|
1
|
@auth_method = AuthSourceLdap.find(1)
|
|
2
|
class AuthSourceLdap
|
|
3
|
|
|
4
|
def import
|
|
5
|
logger.info("**********************************************************************\n")
|
|
6
|
logger.info("#{Time.now.inspect}\n\n")
|
|
7
|
|
|
8
|
ldap_con = initialize_ldap_con(self.account, self.account_password)
|
|
9
|
|
|
10
|
search_filter = Net::LDAP::Filter.eq("objectClass", "user")
|
|
11
|
|
|
12
|
found = created = skipped =0
|
|
13
|
created = []
|
|
14
|
disabled = []
|
|
15
|
ldap_con.search(:base => self.base_dn,:filter => search_filter,
|
|
16
|
:attributes => ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail, self.attr_login, "distinguishedName",]
|
|
17
|
) do | entry |
|
|
18
|
|
|
19
|
login = AuthSourceLdap.get_attr(entry, self.attr_login)
|
|
20
|
|
|
21
|
logger.info("Found DN: #{entry.dn}")
|
|
22
|
found += 1
|
|
23
|
|
|
24
|
distinguishedName = AuthSourceLdap.get_attr(entry,"distinguishedName")
|
|
25
|
is_disabled_in_ldap = distinguishedName.include? "OU=Disabled"
|
|
26
|
user_in_rm = User.find(:first, :conditions => ["login=?", login])
|
|
27
|
#logger.info(" User #{login} inspect: #{user_in_rm.inspect}\n")
|
|
28
|
|
|
29
|
attrs = [:firstname => (AuthSourceLdap.get_attr(entry, self.attr_firstname) != nil ? \
|
|
30
|
AuthSourceLdap.get_attr(entry, self.attr_firstname) : "Unknown"),
|
|
31
|
:lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname),
|
|
32
|
:mail => AuthSourceLdap.get_attr(entry, self.attr_mail),
|
|
33
|
:auth_source_id => self.id ]
|
|
34
|
#sanity checking (all the above attributes are required)
|
|
35
|
|
|
36
|
#If any of the attributes is missing then don't proceed but skip
|
|
37
|
skip = false
|
|
38
|
catch :SKIP do
|
|
39
|
skip = false
|
|
40
|
attrs.each { |e|
|
|
41
|
e.each { |k, v|
|
|
42
|
if v == nil
|
|
43
|
# give the admin a clue why importing failed...
|
|
44
|
logger.info(" User #{login} misses value for attribute '#{k}'.\n")
|
|
45
|
#skipped.push(login+" (missing attribute '#{k}')")
|
|
46
|
skip = true
|
|
47
|
throw :SKIP
|
|
48
|
end
|
|
49
|
}
|
|
50
|
}
|
|
51
|
end # catch
|
|
52
|
if skip
|
|
53
|
skipped += 1
|
|
54
|
next
|
|
55
|
end
|
|
56
|
|
|
57
|
#User account was disabled in LDAP
|
|
58
|
if is_disabled_in_ldap
|
|
59
|
logger.info(" User #{login} is disabled in ldap\n")
|
|
60
|
#If user exists in redmine then lock the account
|
|
61
|
if (user_in_rm != nil) and (user_in_rm.status != User::STATUS_LOCKED)
|
|
62
|
user_in_rm.status=User::STATUS_LOCKED
|
|
63
|
user_in_rm.save
|
|
64
|
logger.info(" User #{login} is now locked in redmine\n")
|
|
65
|
end
|
|
66
|
#skipped.push(login+' (disabled in ldap)')
|
|
67
|
skipped += 1
|
|
68
|
next
|
|
69
|
end
|
|
70
|
|
|
71
|
#User exists in Redmine, no need to update, I think.
|
|
72
|
if user_in_rm != nil
|
|
73
|
logger.info(" User #{login} exists in redmine\n")
|
|
74
|
skipped += 1
|
|
75
|
next
|
|
76
|
end
|
|
77
|
|
|
78
|
#create user
|
|
79
|
logger.info(" User #{login} is added user with attrs: #{attrs.to_s}\n")
|
|
80
|
u = User.create(*attrs)
|
|
81
|
u.login = login
|
|
82
|
u.language = Setting.default_language
|
|
83
|
if u.save
|
|
84
|
created.push(login+' (created)')
|
|
85
|
else
|
|
86
|
#skipped.push(login+' (add failed)')
|
|
87
|
skipped += 1
|
|
88
|
logger.info(" User #{login} failed in saving: #{attrs.to_s}\n")
|
|
89
|
end
|
|
90
|
|
|
91
|
end #do
|
|
92
|
logger.info("Found #{found} users in the system\n")
|
|
93
|
logger.info("Skipped #{skipped} users in the system\n")
|
|
94
|
logger.info("Created #{created.size} users:") #{created.join("\n")}\n")
|
|
95
|
logger.info("Disabled #{created.size} users:") #{Disabled.join("\n")}\n")
|
|
96
|
logger.info("#{Time.now.inspect}\n")
|
|
97
|
logger.info("\n**********************************************************************\n\n")
|
|
98
|
return {:found => found, :imported => created, :skipped => skipped}
|
|
99
|
end # import
|
|
100
|
|
|
101
|
end #class
|
|
102
|
|
|
103
|
|
|
104
|
@auth_method.import
|
|
105
|
|