Startsida Utforska Hjälp
Logga in
mirrors
/
mailcow-dockerized
spegling av https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Filer Ärenden 0 Wiki
Träd: 8048e0a53c
Grenar Taggar
mailcow-dockeri...
/
data
/
conf
/
phpfpm
/
crons
/
ldap-sync.php

ldap-sync.php 6.1 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188 
  1. <?php
    2. 

  2. 

  3. require_once(__DIR__ . '/../web/inc/vars.inc.php');
    4. 

  4. if (file_exists(__DIR__ . '/../web/inc/vars.local.inc.php')) {
    5. 

  5.   include_once(__DIR__ . '/../web/inc/vars.local.inc.php');
    6. 

  6. }
    7. 

  7. require_once __DIR__ . '/../web/inc/lib/vendor/autoload.php';
    8. 

  8. 

  9. // Init database
    10. 

  10. //$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
    11. 

  11. $dsn = $database_type . ":unix_socket=" . $database_sock . ";dbname=" . $database_name;
    12. 

  12. $opt = [
    13. 

  13.     PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    14. 

  14.     PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    15. 

  15.     PDO::ATTR_EMULATE_PREPARES   => false,
    16. 

  16. ];
    17. 

  17. try {
    18. 

  18.   $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
    19. 

  19. }
    20. 

  20. catch (PDOException $e) {
    21. 

  21.   logMsg("err", $e->getMessage());
    22. 

  22.   session_destroy();
    23. 

  23.   exit;
    24. 

  24. }
    25. 

  25. 

  26. // Init Redis
    27. 

  27. $redis = new Redis();
    28. 

  28. try {
    29. 

  29.   if (!empty(getenv('REDIS_SLAVEOF_IP'))) {
    30. 

  30.     $redis->connect(getenv('REDIS_SLAVEOF_IP'), getenv('REDIS_SLAVEOF_PORT'));
    31. 

  31.   }
    32. 

  32.   else {
    33. 

  33.     $redis->connect('redis-mailcow', 6379);
    34. 

  34.   }
    35. 

  35.   $redis->auth(getenv("REDISPASS"));
    36. 

  36. }
    37. 

  37. catch (Exception $e) {
    38. 

  38.   echo "Exiting: " . $e->getMessage();
    39. 

  39.   session_destroy();
    40. 

  40.   exit;
    41. 

  41. }
    42. 

  42. 

  43. function logMsg($priority, $message, $task = "LDAP Sync") {
    44. 

  44.   global $redis;
    45. 

  45. 

  46.   $finalMsg = array(
    47. 

  47.     "time" => time(),
    48. 

  48.     "priority" => $priority,
    49. 

  49.     "task" => $task,
    50. 

  50.     "message" => $message
    51. 

  51.   );
    52. 

  52.   $redis->lPush('CRON_LOG', json_encode($finalMsg));
    53. 

  53. }
    54. 

  54. 

  55. // Load core functions first
    56. 

  56. require_once __DIR__ . '/../web/inc/functions.inc.php';
    57. 

  57. require_once __DIR__ . '/../web/inc/functions.auth.inc.php';
    58. 

  58. require_once __DIR__ . '/../web/inc/sessions.inc.php';
    59. 

  59. require_once __DIR__ . '/../web/inc/functions.mailbox.inc.php';
    60. 

  60. require_once __DIR__ . '/../web/inc/functions.ratelimit.inc.php';
    61. 

  61. require_once __DIR__ . '/../web/inc/functions.acl.inc.php';
    62. 

  62. 

  63. $_SESSION['mailcow_cc_username'] = "admin";
    64. 

  64. $_SESSION['mailcow_cc_role'] = "admin";
    65. 

  65. $_SESSION['acl']['tls_policy'] = "1";
    66. 

  66. $_SESSION['acl']['quarantine_notification'] = "1";
    67. 

  67. $_SESSION['acl']['quarantine_category'] = "1";
    68. 

  68. $_SESSION['acl']['ratelimit'] = "1";
    69. 

  69. $_SESSION['acl']['sogo_access'] = "1";
    70. 

  70. $_SESSION['acl']['protocol_access'] = "1";
    71. 

  71. $_SESSION['acl']['mailbox_relayhost'] = "1";
    72. 

  72. $_SESSION['acl']['unlimited_quota'] = "1";
    73. 

  73. 

  74. $iam_settings = identity_provider('get');
    75. 

  75. if ($iam_settings['authsource'] != "ldap" || (intval($iam_settings['periodic_sync']) != 1 && intval($iam_settings['import_users']) != 1)) {
    76. 

  76.   session_destroy();
    77. 

  77.   exit;
    78. 

  78. }
    79. 

  79. 

  80. // Set pagination variables
    81. 

  81. $start = 0;
    82. 

  82. $max = 25;
    83. 

  83. 

  84. // lock sync if already running
    85. 

  85. $lock_file = '/tmp/iam-sync.lock';
    86. 

  86. if (file_exists($lock_file)) {
    87. 

  87.   $lock_file_parts = explode("\n", file_get_contents($lock_file));
    88. 

  88.   $pid = $lock_file_parts[0];
    89. 

  89.   if (count($lock_file_parts) > 1){
    90. 

  90.     $last_execution = $lock_file_parts[1];
    91. 

  91.     $elapsed_time = (time() - $last_execution) / 60;
    92. 

  92.     if ($elapsed_time < intval($iam_settings['sync_interval'])) {
    93. 

  93.       logMsg("warning", "Sync not ready (".number_format((float)$elapsed_time, 2, '.', '')."min / ".$iam_settings['sync_interval']."min)");
    94. 

  94.       session_destroy();
    95. 

  95.       exit;
    96. 

  96.     }
    97. 

  97.   }
    98. 

  98. 

  99.   if (posix_kill($pid, 0)) {
    100. 

  100.     logMsg("warning", "Sync is already running");
    101. 

  101.     session_destroy();
    102. 

  102.     exit;
    103. 

  103.   } else {
    104. 

  104.     unlink($lock_file);
    105. 

  105.   }
    106. 

  106. }
    107. 

  107. $lock_file_handle = fopen($lock_file, 'w');
    108. 

  108. fwrite($lock_file_handle, getmypid());
    109. 

  109. fclose($lock_file_handle);
    110. 

  110. 

  111. // Init Provider
    112. 

  112. $iam_provider = identity_provider('init');
    113. 

  113. 

  114. // Get ldap users
    115. 

  115. $ldap_query = $iam_provider->query();
    116. 

  116. if (!empty($iam_settings['filter'])) {
    117. 

  117.   $ldap_query = $ldap_query->rawFilter($iam_settings['filter']);
    118. 

  118. }
    119. 

  119. $response = $ldap_query->where($iam_settings['username_field'], "*")
    120. 

  120.   ->where($iam_settings['attribute_field'], "*")
    121. 

  121.   ->select([$iam_settings['username_field'], $iam_settings['attribute_field'], 'displayname'])
    122. 

  122.   ->paginate($max);
    123. 

  123. 

  124. // Process the users
    125. 

  125. foreach ($response as $user) {
    126. 

  126.   $mailcow_template = $user[$iam_settings['attribute_field']][0];
    127. 

  127. 

  128.   // try get mailbox user
    129. 

  129.   $stmt = $pdo->prepare("SELECT `mailbox`.* FROM `mailbox`
    130. 

  130.   INNER JOIN domain on mailbox.domain = domain.domain
    131. 

  131.   WHERE `kind` NOT REGEXP 'location|thing|group'
    132. 

  132.     AND `domain`.`active`='1'
    133. 

  133.     AND `username` = :user");
    134. 

  134.   $stmt->execute(array(':user' => $user[$iam_settings['username_field']][0]));
    135. 

  135.   $row = $stmt->fetch(PDO::FETCH_ASSOC);
    136. 

  136. 

  137.   // check if matching attribute mapping exists
    138. 

  138.   $mbox_template = null;
    139. 

  139.   foreach ($iam_settings['mappers'] as $index => $mapper){
    140. 

  140.     if ($mapper ==  $mailcow_template) {
    141. 

  141.       $mbox_template = $iam_settings['templates'][$index];
    142. 

  142.       break;
    143. 

  143.     }
    144. 

  144.   }
    145. 

  145.   if (!$mbox_template){
    146. 

  146.     logMsg("warning", "No matching attribute mapping found for user " . $user[$iam_settings['username_field']][0]);
    147. 

  147.     continue;
    148. 

  148.   }
    149. 

  149. 

  150.   if (empty($user[$iam_settings['username_field']][0])){
    151. 

  151.     logMsg("warning", "Skipping user " . $user['displayname'][0] . " due to empty LDAP ". $iam_settings['username_field'] . " property.");
    152. 

  152.     continue;
    153. 

  153.   }
    154. 

  154. 

  155.   $_SESSION['access_all_exception'] = '1';
    156. 

  156.   if (!$row && intval($iam_settings['import_users']) == 1){
    157. 

  157.     // mailbox user does not exist, create...
    158. 

  158.     logMsg("info", "Creating user " .  $user[$iam_settings['username_field']][0]);
    159. 

  159.     mailbox('add', 'mailbox_from_template', array(
    160. 

  160.       'domain' => explode('@',  $user[$iam_settings['username_field']][0])[1],
    161. 

  161.       'local_part' => explode('@',  $user[$iam_settings['username_field']][0])[0],
    162. 

  162.       'name' => $user['displayname'][0],
    163. 

  163.       'authsource' => 'ldap',
    164. 

  164.       'template' => $mbox_template
    165. 

  165.     ));
    166. 

  166.   } else if ($row && intval($iam_settings['periodic_sync']) == 1) {
    167. 

  167.     // mailbox user does exist, sync attribtues...
    168. 

  168.     logMsg("info", "Syncing attributes for user " . $user[$iam_settings['username_field']][0]);
    169. 

  169.     mailbox('edit', 'mailbox_from_template', array(
    170. 

  170.       'username' =>  $user[$iam_settings['username_field']][0],
    171. 

  171.       'name' => $user['displayname'][0],
    172. 

  172.       'template' => $mbox_template
    173. 

  173.     ));
    174. 

  174.   } else {
    175. 

  175.     // skip mailbox user
    176. 

  176.     logMsg("info", "Skipping user " .  $user[$iam_settings['username_field']][0]);
    177. 

  177.   }
    178. 

  178.   $_SESSION['access_all_exception'] = '0';
    179. 

  179. 

  180.   sleep(0.025);
    181. 

  181. }
    182. 

  182. 

  183. logMsg("info", "DONE!");
    184. 

  184. // add last execution time to lock file
    185. 

  185. $lock_file_handle = fopen($lock_file, 'w');
    186. 

  186. fwrite($lock_file_handle, getmypid() . "\n" . time());
    187. 

  187. fclose($lock_file_handle);
    188. 

  188. session_destroy();
    189.