diff options
Diffstat (limited to 'contrib/syncLDAP.pl')
| -rwxr-xr-x | contrib/syncLDAP.pl | 378 |
1 files changed, 199 insertions, 179 deletions
diff --git a/contrib/syncLDAP.pl b/contrib/syncLDAP.pl index f618624ec..4c75bbc1f 100755 --- a/contrib/syncLDAP.pl +++ b/contrib/syncLDAP.pl @@ -19,47 +19,49 @@ use Bugzilla::User; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; -my $readonly = 0; +my $readonly = 0; my $nodisable = 0; -my $noupdate = 0; -my $nocreate = 0; -my $quiet = 0; +my $noupdate = 0; +my $nocreate = 0; +my $quiet = 0; ### # Do some preparations ### -foreach my $arg (@ARGV) -{ - if($arg eq '-r') { - $readonly = 1; - } - elsif($arg eq '-d') { - $nodisable = 1; - } - elsif($arg eq '-u') { - $noupdate = 1; - } - elsif($arg eq '-c') { - $nocreate = 1; - } - elsif($arg eq '-q') { - $quiet = 1; - } - else { - print "LDAP Sync Script\n"; - print "Syncronizes the users table from the LDAP server with the Bugzilla users.\n"; - print "Takes mail-attribute from preferences and description from 'cn' or,\n"; - print "if not available, from the uid-attribute.\n\n"; - print "usage:\n syncLDAP.pl [options]\n\n"; - print "options:\n"; - print " -r Readonly, do not make changes to Bugzilla tables\n"; - print " -d No disable, don't disable login by users who are not in LDAP\n"; - print " -u No update, don't update users, which have different description in LDAP\n"; - print " -c No create, don't create users, which are in LDAP but not in Bugzilla\n"; - print " -q Quiet mode, give less output\n"; - print "\n"; - exit; - } +foreach my $arg (@ARGV) { + if ($arg eq '-r') { + $readonly = 1; + } + elsif ($arg eq '-d') { + $nodisable = 1; + } + elsif ($arg eq '-u') { + $noupdate = 1; + } + elsif ($arg eq '-c') { + $nocreate = 1; + } + elsif ($arg eq '-q') { + $quiet = 1; + } + else { + print "LDAP Sync Script\n"; + print + "Syncronizes the users table from the LDAP server with the Bugzilla users.\n"; + print "Takes mail-attribute from preferences and description from 'cn' or,\n"; + print "if not available, from the uid-attribute.\n\n"; + print "usage:\n syncLDAP.pl [options]\n\n"; + print "options:\n"; + print " -r Readonly, do not make changes to Bugzilla tables\n"; + print " -d No disable, don't disable login by users who are not in LDAP\n"; + print + " -u No update, don't update users, which have different description in LDAP\n"; + print + " -c No create, don't create users, which are in LDAP but not in Bugzilla\n"; + print " -q Quiet mode, give less output\n"; + print "\n"; + exit; + } } my %ldap_users; @@ -67,13 +69,18 @@ my %ldap_users; ### # Get current bugzilla users ### -my %bugzilla_users = %{ $dbh->selectall_hashref( - 'SELECT login_name AS new_login_name, realname, disabledtext ' . - 'FROM profiles', 'new_login_name') }; +my %bugzilla_users = %{ + $dbh->selectall_hashref( + 'SELECT login_name AS new_login_name, realname, disabledtext ' + . 'FROM profiles', + 'new_login_name' + ) +}; foreach my $login_name (keys %bugzilla_users) { - # remove whitespaces - $bugzilla_users{$login_name}{'realname'} =~ s/^\s+|\s+$//g; + + # remove whitespaces + $bugzilla_users{$login_name}{'realname'} =~ s/^\s+|\s+$//g; } ### @@ -81,72 +88,79 @@ foreach my $login_name (keys %bugzilla_users) { ### my $LDAPserver = Bugzilla->params->{"LDAPserver"}; if ($LDAPserver eq "") { - print "No LDAP server defined in bugzilla preferences.\n"; - exit; + print "No LDAP server defined in bugzilla preferences.\n"; + exit; } my $LDAPconn; -if($LDAPserver =~ /:\/\//) { - # if the "LDAPserver" parameter is in uri scheme - $LDAPconn = Net::LDAP->new($LDAPserver, version => 3); -} else { - my $LDAPport = "389"; # default LDAP port - if($LDAPserver =~ /:/) { - ($LDAPserver, $LDAPport) = split(":",$LDAPserver); - } - $LDAPconn = Net::LDAP->new($LDAPserver, port => $LDAPport, version => 3); +if ($LDAPserver =~ /:\/\//) { + + # if the "LDAPserver" parameter is in uri scheme + $LDAPconn = Net::LDAP->new($LDAPserver, version => 3); +} +else { + my $LDAPport = "389"; # default LDAP port + if ($LDAPserver =~ /:/) { + ($LDAPserver, $LDAPport) = split(":", $LDAPserver); + } + $LDAPconn = Net::LDAP->new($LDAPserver, port => $LDAPport, version => 3); } -if(!$LDAPconn) { - print "Connecting to LDAP server failed. Check LDAPserver setting.\n"; - exit; +if (!$LDAPconn) { + print "Connecting to LDAP server failed. Check LDAPserver setting.\n"; + exit; } my $mesg; if (Bugzilla->params->{"LDAPbinddn"}) { - my ($LDAPbinddn,$LDAPbindpass) = split(":",Bugzilla->params->{"LDAPbinddn"}); - $mesg = $LDAPconn->bind($LDAPbinddn, password => $LDAPbindpass); + my ($LDAPbinddn, $LDAPbindpass) = split(":", Bugzilla->params->{"LDAPbinddn"}); + $mesg = $LDAPconn->bind($LDAPbinddn, password => $LDAPbindpass); } else { - $mesg = $LDAPconn->bind(); + $mesg = $LDAPconn->bind(); } -if($mesg->code) { - print "Binding to LDAP server failed: " . $mesg->error . "\nCheck LDAPbinddn setting.\n"; - exit; +if ($mesg->code) { + print "Binding to LDAP server failed: " + . $mesg->error + . "\nCheck LDAPbinddn setting.\n"; + exit; } # We've got our anonymous bind; let's look up the users. -$mesg = $LDAPconn->search( base => Bugzilla->params->{"LDAPBaseDN"}, - scope => "sub", - filter => '(&(' . Bugzilla->params->{"LDAPuidattribute"} . "=*)" . Bugzilla->params->{"LDAPfilter"} . ')', - ); - - -if(! $mesg->count) { - print "LDAP lookup failure. Check LDAPBaseDN setting.\n"; - exit; +$mesg = $LDAPconn->search( + base => Bugzilla->params->{"LDAPBaseDN"}, + scope => "sub", + filter => '(&(' + . Bugzilla->params->{"LDAPuidattribute"} . "=*)" + . Bugzilla->params->{"LDAPfilter"} . ')', +); + + +if (!$mesg->count) { + print "LDAP lookup failure. Check LDAPBaseDN setting.\n"; + exit; } - -my %val = %{ $mesg->as_struct }; - -while( my ($key, $value) = each(%val) ) { - - my @login_name = @{ $value->{Bugzilla->params->{"LDAPmailattribute"}} }; - my @realname = @{ $value->{"cn"} }; - - # no mail entered? go to next - if(! @login_name) { - print "$key has no valid mail address\n"; - next; - } - - # no cn entered? use uid instead - if(! @realname) { - @realname = @{ $value->{Bugzilla->params->{"LDAPuidattribute"}} }; - } - - my $login = shift @login_name; - my $real = shift @realname; - $ldap_users{$login} = { realname => $real }; + +my %val = %{$mesg->as_struct}; + +while (my ($key, $value) = each(%val)) { + + my @login_name = @{$value->{Bugzilla->params->{"LDAPmailattribute"}}}; + my @realname = @{$value->{"cn"}}; + + # no mail entered? go to next + if (!@login_name) { + print "$key has no valid mail address\n"; + next; + } + + # no cn entered? use uid instead + if (!@realname) { + @realname = @{$value->{Bugzilla->params->{"LDAPuidattribute"}}}; + } + + my $login = shift @login_name; + my $real = shift @realname; + $ldap_users{$login} = {realname => $real}; } print "\n" unless $quiet; @@ -159,120 +173,126 @@ my %update_users; my %create_users; print "Bugzilla-Users: \n" unless $quiet; -while( my ($key, $value) = each(%bugzilla_users) ) { - print " " . $key . " '" . $value->{'realname'} . "' " . $value->{'disabledtext'} ."\n" unless $quiet==1; - if(!exists $ldap_users{$key}){ - if($value->{'disabledtext'} eq '') { - $disable_users{$key} = $value; - } +while (my ($key, $value) = each(%bugzilla_users)) { + print " " + . $key . " '" + . $value->{'realname'} . "' " + . $value->{'disabledtext'} . "\n" + unless $quiet == 1; + if (!exists $ldap_users{$key}) { + if ($value->{'disabledtext'} eq '') { + $disable_users{$key} = $value; + } } } print "\nLDAP-Users: \n" unless $quiet; -while( my ($key, $value) = each(%ldap_users) ) { - print " " . $key . " '" . $value->{'realname'} . "'\n" unless $quiet==1; - if(!defined $bugzilla_users{$key}){ +while (my ($key, $value) = each(%ldap_users)) { + print " " . $key . " '" . $value->{'realname'} . "'\n" unless $quiet == 1; + if (!defined $bugzilla_users{$key}) { $create_users{$key} = $value; } - else { + else { my $bugzilla_user_value = $bugzilla_users{$key}; - if($bugzilla_user_value->{'realname'} ne $value->{'realname'}) { + if ($bugzilla_user_value->{'realname'} ne $value->{'realname'}) { $update_users{$key} = $value; } } } print "\nDetecting email changes: \n" unless $quiet; -while( my ($create_key, $create_value) = each(%create_users) ) { - while( my ($disable_key, $disable_value) = each(%disable_users) ) { - if($create_value->{'realname'} eq $disable_value->{'realname'}) { - print " " . $disable_key . " => " . $create_key ."'\n" unless $quiet==1; - $update_users{$disable_key} = { realname => $create_value->{'realname'}, - new_login_name => $create_key }; - delete $create_users{$create_key}; - delete $disable_users{$disable_key}; +while (my ($create_key, $create_value) = each(%create_users)) { + while (my ($disable_key, $disable_value) = each(%disable_users)) { + if ($create_value->{'realname'} eq $disable_value->{'realname'}) { + print " " . $disable_key . " => " . $create_key . "'\n" unless $quiet == 1; + $update_users{$disable_key} + = {realname => $create_value->{'realname'}, new_login_name => $create_key}; + delete $create_users{$create_key}; + delete $disable_users{$disable_key}; } } } -if($quiet == 0) { - print "\nUsers to disable login for: \n"; - while( my ($key, $value) = each(%disable_users) ) { - print " " . $key . " '" . $value->{'realname'} . "'\n"; - } - - print "\nUsers to update: \n"; - while( my ($key, $value) = each(%update_users) ) { - print " " . $key . " '" . $value->{'realname'} . "' "; - if(defined $value->{'new_login_name'}) { - print "has changed email to " . $value->{'new_login_name'}; - } - print "\n"; - } - - print "\nUsers to create: \n"; - while( my ($key, $value) = each(%create_users) ) { - print " " . $key . " '" . $value->{'realname'} . "'\n"; - } - - print "\n\n"; +if ($quiet == 0) { + print "\nUsers to disable login for: \n"; + while (my ($key, $value) = each(%disable_users)) { + print " " . $key . " '" . $value->{'realname'} . "'\n"; + } + + print "\nUsers to update: \n"; + while (my ($key, $value) = each(%update_users)) { + print " " . $key . " '" . $value->{'realname'} . "' "; + if (defined $value->{'new_login_name'}) { + print "has changed email to " . $value->{'new_login_name'}; + } + print "\n"; + } + + print "\nUsers to create: \n"; + while (my ($key, $value) = each(%create_users)) { + print " " . $key . " '" . $value->{'realname'} . "'\n"; + } + + print "\n\n"; } ### # now do the DB-Update ### -if($readonly == 0) { - print "Performing DB update:\nPhase 1: disabling login for users not in LDAP... " unless $quiet; +if ($readonly == 0) { + print + "Performing DB update:\nPhase 1: disabling login for users not in LDAP... " + unless $quiet; - my $sth_disable = $dbh->prepare( - 'UPDATE profiles + my $sth_disable = $dbh->prepare( + 'UPDATE profiles SET disabledtext = ? - WHERE ' . $dbh->sql_istrcmp('login_name', '?')); + WHERE ' . $dbh->sql_istrcmp('login_name', '?') + ); - if($nodisable == 0) { - while( my ($key, $value) = each(%disable_users) ) { - $sth_disable->execute('auto-disabled by ldap sync', $key); - } - print "done!\n" unless $quiet; - } - else { - print "disabled!\n" unless $quiet; - } - - print "Phase 2: updating existing users... " unless $quiet; - - if($noupdate == 0) { - while( my ($key, $value) = each(%update_users) ) { - my $user = Bugzilla::User->check($key); - if(defined $value->{'new_login_name'}) { - $user->set_login($value->{'new_login_name'}); - } else { - $user->set_name($value->{'realname'}); - } - $user->update(); + if ($nodisable == 0) { + while (my ($key, $value) = each(%disable_users)) { + $sth_disable->execute('auto-disabled by ldap sync', $key); + } + print "done!\n" unless $quiet; + } + else { + print "disabled!\n" unless $quiet; + } + + print "Phase 2: updating existing users... " unless $quiet; + + if ($noupdate == 0) { + while (my ($key, $value) = each(%update_users)) { + my $user = Bugzilla::User->check($key); + if (defined $value->{'new_login_name'}) { + $user->set_login($value->{'new_login_name'}); } - print "done!\n" unless $quiet; - } - else { - print "disabled!\n" unless $quiet; - } - - print "Phase 3: creating new users... " unless $quiet; - if($nocreate == 0) { - while( my ($key, $value) = each(%create_users) ) { - Bugzilla::User->create({ - login_name => $key, - realname => $value->{'realname'}, - cryptpassword => '*'}); + else { + $user->set_name($value->{'realname'}); } - print "done!\n" unless $quiet; - } - else { - print "disabled!\n" unless $quiet; - } + $user->update(); + } + print "done!\n" unless $quiet; + } + else { + print "disabled!\n" unless $quiet; + } + + print "Phase 3: creating new users... " unless $quiet; + if ($nocreate == 0) { + while (my ($key, $value) = each(%create_users)) { + Bugzilla::User->create({ + login_name => $key, realname => $value->{'realname'}, cryptpassword => '*' + }); + } + print "done!\n" unless $quiet; + } + else { + print "disabled!\n" unless $quiet; + } } -else -{ - print "No changes to DB because readonly mode\n" unless $quiet; +else { + print "No changes to DB because readonly mode\n" unless $quiet; } |