Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

NEW Add a filter field to restrict list of member when doing a LDAP list

Browse Source 
request. Use also this filter into ldap command line script making sync
from ldap to dolibarr.
This commit is contained in:
Laurent Destailleur 2015-10-30 19:16:02 +01:00
parent e01bdebc49
commit a8d28b5e46
9 changed files with 89 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/admin/ldap.php
View File

@ -92,7 +92,6 @@ if (! function_exists("ldap_connect"))
setEventMessages($langs->trans("LDAPFunctionsNotAvailableOnPHP"), null, 'errors');
}
dol_fiche_head($head, 'ldap', $langs->trans("LDAPSetup"));
$var=true;
$form=new Form($db);
@ -101,6 +100,8 @@ $form=new Form($db);
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=setvalue">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
dol_fiche_head($head, 'ldap', $langs->trans("LDAPSetup"));
print '<table class="noborder" width="100%">';
// Liste de synchro actives
@ -135,7 +136,7 @@ if (! empty($conf->societe->enabled))
print '</td><td>'.$langs->trans("LDAPDnContactActiveExample").'</td></tr>';
}
// Synchro adherentt active
// Synchro member active
if (! empty($conf->adherent->enabled))
{
$var=!$var;
@ -143,6 +144,7 @@ if (! empty($conf->adherent->enabled))
$arraylist=array();
$arraylist['0']=$langs->trans("No");
$arraylist['1']=$langs->trans("DolibarrToLDAP");
$arraylist['ldap2dolibarr']=$langs->trans("LDAPToDolibarr").' ('.$langs->trans("SupportedForLDAPImportScriptOnly").')';
print $form->selectarray('activemembers',$arraylist,$conf->global->LDAP_MEMBER_ACTIVE);
print '</td><td>'.$langs->trans("LDAPDnMemberActiveExample").'</td></tr>';
}
@ -239,12 +241,12 @@ print '</td><td>secret</td></tr>';
print '</table>';
dol_fiche_end();
print '<div class="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></div>';
print '</form>';
print '</div>';
print '<br>';

16
htdocs/admin/ldap_contacts.php
View File

@ -92,6 +92,8 @@ if ($action == 'setvalue' && $user->admin)
* View
*/
$form=new Form($db);
llxHeader('',$langs->trans("LDAPSetup"),'EN:Module_LDAP_En|FR:Module_LDAP|ES:M&oacute;dulo_LDAP');
$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToModuleList").'</a>';
@ -114,8 +116,6 @@ print '<br>';
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=setvalue">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$form=new Form($db);
print '<table class="noborder" width="100%">';
$var=true;
@ -263,16 +263,16 @@ print '</td><td>&nbsp;</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_CONTACT_FIELD_COUNTRY"'.($conf->global->LDAP_KEY_CONTACTS && $conf->global->LDAP_KEY_CONTACTS==$conf->global->LDAP_CONTACT_FIELD_COUNTRY?' checked':'')."></td>";
print '</tr>';
$var=!$var;
print '<tr '.$bc[$var].'><td colspan="4" align="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></td></tr>';
print '</table>';
print info_admin($langs->trans("LDAPDescValues"));
dol_fiche_end();
print '<div class="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></div>';
print '</form>';
print '</div>';
print info_admin($langs->trans("LDAPDescValues"));
/*
* Test de la connexion

12
htdocs/admin/ldap_groups.php
View File

@ -177,16 +177,16 @@ print '</td><td>'.$langs->trans("LDAPFieldGroupMembersExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_GROUP_FIELD_GROUPMEMBERS"'.(($conf->global->LDAP_KEY_GROUPS && $conf->global->LDAP_KEY_GROUPS==$conf->global->LDAP_GROUP_FIELD_GROUPMEMBERS)?' checked':'')."></td>";
print '</tr>';
$var=!$var;
print '<tr '.$bc[$var].'><td colspan="4" align="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></td></tr>';
print '</table>';
print info_admin($langs->trans("LDAPDescValues"));
dol_fiche_end();
print '<div class="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></div>';
print '</form>';
print '</div>';
print info_admin($langs->trans("LDAPDescValues"));
/*
* Test de la connexion

33
htdocs/admin/ldap_members.php
View File

@ -53,6 +53,7 @@ if ($action == 'setvalue' && $user->admin)
if (! dolibarr_set_const($db, 'LDAP_MEMBER_DN',GETPOST("user"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_OBJECT_CLASS',GETPOST("objectclass"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FILTER',GETPOST("filterconnection"),'chaine',0,'',$conf->entity)) $error++;
// Members
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_FULLNAME',GETPOST("fieldfullname"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_MEMBER_FIELD_LOGIN',GETPOST("fieldlogin"),'chaine',0,'',$conf->entity)) $error++;
@ -107,6 +108,8 @@ if ($action == 'setvalue' && $user->admin)
* View
*/
$form=new Form($db);
llxHeader('',$langs->trans("LDAPSetup"),'EN:Module_LDAP_En|FR:Module_LDAP|ES:M&oacute;dulo_LDAP');
$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToModuleList").'</a>';
@ -120,6 +123,9 @@ if (! function_exists("ldap_connect"))
setEventMessages($langs->trans("LDAPFunctionsNotAvailableOnPHP"), null, 'errors');
}
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=setvalue">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
dol_fiche_head($head, 'members', $langs->trans("LDAPSetup"));
@ -127,11 +133,6 @@ print $langs->trans("LDAPDescMembers").'<br>';
print '<br>';
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=setvalue">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$form=new Form($db);
print '<table class="noborder" width="100%">';
$var=true;
@ -156,6 +157,14 @@ print '</td><td>'.$langs->trans("LDAPMemberObjectClassListExample").'</td>';
print '<td>&nbsp;</td>';
print '</tr>';
// Filter, used to filter search
$var=!$var;
print '<tr '.$bc[$var].'><td>'.$langs->trans("LDAPFilterConnection").'</td><td>';
print '<input size="48" type="text" name="filterconnection" value="'.$conf->global->LDAP_MEMBER_FILTER.'">';
print '</td><td>'.$langs->trans("LDAPFilterConnectionExample").'</td>';
print '<td></td>';
print '</tr>';
print '</table>';
print '<br>';
print '<table class="noborder" width="100%">';
@ -377,15 +386,16 @@ print '</td><td>&nbsp;</td>';
print '<td align="right">&nbsp;</td>';
print '</tr>';
$var=!$var;
print '<tr '.$bc[$var].'><td colspan="4" align="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></td></tr>';
print '</table>';
print info_admin($langs->trans("LDAPDescValues"));
dol_fiche_end();
print '<div class="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></div>';
print '</form>';
print '</div>';
print info_admin($langs->trans("LDAPDescValues"));
/*
@ -454,6 +464,7 @@ if (function_exists("ldap_connect"))
}
$db->close();
llxFooter();
$db->close();

30
htdocs/admin/ldap_users.php
View File

@ -63,7 +63,7 @@ if ($action == 'setvalue' && $user->admin)
if (! dolibarr_set_const($db, 'LDAP_FIELD_MAIL',GETPOST("fieldmail"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_FIELD_PHONE',GETPOST("fieldphone"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_FIELD_MOBILE',GETPOST("fieldmobile"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_FIELD_FAX',GETPOST("fieldfax"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_FIELD_DESCRIPTION',GETPOST("fielddescription"),'chaine',0,'',$conf->entity)) $error++;
if (! dolibarr_set_const($db, 'LDAP_FIELD_SID',GETPOST("fieldsid"),'chaine',0,'',$conf->entity)) $error++;
@ -93,6 +93,8 @@ if ($action == 'setvalue' && $user->admin)
* Visu
*/
$form=new Form($db);
llxHeader('',$langs->trans("LDAPSetup"),'EN:Module_LDAP_En|FR:Module_LDAP|ES:M&oacute;dulo_LDAP');
$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php">'.$langs->trans("BackToModuleList").'</a>';
@ -106,18 +108,19 @@ if (! function_exists("ldap_connect"))
setEventMessages($langs->trans("LDAPFunctionsNotAvailableOnPHP"), null, 'errors');
}
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=setvalue">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
dol_fiche_head($head, 'users', $langs->trans("LDAPSetup"));
print $langs->trans("LDAPDescUsers").'<br>';
print '<br>';
print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=setvalue">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
$form=new Form($db);
print '<table class="noborder" width="100%">';
$var=true;
@ -141,8 +144,7 @@ print '</td><td>'.$langs->trans("LDAPUserObjectClassListExample").'</td>';
print '<td>&nbsp;</td>';
print '</tr>';
// Filtre
//Utilise pour filtrer la recherche
// Filter, used to filter search
$var=!$var;
print '<tr '.$bc[$var].'><td>'.$langs->trans("LDAPFilterConnection").'</td><td>';
print '<input size="48" type="text" name="filterconnection" value="'.$conf->global->LDAP_FILTER_CONNECTION.'">';
@ -281,16 +283,16 @@ print '</td><td>'.$langs->trans("LDAPFieldSidExample").'</td>';
print '<td align="right"><input type="radio" name="key" value="LDAP_FIELD_SID"'.(($conf->global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_SID)?' checked':'')."></td>";
print '</tr>';
$var=!$var;
print '<tr '.$bc[$var].'><td colspan="4" align="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></td></tr>';
print '</table>';
print '</form>';
print '</div>';
print info_admin($langs->trans("LDAPDescValues"));
dol_fiche_end();
print '<div class="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></div>';
print '</form>';
/*
* Test de la connexion
@ -392,7 +394,7 @@ if (function_exists("ldap_connect"))
$conf->global->LDAP_FIELD_PASSWORD_CRYPTED,
$conf->global->LDAP_FIELD_PHONE,
$conf->global->LDAP_FIELD_FAX,
$conf->global->LDAP_FIELD_SKYPE,
$conf->global->LDAP_FIELD_SKYPE,
$conf->global->LDAP_FIELD_MOBILE,
$conf->global->LDAP_FIELD_MAIL,
$conf->global->LDAP_FIELD_TITLE,

28
htdocs/core/class/ldap.class.php
View File

@ -108,7 +108,7 @@ class Ldap
{
global $conf;
//Server
// Server
if (! empty($conf->global->LDAP_SERVER_HOST)) $this->server[] = $conf->global->LDAP_SERVER_HOST;
if (! empty($conf->global->LDAP_SERVER_HOST_SLAVE)) $this->server[] = $conf->global->LDAP_SERVER_HOST_SLAVE;
$this->serverPort = $conf->global->LDAP_SERVER_PORT;
@ -120,9 +120,11 @@ class Ldap
$this->searchPassword = $conf->global->LDAP_ADMIN_PASS;
$this->people = $conf->global->LDAP_USER_DN;
$this->groups = $conf->global->LDAP_GROUP_DN;
$this->filter = $conf->global->LDAP_FILTER_CONNECTION;
//Users
$this->filter = $conf->global->LDAP_FILTER_CONNECTION; // Filter on user
$this->filtermember = $conf->global->LDAP_MEMBER_FILTER; // Filter on member
// Users
$this->attr_login = $conf->global->LDAP_FIELD_LOGIN; //unix
$this->attr_sambalogin = $conf->global->LDAP_FIELD_LOGIN_SAMBA; //samba, activedirectory
$this->attr_name = $conf->global->LDAP_FIELD_NAME;
@ -891,14 +893,14 @@ class Ldap
}
/**
* Returns an array containing a details of elements
* Returns an array containing a details or list of LDAP record(s)
* ldapsearch -LLLx -hlocalhost -Dcn=admin,dc=parinux,dc=org -w password -b "ou=adherents,ou=people,dc=parinux,dc=org" userPassword
*
* @param string $search Valeur champ cle recherche, sinon '*' pour tous.
* @param string $search Value of fiel to search, '*' for all. Not used if $activefilter is set.
* @param string $userDn DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
* @param string $useridentifier Name of key field (Ex: uid)
* @param array $attributeArray Array of fields required. Note this array must also contains field $useridentifier (Ex: sn,userPassword)
* @param int $activefilter 1=use field this->filter as filter instead of parameter $search
* @param int $activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'member'=use field this->filtermember as filter
* @param array $attributeAsArray Array of fields wanted as an array not a string
* @return array Array of [id_record][ldap_field]=value
*/
@ -906,7 +908,7 @@ class Ldap
{
$fulllist=array();
dol_syslog(get_class($this)."::getRecords search=".$search." userDn=".$userDn." useridentifier=".$useridentifier." attributeArray=array(".join(',',$attributeArray).")");
dol_syslog(get_class($this)."::getRecords search=".$search." userDn=".$userDn." useridentifier=".$useridentifier." attributeArray=array(".join(',',$attributeArray).") activefilter=".$activefilter);
// if the directory is AD, then bind first with the search user first
if ($this->serverType == "activedirectory")
@ -916,15 +918,19 @@ class Ldap
}
// Define filter
if ($activefilter == 1)
if (! empty($activefilter))
{
if ($this->filter)
if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter)
{
$filter = '('.$this->filter.')';
}
else
elseif (((string) $activefilter == 'member') && $this->filter)
{
$filter='('.$useridentifier.'=*)';
$filter = '('.$this->filtermember.')';
}
else // If this->filter is empty, make fiter on * (all)
{
$filter = '('.$useridentifier.'=*)';
}
}
else

14
htdocs/core/triggers/interface_50_modLdap_Ldapsynchro.class.php
View File

@ -414,7 +414,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
elseif ($action == 'MEMBER_CREATE')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (! empty($conf->global->LDAP_MEMBER_ACTIVE))
if (! empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1')
{
$ldap=new Ldap();
$ldap->connect_bind();
@ -433,7 +433,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
elseif ($action == 'MEMBER_VALIDATE')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (! empty($conf->global->LDAP_MEMBER_ACTIVE))
if (! empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1')
{
// If status field is setup to be synchronized
if (! empty($conf->global->LDAP_FIELD_MEMBER_STATUS))
@ -457,7 +457,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
elseif ($action == 'MEMBER_SUBSCRIPTION')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (! empty($conf->global->LDAP_MEMBER_ACTIVE))
if (! empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1')
{
// If subscriptions fields are setup to be synchronized
if ($conf->global->LDAP_FIELD_MEMBER_FIRSTSUBSCRIPTION_DATE
@ -485,7 +485,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
elseif ($action == 'MEMBER_MODIFY')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (! empty($conf->global->LDAP_MEMBER_ACTIVE))
if (! empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1')
{
$ldap=new Ldap();
$ldap->connect_bind();
@ -522,7 +522,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
elseif ($action == 'MEMBER_NEW_PASSWORD')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (! empty($conf->global->LDAP_MEMBER_ACTIVE))
if (! empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1')
{
// If password field is setup to be synchronized
if ($conf->global->LDAP_FIELD_PASSWORD || $conf->global->LDAP_FIELD_PASSWORD_CRYPTED)
@ -546,7 +546,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
elseif ($action == 'MEMBER_RESILIATE')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (! empty($conf->global->LDAP_MEMBER_ACTIVE))
if (! empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1')
{
// If status field is setup to be synchronized
if (! empty($conf->global->LDAP_FIELD_MEMBER_STATUS))
@ -570,7 +570,7 @@ class InterfaceLdapsynchro extends DolibarrTriggers
elseif ($action == 'MEMBER_DELETE')
{
dol_syslog("Trigger '".$this->name."' for action '$action' launched by ".__FILE__.". id=".$object->id);
if (! empty($conf->global->LDAP_MEMBER_ACTIVE))
if (! empty($conf->global->LDAP_MEMBER_ACTIVE) && (string) $conf->global->LDAP_MEMBER_ACTIVE == '1')
{
$ldap=new Ldap();
$ldap->connect_bind();

7
scripts/members/sync_members_ldap2dolibarr.php
View File

@ -2,7 +2,7 @@
<?php
/**
* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2006-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2006-2015 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -115,7 +115,8 @@ print "port=".$conf->global->LDAP_SERVER_PORT."\n";
print "login=".$conf->global->LDAP_ADMIN_DN."\n";
print "pass=".preg_replace('/./i','*',$conf->global->LDAP_ADMIN_PASS)."\n";
print "DN to extract=".$conf->global->LDAP_MEMBER_DN."\n";
print 'Filter=('.$conf->global->LDAP_KEY_MEMBERS.'=*)'."\n";
if (! empty($conf->global->LDAP_MEMBER_FILTER)) print 'Filter=('.$conf->global->LDAP_MEMBER_FILTER.')'."\n"; // Note: filter is defined into function getRecords
else print 'Filter=('.$conf->global->LDAP_KEY_MEMBERS.'=*)'."\n";
print "----- To Dolibarr database:\n";
print "type=".$conf->db->type."\n";
print "host=".$conf->db->host."\n";
@ -191,7 +192,7 @@ if ($result >= 0)
// We disable synchro Dolibarr-LDAP
$conf->global->LDAP_MEMBER_ACTIVE=0;
$ldaprecords = $ldap->getRecords('*',$conf->global->LDAP_MEMBER_DN, $conf->global->LDAP_KEY_MEMBERS, $required_fields, 0);
$ldaprecords = $ldap->getRecords('*',$conf->global->LDAP_MEMBER_DN, $conf->global->LDAP_KEY_MEMBERS, $required_fields, 'member'); // Fiter on 'member' filter param
if (is_array($ldaprecords))
{
$db->begin();

5
scripts/user/sync_users_ldap2dolibarr.php
View File

@ -106,7 +106,8 @@ print "port=".$conf->global->LDAP_SERVER_PORT."\n";
print "login=".$conf->global->LDAP_ADMIN_DN."\n";
print "pass=".preg_replace('/./i','*',$conf->global->LDAP_ADMIN_PASS)."\n";
print "DN to extract=".$conf->global->LDAP_USER_DN."\n";
print 'Filter=('.$conf->global->LDAP_KEY_USERS.'=*)'."\n";
if (! empty($conf->global->LDAP_FILTER_CONNECTION)) print 'Filter=('.$conf->global->LDAP_FILTER_CONNECTION.')'."\n"; // Note: filter is defined into function getRecords
else print 'Filter=('.$conf->global->LDAP_KEY_USERS.'=*)'."\n";
print "----- To Dolibarr database:\n";
print "type=".$conf->db->type."\n";
print "host=".$conf->db->host."\n";
@ -177,7 +178,7 @@ if ($result >= 0)
// We disable synchro Dolibarr-LDAP
$conf->global->LDAP_SYNCHRO_ACTIVE=0;
$ldaprecords = $ldap->getRecords('*',$conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 0);
$ldaprecords = $ldap->getRecords('*',$conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 'user'); // Fiter on 'user' filter param
if (is_array($ldaprecords))
{
$db->begin();