This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation. |
Difference between revisions of "Synchronize LDAP users"
From Group-Office Groupware and CRM Documentation
Line 1: | Line 1: | ||
− | Group-Office comes with an LDAP user sync script. It uses the same configuration as the [[IMAP_or_LDAP_authentication LDAP authentication module]]. So this module must be installed and working. | + | Group-Office comes with an LDAP user sync script. It uses the same configuration as the [[IMAP_or_LDAP_authentication|LDAP authentication module]]. So this module must be installed and working. |
You can run the synchronization on the command line like this: | You can run the synchronization on the command line like this: |
Revision as of 10:36, 28 November 2012
Group-Office comes with an LDAP user sync script. It uses the same configuration as the LDAP authentication module. So this module must be installed and working.
You can run the synchronization on the command line like this:
sudo -u www-data php groupofficecli.php -r=ldapauth/sync/users --delete=1 --max_delete_percentage=5
- --delete=1 means it will delete users when they are not found on the LDAP server.
- --max_delete_percentage=5 is a safety thresshold. It will abort deletion if the percentage to delete is greater than this value.
- --dry=1 will enable a dry run without doing anything. Extended code below will NOT be executed.
Extending the synchronization
If you would like to do some special actions when syncing, you can extend the functionality with a custom module. In this example we check if particular LDAP attribute is set. If it's not set then we delete all user data. If it is set then we check that the user is correctly configured.
Create the folder modules/ldapsync and the file modules/ldapsync/LdapsyncModule.php:
<?php class GO_Ldapsync_LdapsyncModule extends GO_Base_Module { public static function initListeners() { //attach the function to the default LDAP sync script event $syncController = new GO_Ldapauth_Controller_Sync(); $syncController->addListener('ldapsyncuser', "GO_Ldapsync_LdapsyncModule", "syncUser"); } /** * This function will be called for each user that has been found in LDAP. * * @param GO_Base_Model_User $user * @param GO_Base_Ldap_Record $record */ public static function syncUser(GO_Base_Model_User $user, GO_Base_Ldap_Record $record) { $serviceAttribute = "ServiceAgreement"; //value is an array or null if it's not set $serviceValues = $record->{$serviceAttribute}; if(!isset($serviceValues)) $serviceValues=array(); if($user->id!=1 && !in_array("groupware",$serviceValues)){ echo 'No service agreement. Removing data for: ' . $user->username . " ".$serviceAttribute.": ".implode(",",$serviceValues) ."\n"; echo "Deleting calendars\n"; $stmt = GO_Calendar_Model_Calendar::model()->findByAttribute("user_id", $user->id); $stmt->callOnEach("delete"); echo "Deleting tasklists\n"; $stmt = GO_Tasks_Model_Tasklist::model()->findByAttribute("user_id", $user->id); $stmt->callOnEach("delete"); echo "Deleting categories\n"; $stmt = GO_Notes_Model_Category::model()->findByAttribute("user_id", $user->id); $stmt->callOnEach("delete"); echo "Deleting files\n"; $folder = GO_Files_Model_Folder::model()->findHomeFolder($user); $stmt = $folder->folders; $stmt->callOnEach("delete"); $stmt = $folder->files; $stmt->callOnEach("delete"); echo "Done\n\n"; }else { echo "Service agreement accepted by ".$user->username.". Checking presence of default models like calendar, tasklists etc.\n"; $user->checkDefaultModels(); } } }
Now install the module and reload Group-Office to activate the listener.
Note: The extended code is not executed with the --dry option enabled.