Artturi Markko
|
Friday 26 May 2006 4:11:36 pm
Hello,
I have recently added a different way to map ldap groups to ez groups. (see post http://ez.no/community/forum/developer/contrib_ldap_group_mappings) It worked well on EZ 3.7.5 but I just upgraded to 3.8.0 and I get a "Fatal Error" message while running my modified ldapusermanage.php Problem occurs when reaching this code
$operationResult = eZOperationHandler::execute( 'content', 'publish', array( 'object_id' => $userID,
'version' => $newVersionNr ) );
at the end of the script.
As this is shared with the original code, I wondered if there could be something obvious an ez developper could see. Any help would be greatly appreciated. Thanks in advance, Artturi ldapusermanage2.php
<?php
//
// Definition of Ldapusermanage class
//
// Created on: <28-Jul-2003 15:12:08 wy>
//
// SOFTWARE NAME: eZ publish
// SOFTWARE RELEASE: 3.8.0
// BUILD VERSION: 15960
// COPYRIGHT NOTICE: Copyright (C) 1999-2006 eZ systems AS
// SOFTWARE LICENSE: GNU General Public License v2.0
// NOTICE: >
// This program is free software; you can redistribute it and/or
// modify it under the terms of version 2.0 of the GNU General
// Public License as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of version 2.0 of the GNU General
// Public License along with this program; if not, write to the Free
// Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
// MA 02110-1301, USA.
//
//
/*! \file ldapusermanage.php
*/
function mapInEzGroups($filter, $LDAPBaseDN, &$ds, &$db, &$ldap2ez, &$extraNodeAssignments, $depth = 0)
{
$retrieve = array("cn");
$sr2 = ldap_search( $ds, $LDAPBaseDN, $filter, $retrieve );
$info2 = ldap_get_entries( $ds, $sr2 );
$newfilter = '(&(objectClass=group)(|';
$max = count($info2);
for ( $i = 0; $i < $max; $i++ )
{
if ( is_null( $info2[ $i ] ) ) continue;
$ldapGroupName = $info2[$i]['cn'][0];
if ( array_key_exists($ldapGroupName, $ldap2ez) )
{
$groupName = $ldap2ez[$ldapGroupName];
$groupQuery = "SELECT ezcontentobject_tree.node_id
FROM ezcontentobject, ezcontentobject_tree
WHERE ezcontentobject.name like '$groupName'
AND ezcontentobject.id=ezcontentobject_tree.contentobject_id
AND ezcontentobject.contentclass_id=3";
$groupObject = $db->arrayQuery( $groupQuery );
if ( count( $groupObject ) > 0 )
{
$extraNodeAssignments[] = $groupObject[0]['node_id'];
}
}
$newfilter .= '(member=' . $info2[$i]['dn'] . ')';
}
if ( $depth < 30 && $max > 0 )
{
$newfilter .= '))';
mapInEzGroups($newfilter, $LDAPBaseDN, $ds, $db, $ldap2ez, $extraNodeAssignments, ( $depth + 1));
}
}
include_once( "lib/ezutils/classes/ezmodule.php" );
include_once( "lib/ezdb/classes/ezdb.php" );
include_once( 'lib/ezutils/classes/ezini.php' );
include_once( 'kernel/classes/datatypes/ezuser/ezuser.php' );
include_once( 'kernel/classes/datatypes/ezuser/ezusersetting.php' );
include_once( 'kernel/classes/ezcontentobject.php' );
$user = eZUser::fetchByName('admin');
eZUser::setCurrentlyLoggedInUser( $user, $user->attribute( 'contentobject_id' ) );
eZModule::setGlobalPathList( array( "kernel" ) );
if ( !$isQuiet )
$cli->output( "Checking LDAP users ..." );
$db =& eZDB::instance();
$query = "SELECT contentobject_id, login
FROM ezcontentobject, ezuser
WHERE remote_id like 'LDAP%'
AND ezcontentobject.id=contentobject_id";
$LDAPUsers = $db->arrayQuery( $query );
$ini =& eZINI::instance();
$LDAPIni =& eZINI::instance( 'ldap.ini' );
$LDAPVersion = $LDAPIni->variable( 'LDAPSettings', 'LDAPVersion' );
$LDAPHost = $LDAPIni->variable( 'LDAPSettings', 'LDAPServer' );
$LDAPPort = $LDAPIni->variable( 'LDAPSettings', 'LDAPPort' );
$LDAPBaseDN = $LDAPIni->variable( 'LDAPSettings', 'LDAPBaseDn' );
$LDAPBindUser = $LDAPIni->variable( 'LDAPSettings', 'LDAPBindUser' );
$LDAPBindPassword = $LDAPIni->variable( 'LDAPSettings', 'LDAPBindPassword' );
$LDAPLogin = $LDAPIni->variable( 'LDAPSettings', 'LDAPLoginAttribute' );
$LDAPSearchScope = $LDAPIni->variable( 'LDAPSettings', 'LDAPSearchScope' );
$LDAPFirstNameAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPFirstNameAttribute' );
$LDAPLastNameAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPLastNameAttribute' );
$LDAPEmailAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPEmailAttribute' );
$LDAPUserGroupAttributeType = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroupAttributeType' );
$LDAPUserGroupAttribute = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroupAttribute' );
$LDAPUserGroupAML = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroupAML' );
if ( $LDAPIni->hasVariable( 'LDAPSettings', 'LDAPSearchFilters' ) )
{
$LDAPFilters = $LDAPIni->variable( 'LDAPSettings', 'LDAPSearchFilters' );
}
if ( $LDAPIni->hasVariable( 'LDAPSettings', 'LDAPUserGroupType' ) and $LDAPIni->hasVariable( 'LDAPSettings', 'LDAPUserGroup' ) )
{
$LDAPUserGroupType = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroupType' );
$LDAPUserGroup = $LDAPIni->variable( 'LDAPSettings', 'LDAPUserGroup' );
}
if ( $LDAPIni->hasVariable( 'LDAPSettings', 'Utf8Encoding' ) )
{
$Utf8EncodingSetting = $LDAPIni->variable( 'LDAPSettings', 'Utf8Encoding' );
if ( $Utf8EncodingSetting == "true" )
$isUtf8Encoding = true;
else
$isUtf8Encoding = false;
}
else
{
$isUtf8Encoding = false;
}
$LDAPEqualSign = trim($LDAPIni->variable( 'LDAPSettings', "LDAPEqualSign" ) );
$LDAPBaseDN = str_replace( $LDAPEqualSign, "=", $LDAPBaseDN );
$attributeArray = array( $LDAPFirstNameAttribute,
$LDAPLastNameAttribute,
$LDAPEmailAttribute );
$defaultUserPlacement = $ini->variable( "UserSettings", "DefaultUserPlacement" );
//connect to LDAP server
$ds = ldap_connect( $LDAPHost, $LDAPPort );
if ( $ds )
{
ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION, $LDAPVersion );
if ( $LDAPBindUser == '' )
{
$r = ldap_bind( $ds );
}
else
{
$r = ldap_bind( $ds, $LDAPBindUser, $LDAPBindPassword );
}
if ( !$r )
{
return false;
}
ldap_set_option( $ds, LDAP_OPT_SIZELIMIT, 0 );
ldap_set_option( $ds, LDAP_OPT_TIMELIMIT, 0 );
}
else
{
return false;
}
$db->begin();
foreach ( array_keys ( $LDAPUsers ) as $key )
{
$LDAPUser =& $LDAPUsers[$key];
$login = $LDAPUser['login'];
$userID = $LDAPUser['contentobject_id'];
echo "a";
$LDAPFilter = "( &";
if ( count( $LDAPFilters ) > 0 )
{
foreach ( array_keys( $LDAPFilters ) as $key )
{
$LDAPFilter .= "(" . $LDAPFilters[$key] . ")";
}
}
$LDAPFilter .= "($LDAPLogin=$login)";
$LDAPFilter .= ")";
$LDAPFilter = str_replace( $LDAPEqualSign, "=", $LDAPFilter );
if ( $LDAPSearchScope == "one" )
$sr = ldap_list( $ds, $LDAPBaseDN, $LDAPFilter, $attributeArray );
else if ( $LDAPSearchScope == "base" )
$sr = ldap_read( $ds, $LDAPBaseDN, $LDAPFilter, $attributeArray );
else
$sr = ldap_search( $ds, $LDAPBaseDN, $LDAPFilter, $attributeArray );
$info = ldap_get_entries( $ds, $sr );
if ( $info["count"] != 1 )
{
$cli->output( "Disable user " . $cli->stylize( 'emphasize', $login ) );
// Disable the user
$userSetting = eZUserSetting::fetch( $userID );
$userSetting->setAttribute( "is_enabled", false );
$userSetting->store();
}
else
{
echo "b";
// Update user information
$contentObject =& eZContentObject::fetch( $userID );
$parentNodeID = $contentObject->attribute( 'main_parent_node_id' );
$currentVersion = $contentObject->attribute( 'current_version' );
$version =& $contentObject->attribute( 'current' );
$contentObjectAttributes =& $version->contentObjectAttributes();
if ( $isUtf8Encoding )
{
$firstName = utf8_decode( $info[0][$LDAPFirstNameAttribute][0] );
$lastName = utf8_decode( $info[0][$LDAPLastNameAttribute][0] );
$ldapEMail = utf8_decode( $info[0][$LDAPEmailAttribute][0] );
}
else
{
$firstName = $info[0][$LDAPFirstNameAttribute][0];
$lastName = $info[0][$LDAPLastNameAttribute][0];
$ldapEMail = $info[0][$LDAPEmailAttribute][0];
}
$contentObjectAttributes[0]->setAttribute( 'data_text', $firstName );
$contentObjectAttributes[0]->store();
$contentObjectAttributes[1]->setAttribute( 'data_text', $lastName );
$contentObjectAttributes[1]->store();
$contentClass =& $contentObject->attribute( 'content_class' );
$name = $contentClass->contentObjectName( $contentObject );
$contentObject->setName( $name );
$existUser = eZUser::fetch( $userID );
$existUser->setAttribute('email', $ldapEMail );
$existUser->setAttribute('password_hash', "" );
$existUser->setAttribute('password_hash_type', 0 );
$existUser->store();
// If user has changed to another group, update it.
if ( $LDAPUserGroupAML != null )
{
$republishRequired = false;
$IsLDAPMain = true;
$hasOtherNodeType = false;
$hasLDAPNodeType = false;
$otherNodeArray = array();
$LDAPNodeArray = array();
$newLDAPNodeArray = array();
$parentNodes =& $contentObject->parentNodes( $currentVersion );
echo "c";
foreach( array_keys( $parentNodes ) as $key )
{
$parentNode =& $parentNodes[$key];
$parentNodeID = $parentNode->attribute( 'node_id' );
$parentNodeName = $parentNode->attribute( 'name' );
$nodeAssignment = eZNodeAssignment::fetch( $contentObject->attribute( 'id' ), $currentVersion, $parentNodeID );
$isMain = $nodeAssignment->attribute( 'is_main' );
$remoteID = $nodeAssignment->attribute( 'parent_remote_id' );
if ( preg_match( "/LDAP/i", $remoteID ) )
{
$LDAPNodeArray[] = array( 'parent_node_name' => $parentNodeName, 'parent_node_id' => $parentNodeID, 'is_main' => $isMain );
}
else
{
$otherNodeArray[] = array( 'parent_node_name' => $parentNodeName, 'parent_node_id' => $parentNodeID, 'is_main' => $isMain );
$hasOtherNodeType = true;
if ( $isMain )
{
$IsLDAPMain = false;
}
}
}
echo "d";
foreach ( $LDAPUserGroupAML as $value)
{
$r = explode("--", $value);
$ldap2ez[$r[0]] = $r[1];
}
$extraNodeAssignments = array();
$LDAPUserGroupCount = count( $LDAPNodeArray );
$filter = "(&(objectClass=group)(member=" . $info[0]['dn'] . "))";
mapInEzGroups($filter, $LDAPBaseDN, $ds, $db, $ldap2ez, $extraNodeAssignments);
$groupCount = count( $extraNodeAssignments );
echo "e";
for ( $i = 0; $i < $groupCount; $i++ )
{
$exist = false;
foreach( $LDAPNodeArray as $LDAPNode )
{
$existGroupName = $LDAPNode['parent_node_name'];
$existGroupID = $LDAPNode['parent_node_id'];
if ( strcasecmp( $existGroupID, $extraNodeAssignments[$i] ) == 0 )
{
$exist = true;
$hasLDAPNodeType = true;
if ( $IsLDAPMain and count( $newLDAPNodeArray ) == 0 )
{
$newLDAPNodeArray[] = array( 'parent_node_name' => $existGroupName, 'parent_node_id' => $existGroupID, 'is_main' => 1 );
}
else
{
$newLDAPNodeArray[] = array( 'parent_node_name' => $existGroupName, 'parent_node_id' => $existGroupID, 'is_main' => 0 );
}
$LDAPUserGroupCount--;
}
}
if ( $exist == false )
{
$groupQuery = "SELECT ezcontentobject.name
FROM ezcontentobject, ezcontentobject_tree
WHERE ezcontentobject_tree.node_id=$extraNodeAssignments[$i]
AND ezcontentobject.id=ezcontentobject_tree.contentobject_id
AND ezcontentobject.contentclass_id=3";
$groupObject = $db->arrayQuery( $groupQuery );
if ( count( $groupObject ) > 0 )
{
$hasLDAPNodeType = true;
if ( $IsLDAPMain and count( $newLDAPNodeArray ) == 0 )
{
$newLDAPNodeArray[] = array( 'parent_node_name' => $groupObject[0]['name'], 'parent_node_id' => $extraNodeAssignments[$i], 'is_main' => 1 );
}
else
{
$newLDAPNodeArray[] = array( 'parent_node_name' => $groupObject[0]['name'], 'parent_node_id' => $extraNodeAssignments[$i], 'is_main' => 0 );
}
$republishRequired = true;
}
}
}
echo "f";
if ( $LDAPUserGroupCount != 0 )
{
$republishRequired = true;
}
if ( $republishRequired )
{
$newVersion = $contentObject->createNewVersion();
$newVersionNr = $newVersion->attribute( 'version' );
$nodeAssignmentList =& $newVersion->attribute( 'node_assignments' );
echo "f1";
foreach ( array_keys( $nodeAssignmentList ) as $key )
{
$nodeAssignment =& $nodeAssignmentList[$key];
$nodeAssignment->remove();
}
echo "f2";
if ( $hasOtherNodeType )
{
foreach ( $otherNodeArray as $otherNode )
{
$newVersion->assignToNode( $otherNode['parent_node_id'], $otherNode['is_main'] );
}
}
echo "f3";
if ( $hasLDAPNodeType )
{
foreach ( $newLDAPNodeArray as $newLDAPNode )
{
$newVersion->assignToNode( $newLDAPNode['parent_node_id'], $newLDAPNode['is_main'] );
$assignment = eZNodeAssignment::fetch( $contentObject->attribute( 'id' ), $newVersionNr, $newLDAPNode['parent_node_id'] );
$assignment->setAttribute( 'parent_remote_id', "LDAP_" . $newLDAPNode['parent_node_id'] );
$assignment->store();
}
}
echo "f4";
if ( !$hasOtherNodeType and !$hasLDAPNodeType )
{
$newVersion->assignToNode( $defaultUserPlacement, 1 );
}
echo "f5";
var_dump($userID, $newVersionNr);
var_dump($newVersion);
include_once( 'lib/ezutils/classes/ezoperationhandler.php' );
$operationResult = eZOperationHandler::execute( 'content', 'publish', array( 'object_id' => $userID,
'version' => $newVersionNr ) );
echo "f6";
$cli->output( $cli->stylize( 'emphasize', $existUser->attribute('login') ) . " has changed group, updated." );
}
echo "g";
}
}
}
$db->commit();
if ( !$isQuiet )
$cli->output( "All LDAP users have been updated!" );
?>
|