1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
ldap_server.php
См. документацию.
1<?php
2
3use Bitrix\Ldap\EncryptionType;
4use Bitrix\Ldap\Internal\Security\Encryption;
5
6IncludeModuleLangFile(__FILE__);
7
8class CLdapServer
9{
10 public $arFields = array();
11 public static $syncErrors = array();
12
19 public static function GetList($arOrder=Array(), $arFilter=Array())
20 {
21 global $USER, $DB, $APPLICATION;
22 $strSql =
23 "SELECT ls.*, ".
24 " ".$DB->DateToCharFunction("ls.TIMESTAMP_X")." as TIMESTAMP_X, ".
25 " ".$DB->DateToCharFunction("ls.SYNC_LAST")." as SYNC_LAST ".
26 "FROM b_ldap_server ls ";
27
28 if(!is_array($arFilter))
29 $arFilter = Array();
30
31 $arSqlSearch = Array();
32 $filter_keys = array_keys($arFilter);
33 $fkCount = count($filter_keys);
34
35 for($i=0; $i<$fkCount; $i++)
36 {
37 $val = $arFilter[$filter_keys[$i]];
38 $key=$filter_keys[$i];
39 $res = CLdapUtil::MkOperationFilter($key);
40 $key = mb_strtoupper($res["FIELD"]);
41 $cOperationType = $res["OPERATION"];
42 switch($key)
43 {
44 case "ACTIVE":
45 case "SYNC":
46 case "CONVERT_UTF8":
47 case "USER_GROUP_ACCESSORY":
48 $arSqlSearch[] = CLdapUtil::FilterCreate("ls.".$key, $val, "string_equal", $cOperationType);
49 break;
50 case "ID":
51 case "PORT":
52 case "MAX_PAX_SIZE":
53 case "CONNECTION_TYPE":
54 $arSqlSearch[] = CLdapUtil::FilterCreate("ls.".$key, $val, "number", $cOperationType);
55 break;
56 case "SYNC_LAST":
57 case "TIMESTAMP_X":
58 $arSqlSearch[] = CLdapUtil::FilterCreate("ls.".$key, $val, "date", $cOperationType);
59 break;
60 case "CODE":
61 case "NAME":
62 case "DESCRIPTION":
63 case "SERVER":
64 case "ADMIN_LOGIN":
65 case "ADMIN_PASSWORD":
66 case "BASE_DN":
67 case "GROUP_FILTER":
68 case "GROUP_ID_ATTR":
69 case "GROUP_NAME_ATTR":
70 case "GROUP_MEMBERS_ATTR":
71 case "USER_FILTER":
72 case "USER_ID_ATTR":
73 case "USER_NAME_ATTR":
74 case "USER_LAST_NAME_ATTR":
75 case "USER_EMAIL_ATTR":
76 case "USER_GROUP_ATTR":
77 $arSqlSearch[] = CldapUtil::FilterCreate("ls.".$key, $val, "string", $cOperationType);
78 break;
79 }
80 }
81
82 $is_filtered = false;
83 $strSqlSearch = "";
84
85 for($i=0, $ssCount=count($arSqlSearch); $i<$ssCount; $i++)
86 {
87 if($arSqlSearch[$i] <> '')
88 {
89 $is_filtered = true;
90 $strSqlSearch .= " AND (".$arSqlSearch[$i].") ";
91 }
92 }
93
94 $arSqlOrder = Array();
95 foreach($arOrder as $by=>$order)
96 {
97 $order = mb_strtolower($order) === 'asc' ? 'asc' : 'desc';
98
99 switch(mb_strtoupper($by))
100 {
101 case "ID":
102 case "NAME":
103 case "CODE":
104 case "ACTIVE":
105 case "CONVERT_UTF8":
106 case "SERVER":
107 case "PORT":
108 case "ADMIN_LOGIN":
109 case "ADMIN_PASSWORD":
110 case "BASE_DN":
111 case "GROUP_FILTER":
112 case "SYNC":
113 case "SYNC_LAST":
114 case "GROUP_ID_ATTR":
115 case "GROUP_NAME_ATTR":
116 case "GROUP_MEMBERS_ATTR":
117 case "USER_FILTER":
118 case "USER_ID_ATTR":
119 case "USER_NAME_ATTR":
120 case "USER_LAST_NAME_ATTR":
121 case "USER_EMAIL_ATTR":
122 case "USER_GROUP_ATTR":
123 case "USER_GROUP_ACCESSORY":
124 case "MAX_PAX_SIZE":
125 case "CONNECTION_TYPE":
126 $arSqlOrder[] = " ls.".$by." ".$order." ";
127 break;
128 default:
129 $arSqlOrder[] = " ls.TIMESTAMP_X ".$order." ";
130 }
131 }
132
133 $strSqlOrder = "";
134 DelDuplicateSort($arSqlOrder);
135
136 for ($i=0, $c=count($arSqlOrder); $i < $c; $i++)
137 {
138 if($i==0)
139 $strSqlOrder = " ORDER BY ";
140 else
141 $strSqlOrder .= ",";
142
143 $strSqlOrder .= mb_strtolower($arSqlOrder[$i]);
144 }
145
146 $strSql .= " WHERE 1=1 ".$strSqlSearch.$strSqlOrder;
147
148 $res = $DB->Query($strSql);
149 $res = new __CLDAPServerDBResult($res);
150 return $res;
151 }
152
158 public static function GetByID($ID)
159 {
160 return CLdapServer::GetList(Array(), $arFilter=Array("ID"=>intval($ID)));
161 }
162
163 public static function CheckFields($arFields, $ID=false)
164 {
165 global $DB, $APPLICATION;
166
167 $strErrors = "";
168 $arMsg = Array();
169
170 if(($ID===false || is_set($arFields, "NAME")) && mb_strlen($arFields["NAME"]) < 1)
171 $arMsg[] = array("id"=>"NAME", "text"=> GetMessage("LDAP_ERR_EMPTY")." ".GetMessage("LDAP_ERR_NAME"));
172 //$strErrors .= GetMessage("LDAP_ERR_NAME").", ";
173
174 if(($ID===false || is_set($arFields, "SERVER")) && mb_strlen($arFields["SERVER"]) < 1)
175 $arMsg[] = array("id"=>"SERVER", "text"=> GetMessage("LDAP_ERR_EMPTY")." ".GetMessage("LDAP_ERR_SERVER"));
176 //$strErrors .= GetMessage("LDAP_ERR_SERVER").", ";
177
178 if(($ID===false || is_set($arFields, "PORT")) && mb_strlen($arFields["PORT"]) < 1)
179 $arMsg[] = array("id"=>"PORT", "text"=> GetMessage("LDAP_ERR_EMPTY")." ".GetMessage("LDAP_ERR_PORT"));
180 //$strErrors .= GetMessage("LDAP_ERR_PORT").", ";
181
182 if(($ID===false || is_set($arFields, "BASE_DN")) && mb_strlen($arFields["BASE_DN"]) < 1)
183 //$strErrors .= GetMessage("LDAP_ERR_BASE_DN").", ";
184 $arMsg[] = array("id"=>"BASE_DN", "text"=> GetMessage("LDAP_ERR_EMPTY")." ".GetMessage("LDAP_ERR_BASE_DN"));
185
186 if(($ID===false || is_set($arFields, "GROUP_FILTER")) && mb_strlen($arFields["GROUP_FILTER"]) < 1)
187 //$strErrors .= GetMessage("LDAP_ERR_GROUP_FILT").", ";
188 $arMsg[] = array("id"=>"GROUP_FILTER", "text"=> GetMessage("LDAP_ERR_EMPTY")." ".GetMessage("LDAP_ERR_GROUP_FILT"));
189
190 if(($ID===false || is_set($arFields, "GROUP_ID_ATTR")) && mb_strlen($arFields["GROUP_ID_ATTR"]) < 1)
191 $arMsg[] = array("id"=>"GROUP_ID_ATTR", "text"=> GetMessage("LDAP_ERR_EMPTY")." ".GetMessage("LDAP_ERR_GROUP_ATTR"));
192 //$strErrors .= GetMessage("LDAP_ERR_GROUP_ATTR").", ";
193
194 if(($ID===false || is_set($arFields, "USER_FILTER")) && mb_strlen($arFields["USER_FILTER"]) < 1)
195 $arMsg[] = array("id"=>"USER_FILTER", "text"=> GetMessage("LDAP_ERR_EMPTY")." ".GetMessage("LDAP_ERR_USER_FILT"));
196 //$strErrors .= GetMessage("LDAP_ERR_USER_FILT").", ";
197
198 if(($ID===false || is_set($arFields, "USER_ID_ATTR")) && mb_strlen($arFields["USER_ID_ATTR"]) < 1)
199 $arMsg[] = array("id"=>"USER_ID_ATTR", "text"=> GetMessage("LDAP_ERR_EMPTY")." ".GetMessage("LDAP_ERR_USER_ATTR"));
200 //$strErrors .= GetMessage("LDAP_ERR_USER_ATTR").", ";
201
202 //if(strlen($strErrors)>0)
203 //{
204 // $APPLICATION->throwException(GetMessage("LDAP_ERR_EMPTY").substr($strErrors, 0, -2));
205 // return false;
206 //}
207
208 if(!empty($arMsg))
209 {
210 $e = new CAdminException($arMsg);
211 $GLOBALS["APPLICATION"]->ThrowException($e);
212 return false;
213 }
214
215 return true;
216 }
217
218 public static function Add($arFields)
219 {
220 global $DB, $APPLICATION;
221 $APPLICATION->ResetException();
222
223 $encryptionType = EncryptionType::tryFrom((int)$arFields['CONNECTION_TYPE']) ?? EncryptionType::None;
224
225 if(is_set($arFields, "ACTIVE") && $arFields["ACTIVE"]!="Y")
226 $arFields["ACTIVE"]="N";
227
228 if(is_set($arFields, "SYNC") && $arFields["SYNC"]!="Y")
229 $arFields["SYNC"]="N";
230
231 if(is_set($arFields, "CONVERT_UTF8") && $arFields["CONVERT_UTF8"]!="Y")
232 $arFields["CONVERT_UTF8"]="N";
233
234 if(is_set($arFields, "USER_GROUP_ACCESSORY") && $arFields["USER_GROUP_ACCESSORY"]!="Y")
235 $arFields["USER_GROUP_ACCESSORY"]="N";
236
237 $arFields['PORT'] = empty($arFields['PORT']) ? (string)$encryptionType->port() : $arFields['PORT'];
238
239 if(!CLdapServer::CheckFields($arFields))
240 return false;
241
242 if(is_set($arFields, "ADMIN_PASSWORD"))
243 $arFields["ADMIN_PASSWORD"] = Encryption::encrypt($arFields["ADMIN_PASSWORD"]);
244
245 if(is_set($arFields, "FIELD_MAP") && is_array($arFields["FIELD_MAP"]))
246 {
247 $arFields["USER_NAME_ATTR"] = "".$arFields["FIELD_MAP"]["NAME"];
248 $arFields["USER_LAST_NAME_ATTR"] = "".$arFields["FIELD_MAP"]["LAST_NAME"];
249 $arFields["USER_EMAIL_ATTR"] = "".$arFields["FIELD_MAP"]["EMAIL"];
250
251 $arFields["FIELD_MAP"] = serialize($arFields["FIELD_MAP"]);
252 }
253
254 $ID = $DB->Add("b_ldap_server", $arFields);
255
256 if(is_set($arFields, 'GROUPS'))
257 CLdapServer::SetGroupMap($ID, $arFields['GROUPS']);
258
259 if($arFields["SYNC"]=="Y")
260 CLdapServer::__UpdateAgentPeriod($ID, $arFields["SYNC_PERIOD"]);
261
262 return $ID;
263 }
264
265 public static function __UpdateAgentPeriod($server_id, $time)
266 {
267 $server_id = intval($server_id);
268 $time = intval($time);
269
270 CAgent::RemoveAgent("CLdapServer::SyncAgent(".$server_id.");", "ldap");
271 if($time>0)
272 CAgent::AddAgent("CLdapServer::SyncAgent(".$server_id.");", "ldap", "N", $time*60*60);
273 }
274
275 public static function SyncAgent($id)
276 {
277 CLdapServer::Sync($id);
278 return "CLdapServer::SyncAgent(".$id.");";
279 }
280
281 /*********************************************************************
282 *********************************************************************/
283 public static function Update($ID, $arFields)
284 {
285 global $DB, $APPLICATION;
286 $APPLICATION->ResetException();
287
288 $ID = intval($ID);
289
290 if(is_set($arFields, "ACTIVE") && $arFields["ACTIVE"]!="Y")
291 $arFields["ACTIVE"]="N";
292
293 if(is_set($arFields, "SYNC") && $arFields["SYNC"]!="Y")
294 $arFields["SYNC"]="N";
295
296 if(is_set($arFields, "SYNC_USER_ADD") && $arFields["SYNC_USER_ADD"] != "Y")
297 $arFields["SYNC_USER_ADD"] = "N";
298
299 if(is_set($arFields, "CONVERT_UTF8") && $arFields["CONVERT_UTF8"]!="Y")
300 $arFields["CONVERT_UTF8"]="N";
301
302 if(is_set($arFields, "USER_GROUP_ACCESSORY") && $arFields["USER_GROUP_ACCESSORY"]!="Y")
303 $arFields["USER_GROUP_ACCESSORY"]="N";
304
305 if(is_set($arFields, "IMPORT_STRUCT") && $arFields["IMPORT_STRUCT"]!="Y")
306 $arFields["IMPORT_STRUCT"]="N";
307
308 if(is_set($arFields, "STRUCT_HAVE_DEFAULT") && $arFields["STRUCT_HAVE_DEFAULT"]!="Y")
309 $arFields["STRUCT_HAVE_DEFAULT"]="N";
310
311 if(is_set($arFields, "SET_DEPARTMENT_HEAD") && $arFields["SET_DEPARTMENT_HEAD"]!="Y")
312 $arFields["SET_DEPARTMENT_HEAD"]="N";
313
314 if (empty($arFields['PORT']) && isset($arFields['CONNECTION_TYPE']))
315 {
316 $encryptionType = EncryptionType::tryFrom((int)$arFields['CONNECTION_TYPE']) ?? EncryptionType::None;
317 $arFields['PORT'] = (string)$encryptionType->port();
318 }
319
320 if(!CLdapServer::CheckFields($arFields, $ID))
321 return false;
322
323 if(is_set($arFields, "ADMIN_PASSWORD"))
324 $arFields["ADMIN_PASSWORD"] = Encryption::encrypt($arFields["ADMIN_PASSWORD"]);
325
326 if(is_set($arFields, "FIELD_MAP") && is_array($arFields["FIELD_MAP"]))
327 {
328 $arFields["USER_NAME_ATTR"] = "".$arFields["FIELD_MAP"]["NAME"];
329 $arFields["USER_LAST_NAME_ATTR"] = "".$arFields["FIELD_MAP"]["LAST_NAME"];
330 $arFields["USER_EMAIL_ATTR"] = "".$arFields["FIELD_MAP"]["EMAIL"];
331
332 $arFields["FIELD_MAP"] = serialize($arFields["FIELD_MAP"]);
333 }
334
335 if(isset($arFields["SYNC"]) || isset($arFields["SYNC_PERIOD"]))
336 {
337 $dbld = CLdapServer::GetById($ID);
338 $arLdap = $dbld->Fetch();
339 }
340
341 $arFields['~TIMESTAMP_X'] = $DB->CurrentTimeFunction();
342
343 $strUpdate = $DB->PrepareUpdate("b_ldap_server", $arFields);
344
345 $strSql =
346 "UPDATE b_ldap_server SET ".
347 $strUpdate." ".
348 "WHERE ID=".$ID;
349
350 $DB->Query($strSql);
351
352 if(is_set($arFields, 'GROUPS'))
353 CLdapServer::SetGroupMap($ID, $arFields['GROUPS']);
354
355 if(isset($arFields["SYNC"]) || isset($arFields["SYNC_PERIOD"]))
356 {
357 if($arLdap)
358 {
359 if(isset($arFields["SYNC"]))
360 {
361 if($arFields["SYNC"]!="Y" && $arLdap["SYNC"]=="Y")
362 CLdapServer::__UpdateAgentPeriod($ID, 0);
363 elseif($arFields["SYNC"]=="Y" && $arLdap["SYNC"]!="Y")
364 CLdapServer::__UpdateAgentPeriod($ID, (isset($arFields["SYNC_PERIOD"])? $arFields["SYNC_PERIOD"] : $arLdap["SYNC_PERIOD"]));
365 elseif(isset($arFields["SYNC_PERIOD"]) && $arLdap["SYNC_PERIOD"]!=$arFields["SYNC_PERIOD"])
366 CLdapServer::__UpdateAgentPeriod($ID, $arFields["SYNC_PERIOD"]);
367 }
368 elseif($arLdap["SYNC_PERIOD"]!=$arFields["SYNC_PERIOD"])
369 CLdapServer::__UpdateAgentPeriod($ID, $arFields["SYNC_PERIOD"]);
370 }
371 }
372
373 return true;
374 }
375
376 public static function Delete($ID)
377 {
378 global $DB;
379 $ID = intval($ID);
380
381 $strSql = "DELETE FROM b_ldap_group WHERE LDAP_SERVER_ID=".$ID;
382 if(!$DB->Query($strSql, true))
383 return false;
384
385 $strSql = "DELETE FROM b_ldap_server WHERE ID=".$ID;
386 return $DB->Query($strSql, true);
387 }
388
389 public static function GetGroupMap($ID)
390 {
391 global $DB, $APPLICATION;
392 $ID = intval($ID);
393 return $DB->Query("SELECT GROUP_ID, LDAP_GROUP_ID FROM b_ldap_group WHERE LDAP_SERVER_ID=".$ID." AND NOT (GROUP_ID=-1)");
394 }
395
396 public static function GetGroupBan($ID)
397 {
398 global $DB, $APPLICATION;
399 $ID = intval($ID);
400 return $DB->Query("SELECT LDAP_GROUP_ID FROM b_ldap_group WHERE LDAP_SERVER_ID=".$ID." AND GROUP_ID=-1");
401 }
402
403 public static function SetGroupMap($ID, $arFields)
404 {
405 global $DB, $APPLICATION;
406 $ID = intval($ID);
407 $DB->Query("DELETE FROM b_ldap_group WHERE LDAP_SERVER_ID=".$ID);
408 foreach($arFields as $arGroup)
409 {
410 // check whether entry is valid, and if it is - add it
411 if(array_key_exists('GROUP_ID',$arGroup) && ($arGroup['GROUP_ID']>0 || $arGroup['GROUP_ID']==-1) && $arGroup['LDAP_GROUP_ID'] <> '')
412 {
413 $strSql =
414 "SELECT 'x' ".
415 "FROM b_ldap_group ".
416 "WHERE LDAP_SERVER_ID=".$ID." ".
417 " AND GROUP_ID = ".intval($arGroup['GROUP_ID'])." ".
418 " AND LDAP_GROUP_ID = '".$DB->ForSQL($arGroup['LDAP_GROUP_ID'], 255)."' ";
419 $r = $DB->Query($strSql);
420 if(!$r->Fetch())
421 {
422 $strSql =
423 "INSERT INTO b_ldap_group(GROUP_ID, LDAP_GROUP_ID, LDAP_SERVER_ID)".
424 "VALUES(".intval($arGroup['GROUP_ID']).", '".$DB->ForSQL($arGroup['LDAP_GROUP_ID'], 255)."', ".$ID.")";
425 $DB->Query($strSql);
426 }
427 }
428 }
429 }
430
431 public static function Sync($ldap_server_id)
432 {
433 global $DB, $USER, $APPLICATION;
434 $bUSERGen = false;
435 self::$syncErrors = array();
436
437 if(!is_object($USER))
438 {
439 $USER = new CUser();
440 $bUSERGen = true;
441 }
442
443 $dbLdapServers = CLdapServer::GetByID($ldap_server_id);
444 if(!($oLdapServer = $dbLdapServers->GetNextServer()))
445 return false;
446
447 if(!$oLdapServer->Connect())
448 return false;
449
450 if(!$oLdapServer->BindAdmin())
451 {
452 $oLdapServer->Disconnect();
453 return false;
454 }
455
456 $APPLICATION->ResetException();
457 $db_events = GetModuleEvents("ldap", "OnLdapBeforeSync");
458
459 while($arEvent = $db_events->Fetch())
460 {
461 $arParams['oLdapServer'] = $oLdapServer;
462
463 if(ExecuteModuleEventEx($arEvent, array(&$arParams))===false)
464 {
465 if(!($err = $APPLICATION->GetException()))
466 $APPLICATION->ThrowException("Unknown error");
467
468 return false;
469 }
470 }
471
472 // select all users from LDAP
473 $arLdapUsers = array();
474 $ldapLoginAttr = mb_strtolower($oLdapServer->arFields["~USER_ID_ATTR"]);
475
476 $APPLICATION->ResetException();
477 $dbLdapUsers = $oLdapServer->GetUserList();
478 $ldpEx = $APPLICATION->GetException();
479
480 while($arLdapUser = $dbLdapUsers->Fetch())
481 $arLdapUsers[mb_strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser;
482
483 unset($dbLdapUsers);
484
485 // select all Bitrix CMS users for this LDAP
486 $arUsers = Array();
487
488 CTimeZone::Disable();
489 $dbUsers = CUser::GetList('', '', Array("EXTERNAL_AUTH_ID"=>"LDAP#".$ldap_server_id));
490 CTimeZone::Enable();
491
492 while($arUser = $dbUsers->Fetch())
493 $arUsers[mb_strtolower($arUser["LOGIN"])] = $arUser;
494
495 unset($dbUsers);
496
497 $arDelLdapUsers = array();
498
499 if(!$ldpEx || $ldpEx->msg != 'LDAP_SEARCH_ERROR')
500 $arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers));
501
502 if($oLdapServer->arFields["SYNC_LAST"] <> '')
503 $syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]);
504 else
505 $syncTime = 0;
506
507 $cnt = 0;
508 $departmentCache = array();
509 // have to update $oLdapServer->arFields["FIELD_MAP"] for user fields
510 // for each one of them looking for similar in user list
511 foreach($arLdapUsers as $userLogin => $arLdapUserFields)
512 {
513 if(!is_array($arUsers[$userLogin]))
514 {
515 //For manual users import - always add
516 if($oLdapServer->arFields["SYNC_USER_ADD"] != "Y")
517 continue;
518
519 // if user is not found among already existing ones, then import him
520 // $arLdapUserFields - user fields from ldap
521 $userActive = $oLdapServer->getLdapValueByBitrixFieldName("ACTIVE", $arLdapUserFields);
522
523 if($userActive != "Y")
524 continue;
525
526 $arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $departmentCache);
527
528 if(self::isUserInBannedGroups($ldap_server_id, $arUserFields))
529 continue;
530
531 if($oLdapServer->SetUser($arUserFields))
532 {
533 $cnt++;
534 }
535 else if(\Bitrix\Ldap\Limit::isUserLimitExceeded())
536 {
537 self::$syncErrors[] = \Bitrix\Ldap\Limit::getUserLimitNotifyMessage();
538 break;
539 }
540 }
541 else
542 {
543 // if date of update is set, then compare it
544 $ldapTime = time();
545
546 if($syncTime > 0
547 && $oLdapServer->arFields["SYNC_ATTR"] <> ''
548 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\.0Z'", $arLdapUserFields[mb_strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)
549 )
550 {
551 $ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]);
552 $userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]);
553 }
554
555 if($syncTime < $ldapTime || $syncTime < $userTime)
556 {
557 $arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $departmentCache);
558
559 if(self::isUserInBannedGroups($ldap_server_id, $arUserFields))
560 continue;
561
562 $arUserFields["ID"] = $arUsers[$userLogin]["ID"];
563
564 if($oLdapServer->SetUser($arUserFields))
565 {
566 $cnt++;
567 }
568 else if(\Bitrix\Ldap\Limit::isUserLimitExceeded())
569 {
570 self::$syncErrors[] = \Bitrix\Ldap\Limit::getUserLimitNotifyMessage();
571 break;
572 }
573 }
574 }
575
576 if($USER->LAST_ERROR != '')
577 {
578 self::$syncErrors[] = $userLogin.': '.$USER->LAST_ERROR;
579 $USER->LAST_ERROR = '';
580 }
581 }
582
583 foreach ($arDelLdapUsers as $userLogin)
584 {
585 $USER = new CUser();
586 if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y')
587 {
588 $ID = intval($arUsers[$userLogin]["ID"]);
589 $USER->Update($ID, array('ACTIVE' => 'N'));
590 }
591 }
592
593 $oLdapServer->Disconnect();
594 CLdapServer::Update($ldap_server_id, Array("~SYNC_LAST"=>$DB->CurrentTimeFunction()));
595
596 if($bUSERGen)
597 unset($USER);
598
599 return $cnt;
600 }
601
602 protected static function isUserInBannedGroups($ldap_server_id, $arUserFields)
603 {
604 static $noImportGroups = null;
605
606 if($noImportGroups === null)
607 {
608 $noImportGroups = array();
609 $dbGroups = CLdapServer::GetGroupBan($ldap_server_id);
610
611 while($arGroup = $dbGroups->Fetch())
612 $noImportGroups[md5($arGroup['LDAP_GROUP_ID'])] = $arGroup['LDAP_GROUP_ID'];
613 }
614
615 if(empty($noImportGroups))
616 return false;
617
618 $allUserGroups = $arUserFields['LDAP_GROUPS'];
619 $result = false;
620
621 foreach($allUserGroups as $groupId)
622 {
623 $groupId = trim($groupId);
624
625 if(!empty($groupId) && array_key_exists(md5($groupId), $noImportGroups))
626 {
627 $result = true;
628 break;
629 }
630 }
631
632 return $result;
633 }
634}
635
636class __CLDAPServerDBResult extends CDBResult
637{
638 function Fetch()
639 {
640 if($res = parent::Fetch())
641 {
642 $res["ADMIN_PASSWORD"] = Encryption::decrypt($res["ADMIN_PASSWORD"]);
643 $res["FIELD_MAP"] = unserialize($res["FIELD_MAP"], ['allowed_classes' => false]);
644 if(!is_array($res["FIELD_MAP"]))
645 $res["FIELD_MAP"] = Array();
646 }
647
648 return $res;
649 }
650
651 function GetNextServer()
652 {
653 if(!($r = $this->GetNext()))
654 return $r;
655 $ldap = new CLDAP();
656 $ldap->arFields = $r;
657 return $ldap;
658 }
659}
$arParams
$arParams
Определения access_dialog.php:21
$APPLICATION
global $APPLICATION
Определения include.php:80
__CLDAPServerDBResult
Определения ldap_server.php:637
__CLDAPServerDBResult\Fetch
Fetch()
Определения ldap_server.php:638
__CLDAPServerDBResult\GetNextServer
GetNextServer()
Определения ldap_server.php:651
Bitrix\Ldap\Limit\getUserLimitNotifyMessage
static getUserLimitNotifyMessage()
Определения limit.php:42
CAllDBResult\GetNext
GetNext($bTextHtmlAuto=true, $use_tilda=true)
Определения dbresult.php:643
CDBResult
Определения dbresult.php:88
CLDAP
Определения ldap.php:16
CLdapServer
Определения ldap_server.php:9
CLdapServer\CheckFields
static CheckFields($arFields, $ID=false)
Определения ldap_server.php:163
CLdapServer\$syncErrors
static $syncErrors
Определения ldap_server.php:11
CLdapServer\$arFields
$arFields
Определения ldap_server.php:10
CLdapServer\Delete
static Delete($ID)
Определения ldap_server.php:376
CLdapServer\isUserInBannedGroups
static isUserInBannedGroups($ldap_server_id, $arUserFields)
Определения ldap_server.php:602
CLdapServer\Add
static Add($arFields)
Определения ldap_server.php:218
CLdapServer\GetByID
static GetByID($ID)
Определения ldap_server.php:158
CLdapServer\SyncAgent
static SyncAgent($id)
Определения ldap_server.php:275
CLdapServer\GetList
static GetList($arOrder=Array(), $arFilter=Array())
Определения ldap_server.php:19
CLdapServer\__UpdateAgentPeriod
static __UpdateAgentPeriod($server_id, $time)
Определения ldap_server.php:265
CLdapServer\GetGroupBan
static GetGroupBan($ID)
Определения ldap_server.php:396
CLdapServer\GetGroupMap
static GetGroupMap($ID)
Определения ldap_server.php:389
CLdapServer\SetGroupMap
static SetGroupMap($ID, $arFields)
Определения ldap_server.php:403
CLdapServer\Update
static Update($ID, $arFields)
Определения ldap_server.php:283
CLdapServer\Sync
static Sync($ldap_server_id)
Определения ldap_server.php:431
CLdapUtil\MkOperationFilter
static MkOperationFilter($key)
Определения ldap_util.php:63
CLdapUtil\FilterCreate
static FilterCreate($fname, $vals, $type, $cOperationType=false, $bSkipEmpty=true)
Определения ldap_util.php:101
CUser
Определения user.php:6037
array
</td ></tr ></table ></td ></tr >< tr >< td class="bx-popup-label bx-width30"><?=GetMessage("PAGE_NEW_TAGS")?> array( $site)
Определения file_new.php:804
$res
$res
Определения filter_act.php:7
$result
$result
Определения get_property_values.php:14
$ID
if($ajaxMode) $ID
Определения get_user.php:27
$DB
global $DB
Определения cron_frame.php:29
$USER
global $USER
Определения csv_new_run.php:40
ExecuteModuleEventEx
ExecuteModuleEventEx($arEvent, $arParams=[])
Определения tools.php:5214
DelDuplicateSort
DelDuplicateSort(&$arSort)
Определения tools.php:2055
GetModuleEvents
GetModuleEvents($MODULE_ID, $MESSAGE_ID, $bReturnArray=false)
Определения tools.php:5177
IncludeModuleLangFile
IncludeModuleLangFile($filepath, $lang=false, $bReturnArray=false)
Определения tools.php:3778
is_set
is_set($a, $k=false)
Определения tools.php:2133
GetMessage
GetMessage($name, $aReplace=null)
Определения tools.php:3397
MakeTimeStamp
MakeTimeStamp($datetime, $format=false)
Определения tools.php:538
Bitrix\Ldap\EncryptionType
EncryptionType
Определения EncryptionType.php:6
$order
$order
Определения payment.php:8
$time
$time
Определения payment.php:61
elseif
if( $daysToExpire >=0 &&$daysToExpire< 60 elseif)( $daysToExpire< 0)
Определения prolog_main_admin.php:393
$key
if(empty($signedUserToken)) $key
Определения quickway.php:257
$i
$i
Определения factura.php:643
count
</p ></td >< td valign=top style='border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0cm 2.0pt 0cm 2.0pt;height:9.0pt'>< p class=Normal align=center style='margin:0cm;margin-bottom:.0001pt;text-align:center;line-height:normal'>< a name=ТекстовоеПоле54 ></a ><?=($taxRate > count( $arTaxList) > 0) ? $taxRate."%"
Определения waybill.php:936
$val
$val
Определения options.php:1793
$dbGroups
$dbGroups
Определения options.php:2993
$GLOBALS
$GLOBALS['_____370096793']
Определения update_client.php:1
$arFilter
$arFilter
Определения user_search.php:106