ldapimport.rb
| 1 |
@auth_method = AuthSourceLdap.find(1) |
|---|---|
| 2 |
class AuthSourceLdap |
| 3 |
|
| 4 |
def import |
| 5 |
logger.info("**********************************************************************\n")
|
| 6 |
logger.info("#{Time.now.inspect}\n\n")
|
| 7 |
|
| 8 |
ldap_con = initialize_ldap_con(self.account, self.account_password) |
| 9 |
|
| 10 |
search_filter = Net::LDAP::Filter.eq("objectClass", "user") |
| 11 |
|
| 12 |
found = created = skipped =0
|
| 13 |
created = [] |
| 14 |
disabled = [] |
| 15 |
ldap_con.search(:base => self.base_dn,:filter => search_filter, |
| 16 |
:attributes => ['dn', self.attr_firstname, self.attr_lastname, self.attr_mail, self.attr_login, "distinguishedName",] |
| 17 |
) do | entry |
|
| 18 |
|
| 19 |
login = AuthSourceLdap.get_attr(entry, self.attr_login) |
| 20 |
|
| 21 |
logger.info("Found DN: #{entry.dn}")
|
| 22 |
found += 1
|
| 23 |
|
| 24 |
distinguishedName = AuthSourceLdap.get_attr(entry,"distinguishedName") |
| 25 |
is_disabled_in_ldap = distinguishedName.include? "OU=Disabled"
|
| 26 |
user_in_rm = User.find(:first, :conditions => ["login=?", login]) |
| 27 |
#logger.info(" User #{login} inspect: #{user_in_rm.inspect}\n")
|
| 28 |
|
| 29 |
attrs = [:firstname => (AuthSourceLdap.get_attr(entry, self.attr_firstname) != nil ? \ |
| 30 |
AuthSourceLdap.get_attr(entry, self.attr_firstname) : "Unknown"), |
| 31 |
:lastname => AuthSourceLdap.get_attr(entry, self.attr_lastname), |
| 32 |
:mail => AuthSourceLdap.get_attr(entry, self.attr_mail), |
| 33 |
:auth_source_id => self.id ] |
| 34 |
#sanity checking (all the above attributes are required)
|
| 35 |
|
| 36 |
#If any of the attributes is missing then don't proceed but skip
|
| 37 |
skip = false
|
| 38 |
catch :SKIP do |
| 39 |
skip = false
|
| 40 |
attrs.each { |e|
|
| 41 |
e.each { |k, v|
|
| 42 |
if v == nil |
| 43 |
# give the admin a clue why importing failed...
|
| 44 |
logger.info(" User #{login} misses value for attribute '#{k}'.\n")
|
| 45 |
#skipped.push(login+" (missing attribute '#{k}')")
|
| 46 |
skip = true
|
| 47 |
throw :SKIP
|
| 48 |
end
|
| 49 |
} |
| 50 |
} |
| 51 |
end # catch |
| 52 |
if skip
|
| 53 |
skipped += 1
|
| 54 |
next
|
| 55 |
end
|
| 56 |
|
| 57 |
#User account was disabled in LDAP
|
| 58 |
if is_disabled_in_ldap
|
| 59 |
logger.info(" User #{login} is disabled in ldap\n")
|
| 60 |
#If user exists in redmine then lock the account
|
| 61 |
if (user_in_rm != nil) and (user_in_rm.status != User::STATUS_LOCKED) |
| 62 |
user_in_rm.status=User::STATUS_LOCKED |
| 63 |
user_in_rm.save |
| 64 |
logger.info(" User #{login} is now locked in redmine\n")
|
| 65 |
end
|
| 66 |
#skipped.push(login+' (disabled in ldap)')
|
| 67 |
skipped += 1
|
| 68 |
next
|
| 69 |
end
|
| 70 |
|
| 71 |
#User exists in Redmine, no need to update, I think.
|
| 72 |
if user_in_rm != nil |
| 73 |
logger.info(" User #{login} exists in redmine\n")
|
| 74 |
skipped += 1
|
| 75 |
next
|
| 76 |
end
|
| 77 |
|
| 78 |
#create user
|
| 79 |
logger.info(" User #{login} is added user with attrs: #{attrs.to_s}\n")
|
| 80 |
u = User.create(*attrs)
|
| 81 |
u.login = login |
| 82 |
u.language = Setting.default_language
|
| 83 |
if u.save
|
| 84 |
created.push(login+' (created)')
|
| 85 |
else
|
| 86 |
#skipped.push(login+' (add failed)')
|
| 87 |
skipped += 1
|
| 88 |
logger.info(" User #{login} failed in saving: #{attrs.to_s}\n")
|
| 89 |
end
|
| 90 |
|
| 91 |
end #do |
| 92 |
logger.info("Found #{found} users in the system\n")
|
| 93 |
logger.info("Skipped #{skipped} users in the system\n")
|
| 94 |
logger.info("Created #{created.size} users:") #{created.join("\n")}\n") |
| 95 |
logger.info("Disabled #{created.size} users:") #{Disabled.join("\n")}\n") |
| 96 |
logger.info("#{Time.now.inspect}\n")
|
| 97 |
logger.info("\n**********************************************************************\n\n")
|
| 98 |
return {:found => found, :imported => created, :skipped => skipped} |
| 99 |
end # import |
| 100 |
|
| 101 |
end #class |
| 102 |
|
| 103 |
|
| 104 |
@auth_method.import
|
| 105 |
|