Skip to content
Snippets Groups Projects
Commit 6490d756 authored by Dennis Ahrens's avatar Dennis Ahrens
Browse files

ignore duplicated entries and user with expired account

parent 4d4b75ea
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 36 additions and 7 deletions
auth.php
+ 36
7
View file @ 6490d756
...@@ -66,6 +66,12 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -66,6 +66,12 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
} }
function win_filetime_to_timestamp($filetime) {
$win_secs = substr($filetime,0,strlen($filetime)-7); // divide by 10 000 000 to get seconds
$unix_timestamp = ($win_secs - 11644473600); // 1.1.1600 -> 1.1.1970 difference in seconds
return $unix_timestamp;
}
/** /**
* Syncronizes user fron external LDAP server to moodle user table * Syncronizes user fron external LDAP server to moodle user table
* *
...@@ -101,7 +107,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -101,7 +107,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
// Prepare some data we'll need. // Prepare some data we'll need.
$filter = '(&('.$this->config->user_attribute.'=*)'.$this->config->objectclass.')'; $filter = '(&('.$this->config->user_attribute.'=*)'.$this->config->objectclass.')';
$servercontrols = array(); $servercontrols = array();
$datesum = time();
$contexts = explode(';', $this->config->contexts); $contexts = explode(';', $this->config->contexts);
if (!empty($this->config->create_context)) { if (!empty($this->config->create_context)) {
...@@ -118,7 +124,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -118,7 +124,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
do { do {
if ($ldappagedresults) { if ($ldappagedresults) {
// TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 4.1).
if (version_compare(PHP_VERSION, '7.3.0', '<')) { if (version_compare(PHP_VERSION, '7.3.0', '<')) {
// Before 7.3, use this function that was deprecated in PHP 7.4. // Before 7.3, use this function that was deprecated in PHP 7.4.
ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldapcookie); ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldapcookie);
...@@ -131,7 +137,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -131,7 +137,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
} }
if ($this->config->search_sub) { if ($this->config->search_sub) {
// Use ldap_search to find first user from subtree. // Use ldap_search to find first user from subtree.
// TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 4.1).
if (version_compare(PHP_VERSION, '7.3.0', '<')) { if (version_compare(PHP_VERSION, '7.3.0', '<')) {
$ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute)); $ldapresult = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute));
} else { } else {
...@@ -140,7 +146,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -140,7 +146,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
} }
} else { } else {
// Search only in this context. // Search only in this context.
// TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 4.1).
if (version_compare(PHP_VERSION, '7.3.0', '<')) { if (version_compare(PHP_VERSION, '7.3.0', '<')) {
$ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute)); $ldapresult = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute));
} else { } else {
...@@ -154,7 +160,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -154,7 +160,7 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
if ($ldappagedresults) { if ($ldappagedresults) {
// Get next server cookie to know if we'll need to continue searching. // Get next server cookie to know if we'll need to continue searching.
$ldapcookie = ''; $ldapcookie = '';
// TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 3.11). // TODO: Remove the old branch of code once PHP 7.3.0 becomes required (Moodle 4.1).
if (version_compare(PHP_VERSION, '7.3.0', '<')) { if (version_compare(PHP_VERSION, '7.3.0', '<')) {
// Before 7.3, use this function that was deprecated in PHP 7.4. // Before 7.3, use this function that was deprecated in PHP 7.4.
$pagedresp = ldap_control_paged_result_response($ldapconnection, $ldapresult, $ldapcookie); $pagedresp = ldap_control_paged_result_response($ldapconnection, $ldapresult, $ldapcookie);
...@@ -177,7 +183,28 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -177,7 +183,28 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
$value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute); $value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute);
$value = core_text::convert($value[0], $this->config->ldapencoding, 'utf-8'); $value = core_text::convert($value[0], $this->config->ldapencoding, 'utf-8');
$value = trim($value); $value = trim($value);
// > HsH peter werner - ignore duplicated entries and user with expired account
$attrs = ldap_get_attributes($ldapconnection, $entry);
if($DB->count_records_select('tmp_extuser','username=?',array('uname'=>$value))<1){
if(isset($attrs['accountExpires'])){
$expdate = $attrs['accountExpires'][0];
if($expdate <= 0){
$expdate = 0;
} else {
$expdate = $this->win_filetime_to_timestamp($expdate);
}
if($expdate != 0 && $expdate - $datesum < 0){
mtrace($value.' expires in '.($expdate-$datesum). ' not adding to tmp_extuser');
} else {
$this->ldap_bulk_insert($value); // only one result!
}
} else {
$this->ldap_bulk_insert($value); $this->ldap_bulk_insert($value);
}
} else {
// duplicated! trace name to output
mtrace('Duplicated entry: '.$value);
}
} while ($entry = ldap_next_entry($ldapconnection, $entry)); } while ($entry = ldap_next_entry($ldapconnection, $entry));
} }
unset($ldapresult); // Free mem. unset($ldapresult); // Free mem.
...@@ -451,7 +478,9 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap { ...@@ -451,7 +478,9 @@ class auth_plugin_ldap_syncplus extends auth_plugin_ldap {
// //
// The cast to int is a workaround for MDL-53959. // The cast to int is a workaround for MDL-53959.
$user->suspended = (int)$this->is_user_suspended($user); $user->suspended = (int)$this->is_user_suspended($user);
if (empty($user->lang)) {
$user->lang = $CFG->lang;
}
if (empty($user->calendartype)) { if (empty($user->calendartype)) {
$user->calendartype = $CFG->calendartype; $user->calendartype = $CFG->calendartype;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment