Enter to continue or CTRL+C to stop...\n"; | |
$input = trim(fgets(STDIN)); | |
} | |
if (empty($conf->global->LDAP_USER_DN)) { | |
print $langs->trans("Error") . ': ' . $langs->trans("LDAP setup for users not defined inside Dolibarr"); | |
exit(- 1); | |
} | |
// Load table of correspondence of countries | |
$hashlib2rowid = array(); | |
$countries = array(); | |
$sql = "SELECT rowid, code, label, active"; | |
$sql .= " FROM " . MAIN_DB_PREFIX . "c_country"; | |
$sql .= " WHERE active = 1"; | |
$sql .= " ORDER BY code ASC"; | |
$resql = $db->query($sql); | |
if ($resql) { | |
$num = $db->num_rows($resql); | |
$i = 0; | |
if ($num) { | |
while ($i < $num) { | |
$obj = $db->fetch_object($resql); | |
if ($obj) { | |
// print 'Load cache for country '.strtolower($obj->label).' rowid='.$obj->rowid."\n"; | |
$hashlib2rowid[strtolower($obj->label)] = $obj->rowid; | |
$countries[$obj->rowid] = array('rowid' => $obj->rowid,'label' => $obj->label,'code' => $obj->code); | |
} | |
$i ++; | |
} | |
} | |
} else { | |
dol_print_error($db); | |
exit(- 1); | |
} | |
$ldap = new Ldap(); | |
$result = $ldap->connect_bind(); | |
if ($result >= 0) { | |
$justthese = array(); | |
// We disable synchro Dolibarr-LDAP | |
$conf->global->LDAP_SYNCHRO_ACTIVE = 0; | |
if ($conf->global->LDAP_SERVER_TYPE == 'activedirectory') { | |
$ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_USER_DN, 'cn', $required_fields, 'user'); // Fiter on 'user' filter param | |
} else { | |
$ldaprecords = $ldap->getRecords('*', $conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 'user'); // Fiter on 'user' filter param | |
} | |
if (is_array($ldaprecords)) { | |
$db->begin(); | |
// Warning $ldapuser has a key in lowercase | |
foreach ($ldaprecords as $key => $ldapuser) { | |
// If login into exclude list, we discard record | |
if (in_array($ldapuser[$conf->global->LDAP_FIELD_LOGIN], $excludeuser)) { | |
print $langs->transnoentities("UserDiscarded") . ' # ' . $key . ': login=' . $ldapuser[$conf->global->LDAP_FIELD_LOGIN] . ' --> Discarded' . "\n"; | |
continue; | |
} | |
$fuser = new User($db); | |
if ($conf->global->LDAP_KEY_USERS == $conf->global->LDAP_FIELD_SID) { | |
$fuser->fetch('', '', $ldapuser[$conf->global->LDAP_KEY_USERS]); // Chargement du user concerné par le SID | |
} elseif ($conf->global->LDAP_KEY_USERS == $conf->global->LDAP_FIELD_LOGIN) { | |
$fuser->fetch('', $ldapuser[$conf->global->LDAP_KEY_USERS]); // Chargement du user concerné par le login | |
} | |
// Propriete membre | |
$fuser->firstname = $ldapuser[$conf->global->LDAP_FIELD_FIRSTNAME]; | |
$fuser->lastname = $ldapuser[$conf->global->LDAP_FIELD_NAME]; | |
$fuser->login = $ldapuser[$conf->global->LDAP_FIELD_LOGIN]; | |
$fuser->pass = $ldapuser[$conf->global->LDAP_FIELD_PASSWORD]; | |
$fuser->pass_indatabase_crypted = $ldapuser[$conf->global->LDAP_FIELD_PASSWORD_CRYPTED]; | |
// $user->societe; | |
$fuser->address=$ldapuser[$conf->global->LDAP_FIELD_ADDRESS]; | |
$fuser->zip=$ldapuser[$conf->global->LDAP_FIELD_ZIP]; | |
$fuser->town=$ldapuser[$conf->global->LDAP_FIELD_TOWN]; | |
$fuser->country=$ldapuser[$conf->global->LDAP_FIELD_COUNTRY]; | |
$fuser->country_id=$countries[$hashlib2rowid[strtolower($fuser->country)]]['rowid']; | |
$fuser->country_code=$countries[$hashlib2rowid[strtolower($fuser->country)]]['code']; | |
$fuser->office_phone = $ldapuser[$conf->global->LDAP_FIELD_PHONE]; | |
$fuser->user_mobile = $ldapuser[$conf->global->LDAP_FIELD_MOBILE]; | |
$fuser->office_fax = $ldapuser[$conf->global->LDAP_FIELD_FAX]; | |
$fuser->email = $ldapuser[$conf->global->LDAP_FIELD_MAIL]; | |
$fuser->ldap_sid = $ldapuser[$conf->global->LDAP_FIELD_SID]; | |
$fuser->job = $ldapuser[$conf->global->LDAP_FIELD_TITLE]; | |
$fuser->note = $ldapuser[$conf->global->LDAP_FIELD_DESCRIPTION]; | |
$fuser->admin = 0; | |
$fuser->societe_id = 0; | |
$fuser->contact_id = 0; | |
$fuser->fk_member = 0; | |
$fuser->statut = 1; | |
// TODO : revoir la gestion du status | |
/* | |
* if (isset($ldapuser[$conf->global->LDAP_FIELD_MEMBER_STATUS])) | |
* { | |
* $fuser->datec=dol_stringtotime($ldapuser[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE]); | |
* $fuser->datevalid=dol_stringtotime($ldapuser[$conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE]); | |
* $fuser->statut=$ldapuser[$conf->global->LDAP_FIELD_MEMBER_STATUS]; | |
* } | |
*/ | |
// if ($fuser->statut > 1) $fuser->statut=1; | |
// print_r($ldapuser); | |
if ($fuser->id > 0) { // User update | |
print $langs->transnoentities("UserUpdate") . ' # ' . $key . ': login=' . $fuser->login . ', fullname=' . $fuser->getFullName($langs); | |
$res = $fuser->update($user); | |
if ($res < 0) { | |
$error ++; | |
print ' --> ' . $res . ' ' . $fuser->error; | |
} else { | |
print ' --> Updated user id=' . $fuser->id . ' login=' . $fuser->login; | |
} | |
} else { // User creation | |
print $langs->transnoentities("UserCreate") . ' # ' . $key . ': login=' . $fuser->login . ', fullname=' . $fuser->getFullName($langs); | |
$res = $fuser->create($user); | |
if ($res > 0) { | |
print ' --> Created user id=' . $fuser->id . ' login=' . $fuser->login; | |
} else { | |
$error ++; | |
print ' --> ' . $res . ' ' . $fuser->error; | |
} | |
} | |
print "\n"; | |
// print_r($fuser); | |
// Gestion des groupes | |
// TODO : revoir la gestion des groupes (ou script de sync groupes) | |
/* | |
* if(!$error) { | |
* foreach ($ldapuser[$conf->global->LDAP_FIELD_USERGROUPS] as $groupdn) { | |
* $groupdn; | |
* } | |
* } | |
*/ | |
} | |
if (! $error || $forcecommit) { | |
if (! $error) | |
print $langs->transnoentities("NoErrorCommitIsDone") . "\n"; | |
else | |
print $langs->transnoentities("ErrorButCommitIsDone") . "\n"; | |
$db->commit(); | |
} else { | |
print $langs->transnoentities("ErrorSomeErrorWereFoundRollbackIsDone", $error) . "\n"; | |
$db->rollback(); | |
} | |
print "\n"; | |
} else { | |
dol_print_error('', $ldap->error); | |
$error ++; | |
} | |
} else { | |
dol_print_error('', $ldap->error); | |
$error ++; | |
} | |
exit($error); | |
/** | |
* Function to say if a value is empty or not | |
* | |
* @param string $element Value to test | |
* @return boolean True of false | |
*/ | |
function dolValidElement($element) | |
{ | |
return (trim($element) != ''); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment