ninegate seth-aaf et seth-edu
This commit is contained in:
parent
a9c5b925fd
commit
0bc8bf71ce
@ -86,16 +86,16 @@
|
||||
|
||||
<variable type='oui/non' name='ninegate_ssosynchrogroup' description="Générer automatiquement les groupes en fonction d'un attribut SSO"><value>oui</value></variable>
|
||||
<variable type='string' name='ninegate_ssoreqgroup' description="Attribut SSO associé à la notion de groupe" mandatory='True'><value>user_groups</value></variable>
|
||||
<variable type='oui/non' name='ninegate_ssosynchroitem' description="Associer automatiquement les items en fonction d'un attribut SSO"><value>non</value></variable>
|
||||
<variable type='string' name='ninegate_ssoreqitem' description="Attribut SSO associé à la notion d'item" mandatory='True'><value></value></variable>
|
||||
|
||||
<variable type='oui/non' name='ninegate_syncldap' description="Synchroniser Ninegate vers votre Annuaire CadolesLDAP"><value>non</value></variable>
|
||||
<variable type='string' name='ninegate_ldaptemplate' description="Modèle d'annuaire"><value>scribe</value></variable>
|
||||
<variable type='oui/non' name='ninegate_scribegroup' description="Considérer les classes/options comme des groupes de travail"><value>oui</value></variable>
|
||||
<variable type='string' name='ninegate_scribemaster' description="Placer les professeurs comme manager des groupes classes/options"><value>oui</value></variable>
|
||||
<variable type='oui/non' name='ninegate_scribemaster' description="Placer les professeurs comme manager des groupes classes/options"><value>oui</value></variable>
|
||||
<variable type='string' name='ninegate_openldapreqniveau01' description="Lors de l'initalisation de Ninegate requete LDAP utilisateur de votre premier Niveau01" mandatory='True'><value>(uid=*)</value></variable>
|
||||
<variable type='oui/non' name='ninegate_openldapsynchrogroup' description="Générer automatiquement les groupes en fonction de votre annuaire"><value>oui</value></variable>
|
||||
<variable type='string' name='ninegate_openldapreqgroup' description="Générer automatiquement les groupes en fonction de votre annuaire" mandatory='True'><value>(objectClass=posixGroup)</value></variable>
|
||||
<variable type='string' name='ninegate_openldapsubbranchgroup' description="Rechercher les groupes dans la sous-branche" mandatory='False' />
|
||||
<variable type='string' name='ninegate_openldapsubbranchuser' description="Rechercher les utilisateurs dans la sous-branche" mandatory='False' />
|
||||
|
||||
<variable type='string' name='ninegate_pwdadmin' description="Mot de passe du compte admin durant l'instance (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable>
|
||||
<variable type='string' name='ninegate_organization' description="Nom de l'organisation principale (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable>
|
||||
@ -433,8 +433,6 @@
|
||||
|
||||
<target type='variable'>ninegate_ssosynchrogroup</target>
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
<target type='variable'>ninegate_ssosynchroitem</target>
|
||||
<target type='variable'>ninegate_ssoreqitem</target>
|
||||
|
||||
<target type='variable'>ninegate_syncldap</target>
|
||||
<target type='variable'>ninegate_ldaptemplate</target>
|
||||
@ -443,7 +441,9 @@
|
||||
<target type='variable'>ninegate_openldapreqniveau01</target>
|
||||
<target type='variable'>ninegate_openldapsynchrogroup</target>
|
||||
<target type='variable'>ninegate_openldapreqgroup</target>
|
||||
|
||||
<target type='variable'>ninegate_openldapsubbranchgroup</target>
|
||||
<target type='variable'>ninegate_openldapsubbranchuser</target>
|
||||
|
||||
<target type='variable'>ninegate_pwdadmin</target>
|
||||
<target type='variable'>ninegate_organization</target>
|
||||
<target type='variable'>ninegate_niveau01branche</target>
|
||||
@ -528,8 +528,6 @@
|
||||
|
||||
<target type='variable'>ninegate_ssosynchrogroup</target>
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
<target type='variable'>ninegate_ssosynchroitem</target>
|
||||
<target type='variable'>ninegate_ssoreqitem</target>
|
||||
</condition>
|
||||
|
||||
<condition name='hidden_if_in' source='ninegate_syncldap'>
|
||||
@ -597,13 +595,6 @@
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
</condition>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DE SSO SYNCHRO ITEM -->
|
||||
<condition name='hidden_if_in' source='ninegate_ssosynchroitem'>
|
||||
<param>non</param>
|
||||
|
||||
<target type='variable'>ninegate_ssoreqitem</target>
|
||||
</condition>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DE CADOLESLDAP -->
|
||||
<fill name='calc_val' target='ninegate_pwdadmin'>
|
||||
<param type='eole' hidden='False'>cadolesldap_pwdadmin</param>
|
||||
@ -648,6 +639,8 @@
|
||||
<target type='variable'>ninegate_openldapreqniveau01</target>
|
||||
<target type='variable'>ninegate_openldapsynchrogroup</target>
|
||||
<target type='variable'>ninegate_openldapreqgroup</target>
|
||||
<target type='variable'>ninegate_openldapsubbranchgroup</target>
|
||||
<target type='variable'>ninegate_openldapsubbranchuser</target>
|
||||
</condition>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DU LDAP SYNCHRO GROUP -->
|
||||
|
20
dicos/91_ninegate_annuaire.xml
Normal file
20
dicos/91_ninegate_annuaire.xml
Normal file
@ -0,0 +1,20 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<creole>
|
||||
<variables>
|
||||
<family name='annuaire'>
|
||||
<variable type='string' name='ldap_writer' description="Utilisateur d'écriture des comptes LDAP" exists='False'>
|
||||
cn=admin,o=gouv,c=fr
|
||||
</variable>
|
||||
</family>
|
||||
</variables>
|
||||
|
||||
<constraints>
|
||||
<fill name='concat' target='ldap_writer'>
|
||||
<param>cn=admin,</param>
|
||||
<param type='eole'>ldap_base_dn</param>
|
||||
</fill>
|
||||
</constraints>
|
||||
|
||||
<help>
|
||||
</help>
|
||||
</creole>
|
@ -36,6 +36,8 @@ class SynchroCommand extends Command
|
||||
private $rootlog;
|
||||
private $ldap;
|
||||
private $ldap_basedn;
|
||||
private $ldap_baseuser;
|
||||
private $ldap_basegroup;
|
||||
|
||||
protected function configure()
|
||||
{
|
||||
@ -94,18 +96,23 @@ class SynchroCommand extends Command
|
||||
$this->writeln('=====================================================');
|
||||
|
||||
|
||||
$this->ldap_basedn = $this->container->getParameter('ldap_basedn');
|
||||
$ldap_template = $this->container->getParameter('ldap_template');
|
||||
$ldap_username = $this->container->getParameter('ldap_username');
|
||||
$ldap_firstname = $this->container->getParameter('ldap_firstname');
|
||||
$ldap_lastname = $this->container->getParameter('ldap_lastname');
|
||||
$ldap_email = $this->container->getParameter('ldap_email');
|
||||
$ldap_usersadmin = $this->container->getParameter('ldap_usersadmin');
|
||||
$scribe_group = $this->container->getParameter('scribe_group');
|
||||
$scribe_master = $this->container->getParameter('scribe_master');
|
||||
$fieldstoread = array($ldap_username,$ldap_firstname,$ldap_lastname,$ldap_email);
|
||||
$ldapusers = array();
|
||||
$ldapmails = array();
|
||||
$this->ldap_basedn = $this->container->getParameter('ldap_basedn');
|
||||
$this->ldap_baseuser = $this->container->getParameter('ldap_baseuser');
|
||||
$this->ldap_basegroup = $this->container->getParameter('ldap_basegroup');
|
||||
|
||||
$ldap_username = strtolower($this->container->getParameter('ldap_username'));
|
||||
$ldap_firstname = strtolower($this->container->getParameter('ldap_firstname'));
|
||||
$ldap_lastname = strtolower($this->container->getParameter('ldap_lastname'));
|
||||
$ldap_email = strtolower($this->container->getParameter('ldap_email'));
|
||||
$ldap_member = strtolower($this->container->getParameter('ldap_member'));
|
||||
$scribe_group = strtolower($this->container->getParameter('scribe_group'));
|
||||
|
||||
$ldap_template = $this->container->getParameter('ldap_template');
|
||||
$ldap_usersadmin = $this->container->getParameter('ldap_usersadmin');
|
||||
$scribe_master = strtolower($this->container->getParameter('scribe_master'));
|
||||
$fieldstoread = array($ldap_username,$ldap_firstname,$ldap_lastname,$ldap_email);
|
||||
$ldapusers = array();
|
||||
$ldapmails = array();
|
||||
|
||||
if($ldap_template=="scribe") {
|
||||
$this->writeln('');
|
||||
@ -179,7 +186,7 @@ class SynchroCommand extends Command
|
||||
$this->writeln('');
|
||||
$this->writeln('== GROUPES ==========================================');
|
||||
|
||||
$results = $this->ldap->search($this->container->getParameter('openldapreqgroup'), ['cn','description','gidNumber'], $this->ldap_basedn);
|
||||
$results = $this->ldap->search($this->container->getParameter('openldapreqgroup'), ['cn','description','gidNumber'], $this->ldap_basegroup);
|
||||
foreach($results as $result) {
|
||||
$cn=$result["cn"];
|
||||
$ldapfilter="(&".$this->container->getParameter('openldapreqgroup')."(cn=$cn))";
|
||||
@ -209,7 +216,7 @@ class SynchroCommand extends Command
|
||||
// On execute le filtre d'appartenance à ce niveau
|
||||
$this->writeln("== Récupération des utilisateurs de l'annuaire");
|
||||
$niveau01=$this->em->getRepository('CadolesCoreBundle:Niveau01')->find($data["id"]);
|
||||
$results = $this->ldap->search($niveau01->getLdapfilter(), $fieldstoread, $this->ldap_basedn);
|
||||
$results = $this->ldap->search($niveau01->getLdapfilter(), $fieldstoread, $this->ldap_baseuser);
|
||||
$nbuserstotal=count($results);
|
||||
|
||||
// Pour chaque utilisateur ldap
|
||||
@ -229,6 +236,7 @@ class SynchroCommand extends Command
|
||||
$result[$ldap_username]=utf8_encode($result[$ldap_username]);
|
||||
if(!isset($result[$ldap_lastname])) $result[$ldap_lastname] = "";
|
||||
if(!isset($result[$ldap_firstname])) $result[$ldap_firstname] = "";
|
||||
|
||||
if(!array_key_exists($ldap_email,$result)) {
|
||||
$this->writelnred(" - Création dans Bundle impossible >> ".$result[$ldap_username]." sans email");
|
||||
continue;
|
||||
@ -306,18 +314,29 @@ class SynchroCommand extends Command
|
||||
$this->writeln('== '.$group->getLabel());
|
||||
|
||||
if(!is_null($ldapfilter)) {
|
||||
$results = $this->ldap->search($ldapfilter,[$ldap_username,"memberuid"] , $this->ldap_basedn);
|
||||
$results = $this->ldap->search($ldapfilter,[$ldap_username,$ldap_member] , $this->ldap_basedn);
|
||||
|
||||
foreach($results as $result) {
|
||||
if(isset($result["memberuid"])) {
|
||||
|
||||
|
||||
if(isset($result[$ldap_member])) {
|
||||
// Si memberid est un tableau il y a plusieur user dedans
|
||||
if(is_array($result["memberuid"])) {
|
||||
foreach($result["memberuid"] as $key => $value) {
|
||||
if(is_array($result[$ldap_member])) {
|
||||
foreach($result[$ldap_member] as $key => $value) {
|
||||
if(is_int($key)) {
|
||||
$user=$this->em->getRepository('CadolesCoreBundle:User')->findOneBy(array('username' => $value));
|
||||
$username=$value;
|
||||
|
||||
// si le username forme un DN, il faut récupérer juste la première entrée
|
||||
$tmp=explode(",",$username);
|
||||
if(is_array($tmp)&&count($tmp)>1) {
|
||||
$tmp=explode("=",$tmp[0]);
|
||||
$username=$tmp[1];
|
||||
}
|
||||
|
||||
$user=$this->em->getRepository('CadolesCoreBundle:User')->findOneBy(array('username' => $username));
|
||||
if($user) {
|
||||
array_push($ldapusersgroup,$value);
|
||||
$this->writeln(" - Rattacher >> ".$value);
|
||||
array_push($ldapusersgroup,$username);
|
||||
$this->writeln(" - Rattacher >> ".$username);
|
||||
if(!$simulate) $this->addtoGroup($user,$group);
|
||||
}
|
||||
}
|
||||
@ -325,10 +344,19 @@ class SynchroCommand extends Command
|
||||
}
|
||||
// sinon m'a qu'un seul uid
|
||||
else {
|
||||
$user=$this->em->getRepository('CadolesCoreBundle:User')->findOneBy(array('username' => $result["memberuid"]));
|
||||
$username=$result[$ldap_member];
|
||||
|
||||
// si le username forme un DN, il faut récupérer juste la première entrée
|
||||
$tmp=explode(",",$username);
|
||||
if(is_array($tmp)&&count($tmp)>1) {
|
||||
$tmp=explode("=",$tmp[0]);
|
||||
$username=$tmp[1];
|
||||
}
|
||||
|
||||
$user=$this->em->getRepository('CadolesCoreBundle:User')->findOneBy(array('username' => $username));
|
||||
if($user) {
|
||||
array_push($ldapusersgroup,$result["memberuid"]);
|
||||
$this->writeln(" - Rattacher >> ".$result["memberuid"]);
|
||||
array_push($ldapusersgroup,$username);
|
||||
$this->writeln(" - Rattacher >> ".$username);
|
||||
if(!$simulate) $this->addtoGroup($user,$group);
|
||||
}
|
||||
}
|
||||
|
@ -106,6 +106,7 @@ services:
|
||||
arguments:
|
||||
- %ldap_host%
|
||||
- %ldap_port%
|
||||
- %ldap_tls%
|
||||
calls:
|
||||
- [setUser, ["%ldap_user%"]]
|
||||
- [setPassword, ["%ldap_password%"]]
|
||||
|
@ -13,6 +13,7 @@ class ldapService
|
||||
|
||||
protected $host;
|
||||
protected $port;
|
||||
protected $tls;
|
||||
protected $baseDN;
|
||||
protected $baseUser;
|
||||
protected $baseNiveau01;
|
||||
@ -24,10 +25,11 @@ class ldapService
|
||||
private $connection = null;
|
||||
private $ldapSync = false;
|
||||
|
||||
public function __construct($host, $port)
|
||||
public function __construct($host, $port, $tls)
|
||||
{
|
||||
$this->host = $host;
|
||||
$this->port = $port;
|
||||
$this->tls = $tls;
|
||||
}
|
||||
|
||||
public function isEnabled() {
|
||||
@ -39,8 +41,11 @@ class ldapService
|
||||
return $this->connection;
|
||||
} else {
|
||||
$ldapConn = ldap_connect($this->host, $this->port);
|
||||
|
||||
if($ldapConn){
|
||||
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
if($this->tls) ldap_start_tls($ldapConn);
|
||||
|
||||
if(ldap_bind( $ldapConn, $this->user, $this->password)){
|
||||
$this->connection = $ldapConn;
|
||||
return $this->connection;
|
||||
|
@ -1,8 +1,5 @@
|
||||
# This file is auto-generated during the composer install
|
||||
parameters:
|
||||
# Certaines trace seront visible via un passage à true de fgdebug
|
||||
fgdebug: false
|
||||
|
||||
# Determine qui est le maitre de l'identitité = SQL / LDAP / SSO
|
||||
# Si SQL cela veut dire que c'est l'applicatif qui gère les utilisateurs
|
||||
# Sinon la source est externe soit via un annuaire soit via des attributs venant d'un SSO
|
||||
@ -118,16 +115,25 @@ parameters:
|
||||
%end if
|
||||
|
||||
# Information de base de l'annuaire
|
||||
ldap_host: %%adresse_ip_ldap
|
||||
ldap_host: ldap://%%adresse_ip_ldap
|
||||
ldap_port: %%ldap_port
|
||||
%if %%getVar("ldap_tls","non") == "oui"
|
||||
ldap_tls: true
|
||||
%else
|
||||
ldap_tls: false
|
||||
%end if
|
||||
%if %%getVar("activer_admin_passfile", 'non') == "oui"
|
||||
%if %%getVar("ldap_writer", '') == ""
|
||||
ldap_user: cn=admin,o=gouv,c=fr
|
||||
%else
|
||||
ldap_user: %%ldap_writer
|
||||
%end if
|
||||
ldap_password: %%pwdreader("",%%ldap_admin_passfile)
|
||||
%else
|
||||
ldap_user: %%ldap_reader
|
||||
ldap_password: %%pwdreader("",%%ldap_reader_passfile)
|
||||
%end if
|
||||
ldap_basedn: o=gouv,c=fr
|
||||
ldap_basedn: %%ldap_base_dn
|
||||
|
||||
# Mise en page
|
||||
weburl: %%web_url
|
||||
@ -162,15 +168,28 @@ parameters:
|
||||
%end if
|
||||
|
||||
%if %%getVar("ninegate_test_conf_ldap", 'non') == "oui"
|
||||
ldap_baseuser: ou=users,ou=%%ninegate_organization,o=gouv,c=fr
|
||||
ldap_baseniveau01: ou=%%ninegate_niveau01branche,ou=%%ninegate_organization,o=gouv,c=fr
|
||||
ldap_baseniveau02: ou=%%ninegate_niveau02branche,ou=%%ninegate_organization,o=gouv,c=fr
|
||||
ldap_basegroup: ou=groups,ou=%%ninegate_organization,o=gouv,c=fr
|
||||
ldap_baseuser: ou=users,ou=%%ninegate_organization,%%ldap_base_dn
|
||||
ldap_baseniveau01: ou=%%ninegate_niveau01branche,ou=%%ninegate_organization,%%ldap_base_dn
|
||||
ldap_baseniveau02: ou=%%ninegate_niveau02branche,ou=%%ninegate_organization,%%ldap_base_dn
|
||||
ldap_basegroup: ou=groups,ou=%%ninegate_organization,%%ldap_base_dn
|
||||
%else if %%getVar("ninegate_ldaptemplate", 'open') == "open"
|
||||
%if not %%is_empty(%%ninegate_openldapsubbranchuser)
|
||||
ldap_baseuser: %%ninegate_openldapsubbranchuser
|
||||
%else
|
||||
ldap_baseuser: %%ldap_base_dn
|
||||
%end if
|
||||
ldap_baseniveau01: %%ldap_base_dn
|
||||
ldap_baseniveau02: %%ldap_base_dn
|
||||
%if not %%is_empty(%%ninegate_openldapsubbranchgroup)
|
||||
ldap_basegroup: %%ninegate_openldapsubbranchgroup
|
||||
%else
|
||||
ldap_basegroup: %%ldap_base_dn
|
||||
%end if
|
||||
%else
|
||||
ldap_baseuser:
|
||||
ldap_baseniveau01:
|
||||
ldap_baseniveau02:
|
||||
ldap_basegroup:
|
||||
ldap_baseuser: %%ldap_base_dn
|
||||
ldap_baseniveau01: %%ldap_base_dn
|
||||
ldap_baseniveau02: %%ldap_base_dn
|
||||
ldap_basegroup: %%ldap_base_dn
|
||||
%end if
|
||||
|
||||
# Si masteridentity est à LDAP = quel est le modele d'organisation
|
||||
@ -183,10 +202,11 @@ parameters:
|
||||
%end if
|
||||
|
||||
# Si masteridentity est à LDAP = quel champs sont à récupérer = faudrait templetiser dans genconfig
|
||||
ldap_username: uid
|
||||
ldap_username: %%ldap_match_attribute
|
||||
ldap_firstname: givenname
|
||||
ldap_lastname: sn
|
||||
ldap_email: mail
|
||||
ldap_email: %%ldap_fill_mail
|
||||
ldap_member: %%ldap_member_group_attribute
|
||||
%if %%getVar("activer_addadmin", 'non') == "oui"
|
||||
ldap_usersadmin: [admin,%%uid_addadmin]
|
||||
%else
|
||||
@ -472,7 +492,7 @@ parameters:
|
||||
|
||||
# Si mode_auth = CAS
|
||||
cas_host: %%eolesso_adresse
|
||||
cas_path: %%getVar("eolesso_cas_folder", '')
|
||||
cas_path: %%eolesso_cas_folder
|
||||
cas_port: %%eolesso_port
|
||||
|
||||
# Si mode_aut = SAML
|
||||
@ -495,18 +515,10 @@ parameters:
|
||||
ssosynchrogroup: true
|
||||
user_attr_cas_group: %%ninegate_ssoreqgroup
|
||||
%else
|
||||
ssosynchrogroup: false
|
||||
ssosynchrogroup: fase
|
||||
user_attr_cas_group:
|
||||
%end if
|
||||
|
||||
%if %%getVar("ninegate_ssosynchroitem", 'non') == "oui"
|
||||
ssosynchroitem: true
|
||||
user_attr_cas_item: %%ninegate_ssoreqitem
|
||||
%else
|
||||
ssosynchroitem: false
|
||||
user_attr_cas_item:
|
||||
%end if
|
||||
|
||||
%if %%is_defined("ninegate_smtpport")
|
||||
mailer_port: '%%ninegate_smtpport'
|
||||
mailer_encryption: %%ninegate_smtpencryption
|
||||
@ -542,7 +554,6 @@ doctrine:
|
||||
CadolesCronBundle: ~
|
||||
CadolesPortalBundle: ~
|
||||
CadolesWebsocketBundle: ~
|
||||
CadolesEdispatcherBundle: ~
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user