Source of file LDAPMemberSyncTask.php
Size: 4,033 Bytes - Last Modified: 2021-12-23T10:27:14+00:00
/var/www/docs.ssmods.com/process/src/code/tasks/LDAPMemberSyncTask.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 | <?php /** * Class LDAPMemberSyncTask * * A task to sync all users to the site using LDAP. */ class LDAPMemberSyncTask extends BuildTask { private static $dependencies = [ 'ldapService' => '%$LDAPService' ]; /** * Setting this to true causes the sync to delete any local Member * records that were previously imported, but no longer existing in LDAP. * * @config * @var bool */ private static $destructive = false; public function getTitle() { return _t('LDAPMemberSyncJob.SYNCTITLE', 'Sync all users from Active Directory'); } public function run($request) { // get all users from LDAP, but only get the attributes we need. // this is useful to avoid holding onto too much data in memory // especially in the case where getUser() would return a lot of users $users = $this->ldapService->getUsers(array_merge( ['objectguid', 'samaccountname', 'useraccountcontrol', 'memberof'], array_keys(Config::inst()->get('Member', 'ldap_field_mappings')) )); $start = time(); $created = 0; $updated = 0; $deleted = 0; foreach ($users as $data) { $member = Member::get()->filter('GUID', $data['objectguid'])->limit(1)->first(); if (!($member && $member->exists())) { // create the initial Member with some internal fields $member = new Member(); $member->GUID = $data['objectguid']; $this->log(sprintf( 'Creating new Member (GUID: %s, sAMAccountName: %s)', $data['objectguid'], $data['samaccountname'] )); $created++; } else { $this->log(sprintf( 'Updating existing Member "%s" (ID: %s, GUID: %s, sAMAccountName: %s)', $member->getName(), $member->ID, $data['objectguid'], $data['samaccountname'] )); $updated++; } // Sync attributes from LDAP to the Member record. This will also write the Member record. // this is also responsible for putting the user into mapped groups try { $this->ldapService->updateMemberFromLDAP($member, $data); } catch (Exception $e) { $this->log($e->getMessage()); continue; } } // remove Member records that were previously imported, but no longer exist in the directory // NOTE: DB::query() here is used for performance and so we don't run out of memory if ($this->config()->destructive) { foreach (DB::query('SELECT "ID", "GUID" FROM "Member" WHERE "GUID" IS NOT NULL') as $record) { $member = Member::get()->byId($record['ID']); if (!isset($users[$record['GUID']])) { $this->log(sprintf( 'Removing Member "%s" (GUID: %s) that no longer exists in LDAP.', $member->getName(), $member->GUID )); try { $member->delete(); } catch (Exception $e) { $this->log($e->getMessage()); continue; } $deleted++; } } } $end = time() - $start; $this->log(sprintf( 'Done. Created %s records. Updated %s records. Deleted %s records. Duration: %s seconds', $created, $updated, $deleted, round($end, 0) )); } protected function log($message) { $message = sprintf('[%s] ', date('Y-m-d H:i:s')) . $message; echo Director::is_cli() ? ($message . PHP_EOL) : ($message . '<br>'); } } |