|
14 | 14 | use UnityWebPortal\lib\UnityWebhook; |
15 | 15 | use PHPOpenLDAPer\LDAPEntry; |
16 | 16 |
|
17 | | -// in PHP LDAP all attributes are arrays, we need these as strings instead |
18 | | -// it's possible but probably difficult to find this out using LDAP schema information |
19 | | -$user_string_attributes = [ |
20 | | - "gidnumber", |
21 | | - "givenname", |
22 | | - "homedirectory", |
23 | | - "loginshell", |
24 | | - "mail", |
25 | | - "o", |
26 | | - "sn", |
27 | | - "uid", |
28 | | - "uidnumber", |
29 | | - "gecos", |
30 | | -]; |
31 | | - |
32 | | -$pi_group_string_attributes = [ |
33 | | - "gidnumber", |
34 | | -]; |
35 | | - |
36 | 17 | $options = getopt("fuh", ["help"]); |
37 | 18 | if (array_key_exists("h", $options) or array_key_exists("help", $options)) { |
38 | 19 | echo "arguments: |
|
51 | 32 | echo " use -f argument to flush cache, or -u argument to update without flush.\n"; |
52 | 33 | } else { |
53 | 34 | echo "updating cache...\n"; |
54 | | - echo "waiting for LDAP response (users)...\n"; |
| 35 | + |
| 36 | + // search entire tree, some users created for admin purposes might not be in the normal OU |
| 37 | + echo "waiting for LDAP search (users)...\n"; |
55 | 38 | $users = $LDAP->search("objectClass=posixAccount", $CONFIG["ldap"]["basedn"]); |
56 | 39 | echo "response received.\n"; |
57 | | - // phpcs:disable |
58 | | - $user_CNs = array_map(function ($x){return $x->getAttribute("cn")[0];}, $users); |
59 | | - // phpcs:enable |
| 40 | + $user_CNs = $LDAP->getUserGroup()->getAttribute("memberuid"); |
60 | 41 | sort($user_CNs); |
61 | 42 | $REDIS->setCache("sorted_users", "", $user_CNs); |
62 | 43 | foreach ($users as $user) { |
63 | | - $cn = $user->getAttribute("cn")[0]; |
64 | | - foreach ($user->getAttributes() as $key => $val) { |
65 | | - if (in_array($key, $user_string_attributes)) { |
66 | | - $REDIS->setCache($cn, $key, $val[0]); |
67 | | - } else { |
68 | | - $REDIS->setCache($cn, $key, $val); |
69 | | - } |
| 44 | + $uid = $user->getAttribute("cn")[0]; |
| 45 | + if (!in_array($uid, $user_CNs)) { |
| 46 | + continue; |
70 | 47 | } |
| 48 | + $REDIS->setCache($uid, "firstname", $user->getAttribute("givenname")[0]); |
| 49 | + $REDIS->setCache($uid, "lastname", $user->getAttribute("sn")[0]); |
| 50 | + $REDIS->setCache($uid, "org", $user->getAttribute("o")[0]); |
| 51 | + $REDIS->setCache($uid, "mail", $user->getAttribute("mail")[0]); |
| 52 | + $REDIS->setCache($uid, "sshkeys", $user->getAttribute("sshpublickey")); |
| 53 | + $REDIS->setCache($uid, "loginshell", $user->getAttribute("loginshell")[0]); |
| 54 | + $REDIS->setCache($uid, "homedir", $user->getAttribute("homedirectory")[0]); |
71 | 55 | } |
72 | 56 |
|
73 | 57 | $org_group_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["orggroup_ou"]); |
74 | | - echo "waiting for LDAP response (org_groups)...\n"; |
75 | | - $org_groups = $LDAP->search("objectClass=posixGroup", $CONFIG["ldap"]["basedn"]); |
| 58 | + echo "waiting for LDAP search (org groups)...\n"; |
| 59 | + $org_groups = $org_group_ou->getChildrenArray(true); |
76 | 60 | echo "response received.\n"; |
77 | 61 | // phpcs:disable |
78 | | - $org_group_CNs = array_map(function($x){return $x->getAttribute("cn")[0];}, $org_groups); |
| 62 | + $org_group_CNs = array_map(function($x){return $x["cn"][0];}, $org_groups); |
79 | 63 | // phpcs:enable |
80 | 64 | sort($org_group_CNs); |
81 | 65 | $REDIS->setCache("sorted_orgs", "", $org_group_CNs); |
82 | 66 | foreach ($org_groups as $org_group) { |
83 | | - $REDIS->setCache($org_group->getAttribute("cn")[0], "members", $org_group->getAttribute("memberuid")); |
| 67 | + $gid = $org_group["cn"][0]; |
| 68 | + $REDIS->setCache($gid, "members", (@$org_group["memberuid"] ?? [])); |
84 | 69 | } |
85 | 70 |
|
86 | 71 | $pi_group_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["pigroup_ou"]); |
87 | | - echo "waiting for LDAP response (pi_groups)...\n"; |
| 72 | + echo "waiting for LDAP search (pi groups)...\n"; |
88 | 73 | $pi_groups = $pi_group_ou->getChildrenArray(true); |
89 | 74 | echo "response received.\n"; |
90 | 75 | // phpcs:disable |
|
93 | 78 | sort($pi_group_CNs); |
94 | 79 | // FIXME should be sorted_pi_groups |
95 | 80 | $REDIS->setCache("sorted_groups", "", $pi_group_CNs); |
| 81 | + |
96 | 82 | $user_pi_group_member_of = []; |
97 | 83 | foreach ($user_CNs as $uid) { |
98 | 84 | $user_pi_group_member_of[$uid] = []; |
99 | 85 | } |
100 | 86 | foreach ($pi_groups as $pi_group) { |
101 | | - if (array_key_exists("memberuid", $pi_group)) { |
102 | | - $REDIS->setCache($pi_group["cn"][0], "members", $pi_group["memberuid"]); |
103 | | - foreach ($pi_group["memberuid"] as $member_uid) { |
104 | | - array_push($user_pi_group_member_of[$member_uid], $pi_group["cn"][0]); |
| 87 | + $gid = $pi_group["cn"][0]; |
| 88 | + $members = (@$pi_group["memberuid"] ?? []); |
| 89 | + foreach ($members as $uid) { |
| 90 | + if (in_array($uid, $user_CNs)) { |
| 91 | + array_push($user_pi_group_member_of[$uid], $gid); |
| 92 | + } else { |
| 93 | + echo "warning: group '$gid' has member '$uid' who is not in the users group!\n"; |
105 | 94 | } |
106 | | - } else { |
107 | | - $REDIS->setCache($pi_group["cn"][0], "members", []); |
108 | 95 | } |
| 96 | + $REDIS->setCache($gid, "members", (@$pi_group["memberuid"] ?? [])); |
109 | 97 | } |
110 | 98 | foreach ($user_pi_group_member_of as $uid => $pi_groups) { |
111 | 99 | // FIXME should be pi_groups |
|
0 commit comments