14 require_once(
"auth-functions.php");
41 $host=$config[
'host'];
42 $port=$config[
'port'];
43 if(!function_exists(
'ldap_connect')){
44 $c->messages[] = i18n(
"drivers_ldap : function ldap_connect not defined, check your php_ldap module");
50 if (isset($config[
'protocolVersion']))
51 ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, $config[
'protocolVersion']);
52 if (isset($config[
'optReferrals']))
53 ldap_set_option($this->connect, LDAP_OPT_REFERRALS, $config[
'optReferrals']);
54 if (isset($config[
'networkTimeout']))
55 ldap_set_option($this->connect, LDAP_OPT_NETWORK_TIMEOUT, $config[
'networkTimeout']);
58 $this->connect=ldap_connect($host, $port);
60 $this->connect=ldap_connect($host);
62 if (! $this->connect){
63 $c->messages[] = sprintf(translate(
'drivers_ldap : Unable to connect to LDAP with port %s on host %s'), $port, $host );
68 dbg_error_log(
"LDAP",
"drivers_ldap : Connected to LDAP server %s",$host );
71 if (isset($config[
'startTLS'])) {
72 if (!ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, 3)) {
73 $c->messages[] = i18n(
'drivers_ldap : Failed to set LDAP to use protocol version 3, TLS not supported');
77 if (!ldap_start_tls($this->connect)) {
78 $c->messages[] = i18n(
'drivers_ldap : Could not start TLS: ldap_start_tls() failed');
85 if (!isset($config[
'scope'])) $config[
'scope'] =
'subtree';
86 switch (strtolower($config[
'scope'])) {
88 $this->ldap_query_one =
'ldap_read';
89 $this->ldap_query_all =
'ldap_read';
92 $this->ldap_query_one =
'ldap_list';
93 $this->ldap_query_all =
'ldap_search';
96 $this->ldap_query_one =
'ldap_search';
97 $this->ldap_query_all =
'ldap_search';
102 if (!ldap_bind($this->connect, (isset($config[
'bindDN']) ? $config[
'bindDN'] : null), (isset($config[
'passDN']) ? $config[
'passDN'] : null) ) ){
103 $bindDN = isset($config[
'bindDN']) ? $config[
'bindDN'] :
'anonymous';
104 $passDN = isset($config[
'passDN']) ? $config[
'passDN'] :
'anonymous';
105 dbg_error_log(
"LDAP", i18n(
'drivers_ldap : Failed to bind to host %1$s on port %2$s with bindDN of %3$s'), $host, $port, $bindDN );
106 $c->messages[] = i18n(
'drivers_ldap : Unable to bind to LDAP - check your configuration for bindDN and passDN, and that your LDAP server is reachable');
112 $this->baseDNUsers = is_string($config[
'baseDNUsers']) ? array($config[
'baseDNUsers']) : $config[
'baseDNUsers'];
113 $this->filterUsers = (isset($config[
'filterUsers']) ? $config[
'filterUsers'] : null);
114 $this->baseDNGroups = is_string($config[
'baseDNGroups']) ? array($config[
'baseDNGroups']) : $config[
'baseDNGroups'];
115 $this->filterGroups = (isset($config[
'filterGroups']) ? $config[
'filterGroups'] : null);
124 $query = $this->ldap_query_all;
127 foreach($this->baseDNUsers as $baseDNUsers) {
128 $entry = $query($this->connect,$baseDNUsers,$this->filterUsers,$attributes);
130 if (!ldap_first_entry($this->connect,$entry)) {
131 $c->messages[] = sprintf(translate(
'Error NoUserFound with filter >%s<, attributes >%s< , dn >%s<'),
133 join(
', ', $attributes),
137 for($i = ldap_first_entry($this->connect,$entry);
138 $i && $arr = ldap_get_attributes($this->connect,$i);
139 $i = ldap_next_entry($this->connect,$i) ) {
141 for ($j=0; $j < $arr[
'count']; $j++) {
142 $row[$arr[$j]] = $arr[$arr[$j]][0];
156 $query = $this->ldap_query_all;
159 foreach($this->baseDNGroups as $baseDNGroups) {
160 $entry = $query($this->connect,$baseDNGroups,$this->filterGroups,$attributes);
162 if (!ldap_first_entry($this->connect,$entry)) {
163 $c->messages[] = sprintf(translate(
'Error NoGroupFound with filter >%s<, attributes >%s< , dn >%s<'),
165 join(
', ', $attributes),
169 for($i = ldap_first_entry($this->connect,$entry);
170 $i && $arr = ldap_get_attributes($this->connect,$i);
171 $i = ldap_next_entry($this->connect,$i) ) {
172 for ($j=0; $j < $arr[
'count']; $j++) {
173 $row[$arr[$j]] = count($arr[$arr[$j]])>2?$arr[$arr[$j]]:$arr[$arr[$j]][0];
190 function requestUser( $filter, $attributes=NULL, $username, $passwd) {
195 $query = $this->ldap_query_one;
197 foreach($this->baseDNUsers as $baseDNUsers) {
198 $entry = $query($this->connect, $baseDNUsers, $filter, $attributes);
200 if (ldap_first_entry($this->connect,$entry) )
203 dbg_error_log(
"LDAP",
"drivers_ldap : Failed to find user with baseDN: %s", $baseDNUsers );
206 if ( !ldap_first_entry($this->connect, $entry) ){
207 dbg_error_log(
"ERROR",
"drivers_ldap : Unable to find the user with filter %s",$filter );
210 dbg_error_log(
"LDAP",
"drivers_ldap : Found a user using filter %s",$filter );
213 $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
215 if ( isset($c->authenticate_hook[
'config'][
'i_use_mode_kerberos']) && $c->authenticate_hook[
'config'][
'i_use_mode_kerberos'] ==
"i_know_what_i_am_doing") {
216 if (isset($_SERVER[
"REMOTE_USER"])) {
217 dbg_error_log(
"LOG",
"drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER[
"REMOTE_USER"]);
218 if ($username != $_SERVER[
"REMOTE_USER"]) {
222 dbg_error_log(
"LOG",
"drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER[
"REDIRECT_REMOTE_USER"]);
223 if ($username != $_SERVER[
"REDIRECT_REMOTE_USER"]) {
228 else if ( empty($passwd) || preg_match(
'/[\x00-\x19]/',$passwd) ) {
230 dbg_error_log(
'LDAP',
'drivers_ldap : user %s supplied empty or invalid password: login rejected', $dnUser );
234 if ( !@ldap_bind($this->connect, $dnUser, $passwd) ) {
235 dbg_error_log(
"LDAP",
"drivers_ldap : Failed to bind to user %s ", $dnUser );
240 dbg_error_log(
"LDAP",
"drivers_ldap : Bound to user %s using password %s", $dnUser,
241 (isset($c->dbg[
'password']) && $c->dbg[
'password'] ? $passwd :
'another delicious password for the debugging monster!') );
243 $i = ldap_first_entry($this->connect,$entry);
244 $arr = ldap_get_attributes($this->connect,$i);
245 for( $i=0; $i<$arr[
'count']; $i++ ) {
246 $ret[$arr[$i]]=$arr[$arr[$i]][0];
257 function getStaticLdap() {
263 if(!isset($instance)) {
264 $ldapDriver =
new ldapDriver($c->authenticate_hook[
'config']);
266 if ($ldapDriver->valid) {
267 $instance = $ldapDriver;
271 $ldapDriver = $instance;
281 function sync_user_from_LDAP(
Principal &$principal, $mapping, $ldap_values ) {
284 dbg_error_log(
"LDAP",
"Going to sync the user from LDAP" );
286 $fields_to_set = array();
287 $updateable_fields = Principal::updateableFields();
288 foreach( $updateable_fields AS $field ) {
289 if ( isset($mapping[$field]) ) {
290 $tab_part_fields = explode(
',',$mapping[$field]);
291 foreach( $tab_part_fields as $part_field ) {
292 if ( isset($ldap_values[$part_field]) ) {
293 if (isset($fields_to_set[$field]) ) {
294 $fields_to_set[$field] .=
' '.$ldap_values[$part_field];
297 $fields_to_set[$field] = $ldap_values[$part_field];
301 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from LDAP field %s", $field, $fields_to_set[$field], $mapping[$field] );
303 else if ( isset($c->authenticate_hook[
'config'][
'default_value']) && is_array($c->authenticate_hook[
'config'][
'default_value'])
304 && isset($c->authenticate_hook[
'config'][
'default_value'][$field] ) ) {
305 $fields_to_set[$field] = $c->authenticate_hook[
'config'][
'default_value'][$field];
306 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from configured defaults", $field, $c->authenticate_hook[
'config'][
'default_value'][$field] );
310 if ( $principal->Exists() ) {
311 $principal->Update($fields_to_set);
314 $principal->Create($fields_to_set);
315 CreateHomeCollections($principal->
username());
316 CreateDefaultRelationships($principal->
username());
323 function array_values_mapping($mapping){
325 foreach ( $mapping as $field ) {
326 $tab_part_field = explode(
",",$field);
327 foreach( $tab_part_field as $part_field ) {
328 $attributes[] = $part_field;
337 function LDAP_check($username, $password ){
340 $ldapDriver = getStaticLdap();
341 if ( !$ldapDriver->valid ) {
343 $ldapDriver = getStaticLdap();
344 if ( !$ldapDriver->valid ) {
345 dbg_error_log(
"ERROR",
"Couldn't contact LDAP server for authentication" );
346 foreach($c->messages as $msg) {
347 dbg_error_log(
"ERROR",
"-> ".$msg );
349 header( sprintf(
"HTTP/1.1 %d %s", 503, translate(
"Authentication server unavailable.")) );
354 $mapping = $c->authenticate_hook[
'config'][
'mapping_field'];
355 if ( isset($mapping[
'active']) && !isset($mapping[
'user_active']) ) {
357 $mapping[
'user_active'] = $mapping[
'active'];
358 unset($mapping[
'active']);
360 if ( isset($mapping[
'updated']) && !isset($mapping[
'modified']) ) {
362 $mapping[
'modified'] = $mapping[
'updated'];
363 unset($mapping[
'updated']);
365 $attributes = array_values_mapping($mapping);
372 if ( preg_match(
'/^\(/', $ldapDriver->filterUsers ) ) {
373 $filter_munge = $ldapDriver->filterUsers;
375 else if ( isset($ldapDriver->filterUsers) && $ldapDriver->filterUsers !=
'' ) {
376 $filter_munge =
"($ldapDriver->filterUsers)";
379 $filter =
"(&$filter_munge(".$mapping[
'username'].
"=$username))";
380 $valid = $ldapDriver->requestUser( $filter, $attributes, $username, $password );
384 dbg_error_log(
"LDAP",
"user %s is not a valid user",$username );
388 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
389 $ldap_timestamp = $valid[$mapping[
'modified']];
391 $ldap_timestamp =
'19700101000000';
397 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v)
398 $$k = substr($ldap_timestamp,$v[0],$v[1]);
400 $ldap_timestamp =
"$Y".
"$m".
"$d".
"$H".
"$M".
"$S";
401 if ($mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
402 $valid[$mapping[
'modified']] =
"$Y-$m-$d $H:$M:$S";
405 $principal =
new Principal(
'username',$username);
406 if ( $principal->Exists() ) {
408 $db_timestamp = $principal->modified;
409 $db_timestamp = substr(strtr($db_timestamp, array(
':' =>
'',
' '=>
'',
'-'=>
'')),0,14);
410 if( $ldap_timestamp <= $db_timestamp ) {
416 dbg_error_log(
"LDAP",
"user %s doesn't exist in local DB, we need to create it",$username );
421 sync_user_from_LDAP( $principal, $mapping, $valid );
430 function fix_unique_member($list) {
431 $fixed_list = array();
432 foreach ( $list as $member ){
433 array_unshift( $fixed_list, ldap_explode_dn($member,1)[0]);
441 function sync_LDAP_groups(){
443 $ldapDriver = getStaticLdap();
444 if ( ! $ldapDriver->valid )
return;
446 $mapping = $c->authenticate_hook[
'config'][
'group_mapping_field'];
448 $attributes = array_values_mapping($mapping);
449 $ldap_groups_tmp = $ldapDriver->getAllGroups($attributes);
451 if (
sizeof($ldap_groups_tmp) == 0 )
return;
453 $member_field = $mapping[
'members'];
454 $dnfix = isset($c->authenticate_hook[
'config'][
'group_member_dnfix']) && $c->authenticate_hook[
'config'][
'group_member_dnfix'];
456 foreach($ldap_groups_tmp as $key => $ldap_group){
457 $group_mapping = $ldap_group[$mapping[
'username']];
458 $ldap_groups_info[$group_mapping] = $ldap_group;
459 if ( is_array($ldap_groups_info[$group_mapping][$member_field]) ) {
460 unset( $ldap_groups_info[$group_mapping][$member_field][
'count'] );
463 $ldap_groups_info[$group_mapping][$member_field] = array($ldap_groups_info[$group_mapping][$member_field]);
465 unset($ldap_groups_tmp[$key]);
467 $db_groups = array();
468 $db_group_members = array();
469 $qry =
new AwlQuery(
"SELECT g.username AS group_name, member.username AS member_name FROM dav_principal g LEFT JOIN group_member ON (g.principal_id=group_member.group_id) LEFT JOIN dav_principal member ON (member.principal_id=group_member.member_id) WHERE g.type_id = 3");
470 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
471 while($db_group = $qry->Fetch()) {
472 $db_groups[$db_group->group_name] = $db_group->group_name;
473 $db_group_members[$db_group->group_name][] = $db_group->member_name;
476 $ldap_groups = array_keys($ldap_groups_info);
478 $groups_to_create = array_diff($ldap_groups,$db_groups);
480 $groups_to_deactivate = array_diff($db_groups,$ldap_groups);
482 $groups_to_update = array_intersect($db_groups,$ldap_groups);
484 if (
sizeof ( $groups_to_create ) ){
485 $validUserFields = awl_get_fields(
'usr');
486 foreach ( $groups_to_create as $k => $group ){
487 if ( isset($c->do_not_sync_group_from_ldap) && isset($c->do_not_sync_group_from_ldap[$group]) ){
488 unset($groups_to_create[$k]);
489 $groups_nothing_done[] = $group;
493 $user = (object) array();
495 if ( isset($c->authenticate_hook[
'config'][
'default_value']) && is_array($c->authenticate_hook[
'config'][
'default_value']) ) {
496 foreach ( $c->authenticate_hook[
'config'][
'default_value'] as $field => $value ) {
497 if ( isset($validUserFields[$field]) ) {
498 $user->{$field} = $value;
499 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from configured defaults", $field, $value );
504 $ldap_values = $ldap_groups_info[$group];
505 foreach ( $mapping as $field => $value ) {
506 dbg_error_log(
"LDAP",
"Considering copying %s", $field );
507 if ( isset($validUserFields[$field]) ) {
508 $user->{$field} = $ldap_values[$value];
509 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from LDAP field %s", $field, $ldap_values[$value], $value );
512 if ($user->fullname==
"") {
513 $user->fullname = $group;
515 if ($user->displayname==
"") {
516 $user->displayname = $group;
518 $user->username = $group;
519 $user->updated =
"now";
521 $principal =
new Principal(
'username',$group);
522 if ( $principal->Exists() ) {
523 $principal->Update($user);
526 $principal->Create($user);
529 $qry =
new AwlQuery(
"UPDATE dav_principal set type_id = 3 WHERE username=:group ",array(
':group'=>$group) );
530 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
531 Principal::cacheDelete(
'username', $group);
533 $groups_to_update[] = $group;
535 $c->messages[] = sprintf( i18n(
'- creating groups : %s'), join(
', ',$groups_to_create) );
538 if (
sizeof ( $groups_to_update ) ){
539 $c->messages[] = sprintf(i18n(
'- updating groups : %s'),join(
', ',$groups_to_update));
540 foreach ( $groups_to_update as $group ){
541 $db_members = array_values ( $db_group_members[$group] );
542 $ldap_members = array_values ( $ldap_groups_info[$group][$member_field] );
543 if ( $member_field ==
'uniqueMember' || $dnfix ) {
544 $ldap_members = fix_unique_member( $ldap_members );
546 $add_users = array_diff ( $ldap_members, $db_members );
547 if (
sizeof ( $add_users ) ){
548 $c->messages[] = sprintf(i18n(
'- adding %s to group : %s'),join(
', ', $add_users ), $group);
549 foreach ( $add_users as $member ){
550 $qry =
new AwlQuery(
"INSERT INTO group_member SELECT g.principal_id AS group_id,u.principal_id AS member_id FROM dav_principal g, dav_principal u WHERE g.username=:group AND u.username=:member",array (
':group'=>$group,
':member'=>$member) );
551 $qry->Exec(
'sync_LDAP_groups',__LINE__,__FILE__);
552 Principal::cacheDelete(
'username', $member);
555 $remove_users = @array_flip( @array_flip( array_diff( $db_members, $ldap_members ) ));
556 if (
sizeof ( $remove_users ) ){
557 $c->messages[] = sprintf(i18n(
'- removing %s from group : %s'),join(
', ', $remove_users ), $group);
558 foreach ( $remove_users as $member ){
559 $qry =
new AwlQuery(
"DELETE FROM group_member USING dav_principal g,dav_principal m WHERE group_id=g.principal_id AND member_id=m.principal_id AND g.username=:group AND m.username=:member",array (
':group'=>$group,
':member'=>$member) );
560 $qry->Exec(
'sync_LDAP_groups',__LINE__,__FILE__);
561 Principal::cacheDelete(
'username', $member);
567 if (
sizeof ( $groups_to_deactivate ) ){
568 foreach ( $groups_to_deactivate as $k => $group ){
569 if ( isset($c->do_not_sync_group_from_ldap) && isset($c->do_not_sync_group_from_ldap[$group]) ){
570 unset($groups_to_deactivate[$k]);
571 $groups_nothing_done[] = $group;
573 $qry =
new AwlQuery(
'UPDATE dav_principal SET user_active=FALSE WHERE username=:group AND type_id = 3',array(
':group'=>$group) );
574 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
575 Principal::cacheFlush(
'username=:group AND type_id = 3', array(
':group'=>$group) );
578 if (
sizeof($groups_to_deactivate) )
579 $c->messages[] = sprintf(i18n(
'- deactivated groups : %s'), join(
', ',$groups_to_deactivate));
581 if (
sizeof($groups_nothing_done) )
582 $c->messages[] = sprintf( i18n(
'- nothing done on : %s'), join(
', ',$groups_nothing_done) );
589 function sync_LDAP(){
591 $ldapDriver = getStaticLdap();
592 if ( ! $ldapDriver->valid )
return;
594 $mapping = $c->authenticate_hook[
'config'][
'mapping_field'];
595 $attributes = array_values_mapping($mapping);
596 $ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
598 if (
sizeof($ldap_users_tmp) == 0 )
return;
600 foreach($ldap_users_tmp as $key => $ldap_user){
601 if(!isset($ldap_user[$mapping[
'username']]))
continue;
602 $ldap_users_info[$ldap_user[$mapping[
'username']]] = $ldap_user;
603 unset($ldap_users_tmp[$key]);
605 $qry =
new AwlQuery(
"SELECT username, user_no, modified as updated , user_active FROM dav_principal where type_id=1");
606 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
607 while($db_user = $qry->Fetch()) {
608 $db_users[] = $db_user->username;
609 $db_users_info[$db_user->username] = array(
'user_no' => $db_user->user_no,
'updated' => $db_user->updated,
'user_active' => $db_user->user_active);
613 $ldap_users = array_keys($ldap_users_info);
615 $users_to_create = array_diff($ldap_users,$db_users);
617 $users_to_deactivate = array_diff($db_users,$ldap_users);
619 $users_to_update = array_intersect($db_users,$ldap_users);
622 if (
sizeof($users_to_create) ) {
623 foreach( $users_to_create as $k => $username ) {
624 if ( isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$username]) ) {
625 unset( $users_to_create[$k] );
626 $users_nothing_done[] = $username;
629 $principal =
new Principal(
'username', $username );
630 $valid = $ldap_users_info[$username];
631 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
632 $ldap_timestamp = $valid[$mapping[
'modified']];
634 $ldap_timestamp =
'19700101000000';
637 if ( !empty($c->authenticate_hook[
'config'][
'format_updated']) ) {
641 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v)
642 $$k = substr($ldap_timestamp,$v[0],$v[1]);
643 $ldap_timestamp = $Y.$m.$d.$H.$M.$S;
645 else if ( preg_match(
'{^(\d{8})(\d{6})(Z)?$', $ldap_timestamp, $matches ) ) {
646 $ldap_timestamp = $matches[1].
'T'.$matches[2].$matches[3];
648 else if ( empty($ldap_timestamp) ) {
649 $ldap_timestamp = date(
'c');
651 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
652 $valid[$mapping[
'modified']] = $ldap_timestamp;
655 sync_user_from_LDAP( $principal, $mapping, $valid );
657 $c->messages[] = sprintf( i18n(
'- creating record for users : %s'), join(
', ',$users_to_create) );
664 foreach( $users_to_deactivate as $k => $v ) {
665 if ( isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$v]) ) {
666 unset($users_to_deactivate[$k]);
667 $users_nothing_done[] = $v;
670 if ( $i > 0 ) $paramstring .=
',';
671 $paramstring .=
':u'.$i.
'::text';
672 $params[
':u'.$i++] = strtolower($v);
674 if ( count($params) > 0 ) {
675 $c->messages[] = sprintf(i18n(
'- deactivating users : %s'),join(
', ',$users_to_deactivate));
676 $qry =
new AwlQuery(
'UPDATE usr SET active = FALSE WHERE lower(username) IN ('.$paramstring.
')', $params);
677 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
679 Principal::cacheFlush(
'lower(username) IN ('.$paramstring.
')', $params);
683 if (
sizeof($users_to_update) ) {
684 foreach ( $users_to_update as $key=> $username ) {
685 $principal =
new Principal(
'username', $username );
686 $valid=$ldap_users_info[$username];
687 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
688 $ldap_timestamp = $valid[$mapping[
'modified']];
690 $ldap_timestamp =
'19700101000000';
693 $valid[
'user_no'] = $db_users_info[$username][
'user_no'];
694 $mapping[
'user_no'] =
'user_no';
699 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v) {
700 $$k = substr($ldap_timestamp,$v[0],$v[1]);
702 $ldap_timestamp = $Y.$m.$d.$H.$M.$S;
703 $valid[$mapping[
'modified']] =
"$Y-$m-$d $H:$M:$S";
705 $db_timestamp = substr(strtr($db_users_info[$username][
'updated'], array(
':' =>
'',
' '=>
'',
'-'=>
'')),0,14);
706 if ( $ldap_timestamp > $db_timestamp || !$db_users_info[$username][
'user_active']) {
707 $principal->user_active =
true;
708 sync_user_from_LDAP($principal, $mapping, $valid);
711 unset($users_to_update[$key]);
712 $users_nothing_done[] = $username;
715 if (
sizeof($users_to_update) )
716 $c->messages[] = sprintf(i18n(
'- updating user records : %s'),join(
', ',$users_to_update));
718 if (
sizeof($users_nothing_done) )
719 $c->messages[] = sprintf( i18n(
'- nothing done on : %s'), join(
', ',$users_nothing_done) );
723 $qry =
new AwlQuery(
"SELECT count(*) AS admins FROM usr JOIN role_member USING ( user_no ) JOIN roles USING (role_no) WHERE usr.active=TRUE AND role_name='Admin'");
724 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
725 while ( $db_user = $qry->Fetch() ) {
726 $admins = $db_user->admins;
728 if ( $admins == 0 ) {
729 $c->messages[] = sprintf(i18n(
'Warning: there are no active admin users! You should fix this before logging out. Consider using the $c->do_not_sync_from_ldap configuration setting.'));
getAllGroups($attributes)
requestUser( $filter, $attributes=NULL, $username, $passwd)
setUsername($new_username)