| This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation. |
Difference between revisions of "Synchronize LDAP users"
From Group-Office Groupware and CRM Documentation
(→Extending the synchronization) |
|||
| Line 34: | Line 34: | ||
$serviceAttribute = "ServiceAgreement"; | $serviceAttribute = "ServiceAgreement"; | ||
| + | |||
| + | //value is an array or null if it's not set | ||
$serviceValues = $record->{$serviceAttribute}; | $serviceValues = $record->{$serviceAttribute}; | ||
| + | if(!isset($serviceValues)) | ||
| + | $serviceValues=array(); | ||
| − | if($user->id!=1 && | + | if($user->id!=1 && !in_array("groupware",$serviceValues)){ |
echo 'No service agreement. Removing data for: ' . $user->username . " ".$serviceAttribute.": ".implode(",",$serviceValues) ."\n"; | echo 'No service agreement. Removing data for: ' . $user->username . " ".$serviceAttribute.": ".implode(",",$serviceValues) ."\n"; | ||
Revision as of 08:53, 25 September 2012
Group-Office comes with an LDAP user sync script. It uses the same configuration as the IMAP or LDAP authentication LDAP authentication module. So this module must be installed and working.
You can run the synchronization on the command line like this:
sudo -u www-data php groupofficecli.php -r=ldapauth/sync/users --delete=1 --max_delete_percentage=5
- --delete=1 means it will delete users when they are not found on the LDAP server.
- --max_delete_percentage=5 is a safety thresshold. It will abort deletion if the percentage to delete is greater than this value.
Extending the synchronization
If you would like to do some special actions when syncing, you can extend the functionality with a custom module. In this example we check if particular LDAP attribute is set. If it's not set then we delete all user data. If it is set then we check that the user is correctly configured.
Create the folder modules/ldapsync and the file modules/ldapsync/LdapsyncModule.php:
<?php
class GO_Ldapsync_LdapsyncModule extends GO_Base_Module {
public static function initListeners() {
//attach the function to the default LDAP sync script event
$syncController = new GO_Ldapauth_Controller_Sync();
$syncController->addListener('ldapsyncuser', "GO_Ldapsync_LdapsyncModule", "syncUser");
}
/**
* This function will be called for each user that has been found in LDAP.
*
* @param GO_Base_Model_User $user
* @param GO_Base_Ldap_Record $record
*/
public static function syncUser(GO_Base_Model_User $user, GO_Base_Ldap_Record $record) {
$serviceAttribute = "ServiceAgreement";
//value is an array or null if it's not set
$serviceValues = $record->{$serviceAttribute};
if(!isset($serviceValues))
$serviceValues=array();
if($user->id!=1 && !in_array("groupware",$serviceValues)){
echo 'No service agreement. Removing data for: ' . $user->username . " ".$serviceAttribute.": ".implode(",",$serviceValues) ."\n";
$stmt = GO_Calendar_Model_Calendar::model()->findByAttribute("user_id", $user->id);
$stmt->callOnEach("delete");
$stmt = GO_Tasks_Model_Task::model()->findByAttribute("user_id", $user->id);
$stmt->callOnEach("delete");
$folder = GO_Files_Model_Folder::model()->findHomeFolder($user);
$stmt = $folder->folders;
$stmt->callOnEach("delete");
$stmt = $folder->files;
$stmt->callOnEach("delete");
}else
{
echo "Service agreement accepted by ".$user->username.". Checking presence of default models like calendar, tasklists etc.\n";
$user->checkDefaultModels();
}
}
}
Now install the module and reload Group-Office to activate the listener.
