932 lines
42 KiB
PHP
932 lines
42 KiB
PHP
<?php
|
|
namespace App\Command;
|
|
|
|
use Symfony\Component\Console\Command\Command;
|
|
use Symfony\Component\DependencyInjection\ContainerInterface;
|
|
use Doctrine\ORM\EntityManagerInterface;
|
|
|
|
use Symfony\Component\Console\Input\InputInterface;
|
|
use Symfony\Component\Console\Input\InputArgument;
|
|
use Symfony\Component\Console\Output\OutputInterface;
|
|
use Symfony\Component\Filesystem\Filesystem;
|
|
|
|
use Ramsey\Uuid\Uuid;
|
|
|
|
use App\Service\LdapService;
|
|
use App\Service\ApiService;
|
|
use App\Entity\Niveau01;
|
|
use App\Entity\Niveau02;
|
|
use App\Entity\User;
|
|
use App\Entity\Group;
|
|
use App\Entity\UserGroup;
|
|
|
|
|
|
class SynchroCommand extends Command
|
|
{
|
|
public function __construct(ContainerInterface $container,EntityManagerInterface $em,LdapService $ldapservice,ApiService $apiservice)
|
|
{
|
|
parent::__construct();
|
|
$this->container = $container;
|
|
$this->em = $em;
|
|
$this->ldap = $ldapservice;
|
|
$this->apiservice = $apiservice;
|
|
}
|
|
|
|
protected function configure()
|
|
{
|
|
$this
|
|
->setName('app:Synchro')
|
|
->setDescription('Synchronisation Annuaire')
|
|
->setHelp('This command Synchro for Core')
|
|
;
|
|
}
|
|
|
|
protected function execute(InputInterface $input, OutputInterface $output)
|
|
{
|
|
$this->output = $output;
|
|
$this->filesystem = new Filesystem();
|
|
$this->rootlog = $this->container->get('kernel')->getLogDir()."/";
|
|
$this->appMasteridentity = $this->container->getParameter('appMasteridentity');
|
|
|
|
|
|
|
|
$appSynchro = $this->container->getParameter('appSynchro');
|
|
|
|
$this->synchro = $this->container->getParameter("appSynchro");
|
|
$this->synchropurgeniveau01 = $this->container->getParameter("appSynchroPurgeNiveau01");
|
|
$this->synchropurgeniveau02 = $this->container->getParameter("appSynchroPurgeNiveau02");
|
|
$this->synchropurgegroup = $this->container->getParameter("appSynchroPurgeGroup");
|
|
$this->synchropurgeuser = $this->container->getParameter("appSynchroPurgeUser");
|
|
|
|
$this->host = $this->container->getParameter("ldapHost");
|
|
$this->port = $this->container->getParameter("ldapPort");
|
|
$this->usetls = $this->container->getParameter("ldapUsetls");
|
|
$this->userwriter = $this->container->getParameter("ldapUserwriter");
|
|
$this->user = $this->container->getParameter("ldapUser");
|
|
$this->password = $this->container->getParameter("ldapPassword");
|
|
$this->basedn = $this->container->getParameter("ldapBasedn");
|
|
$this->baseorganisation = $this->container->getParameter("ldapBaseorganisation");
|
|
$this->baseniveau01 = $this->container->getParameter("ldapBaseniveau01");
|
|
$this->baseniveau02 = $this->container->getParameter("ldapBaseniveau02");
|
|
$this->basegroup = $this->container->getParameter("ldapBasegroup");
|
|
$this->baseuser = $this->container->getParameter("ldapBaseuser");
|
|
$this->username = $this->container->getParameter("ldapUsername");
|
|
$this->firstname = $this->container->getParameter("ldapFirstname");
|
|
$this->lastname = $this->container->getParameter("ldapLastname");
|
|
$this->email = $this->container->getParameter("ldapEmail");
|
|
$this->avatar = $this->container->getParameter("ldapAvatar");
|
|
$this->memberof = $this->container->getParameter("ldapMemberof");
|
|
$this->groupgid = $this->container->getParameter("ldapGroupgid");
|
|
$this->groupname = $this->container->getParameter("ldapGroupname");
|
|
$this->groupmember = $this->container->getParameter("ldapGroupmember");
|
|
$this->groupmemberisdn = $this->container->getParameter("ldapGroupmemberisdn");
|
|
$this->filtergroup = $this->container->getParameter("ldapFiltergroup");
|
|
$this->filteruser = $this->container->getParameter("ldapFilteruser");
|
|
|
|
switch($appSynchro){
|
|
case "LDAP2NINE":
|
|
$return=$this->ldap2nine();
|
|
break;
|
|
|
|
case "NINE2LDAP":
|
|
$return=$this->nine2ldap();
|
|
break;
|
|
|
|
case "NINE2NINE":
|
|
$return=$this->nine2nine();
|
|
break;
|
|
|
|
default:
|
|
$return=Command::SUCCESS;
|
|
break;
|
|
}
|
|
|
|
$this->writeln('');
|
|
return $return;
|
|
}
|
|
|
|
private function ldap2nine()
|
|
{
|
|
|
|
$this->writelnred('');
|
|
$this->writelnred('== app:Synchro');
|
|
$this->writelnred('==========================================================================================================');
|
|
|
|
|
|
// Synchronisation ldap2nine possible uniquement si appMasteridentity=LDAP or SSO
|
|
if($this->appMasteridentity!="LDAP"&&$this->appMasteridentity!="SSO") {
|
|
$this->writeln("Synchronisation impossible si appMasteridentity!=LDAP et appMasteridentity!=SSO");
|
|
return Command::FAILURE;
|
|
}
|
|
|
|
// Synchronisation impossible si aucune connexion à l'annuaire
|
|
if(!$this->ldap->connect()) {
|
|
$this->writeln("Synchronisation impossible connexion impossible à l'annuaire");
|
|
return Command::FAILURE;
|
|
}
|
|
|
|
$this->writeln('');
|
|
$this->writeln('=====================================================');
|
|
$this->writeln('== SYNCHONISATION LDAP TO NINE ======================');
|
|
$this->writeln('=====================================================');
|
|
|
|
$tbniveau01members=[];
|
|
$tbgroupmembers=[];
|
|
$tbniveau01s=[];
|
|
$tbgroups=[];
|
|
$tbusers=[];
|
|
|
|
$ldapniveau01s=$this->em->createQueryBuilder()->select('entity')->from('App:Niveau01','entity')->where('entity.ldapfilter IS NOT NULL')->getQuery()->getResult();
|
|
$ldapgroups=$this->em->createQueryBuilder()->select('entity')->from('App:Group','entity')->where('entity.ldapfilter IS NOT NULL')->getQuery()->getResult();
|
|
|
|
$fgsynchroniveau01s=(!empty($this->baseniveau01)&&!empty($this->groupgid)&&!empty($this->groupname)&&!empty($this->filtergroup));
|
|
$fgsynchrogroups=(!empty($this->basegroup)&&!empty($this->groupgid)&&!empty($this->groupname)&&!empty($this->filtergroup));
|
|
$fgsynchrousers=(!empty($this->baseuser)&&!empty($this->username)&&!empty($this->email)&&!empty($this->filteruser));
|
|
|
|
$fgsynchropurgeniveau01s=($fgsynchroniveau01s&&$this->synchropurgeniveau01);
|
|
$fgsynchropurgegroups=($fgsynchrogroups&&$this->synchropurgegroup);
|
|
$fgsynchropurgeusers=($fgsynchrousers&&$this->synchropurgeuser);
|
|
|
|
// Synchronisation des niveau01s
|
|
if($fgsynchroniveau01s) {
|
|
$this->writeln('');
|
|
$this->writeln('== NIVEAU01 =========================================');
|
|
$ldapentrys=$this->ldap->search($this->filtergroup,[$this->groupgid,$this->groupname,$this->groupmember],$this->baseniveau01);
|
|
foreach($ldapentrys as $ldapentry) {
|
|
$niveau01other=$this->em->getRepository("App\Entity\Niveau01")->findOneBy(["label"=>$ldapentry[$this->groupname]]);
|
|
if($niveau01other&&$niveau01other->getIdexternal()!=$ldapentry[$this->groupgid]) {
|
|
$this->writelnred(" > ".$ldapentry[$this->groupname]." = Impossible à synchroniser un autre niveau01 existe déjà avec ce label");
|
|
continue;
|
|
}
|
|
|
|
// On recherche le groupe via le gid
|
|
$this->writeln(' > '.$ldapentry[$this->groupname]);
|
|
$niveau01=$this->em->getRepository("App\Entity\Niveau01")->findOneBy(["idexternal"=>$ldapentry[$this->groupgid]]);
|
|
if(!$niveau01) {
|
|
$niveau01=new Niveau01();
|
|
$niveau01->setApikey(Uuid::uuid4());
|
|
$this->em->persist($niveau01);
|
|
}
|
|
$niveau01->setIdexternal($ldapentry[$this->groupgid]);
|
|
$niveau01->setLabel($ldapentry[$this->groupname]);
|
|
$niveau01->setLdapfilter("(".$this->groupname."=".$ldapentry[$this->groupname].")");
|
|
|
|
$this->em->flush();
|
|
|
|
// Sauvegarde du niveau01ldap
|
|
array_push($tbniveau01s,$ldapentry[$this->groupname]);
|
|
|
|
// Sauvegarde des membres du niveau01
|
|
if(!empty($ldapentry[$this->groupmember])) {
|
|
if(!is_array($ldapentry[$this->groupmember])) {
|
|
$member=$ldapentry[$this->groupmember];
|
|
if(!array_key_exists($member,$tbniveau01members)) $tbniveau01members[$member]=[];
|
|
array_push($tbniveau01members[$member],$ldapentry[$this->groupname]);
|
|
}
|
|
else {
|
|
foreach($ldapentry[$this->groupmember] as $member) {
|
|
if(!array_key_exists($member,$tbniveau01members)) $tbniveau01members[$member]=[];
|
|
array_push($tbniveau01members[$member],$ldapentry[$this->groupname]);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
$this->writeln('');
|
|
$this->writeln('== NIVEAU01 =========================================');
|
|
$this->writelnred(" > Synchronisation impossible il vous manque des paramétres ldap pour le faire");
|
|
}
|
|
|
|
// Synchronisation des groups
|
|
if($fgsynchrogroups) {
|
|
$this->writeln('');
|
|
$this->writeln('== GROUP ============================================');
|
|
$ldapentrys=$this->ldap->search($this->filtergroup,[$this->groupgid,$this->groupname,$this->groupmember],$this->basegroup);
|
|
|
|
foreach($ldapentrys as $ldapentry) {
|
|
$groupother=$this->em->getRepository("App\Entity\Group")->findOneBy(["label"=>$ldapentry[$this->groupname]]);
|
|
if($groupother&&$groupother->getIdexternal()!=$ldapentry[$this->groupgid]) {
|
|
$this->writelnred(" > ".$ldapentry[$this->groupname]." = Impossible à synchroniser un autre groupe existe déjà avec ce label");
|
|
continue;
|
|
}
|
|
|
|
// On recherche le groupe via le gid
|
|
$this->writeln(' > '.$ldapentry[$this->groupname]);
|
|
$group=$this->em->getRepository("App\Entity\Group")->findOneBy(["idexternal"=>$ldapentry[$this->groupgid]]);
|
|
if(!$group) {
|
|
$group=new Group();
|
|
$group->setIsopen(false);
|
|
$group->setIsworkgroup(false);
|
|
$group->setApikey(Uuid::uuid4());
|
|
|
|
$this->em->persist($group);
|
|
}
|
|
$group->setIdexternal($ldapentry[$this->groupgid]);
|
|
$group->setLabel($ldapentry[$this->groupname]);
|
|
$group->setLdapfilter("(".$this->groupname."=".$ldapentry[$this->groupname].")");
|
|
|
|
$this->em->flush();
|
|
|
|
// Sauvegarde du groupldap
|
|
array_push($tbgroups,$ldapentry[$this->groupname]);
|
|
|
|
// Sauvegarde des membres du group
|
|
if(!empty($ldapentry[$this->groupmember])) {
|
|
if(!is_array($ldapentry[$this->groupmember])) {
|
|
$member=$ldapentry[$this->groupmember];
|
|
if(!array_key_exists($member,$tbgroupmembers)) $tbgroupmembers[$member]=[];
|
|
array_push($tbgroupmembers[$member],$ldapentry[$this->groupname]);
|
|
}
|
|
else {
|
|
foreach($ldapentry[$this->groupmember] as $member) {
|
|
if(!array_key_exists($member,$tbgroupmembers)) $tbgroupmembers[$member]=[];
|
|
array_push($tbgroupmembers[$member],$ldapentry[$this->groupname]);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
$this->writeln('');
|
|
$this->writeln('== GROUP ============================================');
|
|
$this->writelnred(" > Synchronisation impossible il vous manque des paramétres ldap pour le faire");
|
|
}
|
|
|
|
|
|
// Synchronisation des users
|
|
if($fgsynchrousers) {
|
|
$this->writeln('');
|
|
$this->writeln('== USER =============================================');
|
|
$ldapentrys=$this->ldap->search($this->filteruser,[$this->username,$this->firstname,$this->lastname,$this->email,$this->avatar,$this->memberof],$this->baseuser);
|
|
|
|
foreach($ldapentrys as $ldapentry) {
|
|
$userother=$this->em->getRepository("App\Entity\User")->findOneBy(["email"=>$ldapentry[$this->email]]);
|
|
if($userother&&$userother->getUSername()!=$ldapentry[$this->username]) {
|
|
$this->writelnred(" > ".$ldapentry[$this->groupname]." = Impossible à synchroniser un autre user existe déjà avec ce mail");
|
|
continue;
|
|
}
|
|
$userother=$this->em->getRepository("App\Entity\Registration")->findOneBy(["email"=>$ldapentry[$this->email]]);
|
|
if($userother&&$userother->getUSername()!=$ldapentry[$this->username]) {
|
|
$this->writelnred(" > ".$ldapentry[$this->username]." = Impossible à synchroniser un autre user existe déjà avec ce mail");
|
|
continue;
|
|
}
|
|
|
|
// On recherche le user via le username
|
|
$this->writeln(' > '.$ldapentry[$this->username]);
|
|
$user=$this->em->getRepository("App\Entity\User")->findOneBy(["username"=>$ldapentry[$this->username]]);
|
|
if(!$user) {
|
|
$user=new User();
|
|
$user->setUsername($ldapentry[$this->username]);
|
|
$user->setIsvisible(true);
|
|
$user->setApikey(Uuid::uuid4());
|
|
$user->setPassword("LDAPPWD-".$ldapentry[$this->username]);
|
|
$user->setRole("ROLE_USER");
|
|
$user->setAvatar("noavatar.png");
|
|
$this->em->persist($user);
|
|
}
|
|
|
|
// Recherche du niveau01
|
|
$niveau01=null;
|
|
if($user->getNiveau01()&&empty($user->getNiveau01()->getIdexternal()))
|
|
$niveau01=$user->getNiveau01();
|
|
if(array_key_exists($ldapentry[$this->username],$tbniveau01members))
|
|
$niveau01=$this->em->getRepository("App\Entity\Niveau01")->findOneBy(["label"=>$tbniveau01members[$ldapentry[$this->username]][0]]);
|
|
if(!$niveau01)
|
|
$niveau01=$this->em->getRepository('App\Entity\Niveau01')->find(-1);
|
|
|
|
// Mise à jour des attributs
|
|
if(!empty($ldapentry[$this->lastname])) $user->setLastname($ldapentry[$this->lastname]);
|
|
if(!empty($ldapentry[$this->firstname])) $user->setFirstname($ldapentry[$this->firstname]);
|
|
if(!empty($ldapentry[$this->email])) $user->setEmail($ldapentry[$this->email]);
|
|
if(!empty($ldapentry[$this->avatar])) $user->setAvatar($ldapentry[$this->avatar]);
|
|
|
|
// Mise à jour du niveau01
|
|
if($niveau01!=$user->getNiveau01()) $user->setNiveau02(null);
|
|
$user->setNiveau01($niveau01);
|
|
|
|
// Mise à jour du role
|
|
if(in_array($ldapentry[$this->username],$this->container->getParameter("appAdmins")))
|
|
$user->setRole("ROLE_ADMIN");
|
|
|
|
// Sauvegarde en bdd
|
|
$this->em->flush();
|
|
|
|
// Sauvegarde du userldap
|
|
array_push($tbusers,$ldapentry[$this->username]);
|
|
|
|
// Inscription au groupe
|
|
if(array_key_exists($ldapentry[$this->username],$tbgroupmembers)) {
|
|
foreach($tbgroupmembers[$ldapentry[$this->username]] as $grouplabel) {
|
|
$group=$this->em->getRepository("App\Entity\Group")->findOneBy(["label"=>$grouplabel]);
|
|
if($group) {
|
|
$usergroup=$this->em->getRepository("App\Entity\UserGroup")->findOneBy(["user"=>$user,"group"=>$group]);
|
|
if(!$usergroup) {
|
|
$usergroup=new UserGroup();
|
|
$usergroup->setUser($user);
|
|
$usergroup->setGroup($group);
|
|
$usergroup->setApikey(Uuid::uuid4());
|
|
$usergroup->setRolegroup(0);
|
|
$this->em->persist($usergroup);
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Desinscription des group ldap
|
|
foreach($ldapgroups as $group) {
|
|
if(!array_key_exists($ldapentry[$this->username],$tbgroupmembers)||!in_array($group->getLabel(),$tbgroupmembers[$ldapentry[$this->username]])) {
|
|
$usergroup=$this->em->getRepository("App\Entity\UserGroup")->findOneBy(["user"=>$user,"group"=>$group]);
|
|
if($usergroup) {
|
|
$this->em->remove($usergroup);
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
$this->writeln('');
|
|
$this->writeln('== USER =============================================');
|
|
$this->writelnred(" > Synchronisation impossible il vous manque des paramétres ldap pour le faire");
|
|
}
|
|
|
|
// Purge des users
|
|
if($fgsynchropurgeusers) {
|
|
$this->writeln('');
|
|
$this->writeln('== PURGE USER =============================================');
|
|
|
|
$users=$this->em->getRepository("App\Entity\User")->findAll();
|
|
foreach($users as $user) {
|
|
if(!in_array($user->getUsername(),$tbusers)) {
|
|
if($user->getId()>0) {
|
|
$this->writeln(' > '.$user->getUSername());
|
|
$this->em->remove($user);
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Purge des groups
|
|
if($fgsynchropurgegroups) {
|
|
$this->writeln('');
|
|
$this->writeln('== PURGE GROUP =============================================');
|
|
|
|
foreach($ldapgroups as $group) {
|
|
if(!in_array($group->getLabel(),$tbgroups)) {
|
|
if($group->getId()>0) {
|
|
$this->writeln(' > '.$group->getLabel());
|
|
$this->em->remove($group);
|
|
}
|
|
else {
|
|
$group->setLdapfilter(null);
|
|
$group->setIdexternal(null);
|
|
}
|
|
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
|
|
// Purge des niveau01s
|
|
if($fgsynchropurgeniveau01s) {
|
|
$this->writeln('');
|
|
$this->writeln('== PURGE NIVEAU01 =============================================');
|
|
|
|
foreach($ldapniveau01s as $niveau01) {
|
|
if(!in_array($niveau01->getLabel(),$tbniveau01s)) {
|
|
if($niveau01->getId()>0) {
|
|
$user=$this->em->getRepository("App\Entity\User")->findOneBy(["niveau01"=>$niveau01]);
|
|
if($user) {
|
|
$resetniveau01=$this->em->getRepository("App\Entity\User")->find(-1);
|
|
$user->setNiveau01($resetniveau01);
|
|
$user->setNiveau02(null);
|
|
}
|
|
|
|
$this->writeln(' > '.$niveau01->getLabel());
|
|
$this->em->remove($niveau01);
|
|
}
|
|
else {
|
|
$niveau01->setLdapfilter(null);
|
|
$niveau01->setIdexternal(null);
|
|
}
|
|
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
return Command::SUCCESS;
|
|
}
|
|
|
|
|
|
private function nine2ldap()
|
|
{
|
|
|
|
$this->writelnred('');
|
|
$this->writelnred('== app:Synchro');
|
|
$this->writelnred('==========================================================================================================');
|
|
|
|
// Synchronisation impossible si aucune connexion à l'annuaire
|
|
if(!$this->ldap->isNine2Ldap()) {
|
|
$this->writeln("Synchronisation impossible soit :");
|
|
$this->writeln("- connexion impossible à l'annuaire");
|
|
$this->writeln("- appMasteridentity!=SQL");
|
|
$this->writeln("- votre user ldap n'a pas de permission en écriture");
|
|
$this->writeln("- vous n'avez pas renseigné les bases de votre organisation");
|
|
|
|
return Command::FAILURE;
|
|
}
|
|
|
|
|
|
$this->writeln('');
|
|
$this->writeln('=====================================================');
|
|
$this->writeln('== SYNCHONISATION NINE TO LDAP ======================');
|
|
$this->writeln('=====================================================');
|
|
|
|
$this->writeln('');
|
|
$this->writeln('== ORGANISATION =====================================');
|
|
$this->writeln($this->baseorganisation);
|
|
$this->writeln($this->baseniveau01);
|
|
$this->writeln($this->baseniveau02);
|
|
$this->writeln($this->basegroup);
|
|
$this->writeln($this->baseuser);
|
|
$this->ldap->addOrganisations();
|
|
|
|
$this->writeln('');
|
|
$this->writeln('== USER =============================================');
|
|
$users=$this->em->getRepository("App\Entity\User")->findAll();
|
|
$attributes=$this->ldap->listAttributesUser();
|
|
foreach($users as $user) {
|
|
$filter=str_replace("*",$user->getUsername(),$this->filteruser);
|
|
$ldapentrys=$this->ldap->search($filter,$attributes,$this->baseuser);
|
|
if(empty($ldapentrys)) {
|
|
$this->writeln($user->getUsername()." = SUBMIT");
|
|
$this->ldap->addUser($user);
|
|
}
|
|
elseif($this->ldap->ismodifyUser($user,$ldapentrys[0])) {
|
|
$this->writeln($user->getUsername()." = UPDATE");
|
|
$this->ldap->modifyUser($user);
|
|
}
|
|
}
|
|
|
|
$ldapentrys=$this->ldap->search($this->filteruser,$attributes,$this->baseuser);
|
|
foreach($ldapentrys as $ldapentry) {
|
|
$user=$this->em->getRepository("App\Entity\User")->findOneBy(["username"=>$ldapentry["uid"]]);
|
|
if(!$user) {
|
|
$this->writeln($ldapentry["uid"]." = DELETE");
|
|
$dn=$this->ldap->getUserDN($ldapentry["uid"]);
|
|
$this->ldap->deleteByDN($dn);
|
|
}
|
|
}
|
|
|
|
$this->writeln('');
|
|
$this->writeln('== GROUP ============================================');
|
|
$groups=$this->em->getRepository("App\Entity\Group")->findAll();
|
|
$attributes=$this->ldap->listAttributesGroup();
|
|
foreach($groups as $group) {
|
|
if($group->getLdapfilter()) {
|
|
$group->setLdapfilter(null);
|
|
$this->em->flush();
|
|
}
|
|
|
|
$filter="gidnumber=".$group->getId();
|
|
$ldapentrys=$this->ldap->search($filter,$attributes,$this->basegroup);
|
|
if(empty($ldapentrys)) {
|
|
$filter=str_replace("*",$group->getLabel(),$this->filtergroup);
|
|
$ldapentrys=$this->ldap->search($filter,$attributes,$this->baseniveau01);
|
|
}
|
|
|
|
if(empty($ldapentrys)) {
|
|
$this->writeln($group->getLabel()." = SUBMIT");
|
|
$this->ldap->addGroup($group);
|
|
}
|
|
elseif($this->ldap->ismodifyGroup($group,$ldapentrys[0])) {
|
|
$this->writeln($group->getLabel()." = UPDATE");
|
|
$this->ldap->modifyGroup($group,$ldapentrys[0]["cn"]);
|
|
}
|
|
}
|
|
|
|
$ldapentrys=$this->ldap->search($this->filtergroup,$attributes,$this->basegroup);
|
|
foreach($ldapentrys as $ldapentry) {
|
|
$group=$this->em->getRepository("App\Entity\Group")->find($ldapentry["gidnumber"]);
|
|
if(!$group) {
|
|
$this->writeln($ldapentry["cn"]." = DELETE");
|
|
$dn=$this->ldap->getGroupDN($ldapentry["cn"]);
|
|
$this->ldap->deleteByDN($dn);
|
|
}
|
|
}
|
|
|
|
$this->writeln('');
|
|
$this->writeln('== NIVEAU02 =========================================');
|
|
$niveau02s=$this->em->getRepository("App\Entity\Niveau02")->findAll();
|
|
$attributes=$this->ldap->listAttributesNiveau02();
|
|
foreach($niveau02s as $niveau02) {
|
|
$filter="gidnumber=".$niveau02->getId();
|
|
$ldapentrys=$this->ldap->search($filter,$attributes,$this->baseniveau02);
|
|
if(empty($ldapentrys)) {
|
|
$filter=str_replace("*",$niveau02->getLabel(),$this->filtergroup);
|
|
$ldapentrys=$this->ldap->search($filter,$attributes,$this->baseniveau01);
|
|
}
|
|
|
|
if(empty($ldapentrys)) {
|
|
$this->writeln($niveau02->getLabel()." = SUBMIT");
|
|
$this->ldap->addNiveau02($niveau02);
|
|
}
|
|
elseif($this->ldap->ismodifyNiveau02($niveau02,$ldapentrys[0])) {
|
|
$this->writeln($niveau02->getLabel()." = UPDATE");
|
|
$this->ldap->modifyNiveau02($niveau02,$ldapentrys[0]["cn"]);
|
|
}
|
|
}
|
|
|
|
$ldapentrys=$this->ldap->search($this->filtergroup,$attributes,$this->baseniveau02);
|
|
foreach($ldapentrys as $ldapentry) {
|
|
$niveau02=$this->em->getRepository("App\Entity\Niveau02")->find($ldapentry["gidnumber"]);
|
|
if(!$niveau02) {
|
|
$this->writeln($ldapentry["cn"]." = DELETE");
|
|
$dn=$this->ldap->getNiveau02DN($ldapentry["cn"]);
|
|
$this->ldap->deleteByDN($dn);
|
|
}
|
|
}
|
|
|
|
$this->writeln('');
|
|
$this->writeln('== NIVEAU01 =========================================');
|
|
$niveau01s=$this->em->getRepository("App\Entity\Niveau01")->findAll();
|
|
$attributes=$this->ldap->listAttributesNiveau01();
|
|
foreach($niveau01s as $niveau01) {
|
|
if($niveau01->getLdapfilter()) {
|
|
$niveau01->setLdapfilter(null);
|
|
$this->em->flush();
|
|
}
|
|
|
|
$filter="gidnumber=".$niveau01->getId();
|
|
$ldapentrys=$this->ldap->search($filter,$attributes,$this->baseniveau01);
|
|
if(empty($ldapentrys)) {
|
|
$filter=str_replace("*",$niveau01->getLabel(),$this->filtergroup);
|
|
$ldapentrys=$this->ldap->search($filter,$attributes,$this->baseniveau01);
|
|
}
|
|
|
|
if(empty($ldapentrys)) {
|
|
$this->writeln($niveau01->getLabel()." = SUBMIT");
|
|
$this->ldap->addNiveau01($niveau01);
|
|
}
|
|
elseif($this->ldap->ismodifyNiveau01($niveau01,$ldapentrys[0])) {
|
|
$this->writeln($niveau01->getLabel()." = UPDATE");
|
|
$this->ldap->modifyNiveau01($niveau01,$ldapentrys[0]["cn"]);
|
|
}
|
|
}
|
|
|
|
$ldapentrys=$this->ldap->search($this->filtergroup,$attributes,$this->baseniveau01);
|
|
foreach($ldapentrys as $ldapentry) {
|
|
$niveau01=$this->em->getRepository("App\Entity\Niveau01")->find($ldapentry["gidnumber"]);
|
|
if(!$niveau01) {
|
|
$this->writeln($ldapentry["cn"]." = DELETE");
|
|
$dn=$this->ldap->getNiveau01DN($ldapentry["cn"]);
|
|
$this->ldap->deleteByDN($dn);
|
|
}
|
|
}
|
|
|
|
return Command::SUCCESS;
|
|
}
|
|
|
|
private function nine2nine()
|
|
{
|
|
|
|
$this->writelnred('');
|
|
$this->writelnred('== app:Synchro');
|
|
$this->writelnred('==========================================================================================================');
|
|
|
|
|
|
// Synchronisation ldap2nine possible uniquement si appMasteridentity=NINE
|
|
if($this->appMasteridentity!="NINE") {
|
|
$this->writeln("Synchronisation impossible si appMasteridentity!=NINE");
|
|
return Command::FAILURE;
|
|
}
|
|
|
|
$nineurl = $this->container->getParameter("nineUrl");
|
|
$ninesecret = $this->container->getParameter("nineSecret");
|
|
if(!$nineurl||!$ninesecret) {
|
|
$this->writeln("Synchronisation impossible soit parametres NINE_URL et/ou NINE_SECRET manquant");
|
|
return Command::FAILURE;
|
|
}
|
|
$nineurl.="/rest/";
|
|
|
|
$this->writeln('');
|
|
$this->writeln('=====================================================');
|
|
$this->writeln('== SYNCHONISATION NINE TO NINE ======================');
|
|
$this->writeln('=====================================================');
|
|
|
|
$nineniveau01s=$this->em->createQueryBuilder()->select('entity')->from('App:Niveau01','entity')->where('entity.idexternal IS NOT NULL')->getQuery()->getResult();
|
|
$ninegroups=$this->em->createQueryBuilder()->select('entity')->from('App:Group','entity')->where('entity.idexternal IS NOT NULL')->getQuery()->getResult();
|
|
|
|
$tbniveau01members=[];
|
|
$tbgroupmembers=[];
|
|
$tbniveau01s=[];
|
|
$tbgroups=[];
|
|
$tbusers=[];
|
|
|
|
$fgsynchropurgeniveau01s=($this->synchropurgeniveau01);
|
|
$fgsynchropurgegroups=($this->synchropurgegroup);
|
|
$fgsynchropurgeusers=($this->synchropurgeuser);
|
|
|
|
$this->writeln('');
|
|
$this->writeln('== NIVEAU01 =========================================');
|
|
|
|
$response = $this->apiservice->run("GET",$nineurl."getAllNiveau01s",null,["key"=>$ninesecret]);
|
|
if($response->code!="200") return Command::FAILURE;
|
|
foreach($response->body as $nineniveau01 ) {
|
|
$niveau01other=$this->em->getRepository("App\Entity\Niveau01")->findOneBy(["label"=>$nineniveau01->niveau01label]);
|
|
if($niveau01other&&$niveau01other->getIdexternal()!=$nineniveau01->niveau01id) {
|
|
$this->writelnred(" > ".$nineniveau01->niveau01label." = Impossible à synchroniser un autre niveau01 existe déjà avec ce label");
|
|
continue;
|
|
}
|
|
|
|
// On recherche le groupe via le gid
|
|
$this->writeln(' > '.$nineniveau01->niveau01label);
|
|
$niveau01=$this->em->getRepository("App\Entity\Niveau01")->findOneBy(["idexternal"=>$nineniveau01->niveau01id]);
|
|
if(!$niveau01) {
|
|
$niveau01=new Niveau01();
|
|
$niveau01->setApikey(Uuid::uuid4());
|
|
$this->em->persist($niveau01);
|
|
}
|
|
|
|
$niveau01->setIdexternal($nineniveau01->niveau01id);
|
|
$niveau01->setLabel($nineniveau01->niveau01label);
|
|
$this->em->flush();
|
|
|
|
// Sauvegarde du niveau01nine
|
|
array_push($tbniveau01s,$nineniveau01->niveau01label);
|
|
|
|
// Sauvegarde des membres du niveau01
|
|
if(!empty($nineniveau01->niveau01users)) {
|
|
foreach($nineniveau01->niveau01users as $member) {
|
|
if(!array_key_exists($member->userlogin,$tbniveau01members)) $tbniveau01members[$member->userlogin]=[];
|
|
array_push($tbniveau01members[$member->userlogin],$nineniveau01->niveau01label);
|
|
}
|
|
}
|
|
}
|
|
|
|
$this->writeln('');
|
|
$this->writeln('== GROUP ============================================');
|
|
|
|
$response = $this->apiservice->run("GET",$nineurl."getAllGroups",null,["key"=>$ninesecret]);
|
|
if($response->code!="200") return Command::FAILURE;
|
|
foreach($response->body as $ninegroup ) {
|
|
$groupother=$this->em->getRepository("App\Entity\Group")->findOneBy(["label"=>$ninegroup->grouplabel]);
|
|
if($groupother&&$groupother->getIdexternal()!=$ninegroup->groupid) {
|
|
$this->writelnred(" > ".$ninegroup->grouplabel." = Impossible à synchroniser un autre group existe déjà avec ce label");
|
|
continue;
|
|
}
|
|
|
|
// On recherche le groupe via le gid
|
|
$this->writeln(' > '.$ninegroup->grouplabel);
|
|
$group=$this->em->getRepository("App\Entity\Group")->findOneBy(["idexternal"=>$ninegroup->groupid]);
|
|
if(!$group) {
|
|
$group=new Group();
|
|
$group->setIsopen(false);
|
|
$group->setIsworkgroup(false);
|
|
$group->setApikey(Uuid::uuid4());
|
|
|
|
$this->em->persist($group);
|
|
}
|
|
|
|
$group->setIdexternal($ninegroup->groupid);
|
|
$group->setLabel($ninegroup->grouplabel);
|
|
$this->em->flush();
|
|
|
|
// Sauvegarde du groupnine
|
|
array_push($tbgroups,$ninegroup->grouplabel);
|
|
|
|
// Sauvegarde des membres du group
|
|
if(!empty($ninegroup->groupusers)) {
|
|
foreach($ninegroup->groupusers as $member) {
|
|
if(!array_key_exists($member->userlogin,$tbgroupmembers)) $tbgroupmembers[$member->userlogin]=[];
|
|
array_push($tbgroupmembers[$member->userlogin],$ninegroup->grouplabel);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
$this->writeln('');
|
|
$this->writeln('== USER =============================================');
|
|
$response = $this->apiservice->run("GET",$nineurl."getAllUsers",null,["key"=>$ninesecret]);
|
|
if($response->code!="200") return Command::FAILURE;
|
|
$nineusers=$response->body;
|
|
|
|
foreach($nineusers as $nineuser) {
|
|
$userother=$this->em->getRepository("App\Entity\User")->findOneBy(["email"=>$nineuser->useremail]);
|
|
if($userother&&$userother->getUsername()!=$nineuser->userlogin) {
|
|
$this->writelnred(" > ".$nineuser->userlogin." = Impossible à synchroniser un autre user existe déjà avec ce mail");
|
|
continue;
|
|
}
|
|
$userother=$this->em->getRepository("App\Entity\Registration")->findOneBy(["email"=>$nineuser->useremail]);
|
|
if($userother&&$userother->getUSername()!=$nineuser->userlogin) {
|
|
$this->writelnred(" > ".$nineuser->userlogin." = Impossible à synchroniser un autre user existe déjà avec ce mail");
|
|
continue;
|
|
}
|
|
|
|
// On recherche le user via le username
|
|
$this->writeln(' > '.$nineuser->userlogin);
|
|
$user=$this->em->getRepository("App\Entity\User")->findOneBy(["username"=>$nineuser->userlogin]);
|
|
if(!$user) {
|
|
$user=new User();
|
|
$user->setUsername($nineuser->userlogin);
|
|
$user->setIsvisible(true);
|
|
$user->setApikey(Uuid::uuid4());
|
|
$user->setPassword("NINEPWD-".$nineuser->userlogin);
|
|
$user->setRole("ROLE_USER");
|
|
$user->setAvatar($nineuser->useravatar);
|
|
$this->em->persist($user);
|
|
}
|
|
|
|
// Recherche du niveau01
|
|
$niveau01=null;
|
|
if($user->getNiveau01()&&empty($user->getNiveau01()->getIdexternal()))
|
|
$niveau01=$user->getNiveau01();
|
|
if(array_key_exists($nineuser->userlogin,$tbniveau01members))
|
|
$niveau01=$this->em->getRepository("App\Entity\Niveau01")->findOneBy(["label"=>$tbniveau01members[$nineuser->userlogin][0]]);
|
|
if(!$niveau01)
|
|
$niveau01=$this->em->getRepository('App\Entity\Niveau01')->find(-1);
|
|
|
|
// Mise à jour des attributs
|
|
if(!empty($nineuser->userlastname)) $user->setLastname($nineuser->userlastname);
|
|
if(!empty($nineuser->userfirstname)) $user->setFirstname($nineuser->userfirstname);
|
|
if(!empty($nineuser->useremail)) $user->setEmail($nineuser->useremail);
|
|
if(!empty($nineuser->useravatar)) $user->setAvatar($nineuser->useravatar);
|
|
|
|
// Mise à jour du niveau01
|
|
if($niveau01!=$user->getNiveau01()) $user->setNiveau02(null);
|
|
$user->setNiveau01($niveau01);
|
|
|
|
// Mise à jour du role
|
|
if(in_array($nineuser->userlogin,$this->container->getParameter("appAdmins")))
|
|
$user->setRole("ROLE_ADMIN");
|
|
|
|
// Sauvegarde en bdd
|
|
$this->em->flush();
|
|
|
|
// Sauvegarde du userldap
|
|
array_push($tbusers,$nineuser->userlogin);
|
|
|
|
// Inscription au groupe
|
|
if(array_key_exists($nineuser->userlogin,$tbgroupmembers)) {
|
|
foreach($tbgroupmembers[$nineuser->userlogin] as $grouplabel) {
|
|
$group=$this->em->getRepository("App\Entity\Group")->findOneBy(["label"=>$grouplabel]);
|
|
if($group) {
|
|
$usergroup=$this->em->getRepository("App\Entity\UserGroup")->findOneBy(["user"=>$user,"group"=>$group]);
|
|
if(!$usergroup) {
|
|
$usergroup=new UserGroup();
|
|
$usergroup->setUser($user);
|
|
$usergroup->setGroup($group);
|
|
$usergroup->setApikey(Uuid::uuid4());
|
|
$usergroup->setRolegroup(0);
|
|
$this->em->persist($usergroup);
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Desinscription des group ldap
|
|
foreach($ninegroups as $group) {
|
|
if(!array_key_exists($nineuser->userlogin,$tbgroupmembers)||!in_array($group->getLabel(),$tbgroupmembers[$nineuser->userlogin])) {
|
|
$usergroup=$this->em->getRepository("App\Entity\UserGroup")->findOneBy(["user"=>$user,"group"=>$group]);
|
|
if($usergroup) {
|
|
$this->em->remove($usergroup);
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
// Purge des users
|
|
if($fgsynchropurgeusers) {
|
|
$this->writeln('');
|
|
$this->writeln('== PURGE USER =============================================');
|
|
|
|
$users=$this->em->getRepository("App\Entity\User")->findAll();
|
|
foreach($users as $user) {
|
|
if(!in_array($user->getUsername(),$tbusers)) {
|
|
if($user->getId()>0) {
|
|
$this->writeln(' > '.$user->getUsername());
|
|
$this->em->remove($user);
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Purge des groups
|
|
if($fgsynchropurgegroups) {
|
|
$this->writeln('');
|
|
$this->writeln('== PURGE GROUP =============================================');
|
|
|
|
foreach($ninegroups as $group) {
|
|
if(!in_array($group->getLabel(),$tbgroups)) {
|
|
if($group->getId()>0) {
|
|
$this->writeln(' > '.$group->getLabel());
|
|
$this->em->remove($group);
|
|
}
|
|
else {
|
|
$group->setLdapfilter(null);
|
|
$group->setIdexternal(null);
|
|
}
|
|
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
|
|
// Purge des niveau01s
|
|
if($fgsynchropurgeniveau01s) {
|
|
$this->writeln('');
|
|
$this->writeln('== PURGE NIVEAU01 =============================================');
|
|
|
|
foreach($nineniveau01s as $niveau01) {
|
|
if(!in_array($niveau01->getLabel(),$tbniveau01s)) {
|
|
if($niveau01->getId()>0) {
|
|
$user=$this->em->getRepository("App\Entity\User")->findOneBy(["niveau01"=>$niveau01]);
|
|
if($user) {
|
|
$resetniveau01=$this->em->getRepository("App\Entity\User")->find(-1);
|
|
$user->setNiveau01($resetniveau01);
|
|
$user->setNiveau02(null);
|
|
}
|
|
|
|
$this->writeln(' > '.$niveau01->getLabel());
|
|
$this->em->remove($niveau01);
|
|
}
|
|
else {
|
|
$niveau01->setLdapfilter(null);
|
|
$niveau01->setIdexternal(null);
|
|
}
|
|
|
|
$this->em->flush();
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
return Command::SUCCESS;
|
|
|
|
}
|
|
|
|
private function writelnred($string) {
|
|
$this->output->writeln('<fg=red>'.$string.'</>');
|
|
$this->filesystem->appendToFile($this->rootlog.'cron.log', $string."\n");
|
|
}
|
|
|
|
private function writeln($string) {
|
|
$this->output->writeln($string);
|
|
$this->filesystem->appendToFile($this->rootlog.'cron.log', $string."\n");
|
|
}
|
|
|
|
protected function addUser($niveau01,$username,$firstname,$lastname,$email,$usersadmin) {
|
|
$user = new User();
|
|
|
|
$user->setUsername($username);
|
|
$user->setLastname($lastname);
|
|
$user->setFirstname($firstname);
|
|
$user->setEmail($email);
|
|
$user->setNiveau01($niveau01);
|
|
$user->setSiren($niveau01->getSiren());
|
|
$user->setPassword("PASSWORDFROMEXTERNE");
|
|
$user->setVisible(true);
|
|
$user->setAuthlevel("simple");
|
|
$user->setBelongingpopulation("agent");
|
|
|
|
if(in_array($username,$usersadmin))
|
|
$user->setRole("ROLE_ADMIN");
|
|
else {
|
|
$user->setRole("ROLE_USER");
|
|
|
|
// Si modèle scribe
|
|
$ldap_template = $this->container->getParameter('ldap_template');
|
|
if($ldap_template=="scribe") {
|
|
$ldapfilter="(|(&(uid=".$user->getUsername().")(ENTPersonProfils=enseignant))(&(uid=".$user->getUsername().")(typeadmin=0))(&(uid=".$user->getUsername().")(typeadmin=2)))";
|
|
$results = $this->ldap->search($ldapfilter, ['uid'], $this->ldap_basedn);
|
|
if($results) $user->setRole("ROLE_ANIM");
|
|
}
|
|
}
|
|
|
|
$this->em->persist($user);
|
|
$this->em->flush();
|
|
}
|
|
|
|
protected function modUser($user,$username,$firstname,$lastname,$email,$usersadmin) {
|
|
$user->setLastname($lastname);
|
|
$user->setFirstname($firstname);
|
|
$user->setEmail($email);
|
|
|
|
if(in_array($username,$usersadmin))
|
|
$user->setRole("ROLE_ADMIN");
|
|
|
|
$this->em->persist($user);
|
|
$this->em->flush();
|
|
}
|
|
|
|
}
|