mirror of
https://gitlab.easter-eggs.com/ee/ldapsaisie.git
synced 2024-12-22 16:33:48 +01:00
Add ppolicy LSaddon
This commit is contained in:
parent
faad922f03
commit
064d0f720b
8 changed files with 842 additions and 19 deletions
|
@ -16,6 +16,7 @@
|
|||
&conf-LSaddon_maildir;
|
||||
&conf-LSaddon_mailquota;
|
||||
&conf-LSaddon_phpldapadmin;
|
||||
&conf-LSaddon_ppolicy;
|
||||
&conf-LSaddon_showTechInfo;
|
||||
|
||||
</sect1>
|
||||
|
|
|
@ -6,4 +6,5 @@
|
|||
<!ENTITY conf-LSaddon_maildir SYSTEM "LSaddon_maildir.docbook">
|
||||
<!ENTITY conf-LSaddon_mailquota SYSTEM "LSaddon_mailquota.docbook">
|
||||
<!ENTITY conf-LSaddon_phpldapadmin SYSTEM "LSaddon_phpldapadmin.docbook">
|
||||
<!ENTITY conf-LSaddon_ppolicy SYSTEM "LSaddon_ppolicy.docbook">
|
||||
<!ENTITY conf-LSaddon_showTechInfo SYSTEM "LSaddon_showTechInfo.docbook">
|
||||
|
|
175
doc/conf/LSaddon/LSaddon_ppolicy.docbook
Normal file
175
doc/conf/LSaddon/LSaddon_ppolicy.docbook
Normal file
|
@ -0,0 +1,175 @@
|
|||
<sect2 id="config-LSaddon_ppolicy">
|
||||
<title>LSaddon_ppolicy</title>
|
||||
<para>Cet &LSaddon; fourni :
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem><para>une fonction <literal>ppolicy_extraDisplayColumn_password_expiration</literal>
|
||||
pouvant être utilisée pour la génération d'une <emphasis>extraDisplayedColumn</emphasis>
|
||||
affichant l'état d'expiration du mot de passe des objets d'une recherche.
|
||||
|
||||
<programlisting linenumbering="unnumbered">
|
||||
<citetitle>Exemple d'utilisation</citetitle>
|
||||
<![CDATA[$GLOBALS['LSobjects']['LSpeople']['LSsearch'] = array (
|
||||
[...]
|
||||
'extraDisplayedColumns' => array (
|
||||
[...]
|
||||
'password_expiration' => array (
|
||||
'label' => 'Password expiration',
|
||||
'generateFunction' => 'ppolicy_extraDisplayColumn_password_expiration',
|
||||
'additionalAttrs' => array('pwdChangedTime', 'pwdPolicySubentry'),
|
||||
'escape' => false,
|
||||
),
|
||||
[...]
|
||||
),
|
||||
[...]
|
||||
);]]>
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
|
||||
|
||||
<listitem><para>une fonction <literal>ppolicy_export_search_info</literal>
|
||||
pouvant être utilisée comme <link linkend="config-LSobject-customSearchActions">actions
|
||||
personnalisées sur les recherches d'&LSobjects;</link> pour exporter au format CSV les
|
||||
informations des politiques de mots de passe des objets retournés par la recherche.
|
||||
|
||||
<programlisting linenumbering="unnumbered">
|
||||
<citetitle>Exemple d'utilisation</citetitle>
|
||||
<![CDATA[$GLOBALS['LSobjects']['LSpeople']['LSsearch'] = array (
|
||||
[...]
|
||||
'customActions' => array (
|
||||
'exportPpolicyInfo' => array (
|
||||
'label' => 'Export password policy info',
|
||||
'icon' => 'export_csv',
|
||||
'function' => 'ppolicy_export_search_info',
|
||||
'noConfirmation' => true,
|
||||
'disableOnSuccessMsg' => true,
|
||||
'rights' => array (
|
||||
'admin',
|
||||
),
|
||||
),
|
||||
),
|
||||
[...]
|
||||
);]]>
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
|
||||
|
||||
<listitem><para>la méthode d'API <literal>exportPpolicyInfo</literal> permettant d'exporter
|
||||
les informations des politiques de mots de passe de tous les objets d'un type donné. Cette méthode
|
||||
est accessible via l'URL au format suivant :
|
||||
<literal>/api/1.0/exportPpolicyInfo/[object type]</literal></para></listitem>
|
||||
|
||||
|
||||
<listitem><para>la commande CLI <literal>export_ppolicy_info</literal> permettant d'exporter
|
||||
les informations des politiques de mots de passe de tous les objets d'un type donné.
|
||||
<programlisting linenumbering="unnumbered">
|
||||
<citetitle>Utilisation</citetitle>
|
||||
ldapsaisie export_ppolicy_info [object type] [-o|--output filepath] [-j|--json [-p|--pretty]]
|
||||
</programlisting>
|
||||
</para></listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
</para>
|
||||
|
||||
<para>Des paramètres de configuration sont disponibles dans le fichier de
|
||||
configuration <literal>config.LSaddons.ppolicy.php</literal>.</para>
|
||||
|
||||
<programlisting linenumbering="unnumbered">
|
||||
<citetitle>Structure du fichier</citetitle>
|
||||
<![CDATA[// Default password policy object DN (set to null if no default policy is configured)
|
||||
define('LS_PPOLICY_DEFAULT_DN', null);
|
||||
|
||||
// Ppolicy password warning expiration threshold (in seconds)
|
||||
define('LS_PPOLICY_WARNING_EXPIRATION_THRESHOLD', 7 * 86400);
|
||||
|
||||
// Ppolicy password critical expiration threshold (in seconds)
|
||||
define('LS_PPOLICY_CRITICAL_EXPIRATION_THRESHOLD', 2 * 86400);
|
||||
|
||||
// CSV file delimiter
|
||||
define('LS_PPOLICY_CSV_DELIMITER',';');
|
||||
|
||||
// CSV file enclosure
|
||||
define('LS_PPOLICY_CSV_ENCLOSURE','"');
|
||||
|
||||
// CSV file escape character (available since PHP 5.5.4)
|
||||
define('LS_PPOLICY_CSV_ESCAPE_CHAR','\\');
|
||||
|
||||
// List of LSprofiles who are granted to use the exportPpolicyInfo API method
|
||||
$GLOBALS['LS_PPOLICY_API_GRANTED_PROFILES'] = array('admin');
|
||||
|
||||
// List of extra attributes to include in Ppolicy info export
|
||||
$GLOBALS['LS_PPOLICY_INFO_EXPORT_EXTRA_ATTRS'] = array();]]>
|
||||
</programlisting>
|
||||
|
||||
<variablelist>
|
||||
<title>Paramètres de configuration</title>
|
||||
|
||||
<varlistentry>
|
||||
<term>LS_PPOLICY_DEFAULT_DN</term>
|
||||
<listitem>
|
||||
<simpara>Constante définissant le DN de la politique par défaut. Si aucune politique par défaut
|
||||
n'est définie, ce paramètre doit valoir <literal>null</literal>.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>LS_PPOLICY_WARNING_EXPIRATION_THRESHOLD</term>
|
||||
<listitem>
|
||||
<simpara>Constante définissant le seuil d'alerte pour l'expiration des mots de passe (en
|
||||
seconde). Par défaut : 7 jours.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>LS_PPOLICY_CRITICAL_EXPIRATION_THRESHOLD</term>
|
||||
<listitem>
|
||||
<simpara>Constante définissant le seuil critique pour l'expiration des mots de passe (en
|
||||
seconde). Par défaut : 2 jours.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>LS_PPOLICY_CSV_DELIMITER</term>
|
||||
<listitem>
|
||||
<simpara>Constante définissant le caractère utilisé lors de la génération de l'export CSV
|
||||
comme séparateur de champ. Par défaut : un point-virgule.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>LS_PPOLICY_CSV_ENCLOSURE</term>
|
||||
<listitem>
|
||||
<simpara>Constante définissant le caractère utilisé lors de la génération de l'export CSV
|
||||
pour l'encadrement des champs. Par défaut : un guillemet double.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>LS_PPOLICY_CSV_ESCAPE_CHAR</term>
|
||||
<listitem>
|
||||
<simpara>Constante définissant le caractère utilisé lors de la génération de l'export CSV
|
||||
pour l'échappement des champs. Par défaut : une barre oblique inverse.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>$GLOBALS['LS_PPOLICY_API_GRANTED_PROFILES']</term>
|
||||
<listitem>
|
||||
<simpara>Tableau global listant les &LSprofiles; autorisés à utiliser la méthode d'API
|
||||
<literal>exportPpolicyInfo</literal>.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>$GLOBALS['LS_PPOLICY_INFO_EXPORT_EXTRA_ATTRS']</term>
|
||||
<listitem>
|
||||
<simpara>Tableau global listant les attributs supplémentaires à inclure lors de l'export des
|
||||
informations de politique de mots de passe.</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
</sect2>
|
51
src/conf/LSaddons/config.LSaddons.ppolicy.php
Normal file
51
src/conf/LSaddons/config.LSaddons.ppolicy.php
Normal file
|
@ -0,0 +1,51 @@
|
|||
<?php
|
||||
/*******************************************************************************
|
||||
* Copyright (C) 2022 Easter-eggs
|
||||
* https://ldapsaisie.org
|
||||
*
|
||||
* Author: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
/*
|
||||
***********************************************
|
||||
* Ppolicy configuration
|
||||
***********************************************
|
||||
*/
|
||||
|
||||
// Default password policy object DN (set to null if no default policy is configured)
|
||||
define('LS_PPOLICY_DEFAULT_DN', null);
|
||||
|
||||
// Ppolicy password warning expiration threshold (in seconds)
|
||||
define('LS_PPOLICY_WARNING_EXPIRATION_THRESHOLD', 7 * 86400);
|
||||
|
||||
// Ppolicy password critical expiration threshold (in seconds)
|
||||
define('LS_PPOLICY_CRITICAL_EXPIRATION_THRESHOLD', 2 * 86400);
|
||||
|
||||
// CSV file delimiter
|
||||
define('LS_PPOLICY_CSV_DELIMITER',';');
|
||||
|
||||
// CSV file enclosure
|
||||
define('LS_PPOLICY_CSV_ENCLOSURE','"');
|
||||
|
||||
// CSV file escape character (available since PHP 5.5.4)
|
||||
define('LS_PPOLICY_CSV_ESCAPE_CHAR','\\');
|
||||
|
||||
// List of LSprofiles who are granted to use the exportPpolicyInfo API method
|
||||
$GLOBALS['LS_PPOLICY_API_GRANTED_PROFILES'] = array('admin');
|
||||
|
||||
// List of extra attributes to include in Ppolicy info export
|
||||
$GLOBALS['LS_PPOLICY_INFO_EXPORT_EXTRA_ATTRS'] = array();
|
482
src/includes/addons/LSaddons.ppolicy.php
Normal file
482
src/includes/addons/LSaddons.ppolicy.php
Normal file
|
@ -0,0 +1,482 @@
|
|||
<?php
|
||||
/*******************************************************************************
|
||||
* Copyright (C) 2007 Easter-eggs
|
||||
* https://ldapsaisie.org
|
||||
*
|
||||
* Author: See AUTHORS file in top-level directory.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License version 2
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
******************************************************************************/
|
||||
|
||||
// Error messages
|
||||
|
||||
LSerror :: defineError('PPOLICY_SUPPORT_01',
|
||||
___("Password policy Support : The constant %{const} is not defined.")
|
||||
);
|
||||
LSerror :: defineError('PPOLICY_SUPPORT_02',
|
||||
___("Password policy Support : The global array %{array} is not defined.")
|
||||
);
|
||||
LSerror :: defineError('PPOLICY_01',
|
||||
___("Password policy: An error occured generating CSV outfile memory space.")
|
||||
);
|
||||
LSerror :: defineError('PPOLICY_02',
|
||||
___("Password policy: An error occured executing the search.")
|
||||
);
|
||||
LSerror :: defineError('PPOLICY_03',
|
||||
___("Password policy: An error occured writing CSV header.")
|
||||
);
|
||||
LSerror :: defineError('PPOLICY_04',
|
||||
___("Password policy: An error occured writing a CSV row.")
|
||||
);
|
||||
|
||||
/**
|
||||
* Check support of Ppolicy by LdapSaisie
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @return boolean true if Ppolicy is totally supported, false in other case
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
function LSaddon_ppolicy_support() {
|
||||
$retval = true;
|
||||
|
||||
$MUST_DEFINE_CONST = array(
|
||||
'LS_PPOLICY_DEFAULT_DN',
|
||||
'LS_PPOLICY_WARNING_EXPIRATION_THRESHOLD',
|
||||
'LS_PPOLICY_CRITICAL_EXPIRATION_THRESHOLD',
|
||||
'LS_PPOLICY_CSV_DELIMITER',
|
||||
'LS_PPOLICY_CSV_ENCLOSURE',
|
||||
'LS_PPOLICY_CSV_ESCAPE_CHAR',
|
||||
);
|
||||
|
||||
foreach($MUST_DEFINE_CONST as $const) {
|
||||
if (!defined($const)) {
|
||||
LSerror :: addErrorCode('PPOLICY_SUPPORT_01', $const);
|
||||
$retval = false;
|
||||
}
|
||||
}
|
||||
|
||||
$MUST_DEFINE_ARRAY= array(
|
||||
'LS_PPOLICY_API_GRANTED_PROFILES',
|
||||
'LS_PPOLICY_INFO_EXPORT_EXTRA_ATTRS',
|
||||
);
|
||||
foreach($MUST_DEFINE_ARRAY as $array) {
|
||||
if ( !isset($GLOBALS[$array]) || !is_array($GLOBALS[$array])) {
|
||||
LSerror :: addErrorCode('PPOLICY_SUPPORT_02', $array);
|
||||
$retval = false;
|
||||
}
|
||||
}
|
||||
|
||||
// Init ppolicy objects cache
|
||||
$GLOBALS['PPOLICY_OBJECTS_CACHE'] = array();
|
||||
|
||||
if ($retval) {
|
||||
LSurl :: add_handler(
|
||||
'#^api/1.0/exportPpolicyInfo/(?P<LSobject>[^/]+)/?$#',
|
||||
'handle/export_api_LSobject_exportPpolicyInfo',
|
||||
true, false, true);
|
||||
}
|
||||
|
||||
return $retval;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve ppolicy object (from cache if already loaded)
|
||||
*
|
||||
* @param[in] $dn string The DN of the ppolicy object
|
||||
*
|
||||
* @return array|false Array of ppolicy object's attributes on success, false otherwise
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
function get_ppolicy_object($dn) {
|
||||
if (array_key_exists($dn, $GLOBALS['PPOLICY_OBJECTS_CACHE']))
|
||||
return $GLOBALS['PPOLICY_OBJECTS_CACHE'][$dn];
|
||||
$GLOBALS['PPOLICY_OBJECTS_CACHE'][$dn] = LSldap :: getAttrs($dn, '(objectClass=pwdPolicy)');
|
||||
return $GLOBALS['PPOLICY_OBJECTS_CACHE'][$dn];
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve ppolicy password max age
|
||||
*
|
||||
* @param[in] $ppolicy_dn string Optional DN of the ppolicy object to use
|
||||
*
|
||||
* @return int|null|false The ppolicy password max age (in second) if defined, null if no password max age is defined or false in case of error
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
function get_ppolicy_password_max_age($ppolicy_dn=null) {
|
||||
if (!$ppolicy_dn)
|
||||
$ppolicy_dn = LS_PPOLICY_DEFAULT_DN;
|
||||
if (!$ppolicy_dn)
|
||||
return null;
|
||||
$ppolicy = get_ppolicy_object($ppolicy_dn);
|
||||
if (!$ppolicy)
|
||||
return false;
|
||||
if (isset($ppolicy['pwdMaxAge']))
|
||||
return intval($ppolicy['pwdMaxAge']);
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Format and return HTML code of a badge
|
||||
*
|
||||
* @param[in] $text string The text of the badge
|
||||
* @param[in] $bg_color string The background color of the badge (optional, default: green)
|
||||
* @param[in] $color string The text color of the badge (optional, default: white)
|
||||
*
|
||||
* @return string The HTML code of the badge
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
function _ppolicy_badge($text, $bg_color='green', $color='white') {
|
||||
// Disable HTML formating on PHP cli
|
||||
if (php_sapi_name() == 'cli') return $text;
|
||||
return sprintf(
|
||||
'<span style="
|
||||
background-color: %s; color: %s;
|
||||
padding: 0.2em; font-size: 0.8em; border-radius: 0.4em;"
|
||||
>%s</span>',
|
||||
$bg_color, $color, $text
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve Ppolicy extraDisplayedColumn password expiration
|
||||
*
|
||||
* @param[in] $entry An LSsearchEntry object
|
||||
*
|
||||
* @return string Ppolicy extraDisplayedColumn password expiration
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*/
|
||||
function ppolicy_extraDisplayColumn_password_expiration($entry) {
|
||||
$change_time = $entry->pwdChangedTime;
|
||||
if (!$change_time)
|
||||
return _('Never');
|
||||
$change_time = ldapDate2Timestamp($change_time);
|
||||
$max_age = get_ppolicy_password_max_age($entry->pwdPolicySubentry);
|
||||
if ($max_age === false)
|
||||
return _ppolicy_badge(__('Unknown'), 'gray');
|
||||
if (!$max_age)
|
||||
return _('Never');
|
||||
$expiration_date = $change_time + $max_age;
|
||||
$now = time();
|
||||
if ($expiration_date <= $now)
|
||||
return _ppolicy_badge(
|
||||
sprintf(_('Expired (since %s)'), date('Y-m-d H:i', $expiration_date)),
|
||||
'black');
|
||||
$delta = $expiration_date - $now;
|
||||
if ($delta >= LS_PPOLICY_CRITICAL_EXPIRATION_THRESHOLD)
|
||||
$badge_color = 'red';
|
||||
elseif ($delta >= LS_PPOLICY_WARNING_EXPIRATION_THRESHOLD)
|
||||
$badge_color = 'orange';
|
||||
else
|
||||
$badge_color = 'green';
|
||||
return _ppolicy_badge(
|
||||
sprintf(_('Expire on %s'), date('Y-m-d H:i', $expiration_date)),
|
||||
$badge_color);
|
||||
}
|
||||
|
||||
/**
|
||||
* Write LSsearch result as CSV and force download of it.
|
||||
*
|
||||
* @param[in] $LSsearch The LSsearch object
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @return boolean Void if CSV file is successfully generated and upload, false in other case
|
||||
*/
|
||||
function ppolicy_export_search_info($LSsearch, $as_csv=true, $return=false) {
|
||||
if ($as_csv) {
|
||||
$csv = fopen('php://temp/maxmemory:'. (5*1024*1024), 'r+');
|
||||
|
||||
if ($csv === false) {
|
||||
LSerror :: addErrorCode('PPOLICY_01');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$attrs = array_merge(
|
||||
array(
|
||||
'pwdPolicySubentry', 'pwdChangedTime', 'pwdGraceUseTime', 'pwdFailureTime',
|
||||
'pwdAccountLockedTime', 'pwdReset', 'pwdHistory'
|
||||
),
|
||||
$GLOBALS['LS_PPOLICY_INFO_EXPORT_EXTRA_ATTRS']
|
||||
);
|
||||
$LSsearch -> setParam('attributes', $attrs);
|
||||
|
||||
if (!$LSsearch -> run()) {
|
||||
LSerror :: addErrorCode('PPOLICY_02');
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($as_csv) {
|
||||
$headers = array($LSsearch->label_objectName, 'DN');
|
||||
foreach($attrs as $attr) {
|
||||
$label = LSconfig::get("LSobjects.".$LSsearch->LSobject.".attrs.$attr.label", $attr, 'string');
|
||||
$headers[] = __($label);
|
||||
}
|
||||
|
||||
if (!_ppolicy_write_row_in_csv($csv, $headers)) {
|
||||
LSerror :: addErrorCode('PPOLICY_03');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$data = array();
|
||||
}
|
||||
|
||||
foreach ($LSsearch -> getSearchEntries() as $e) {
|
||||
$row = array(
|
||||
'name' => $e -> displayName,
|
||||
'dn' => $e -> dn,
|
||||
);
|
||||
|
||||
foreach($attrs as $attr) {
|
||||
if ($as_csv) {
|
||||
$values = ensureIsArray($e -> get($attr));
|
||||
if ($values) {
|
||||
$row[] = ($as_json?$values:implode('|', $values));
|
||||
}
|
||||
else {
|
||||
$no_value_label = LSconfig::get(
|
||||
"LSobjects.".$LSsearch->LSobject.".attrs.$attr.no_value_label",
|
||||
___('Not set'), 'string');
|
||||
$row[] = __($no_value_label);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$row[$attr] = ensureIsArray($e -> get($attr));
|
||||
if (!LSconfig::get("LSobjects.".$LSsearch->LSobject.".attrs.$attr.multiple")) {
|
||||
$row[$attr] = ($row[$attr]?$row[$attr][0]:null);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($as_csv) {
|
||||
if (!_ppolicy_write_row_in_csv($csv, $row)) {
|
||||
LSerror :: addErrorCode('PPOLICY_04');
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$data[] = $row;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$as_csv) {
|
||||
if ($return)
|
||||
return $data;
|
||||
header("Content-disposition: attachment; filename=ppolicy-".$LSsearch->LSobject.".json");
|
||||
displayAjaxReturn($data);
|
||||
exit();
|
||||
}
|
||||
|
||||
rewind($csv);
|
||||
if ($return) {
|
||||
$data = stream_get_contents($csv);
|
||||
@fclose($csv);
|
||||
return $data;
|
||||
}
|
||||
header("Content-disposition: attachment; filename=ppolicy-".$LSsearch->LSobject.".csv");
|
||||
header("Content-type: text/csv");
|
||||
print stream_get_contents($csv);
|
||||
@fclose($csv);
|
||||
exit();
|
||||
}
|
||||
|
||||
/**
|
||||
* Write CSV row in file
|
||||
*
|
||||
* @param[in] $csv The CSV file description reference
|
||||
* @param[in] $row An array of a CSV row fields to write
|
||||
*
|
||||
* @author Benjamin Renard <brenard@easter-eggs.com>
|
||||
*
|
||||
* @retval boolean True if CSV row is successfully writed, false in other case
|
||||
*/
|
||||
function _ppolicy_write_row_in_csv(&$csv, &$row) {
|
||||
if (!defined('PHP_VERSION_ID') or PHP_VERSION_ID < 50504) {
|
||||
return (
|
||||
fputcsv($csv, $row, LS_PPOLICY_CSV_DELIMITER, LS_PPOLICY_CSV_ENCLOSURE) !== false
|
||||
);
|
||||
}
|
||||
return (
|
||||
fputcsv(
|
||||
$csv, $row, LS_PPOLICY_CSV_DELIMITER, LS_PPOLICY_CSV_ENCLOSURE,
|
||||
LS_PPOLICY_CSV_ESCAPE_CHAR) !== false
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle exportPpolicyInfo API request
|
||||
*
|
||||
* @param[in] $request LSurlRequest The request
|
||||
*
|
||||
* @return void
|
||||
**/
|
||||
function handle_api_LSobject_exportPpolicyInfo($request) {
|
||||
get_LSobject_from_API_request($request);
|
||||
$container_dn = LSconfig::get(
|
||||
"LSobjects.".$LSsearch->LSobject.".container_dn",
|
||||
"", "string");
|
||||
$whoami = LSsession :: whoami(
|
||||
$container_dn?
|
||||
$container_dn.','.LSsession::getTopDn():
|
||||
LSsession::getTopDn()
|
||||
);
|
||||
if (!array_intersect($GLOBALS['LS_PPOLICY_API_GRANTED_PROFILES'], $whoami)) {
|
||||
LSerror :: addErrorCode('LSsession_11');
|
||||
LSsession :: displayAjaxReturn();
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!LSsession :: loadLSclass('LSsearch')) {
|
||||
LSerror :: addErrorCode('LSsession_05', 'LSsearch');
|
||||
LSsession :: displayAjaxReturn();
|
||||
return false;
|
||||
}
|
||||
|
||||
$search = new LSsearch(
|
||||
$request->LSobject,
|
||||
'api'
|
||||
);
|
||||
$search -> setParam('onlyAccessible', True);
|
||||
|
||||
$data = ppolicy_export_search_info($search, false, true);
|
||||
LSsession :: displayAjaxReturn($data);
|
||||
}
|
||||
|
||||
if (php_sapi_name() != 'cli')
|
||||
return true;
|
||||
|
||||
function cli_export_ppolicy_info($command_args) {
|
||||
$objType = null;
|
||||
$output = false;
|
||||
$json = false;
|
||||
$pretty = false;
|
||||
for ($i=0; $i < count($command_args); $i++) {
|
||||
switch($command_args[$i]) {
|
||||
case '-o':
|
||||
case '--output':
|
||||
$i++;
|
||||
$output = $command_args[$i];
|
||||
break;
|
||||
|
||||
case '-j':
|
||||
case '--json':
|
||||
$json = true;
|
||||
break;
|
||||
|
||||
case '-p':
|
||||
case '--pretty':
|
||||
$pretty = true;
|
||||
break;
|
||||
|
||||
default:
|
||||
if (is_null($objType))
|
||||
$objType = $command_args[$i];
|
||||
else
|
||||
LScli :: usage("Invalid ".$command_args[$i]." parameter.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (is_null($objType))
|
||||
LScli :: usage('You must provide LSobject type.');
|
||||
|
||||
if (!LSsession :: loadLSobject($objType))
|
||||
return false;
|
||||
|
||||
if (!LSsession :: loadLSclass('LSsearch')) {
|
||||
LSerror :: addErrorCode('LSsession_05', 'LSsearch');
|
||||
LSsession :: displayAjaxReturn();
|
||||
return false;
|
||||
}
|
||||
|
||||
$search = new LSsearch($objType, 'cli_export_ppolicy_info');
|
||||
$search -> setParam('onlyAccessible', True);
|
||||
|
||||
$data = ppolicy_export_search_info($search, !$json, true);
|
||||
|
||||
if ($json)
|
||||
$data = json_encode(
|
||||
$data,
|
||||
($pretty?JSON_PRETTY_PRINT:0)
|
||||
);
|
||||
|
||||
if (!$output) {
|
||||
print($data);
|
||||
exit();
|
||||
}
|
||||
$fd = fopen($output, 'w') or fatal_error("Fail to open output file '$output'");
|
||||
fwrite($fd, $data) or fatal_error("Fail to write result in output file '$output'");
|
||||
@fclose($fd);
|
||||
}
|
||||
|
||||
/**
|
||||
* Args autocompleter for CLI export_ppolicy_info command
|
||||
*
|
||||
* @param[in] $command_args array List of already typed words of the command
|
||||
* @param[in] $comp_word_num int The command word number to autocomplete
|
||||
* @param[in] $comp_word string The command word to autocomplete
|
||||
* @param[in] $opts array List of global available options
|
||||
*
|
||||
* @retval array List of available options for the word to autocomplete
|
||||
**/
|
||||
function cli_export_ppolicy_info_args_autocompleter($command_args, $comp_word_num, $comp_word, $opts) {
|
||||
$opts = array_merge($opts, array ('-o', '--output', '-j', '--json', '-p', '--pretty'));
|
||||
|
||||
// Handle positional args
|
||||
$objType = null;
|
||||
$objType_arg_num = null;
|
||||
for ($i=0; $i < count($command_args); $i++) {
|
||||
if (!in_array($command_args[$i], $opts)) {
|
||||
// If object type not defined
|
||||
if (is_null($objType)) {
|
||||
// Defined it
|
||||
$objType = $command_args[$i];
|
||||
LScli :: unquote_word($objType);
|
||||
$objType_arg_num = $i;
|
||||
|
||||
// Check object type exists
|
||||
$objTypes = LScli :: autocomplete_LSobject_types($objType);
|
||||
|
||||
// Load it if exist and not trying to complete it
|
||||
if (in_array($objType, $objTypes) && $i != $comp_word_num) {
|
||||
LSsession :: loadLSobject($objType, false);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If objType not already choiced (or currently autocomplete), add LSobject types to available options
|
||||
if (!$objType || $objType_arg_num == $comp_word_num)
|
||||
$opts = array_merge($opts, LScli :: autocomplete_LSobject_types($comp_word));
|
||||
|
||||
return LScli :: autocomplete_opts($opts, $comp_word);
|
||||
}
|
||||
|
||||
LScli :: add_command(
|
||||
'export_ppolicy_info',
|
||||
'cli_export_ppolicy_info',
|
||||
'Export password policy info of a all objects of a specified object type',
|
||||
'[object type] [-o|--output filepath] [-j|--json [-p|--pretty]]',
|
||||
false, // long desc
|
||||
true,
|
||||
'cli_export_ppolicy_info_args_autocompleter'
|
||||
);
|
Binary file not shown.
|
@ -8,7 +8,7 @@ msgstr ""
|
|||
"Project-Id-Version: LdapSaisie\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: \n"
|
||||
"PO-Revision-Date: 2022-02-22 18:24+0100\n"
|
||||
"PO-Revision-Date: 2022-04-11 18:24+0200\n"
|
||||
"Last-Translator: Benjamin Renard <brenard@zionetrix.net>\n"
|
||||
"Language-Team: LdapSaisie <ldapsaisie-users@lists.labs.libre-entreprise."
|
||||
"org>\n"
|
||||
|
@ -21,6 +21,64 @@ msgstr ""
|
|||
"X-Generator: Poedit 2.4.2\n"
|
||||
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:26
|
||||
msgid "Password policy Support : The constant %{const} is not defined."
|
||||
msgstr ""
|
||||
"Support politique de mots de passe : La constante %{const} n'est pas définie."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:29
|
||||
msgid "Password policy Support : The global array %{array} is not defined."
|
||||
msgstr ""
|
||||
"Support politique de mots de passe : Le tableau global %{array} n'est pas "
|
||||
"définie."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:32
|
||||
msgid "Password policy: An error occured generating CSV outfile memory space."
|
||||
msgstr ""
|
||||
"Politique de mots de passe : Une erreur est survenue en générant l'espace "
|
||||
"mémoire pour le fichier CSV."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:35
|
||||
msgid "Password policy: An error occured executing the search."
|
||||
msgstr ""
|
||||
"Politique de mots de passe : Une erreur est survenue en exécutant la "
|
||||
"recherche."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:38
|
||||
msgid "Password policy: An error occured writing CSV header."
|
||||
msgstr ""
|
||||
"Politique de mots de passe : Une erreur est survenue en écrivant les entêtes "
|
||||
"CSV."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:41
|
||||
msgid "Password policy: An error occured writing a CSV row."
|
||||
msgstr ""
|
||||
"Politique de mots de passe : Une erreur est survenue en écrivant une ligne "
|
||||
"CSV."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:169
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:175
|
||||
msgid "Never"
|
||||
msgstr "Jamais"
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:173
|
||||
msgid "Unknown"
|
||||
msgstr "Inconnu"
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:180
|
||||
#, php-format
|
||||
msgid "Expired (since %s)"
|
||||
msgstr "Expiré (depuis %s)"
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:190
|
||||
#, php-format
|
||||
msgid "Expire on %s"
|
||||
msgstr "Expirera le %s"
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:258
|
||||
msgid "Not set"
|
||||
msgstr "Non défini"
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.samba.php:27
|
||||
msgid "SAMBA Support: Unable to load smbHash class."
|
||||
msgstr "Support SAMBA : Impossible de charger la classe smbHash."
|
||||
|
@ -434,6 +492,10 @@ msgstr ""
|
|||
"MAILDIR : Erreur durant la récupération du chemin distant du dossier des "
|
||||
"mails."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.watermark.php:78
|
||||
msgid "PRE-PRODUCTION"
|
||||
msgstr "PRÉ-PRODUCTION"
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.showTechInfo.php:63
|
||||
#: templates/default/showTechInfo.tpl:16
|
||||
msgid "Structural object class"
|
||||
|
@ -1628,39 +1690,39 @@ msgstr ""
|
|||
"LSformRule_password : Regex invalide configurée : %{regex}. Vous devez "
|
||||
"utiliser des regex de type PCRE (commencant par le caractère '/')."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:614
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:629
|
||||
msgid "LSldap: Error during the LDAP server connection (%{msg})."
|
||||
msgstr "LSldap : Erreur durant la connexion au serveur LDAP (%{msg})."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:617
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:632
|
||||
msgid "LSldap: Error during the LDAP search (%{msg})."
|
||||
msgstr "LSldap : Erreur pendant la recherche LDAP (%{msg})."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:620
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:635
|
||||
msgid "LSldap: Object type unknown."
|
||||
msgstr "LSldap : Type d'objet inconnu."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:623
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:638
|
||||
msgid "LSldap: Error while fetching the LDAP entry."
|
||||
msgstr "LSldap : Erreur durant la récupération de l'entrée LDAP."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:626
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:641
|
||||
msgid "LSldap: Error while changing the LDAP entry (DN : %{dn})."
|
||||
msgstr "LSldap : Erreur durant la modification de l'entrée LDAP (DN : %{dn})."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:629
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:644
|
||||
msgid "LSldap: Error while deleting empty attributes."
|
||||
msgstr "LSldap : Erreur durant la suppression des attributs vides."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:632
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:647
|
||||
msgid "LSldap: Error while changing the DN of the object."
|
||||
msgstr "LSldap : Erreur pendant la modification du DN de l'objet."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:635
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:650
|
||||
msgid "LSldap: LDAP server base DN not configured."
|
||||
msgstr "LSldap : Le base DN du serveur LDAP n'est pas configuré."
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:638
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:653
|
||||
msgid "LSldap: Fail to set authz proxy option on LDAP server connection."
|
||||
msgstr ""
|
||||
"LSldap : Une erreur est survenue en appliquant l'option d'authz proxy sur la "
|
||||
|
|
|
@ -1,3 +1,50 @@
|
|||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:26
|
||||
msgid "Password policy Support : The constant %{const} is not defined."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:29
|
||||
msgid "Password policy Support : The global array %{array} is not defined."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:32
|
||||
msgid "Password policy: An error occured generating CSV outfile memory space."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:35
|
||||
msgid "Password policy: An error occured executing the search."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:38
|
||||
msgid "Password policy: An error occured writing CSV header."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:41
|
||||
msgid "Password policy: An error occured writing a CSV row."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:169
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:175
|
||||
msgid "Never"
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:173
|
||||
msgid "Unknown"
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:180
|
||||
#, php-format
|
||||
msgid "Expired (since %s)"
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:190
|
||||
#, php-format
|
||||
msgid "Expire on %s"
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.ppolicy.php:258
|
||||
msgid "Not set"
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.samba.php:27
|
||||
msgid "SAMBA Support: Unable to load smbHash class."
|
||||
msgstr ""
|
||||
|
@ -345,6 +392,10 @@ msgstr ""
|
|||
msgid "MAILDIR : Error retrieving remote path of the maildir."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.watermark.php:78
|
||||
msgid "PRE-PRODUCTION"
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.showTechInfo.php:63
|
||||
#: templates/default/showTechInfo.tpl:16
|
||||
msgid "Structural object class"
|
||||
|
@ -1359,39 +1410,39 @@ msgid ""
|
|||
"(begining by '/' caracter)."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:614
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:629
|
||||
msgid "LSldap: Error during the LDAP server connection (%{msg})."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:617
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:632
|
||||
msgid "LSldap: Error during the LDAP search (%{msg})."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:620
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:635
|
||||
msgid "LSldap: Object type unknown."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:623
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:638
|
||||
msgid "LSldap: Error while fetching the LDAP entry."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:626
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:641
|
||||
msgid "LSldap: Error while changing the LDAP entry (DN : %{dn})."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:629
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:644
|
||||
msgid "LSldap: Error while deleting empty attributes."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:632
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:647
|
||||
msgid "LSldap: Error while changing the DN of the object."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:635
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:650
|
||||
msgid "LSldap: LDAP server base DN not configured."
|
||||
msgstr ""
|
||||
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:638
|
||||
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSldap.php:653
|
||||
msgid "LSldap: Fail to set authz proxy option on LDAP server connection."
|
||||
msgstr ""
|
||||
|
||||
|
|
Loading…
Reference in a new issue