14 require_once(
"auth-functions.php");
41 $host=$config[
'host'];
42 $port=$config[
'port'];
43 if(!function_exists(
'ldap_connect')){
44 $c->messages[] = i18n(
"drivers_ldap : function ldap_connect not defined, check your php_ldap module");
50 if (isset($config[
'protocolVersion']))
51 ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, $config[
'protocolVersion']);
52 if (isset($config[
'optReferrals']))
53 ldap_set_option($this->connect, LDAP_OPT_REFERRALS, $config[
'optReferrals']);
54 if (isset($config[
'networkTimeout']))
55 ldap_set_option($this->connect, LDAP_OPT_NETWORK_TIMEOUT, $config[
'networkTimeout']);
58 $this->connect=ldap_connect($host, $port);
60 $this->connect=ldap_connect($host);
62 if (! $this->connect){
63 $c->messages[] = sprintf(translate(
'drivers_ldap : Unable to connect to LDAP with port %s on host %s'), $port, $host );
68 dbg_error_log(
"LDAP",
"drivers_ldap : Connected to LDAP server %s",$host );
71 if (isset($config[
'startTLS'])) {
72 if (!ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, 3)) {
73 $c->messages[] = i18n(
'drivers_ldap : Failed to set LDAP to use protocol version 3, TLS not supported');
77 if (!ldap_start_tls($this->connect)) {
78 $c->messages[] = i18n(
'drivers_ldap : Could not start TLS: ldap_start_tls() failed');
85 if (!isset($config[
'scope'])) $config[
'scope'] =
'subtree';
86 switch (strtolower($config[
'scope'])) {
88 $this->ldap_query_one =
'ldap_read';
89 $this->ldap_query_all =
'ldap_read';
92 $this->ldap_query_one =
'ldap_list';
93 $this->ldap_query_all =
'ldap_search';
96 $this->ldap_query_one =
'ldap_search';
97 $this->ldap_query_all =
'ldap_search';
102 if (!ldap_bind($this->connect, (isset($config[
'bindDN']) ? $config[
'bindDN'] :
null), (isset($config[
'passDN']) ? $config[
'passDN'] :
null) ) ){
103 $bindDN = isset($config[
'bindDN']) ? $config[
'bindDN'] :
'anonymous';
104 $passDN = isset($config[
'passDN']) ? $config[
'passDN'] :
'anonymous';
105 dbg_error_log(
"LDAP", i18n(
'drivers_ldap : Failed to bind to host %1$s on port %2$s with bindDN of %3$s'), $host, $port, $bindDN );
106 $c->messages[] = i18n(
'drivers_ldap : Unable to bind to LDAP - check your configuration for bindDN and passDN, and that your LDAP server is reachable');
112 $this->baseDNUsers = is_string($config[
'baseDNUsers']) ? array($config[
'baseDNUsers']) : $config[
'baseDNUsers'];
113 $this->filterUsers = (isset($config[
'filterUsers']) ? $config[
'filterUsers'] :
null);
114 $this->baseDNGroups = is_string($config[
'baseDNGroups']) ? array($config[
'baseDNGroups']) : $config[
'baseDNGroups'];
115 $this->filterGroups = (isset($config[
'filterGroups']) ? $config[
'filterGroups'] :
null);
124 $query = $this->ldap_query_all;
127 foreach($this->baseDNUsers as $baseDNUsers) {
128 $entry = $query($this->connect,$baseDNUsers,$this->filterUsers,$attributes);
130 if (!ldap_first_entry($this->connect,$entry)) {
131 $c->messages[] = sprintf(translate(
'Error NoUserFound with filter >%s<, attributes >%s< , dn >%s<'),
133 join(
', ', $attributes),
137 for($i = ldap_first_entry($this->connect,$entry);
138 $i && $arr = ldap_get_attributes($this->connect,$i);
139 $i = ldap_next_entry($this->connect,$i) ) {
141 for ($j=0; $j < $arr[
'count']; $j++) {
142 $row[$arr[$j]] = $arr[$arr[$j]][0];
156 $query = $this->ldap_query_all;
159 foreach($this->baseDNGroups as $baseDNGroups) {
160 $entry = $query($this->connect,$baseDNGroups,$this->filterGroups,$attributes);
162 if (!ldap_first_entry($this->connect,$entry)) {
163 $c->messages[] = sprintf(translate(
'Error NoGroupFound with filter >%s<, attributes >%s< , dn >%s<'),
165 join(
', ', $attributes),
169 for($i = ldap_first_entry($this->connect,$entry);
170 $i && $arr = ldap_get_attributes($this->connect,$i);
171 $i = ldap_next_entry($this->connect,$i) ) {
172 for ($j=0; $j < $arr[
'count']; $j++) {
173 $row[$arr[$j]] = count($arr[$arr[$j]])>2?$arr[$arr[$j]]:$arr[$arr[$j]][0];
197 $query = $this->ldap_query_one;
199 foreach($this->baseDNUsers as $baseDNUsers) {
200 $entry = $query($this->connect, $baseDNUsers, $filter, $attributes);
202 if (ldap_first_entry($this->connect,$entry) )
205 dbg_error_log(
"LDAP",
"drivers_ldap : Failed to find user with baseDN: %s", $baseDNUsers );
208 if ( !ldap_first_entry($this->connect, $entry) ){
209 dbg_error_log(
"ERROR",
"drivers_ldap : Unable to find the user with filter %s",$filter );
212 dbg_error_log(
"LDAP",
"drivers_ldap : Found a user using filter %s",$filter );
215 $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
217 if ( isset($c->authenticate_hook[
'config'][
'i_use_mode_kerberos']) && $c->authenticate_hook[
'config'][
'i_use_mode_kerberos'] ==
"i_know_what_i_am_doing") {
218 if (isset($_SERVER[
"REMOTE_USER"])) {
219 dbg_error_log(
"LOG",
"drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER[
"REMOTE_USER"]);
220 if ($username != $_SERVER[
"REMOTE_USER"]) {
224 dbg_error_log(
"LOG",
"drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER[
"REDIRECT_REMOTE_USER"]);
225 if ($username != $_SERVER[
"REDIRECT_REMOTE_USER"]) {
230 else if ( empty($passwd) || preg_match(
'/[\x00-\x19]/',$passwd) ) {
232 dbg_error_log(
'LDAP',
'drivers_ldap : user %s supplied empty or invalid password: login rejected', $dnUser );
236 if ( !@ldap_bind($this->connect, $dnUser, $passwd) ) {
237 dbg_error_log(
"LDAP",
"drivers_ldap : Failed to bind to user %s ", $dnUser );
242 dbg_error_log(
"LDAP",
"drivers_ldap : Bound to user %s using password %s", $dnUser,
243 (isset($c->dbg[
'password']) && $c->dbg[
'password'] ? $passwd :
'another delicious password for the debugging monster!') );
245 $i = ldap_first_entry($this->connect,$entry);
246 $arr = ldap_get_attributes($this->connect,$i);
247 for( $i=0; $i<$arr[
'count']; $i++ ) {
248 $ret[$arr[$i]]=$arr[$arr[$i]][0];
259 function getStaticLdap() {
265 if(!isset($instance)) {
266 $ldapDriver =
new ldapDriver($c->authenticate_hook[
'config']);
268 if ($ldapDriver->valid) {
269 $instance = $ldapDriver;
273 $ldapDriver = $instance;
283 function sync_user_from_LDAP(
Principal &$principal, $mapping, $ldap_values ) {
286 dbg_error_log(
"LDAP",
"Going to sync the user from LDAP" );
288 $fields_to_set = array();
289 $updateable_fields = Principal::updateableFields();
290 foreach( $updateable_fields AS $field ) {
291 if ( isset($mapping[$field]) ) {
292 $tab_part_fields = explode(
',',$mapping[$field]);
293 foreach( $tab_part_fields as $part_field ) {
294 if ( isset($ldap_values[$part_field]) ) {
295 if (isset($fields_to_set[$field]) ) {
296 $fields_to_set[$field] .=
' '.$ldap_values[$part_field];
299 $fields_to_set[$field] = $ldap_values[$part_field];
303 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from LDAP field %s", $field, $fields_to_set[$field], $mapping[$field] );
305 else if ( isset($c->authenticate_hook[
'config'][
'default_value']) && is_array($c->authenticate_hook[
'config'][
'default_value'])
306 && isset($c->authenticate_hook[
'config'][
'default_value'][$field] ) ) {
307 $fields_to_set[$field] = $c->authenticate_hook[
'config'][
'default_value'][$field];
308 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from configured defaults", $field, $c->authenticate_hook[
'config'][
'default_value'][$field] );
312 if ( $principal->Exists() ) {
313 $principal->Update($fields_to_set);
316 $principal->Create($fields_to_set);
317 CreateHomeCollections($principal->username());
318 CreateDefaultRelationships($principal->username());
325 function array_values_mapping($mapping){
327 foreach ( $mapping as $field ) {
328 $tab_part_field = explode(
",",$field);
329 foreach( $tab_part_field as $part_field ) {
330 $attributes[] = $part_field;
339 function LDAP_check($username, $password ){
342 $ldapDriver = getStaticLdap();
343 if ( !$ldapDriver->valid ) {
345 $ldapDriver = getStaticLdap();
346 if ( !$ldapDriver->valid ) {
347 dbg_error_log(
"ERROR",
"Couldn't contact LDAP server for authentication" );
348 foreach($c->messages as $msg) {
349 dbg_error_log(
"ERROR",
"-> ".$msg );
351 header( sprintf(
"HTTP/1.1 %d %s", 503, translate(
"Authentication server unavailable.")) );
356 $mapping = $c->authenticate_hook[
'config'][
'mapping_field'];
357 if ( isset($mapping[
'active']) && !isset($mapping[
'user_active']) ) {
359 $mapping[
'user_active'] = $mapping[
'active'];
360 unset($mapping[
'active']);
362 if ( isset($mapping[
'updated']) && !isset($mapping[
'modified']) ) {
364 $mapping[
'modified'] = $mapping[
'updated'];
365 unset($mapping[
'updated']);
367 $attributes = array_values_mapping($mapping);
374 if ( preg_match(
'/^\(/', $ldapDriver->filterUsers ) ) {
375 $filter_munge = $ldapDriver->filterUsers;
377 else if ( isset($ldapDriver->filterUsers) && $ldapDriver->filterUsers !=
'' ) {
378 $filter_munge =
"($ldapDriver->filterUsers)";
381 $filter =
"(&$filter_munge(".$mapping[
'username'].
"=$username))";
382 $valid = $ldapDriver->requestUser( $filter, $attributes, $username, $password );
386 dbg_error_log(
"LDAP",
"user %s is not a valid user",$username );
390 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
391 $ldap_timestamp = $valid[$mapping[
'modified']];
393 $ldap_timestamp =
'19700101000000';
399 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v)
400 $$k = substr($ldap_timestamp,$v[0],$v[1]);
402 $ldap_timestamp =
"$Y".
"$m".
"$d".
"$H".
"$M".
"$S";
403 if ($mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
404 $valid[$mapping[
'modified']] =
"$Y-$m-$d $H:$M:$S";
407 $principal =
new Principal(
'username',$username);
408 if ( $principal->Exists() ) {
410 $db_timestamp = $principal->modified;
411 $db_timestamp = substr(strtr($db_timestamp, array(
':' =>
'',
' '=>
'',
'-'=>
'')),0,14);
412 if( $ldap_timestamp <= $db_timestamp ) {
418 dbg_error_log(
"LDAP",
"user %s doesn't exist in local DB, we need to create it",$username );
420 $principal->setUsername($username);
423 sync_user_from_LDAP( $principal, $mapping, $valid );
432 function fix_unique_member($list) {
433 $fixed_list = array();
434 foreach ( $list as $member ){
435 array_unshift( $fixed_list, ldap_explode_dn($member,1)[0]);
443 function sync_LDAP_groups(){
445 $ldapDriver = getStaticLdap();
446 if ( ! $ldapDriver->valid )
return;
448 $mapping = $c->authenticate_hook[
'config'][
'group_mapping_field'];
450 $attributes = array_values_mapping($mapping);
451 $ldap_groups_tmp = $ldapDriver->getAllGroups($attributes);
453 if (
sizeof($ldap_groups_tmp) == 0 )
return;
455 $member_field = $mapping[
'members'];
456 $dnfix = isset($c->authenticate_hook[
'config'][
'group_member_dnfix']) && $c->authenticate_hook[
'config'][
'group_member_dnfix'];
458 foreach($ldap_groups_tmp as $key => $ldap_group){
459 $group_mapping = $ldap_group[$mapping[
'username']];
460 $ldap_groups_info[$group_mapping] = $ldap_group;
461 if ( is_array($ldap_groups_info[$group_mapping][$member_field]) ) {
462 unset( $ldap_groups_info[$group_mapping][$member_field][
'count'] );
465 $ldap_groups_info[$group_mapping][$member_field] = array($ldap_groups_info[$group_mapping][$member_field]);
467 unset($ldap_groups_tmp[$key]);
469 $db_groups = array();
470 $db_group_members = array();
471 $qry =
new AwlQuery(
"SELECT g.username AS group_name, member.username AS member_name FROM dav_principal g LEFT JOIN group_member ON (g.principal_id=group_member.group_id) LEFT JOIN dav_principal member ON (member.principal_id=group_member.member_id) WHERE g.type_id = 3");
472 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
473 while($db_group = $qry->Fetch()) {
474 $db_groups[$db_group->group_name] = $db_group->group_name;
475 $db_group_members[$db_group->group_name][] = $db_group->member_name;
478 $ldap_groups = array_keys($ldap_groups_info);
480 $groups_to_create = array_diff($ldap_groups,$db_groups);
482 $groups_to_deactivate = array_diff($db_groups,$ldap_groups);
484 $groups_to_update = array_intersect($db_groups,$ldap_groups);
486 if (
sizeof ( $groups_to_create ) ){
487 $validUserFields = awl_get_fields(
'usr');
488 foreach ( $groups_to_create as $k => $group ){
489 if ( isset($c->do_not_sync_group_from_ldap) && isset($c->do_not_sync_group_from_ldap[$group]) ){
490 unset($groups_to_create[$k]);
491 $groups_nothing_done[] = $group;
495 $user = (object) array();
497 if ( isset($c->authenticate_hook[
'config'][
'default_value']) && is_array($c->authenticate_hook[
'config'][
'default_value']) ) {
498 foreach ( $c->authenticate_hook[
'config'][
'default_value'] as $field => $value ) {
499 if ( isset($validUserFields[$field]) ) {
500 $user->{$field} = $value;
501 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from configured defaults", $field, $value );
506 $ldap_values = $ldap_groups_info[$group];
507 foreach ( $mapping as $field => $value ) {
508 dbg_error_log(
"LDAP",
"Considering copying %s", $field );
509 if ( isset($validUserFields[$field]) ) {
510 $user->{$field} = $ldap_values[$value];
511 dbg_error_log(
"LDAP",
"Setting usr->%s to %s from LDAP field %s", $field, $ldap_values[$value], $value );
514 if ($user->fullname==
"") {
515 $user->fullname = $group;
517 if ($user->displayname==
"") {
518 $user->displayname = $group;
520 $user->username = $group;
521 $user->updated =
"now";
523 $principal =
new Principal(
'username',$group);
524 if ( $principal->Exists() ) {
525 $principal->Update($user);
528 $principal->Create($user);
531 $qry =
new AwlQuery(
"UPDATE dav_principal set type_id = 3 WHERE username=:group ",array(
':group'=>$group) );
532 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
533 Principal::cacheDelete(
'username', $group);
535 $groups_to_update[] = $group;
537 $c->messages[] = sprintf( i18n(
'- creating groups : %s'), join(
', ',$groups_to_create) );
540 if (
sizeof ( $groups_to_update ) ){
541 $c->messages[] = sprintf(i18n(
'- updating groups : %s'),join(
', ',$groups_to_update));
542 foreach ( $groups_to_update as $group ){
543 $db_members = array_values ( $db_group_members[$group] );
544 $ldap_members = array_values ( $ldap_groups_info[$group][$member_field] );
545 if ( $member_field ==
'uniqueMember' || $dnfix ) {
546 $ldap_members = fix_unique_member( $ldap_members );
548 $add_users = array_diff ( $ldap_members, $db_members );
549 if (
sizeof ( $add_users ) ){
550 $c->messages[] = sprintf(i18n(
'- adding %s to group : %s'),join(
', ', $add_users ), $group);
551 foreach ( $add_users as $member ){
552 $qry =
new AwlQuery(
"INSERT INTO group_member SELECT g.principal_id AS group_id,u.principal_id AS member_id FROM dav_principal g, dav_principal u WHERE g.username=:group AND u.username=:member",array (
':group'=>$group,
':member'=>$member) );
553 $qry->Exec(
'sync_LDAP_groups',__LINE__,__FILE__);
554 Principal::cacheDelete(
'username', $member);
557 $remove_users = @array_flip( @array_flip( array_diff( $db_members, $ldap_members ) ));
558 if (
sizeof ( $remove_users ) ){
559 $c->messages[] = sprintf(i18n(
'- removing %s from group : %s'),join(
', ', $remove_users ), $group);
560 foreach ( $remove_users as $member ){
561 $qry =
new AwlQuery(
"DELETE FROM group_member USING dav_principal g,dav_principal m WHERE group_id=g.principal_id AND member_id=m.principal_id AND g.username=:group AND m.username=:member",array (
':group'=>$group,
':member'=>$member) );
562 $qry->Exec(
'sync_LDAP_groups',__LINE__,__FILE__);
563 Principal::cacheDelete(
'username', $member);
569 if (
sizeof ( $groups_to_deactivate ) ){
570 foreach ( $groups_to_deactivate as $k => $group ){
571 if ( isset($c->do_not_sync_group_from_ldap) && isset($c->do_not_sync_group_from_ldap[$group]) ){
572 unset($groups_to_deactivate[$k]);
573 $groups_nothing_done[] = $group;
575 $qry =
new AwlQuery(
'UPDATE dav_principal SET user_active=FALSE WHERE username=:group AND type_id = 3',array(
':group'=>$group) );
576 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
577 Principal::cacheFlush(
'username=:group AND type_id = 3', array(
':group'=>$group) );
580 if (
sizeof($groups_to_deactivate) )
581 $c->messages[] = sprintf(i18n(
'- deactivated groups : %s'), join(
', ',$groups_to_deactivate));
583 if (
sizeof($groups_nothing_done) )
584 $c->messages[] = sprintf( i18n(
'- nothing done on : %s'), join(
', ',$groups_nothing_done) );
591 function sync_LDAP(){
593 $ldapDriver = getStaticLdap();
594 if ( ! $ldapDriver->valid )
return;
596 $mapping = $c->authenticate_hook[
'config'][
'mapping_field'];
597 $attributes = array_values_mapping($mapping);
598 $ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
600 if (
sizeof($ldap_users_tmp) == 0 )
return;
602 foreach($ldap_users_tmp as $key => $ldap_user){
603 if(!isset($ldap_user[$mapping[
'username']]))
continue;
604 $ldap_users_info[$ldap_user[$mapping[
'username']]] = $ldap_user;
605 unset($ldap_users_tmp[$key]);
607 $qry =
new AwlQuery(
"SELECT username, user_no, modified as updated , user_active FROM dav_principal where type_id=1");
608 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
609 while($db_user = $qry->Fetch()) {
610 $db_users[] = $db_user->username;
611 $db_users_info[$db_user->username] = array(
'user_no' => $db_user->user_no,
'updated' => $db_user->updated,
'user_active' => $db_user->user_active);
615 $ldap_users = array_keys($ldap_users_info);
617 $users_to_create = array_diff($ldap_users,$db_users);
619 $users_to_deactivate = array_diff($db_users,$ldap_users);
621 $users_to_update = array_intersect($db_users,$ldap_users);
624 if (
sizeof($users_to_create) ) {
625 foreach( $users_to_create as $k => $username ) {
626 if ( isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$username]) ) {
627 unset( $users_to_create[$k] );
628 $users_nothing_done[] = $username;
631 $principal =
new Principal(
'username', $username );
632 $valid = $ldap_users_info[$username];
633 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
634 $ldap_timestamp = $valid[$mapping[
'modified']];
636 $ldap_timestamp =
'19700101000000';
639 if ( !empty($c->authenticate_hook[
'config'][
'format_updated']) ) {
643 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v)
644 $$k = substr($ldap_timestamp,$v[0],$v[1]);
645 $ldap_timestamp = $Y.$m.$d.$H.$M.$S;
647 else if ( preg_match(
'{^(\d{8})(\d{6})(Z)?$', $ldap_timestamp, $matches ) ) {
648 $ldap_timestamp = $matches[1].
'T'.$matches[2].$matches[3];
650 else if ( empty($ldap_timestamp) ) {
651 $ldap_timestamp = date(
'c');
653 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
654 $valid[$mapping[
'modified']] = $ldap_timestamp;
657 sync_user_from_LDAP( $principal, $mapping, $valid );
659 $c->messages[] = sprintf( i18n(
'- creating record for users : %s'), join(
', ',$users_to_create) );
666 foreach( $users_to_deactivate as $k => $v ) {
667 if ( isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$v]) ) {
668 unset($users_to_deactivate[$k]);
669 $users_nothing_done[] = $v;
672 if ( $i > 0 ) $paramstring .=
',';
673 $paramstring .=
':u'.$i.
'::text';
674 $params[
':u'.$i++] = strtolower($v);
676 if ( count($params) > 0 ) {
677 $c->messages[] = sprintf(i18n(
'- deactivating users : %s'),join(
', ',$users_to_deactivate));
678 $qry =
new AwlQuery(
'UPDATE usr SET active = FALSE WHERE lower(username) IN ('.$paramstring.
')', $params);
679 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
681 Principal::cacheFlush(
'lower(username) IN ('.$paramstring.
')', $params);
685 if (
sizeof($users_to_update) ) {
686 foreach ( $users_to_update as $key=> $username ) {
687 $principal =
new Principal(
'username', $username );
688 $valid=$ldap_users_info[$username];
689 if ( $mapping[
'modified'] !=
"" && array_key_exists($mapping[
'modified'], $valid)) {
690 $ldap_timestamp = $valid[$mapping[
'modified']];
692 $ldap_timestamp =
'19700101000000';
695 $valid[
'user_no'] = $db_users_info[$username][
'user_no'];
696 $mapping[
'user_no'] =
'user_no';
701 foreach($c->authenticate_hook[
'config'][
'format_updated'] as $k => $v) {
702 $$k = substr($ldap_timestamp,$v[0],$v[1]);
704 $ldap_timestamp = $Y.$m.$d.$H.$M.$S;
705 $valid[$mapping[
'modified']] =
"$Y-$m-$d $H:$M:$S";
707 $db_timestamp = substr(strtr($db_users_info[$username][
'updated'], array(
':' =>
'',
' '=>
'',
'-'=>
'')),0,14);
708 if ( $ldap_timestamp > $db_timestamp || !$db_users_info[$username][
'user_active']) {
709 $principal->user_active =
true;
710 sync_user_from_LDAP($principal, $mapping, $valid);
713 unset($users_to_update[$key]);
714 $users_nothing_done[] = $username;
717 if (
sizeof($users_to_update) )
718 $c->messages[] = sprintf(i18n(
'- updating user records : %s'),join(
', ',$users_to_update));
720 if (
sizeof($users_nothing_done) )
721 $c->messages[] = sprintf( i18n(
'- nothing done on : %s'), join(
', ',$users_nothing_done) );
725 $qry =
new AwlQuery(
"SELECT count(*) AS admins FROM usr JOIN role_member USING ( user_no ) JOIN roles USING (role_no) WHERE usr.active=TRUE AND role_name='Admin'");
726 $qry->Exec(
'sync_LDAP',__LINE__,__FILE__);
727 while ( $db_user = $qry->Fetch() ) {
728 $admins = $db_user->admins;
730 if ( $admins == 0 ) {
731 $c->messages[] = sprintf(i18n(
'Warning: there are no active admin users! You should fix this before logging out. Consider using the $c->do_not_sync_from_ldap configuration setting.'));
requestUser( $filter, $attributes, $username, $passwd)
getAllGroups($attributes)