ldap_mass_sync.php
Go to the documentation of this file.
00001 <?php
00002 /*
00003  * @version $Id: ldap_mass_sync.php 20129 2013-02-04 16:53:59Z moyo $
00004  -------------------------------------------------------------------------
00005  GLPI - Gestionnaire Libre de Parc Informatique
00006  Copyright (C) 2003-2013 by the INDEPNET Development Team.
00007 
00008  http://indepnet.net/   http://glpi-project.org
00009  -------------------------------------------------------------------------
00010 
00011  LICENSE
00012 
00013  This file is part of GLPI.
00014 
00015  GLPI is free software; you can redistribute it and/or modify
00016  it under the terms of the GNU General Public License as published by
00017  the Free Software Foundation; either version 2 of the License, or
00018  (at your option) any later version.
00019 
00020  GLPI is distributed in the hope that it will be useful,
00021  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00023  GNU General Public License for more details.
00024 
00025  You should have received a copy of the GNU General Public License
00026  along with GLPI. If not, see <http://www.gnu.org/licenses/>.
00027  --------------------------------------------------------------------------
00028  */
00029 
00030 /** @file
00031 * @brief
00032 */
00033 
00034 // Ensure current directory when run from crontab
00035 chdir(dirname($_SERVER["SCRIPT_FILENAME"]));
00036 
00037 if (isset($_SERVER['argv'])) {
00038    for ($i=1 ; $i<$_SERVER['argc'] ; $i++) {
00039       $it    = explode("=", $_SERVER['argv'][$i], 2);
00040       $it[0] = preg_replace('/^--/','',$it[0]);
00041 
00042       $_GET[$it[0]] = (isset($it[1]) ? $it[1] : true);
00043    }
00044 }
00045 
00046 if ((isset($_SERVER['argv']) && in_array('help', $_SERVER['argv']))
00047     || isset($_GET['help'])) {
00048    echo "Usage: php -q -f ldap_mass_sync.php [action=<option>]  [ldapservers_id=ID]\n";
00049    echo "Options values:\n";
00050    echo "0: import users only\n";
00051    echo "1: synchronize existing users only\n";
00052    echo "2: import & synchronize users\n";
00053    echo "before-days: restrict user import or synchronization to the last x days\n";
00054    echo "after-days: restrict user import or synchronization until the last x days\n";
00055    echo "ldap_filter: ldap filter to use for the search. Value must be surrounded by \"\"\n";
00056    exit (0);
00057 }
00058 
00059 include ('../inc/includes.php');
00060 
00061 // Default action : synchro
00062 // - possible option :
00063 //  - 0 : import new users
00064 //  - 1 : synchronize users
00065 //  - 2 : force synchronization of all the users (even if ldap timestamp wasn't modified)
00066 $options['action']         = AuthLDAP::ACTION_SYNCHRONIZE;
00067 $options['ldapservers_id'] = NOT_AVAILABLE;
00068 $options['ldap_filter']    = '';
00069 $options['before-days']    = 0;
00070 $options['after-days']     = 0;
00071 $options['script']         = 1;
00072 
00073 foreach ($_GET as $key => $value) {
00074    $options[$key] = $value;
00075 }
00076 
00077 if ($options['before-days'] && $options['after-days']) {
00078    echo "You cannot use options before-days and after-days at the same time.";
00079    exit(1);
00080 }
00081 
00082 if ($options['before-days']) {
00083    $options['begin_date'] = date('Y-m-d H:i:s', time()-$options['before-days']*DAY_TIMESTAMP);
00084    $options['end_date']   = '';
00085    unset($options['before-days']);
00086 }
00087 if ($options['after-days']) {
00088    $options['begin_date'] = '';
00089    $options['end_date']   = date('Y-m-d H:i:s', time()-$options['after-days']*DAY_TIMESTAMP);
00090    unset($options['after-days']);
00091 }
00092 
00093 if (!Toolbox::canUseLdap() || !countElementsInTable('glpi_authldaps')) {
00094    echo "LDAP extension is not active or no LDAP directory defined";
00095 }
00096 
00097 $sql = "SELECT `id`, `name`
00098         FROM `glpi_authldaps`
00099         WHERE `is_active` = '1'";
00100 
00101 //Get the ldap server's id by his name
00102 if ($options['ldapservers_id'] != NOT_AVAILABLE) {
00103    $sql .= " AND `id` = '" . $options['ldapservers_id']."'";
00104 }
00105 
00106 $result = $DB->query($sql);
00107 
00108 if (($DB->numrows($result) == 0)
00109     && ($_GET["ldapservers_id"] != NOT_AVAILABLE)) {
00110    echo "LDAP Server not found";
00111 } else {
00112    foreach ($DB->request($sql) as $data) {
00113       echo "Processing LDAP Server: ".$data['name'].", ID: ".$data['id']." \n";
00114       $options['ldapservers_id'] = $data['id'];
00115       import ($options);
00116    }
00117 }
00118 
00119 
00120 /**
00121  * Function to import or synchronise all the users from an ldap directory
00122  *
00123  * @param $options   array
00124 **/
00125 function import(array $options) {
00126    global $CFG_GLPI;
00127 
00128    $results = array(AuthLDAP::USER_IMPORTED     => 0,
00129                     AuthLDAP::USER_SYNCHRONIZED => 0,
00130                     AuthLDAP::USER_DELETED_LDAP => 0);
00131    //The ldap server id is passed in the script url (parameter server_id)
00132    $limitexceeded = false;
00133    $actions_to_do = array();
00134 
00135    switch ($options['action']) {
00136       case AuthLDAP::ACTION_IMPORT :
00137          $actions_to_do = array(AuthLDAP::ACTION_IMPORT);
00138         break;
00139 
00140       case AuthLDAP::ACTION_SYNCHRONIZE :
00141          $actions_to_do = array(AuthLDAP::ACTION_SYNCHRONIZE);
00142         break;
00143 
00144       case AuthLDAP::ACTION_ALL :
00145          $actions_to_do = array(AuthLDAP::ACTION_IMPORT,AuthLDAP::ACTION_ALL);
00146         break;
00147    }
00148 
00149    foreach ($actions_to_do as $action_to_do) {
00150       $options['mode']         = $action_to_do;
00151       $options['authldaps_id'] = $options['ldapservers_id'];
00152       $users                   = AuthLdap::getAllUsers($options, $results, $limitexceeded);
00153       $contact_ok              = true;
00154 
00155       if (is_array($users)) {
00156          foreach ($users as $user) {
00157             $result = AuthLdap::ldapImportUserByServerId(array('method' => AuthLDAP::IDENTIFIER_LOGIN,
00158                                                                'value'  => $user["user"]),
00159                                                          $action_to_do,
00160                                                          $options['ldapservers_id']);
00161             if ($result) {
00162                $results[$result['action']] += 1;
00163             }
00164             echo ".";
00165          }
00166       } else if (!$users) {
00167          $contact_ok = false;
00168       }
00169    }
00170 
00171    if ($limitexceeded) {
00172       echo "\nLDAP Server size limit exceeded";
00173       if ($CFG_GLPI['user_deleted_ldap']) {
00174          echo ": user deletion disabled\n";
00175       }
00176       echo "\n";
00177    }
00178    if ($contact_ok) {
00179       echo "\nImported: ".$results[AuthLDAP::USER_IMPORTED]."\n";
00180       echo "Synchronized: ".$results[AuthLDAP::USER_SYNCHRONIZED]."\n";
00181       echo "Deleted from LDAP: ".$results[AuthLDAP::USER_DELETED_LDAP]."\n";
00182    } else {
00183       echo "Cannot contact LDAP server!\n";
00184    }
00185    echo "\n\n";
00186 }
00187 ?>