/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/nikhef-directory-tools/nikENlib.php
ViewVC logotype

Annotation of /trunk/nl.nikhef.ndpf.tools/nikhef-directory-tools/nikENlib.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2669 - (hide annotations) (download) (as text)
Thu Sep 5 11:08:02 2013 UTC (8 years, 8 months ago) by davidg
File MIME type: text/x-php
File size: 8704 byte(s)
Iniital release

1 davidg 2669 <?php
2     //
3     // @(#)$Id$
4     //
5     // nikEmployeeNumbers (nikENlib) retrieval and manipulation of employee numbers
6     // from the Nikhef LDAP directory
7     // for proper functioning it MUST connect to LDAP, and the password MUST
8     // be configured in an external file (see config section below)
9     //
10     // this module exports the following functions
11     //
12     // function nikENfindEmployeeNumberByUid($uid)
13     // retrieve the employee number of user <uid>
14     // function nikENfindUidByEmployeeNumber($employeeNumber)
15     // retrieve the uid for employee <number>
16     // function nikENfindCNByEmployeeNumber($employeeNumber)
17     // retrieve the friendly common name for employee <number>
18     // function nikENfindCNByUid($uid)
19     // retrieve the friendly common name for user <uid>
20     // function nikENlistAllElegibleUids()
21     // get a list of all <uids> that match the LDAP filter
22     // function nikENlistAllElegibleEmployeeNumbers()
23     // get a list of all <employee numbers> that match the LDAP filter
24     //
25     // If you want to do bulk-operations (such as reporting) it is faster
26     // to first cache *all* of the possible entries. This is done implicitly
27     // by the "nikENlistAllElegible*" functions, but it may be called
28     // explicitly via
29     // function nikENcacheLdap()
30     // retrieve all relevant entries from LDAP and cache in memory
31     //
32     // NOTES
33     // This library is designed to work with the NikIdM system, and may
34     // not be suitable for any other purpose (or even for any purpose)
35     //
36     // FILES /usr/local/etc/nikENconfig.conf
37     // a <attribute> <value> file with the following permitted directives
38     // "(binddn|bindpw|ldapurl|ldapdit|ldapfilter)"A
39     // The default LDAP filter for finding elegible employees is
40     // (&(employeeNumber=*)(eduPersonAffiliation=employee))
41     // and any filter MUSt be enclosed in brackets
42     //
43     // BUGS
44     // may be present, exterminate them with DDT
45     //
46     // ---------------------------------------------------------------------------
47     // static configuration, override via config file
48     $nikENconfigFile="/usr/local/etc/nikENconfig.conf";
49     $nikENbindDN="cn=agent-mortal-urenreg,ou=Managers,dc=farmnet,dc=nikhef,dc=nl";
50     $nikENbindPassword="USE_CONFIG_FILE_FOR_THIS_PLEASE";
51     $nikENldapUrl="ldaps://ldap.nikhef.nl/";
52     $nikENldapDIT="ou=LocalUsers,dc=farmnet,dc=nikhef,dc=nl";
53     $nikENldapFilter="(&(employeeNumber=*)(eduPersonAffiliation=employee))";
54     $nikENtesting=0;
55    
56     // ---------------------------------------------------------------------------
57     // base code
58     if ( !file_exists($nikENconfigFile) ) {
59     error_log("nikEmployeeNumber: invoked, but no config file found");
60     exit(1);
61     }
62     if ( !$fh = fopen($nikENconfigFile,"r") ) {
63     error_log("nikEmployeeNumber: cannot open config file $nikENconfigFile");
64     exit(1);
65     }
66     while (!feof($fh)) {
67     $nikENcLine = fgets($fh,8192);
68     if ( $nikENcLine === false ) break;
69     rtrim($nikENcLine);
70     if (!preg_match("/^(binddn|bindpw|ldapurl|ldapdit|ldapfilter)\s+(.*)$/",
71     $nikENcLine,$nikENcm)) {
72     error_log("nikEmployeeNumber: syntax error in config file");
73     exit(1);
74     }
75     if ( $nikENcm[1] == "binddn" ) $nikENbindDN=$nikENcm[2];
76     if ( $nikENcm[1] == "bindpw" ) $nikENbindPassword=$nikENcm[2];
77     if ( $nikENcm[1] == "ldapurl" ) $nikENldapUrl=$nikENcm[2];
78     if ( $nikENcm[1] == "ldapdit" ) $nikENldapDIT=$nikENcm[2];
79     if ( $nikENcm[1] == "ldapfilter" ) $nikENldapFilter=$nikENcm[2];
80     }
81     fclose($fh);
82    
83     // ---------------------------------------------------------------------------
84     // public API function
85     //
86     function nikENfindEmployeeNumberByUid($uid) {
87     global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
88     if ( isset($nikENemplNoByUid[$uid]) ) return $nikENemplNoByUid[$uid];
89     if ( ! nikENldapRetrieve("uid",$uid) ) return false;
90     return $nikENemplNoByUid[$uid];
91     }
92    
93     function nikENfindUidByEmployeeNumber($employeeNumber) {
94     global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
95     if ( isset( $nikENUidByEmplNo[$employeeNumber]) )
96     return $nikENUidByEmplNo[$employeeNumber];
97     if ( ! nikENldapRetrieve("employeenumber",$employeeNumber) ) return false;
98     return $nikENUidByEmplNo[$employeeNumber];
99     }
100    
101     function nikENfindCNByEmployeeNumber($employeeNumber) {
102     global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
103     if ( isset( $nikENUidByEmplNo[$employeeNumber]) )
104     return $nikENUidByEmplNo[$employeeNumber];
105     if ( ! nikENldapRetrieve("employeenumber",$employeeNumber) ) return false;
106     return $nikENCNByUid[$nikENUidByEmplNo[$employeeNumber]];
107     }
108    
109     function nikENfindCNByUid($uid) {
110     global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
111     if ( isset( $nikENCNByUid[$uid]) )
112     return $nikENCNByUid[$uid];
113     if ( ! nikENldapRetrieve("uid",$uid) ) return false;
114     return $nikENCNByUid[$uid];
115     }
116    
117     function nikENlistAllElegibleUids() {
118     global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
119     nikENcacheLdap();
120     return array_keys($nikENemplNoByUid);
121     }
122    
123     function nikENlistAllElegibleEmployeeNumbers() {
124     global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
125     nikENcacheLdap();
126     return array_keys($nikENUidByEmplNo);
127     }
128    
129     // ---------------------------------------------------------------------------
130     // Internal support functions
131     //
132     function nikENldapInit() {
133     global $nikENbindDN,$nikENbindPassword,$nikENldapUrl;
134     global $nikENds;
135    
136     if ( ! ($nikENds = ldap_connect($nikENldapUrl) ) ) {
137     error_log("nikEmployeeNumber: cannot connect to LDAP server");
138     return false;
139     }
140     if ( ! ($bindresult = ldap_bind($nikENds,$nikENbindDN,$nikENbindPassword) )) {
141     error_log("nikEmployeeNumber: cannot bind to LDAP as agent");
142     return false;
143     }
144     return true;
145     }
146    
147     function nikENcacheLdap() {
148     global $nikENds;
149     global $nikENldapDIT,$nikENldapFilter;
150     global $nikENemplNoByUid;
151     global $nikENUidByEmplNo;
152     global $nikENCNByUid;
153    
154     if ( isset($nikENCNbyUid) ) return true;
155    
156     if ( !isset($nikENds) ) {
157     if (!nikENldapInit()) return false;
158     }
159    
160     $searchresult = ldap_search($nikENds,$nikENldapDIT,$nikENldapFilter,
161     array("uid","cn","employeeNumber"));
162     if ( !$searchresult ) {
163     error_log("nikEmployeeNumber: nikENcacheLdap cannot search directory");
164     return false;
165     }
166    
167     $gentries = ldap_get_entries($nikENds, $searchresult);
168     for ( $i=0 ; $i < $gentries["count"] ; $i++) {
169     // skip this entry unless we have some actual useful data
170     if ( !isset($gentries[$i]["cn"][0]) || !$gentries[$i]["cn"][0] ) continue;
171     if ( !isset($gentries[$i]["uid"][0]) || !$gentries[$i]["uid"][0] ) continue;
172     if ( !isset($gentries[$i]["employeenumber"][0]) || !$gentries[$i]["employeenumber"][0] ) continue;
173    
174     $nikENUidByEmplNo[$gentries[$i]["employeenumber"][0]] =
175     $gentries[$i]["uid"][0];
176     $nikENemplNoByUid[$gentries[$i]["uid"][0]] =
177     $gentries[$i]["employeenumber"][0];
178     $nikENCNByUid[$gentries[$i]["uid"][0]] = $gentries[$i]["cn"][0];
179     }
180    
181     ldap_close($nikENds);
182     unset($nikENds);
183    
184     return true;
185     }
186    
187     function nikENldapRetrieve($attr,$value) {
188     global $nikENds,$nikENldapDIT,$nikENldapFilter;
189     global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
190    
191     if ( !isset($nikENds) ) nikENldapInit();
192     if ( !isset($nikENds) ) return false;
193    
194     $searchresult = ldap_search($nikENds,$nikENldapDIT,
195     "(&($attr=$value)$nikENldapFilter)",array("uid","cn","employeeNumber"));
196     if ( !$searchresult ) {
197     error_log("nikEmployeeNumber: nikENldapRetrieve cannot search directory for $attr");
198     return false;
199     }
200    
201     $gentries = ldap_get_entries($nikENds, $searchresult);
202     // skip this entry unless we have some actual useful data
203     if ( !isset($gentries) || $gentries["count"] != 1 ) return false;
204     if ( !isset($gentries[0]["cn"][0]) || !$gentries[0]["cn"][0] ) return false;
205     if ( !isset($gentries[0]["uid"][0]) ||
206     !$gentries[0]["uid"][0] ) return false;
207     if ( !isset($gentries[0]["employeenumber"][0]) ||
208     !$gentries[0]["employeenumber"][0] ) return false;
209    
210     $nikENUidByEmplNo[$gentries[0]["employeenumber"][0]] =
211     $gentries[0]["uid"][0];
212     $nikENemplNoByUid[$gentries[0]["uid"][0]] =
213     $gentries[0]["employeenumber"][0];
214     $nikENCNByUid[$gentries[0]["uid"][0]] = $gentries[0]["cn"][0];
215    
216     return true;
217     }
218    
219    
220    
221     // ---------------------------------------------------------------------------
222     // ---------------------------------------------------------------------------
223     // Examples and unit tests
224     //
225    
226     if ( $nikENtesting ) {
227     print "<html><head><title>Testing nikEN</title></head>\n<body>\n<pre>\n";
228     print "employeeNumber of davidg is ".nikENfindEmployeeNumberByUid("davidg")."\n";
229     print "Name of davidg is ".nikENfindCNByUid("davidg")."\n";
230     print "Name of employee 35470 is ".nikENfindCNByEmployeeNumber(35470)."\n";
231    
232     print "The following people are elegible to urenreg:\n";
233     foreach ( nikENlistAllElegibleUids() as $k ) {
234     print " $k\n";
235     }
236    
237     print "\n</pre>\n</body></html>\n";
238     }

Properties

Name Value
svn:keywords Id

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28