/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/nikhef-directory-tools/nikENlib.php
ViewVC logotype

Contents of /trunk/nl.nikhef.ndpf.tools/nikhef-directory-tools/nikENlib.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2669 - (show annotations) (download) (as text)
Thu Sep 5 11:08:02 2013 UTC (8 years, 4 months ago) by davidg
File MIME type: text/x-php
File size: 8704 byte(s)
Iniital release

1 <?php
2 //
3 // @(#)$Id$
4 //
5 // nikEmployeeNumbers (nikENlib) retrieval and manipulation of employee numbers
6 // from the Nikhef LDAP directory
7 // for proper functioning it MUST connect to LDAP, and the password MUST
8 // be configured in an external file (see config section below)
9 //
10 // this module exports the following functions
11 //
12 // function nikENfindEmployeeNumberByUid($uid)
13 // retrieve the employee number of user <uid>
14 // function nikENfindUidByEmployeeNumber($employeeNumber)
15 // retrieve the uid for employee <number>
16 // function nikENfindCNByEmployeeNumber($employeeNumber)
17 // retrieve the friendly common name for employee <number>
18 // function nikENfindCNByUid($uid)
19 // retrieve the friendly common name for user <uid>
20 // function nikENlistAllElegibleUids()
21 // get a list of all <uids> that match the LDAP filter
22 // function nikENlistAllElegibleEmployeeNumbers()
23 // get a list of all <employee numbers> that match the LDAP filter
24 //
25 // If you want to do bulk-operations (such as reporting) it is faster
26 // to first cache *all* of the possible entries. This is done implicitly
27 // by the "nikENlistAllElegible*" functions, but it may be called
28 // explicitly via
29 // function nikENcacheLdap()
30 // retrieve all relevant entries from LDAP and cache in memory
31 //
32 // NOTES
33 // This library is designed to work with the NikIdM system, and may
34 // not be suitable for any other purpose (or even for any purpose)
35 //
36 // FILES /usr/local/etc/nikENconfig.conf
37 // a <attribute> <value> file with the following permitted directives
38 // "(binddn|bindpw|ldapurl|ldapdit|ldapfilter)"A
39 // The default LDAP filter for finding elegible employees is
40 // (&(employeeNumber=*)(eduPersonAffiliation=employee))
41 // and any filter MUSt be enclosed in brackets
42 //
43 // BUGS
44 // may be present, exterminate them with DDT
45 //
46 // ---------------------------------------------------------------------------
47 // static configuration, override via config file
48 $nikENconfigFile="/usr/local/etc/nikENconfig.conf";
49 $nikENbindDN="cn=agent-mortal-urenreg,ou=Managers,dc=farmnet,dc=nikhef,dc=nl";
50 $nikENbindPassword="USE_CONFIG_FILE_FOR_THIS_PLEASE";
51 $nikENldapUrl="ldaps://ldap.nikhef.nl/";
52 $nikENldapDIT="ou=LocalUsers,dc=farmnet,dc=nikhef,dc=nl";
53 $nikENldapFilter="(&(employeeNumber=*)(eduPersonAffiliation=employee))";
54 $nikENtesting=0;
55
56 // ---------------------------------------------------------------------------
57 // base code
58 if ( !file_exists($nikENconfigFile) ) {
59 error_log("nikEmployeeNumber: invoked, but no config file found");
60 exit(1);
61 }
62 if ( !$fh = fopen($nikENconfigFile,"r") ) {
63 error_log("nikEmployeeNumber: cannot open config file $nikENconfigFile");
64 exit(1);
65 }
66 while (!feof($fh)) {
67 $nikENcLine = fgets($fh,8192);
68 if ( $nikENcLine === false ) break;
69 rtrim($nikENcLine);
70 if (!preg_match("/^(binddn|bindpw|ldapurl|ldapdit|ldapfilter)\s+(.*)$/",
71 $nikENcLine,$nikENcm)) {
72 error_log("nikEmployeeNumber: syntax error in config file");
73 exit(1);
74 }
75 if ( $nikENcm[1] == "binddn" ) $nikENbindDN=$nikENcm[2];
76 if ( $nikENcm[1] == "bindpw" ) $nikENbindPassword=$nikENcm[2];
77 if ( $nikENcm[1] == "ldapurl" ) $nikENldapUrl=$nikENcm[2];
78 if ( $nikENcm[1] == "ldapdit" ) $nikENldapDIT=$nikENcm[2];
79 if ( $nikENcm[1] == "ldapfilter" ) $nikENldapFilter=$nikENcm[2];
80 }
81 fclose($fh);
82
83 // ---------------------------------------------------------------------------
84 // public API function
85 //
86 function nikENfindEmployeeNumberByUid($uid) {
87 global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
88 if ( isset($nikENemplNoByUid[$uid]) ) return $nikENemplNoByUid[$uid];
89 if ( ! nikENldapRetrieve("uid",$uid) ) return false;
90 return $nikENemplNoByUid[$uid];
91 }
92
93 function nikENfindUidByEmployeeNumber($employeeNumber) {
94 global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
95 if ( isset( $nikENUidByEmplNo[$employeeNumber]) )
96 return $nikENUidByEmplNo[$employeeNumber];
97 if ( ! nikENldapRetrieve("employeenumber",$employeeNumber) ) return false;
98 return $nikENUidByEmplNo[$employeeNumber];
99 }
100
101 function nikENfindCNByEmployeeNumber($employeeNumber) {
102 global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
103 if ( isset( $nikENUidByEmplNo[$employeeNumber]) )
104 return $nikENUidByEmplNo[$employeeNumber];
105 if ( ! nikENldapRetrieve("employeenumber",$employeeNumber) ) return false;
106 return $nikENCNByUid[$nikENUidByEmplNo[$employeeNumber]];
107 }
108
109 function nikENfindCNByUid($uid) {
110 global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
111 if ( isset( $nikENCNByUid[$uid]) )
112 return $nikENCNByUid[$uid];
113 if ( ! nikENldapRetrieve("uid",$uid) ) return false;
114 return $nikENCNByUid[$uid];
115 }
116
117 function nikENlistAllElegibleUids() {
118 global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
119 nikENcacheLdap();
120 return array_keys($nikENemplNoByUid);
121 }
122
123 function nikENlistAllElegibleEmployeeNumbers() {
124 global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
125 nikENcacheLdap();
126 return array_keys($nikENUidByEmplNo);
127 }
128
129 // ---------------------------------------------------------------------------
130 // Internal support functions
131 //
132 function nikENldapInit() {
133 global $nikENbindDN,$nikENbindPassword,$nikENldapUrl;
134 global $nikENds;
135
136 if ( ! ($nikENds = ldap_connect($nikENldapUrl) ) ) {
137 error_log("nikEmployeeNumber: cannot connect to LDAP server");
138 return false;
139 }
140 if ( ! ($bindresult = ldap_bind($nikENds,$nikENbindDN,$nikENbindPassword) )) {
141 error_log("nikEmployeeNumber: cannot bind to LDAP as agent");
142 return false;
143 }
144 return true;
145 }
146
147 function nikENcacheLdap() {
148 global $nikENds;
149 global $nikENldapDIT,$nikENldapFilter;
150 global $nikENemplNoByUid;
151 global $nikENUidByEmplNo;
152 global $nikENCNByUid;
153
154 if ( isset($nikENCNbyUid) ) return true;
155
156 if ( !isset($nikENds) ) {
157 if (!nikENldapInit()) return false;
158 }
159
160 $searchresult = ldap_search($nikENds,$nikENldapDIT,$nikENldapFilter,
161 array("uid","cn","employeeNumber"));
162 if ( !$searchresult ) {
163 error_log("nikEmployeeNumber: nikENcacheLdap cannot search directory");
164 return false;
165 }
166
167 $gentries = ldap_get_entries($nikENds, $searchresult);
168 for ( $i=0 ; $i < $gentries["count"] ; $i++) {
169 // skip this entry unless we have some actual useful data
170 if ( !isset($gentries[$i]["cn"][0]) || !$gentries[$i]["cn"][0] ) continue;
171 if ( !isset($gentries[$i]["uid"][0]) || !$gentries[$i]["uid"][0] ) continue;
172 if ( !isset($gentries[$i]["employeenumber"][0]) || !$gentries[$i]["employeenumber"][0] ) continue;
173
174 $nikENUidByEmplNo[$gentries[$i]["employeenumber"][0]] =
175 $gentries[$i]["uid"][0];
176 $nikENemplNoByUid[$gentries[$i]["uid"][0]] =
177 $gentries[$i]["employeenumber"][0];
178 $nikENCNByUid[$gentries[$i]["uid"][0]] = $gentries[$i]["cn"][0];
179 }
180
181 ldap_close($nikENds);
182 unset($nikENds);
183
184 return true;
185 }
186
187 function nikENldapRetrieve($attr,$value) {
188 global $nikENds,$nikENldapDIT,$nikENldapFilter;
189 global $nikENemplNoByUid,$nikENUidByEmplNo,$nikENCNByUid;
190
191 if ( !isset($nikENds) ) nikENldapInit();
192 if ( !isset($nikENds) ) return false;
193
194 $searchresult = ldap_search($nikENds,$nikENldapDIT,
195 "(&($attr=$value)$nikENldapFilter)",array("uid","cn","employeeNumber"));
196 if ( !$searchresult ) {
197 error_log("nikEmployeeNumber: nikENldapRetrieve cannot search directory for $attr");
198 return false;
199 }
200
201 $gentries = ldap_get_entries($nikENds, $searchresult);
202 // skip this entry unless we have some actual useful data
203 if ( !isset($gentries) || $gentries["count"] != 1 ) return false;
204 if ( !isset($gentries[0]["cn"][0]) || !$gentries[0]["cn"][0] ) return false;
205 if ( !isset($gentries[0]["uid"][0]) ||
206 !$gentries[0]["uid"][0] ) return false;
207 if ( !isset($gentries[0]["employeenumber"][0]) ||
208 !$gentries[0]["employeenumber"][0] ) return false;
209
210 $nikENUidByEmplNo[$gentries[0]["employeenumber"][0]] =
211 $gentries[0]["uid"][0];
212 $nikENemplNoByUid[$gentries[0]["uid"][0]] =
213 $gentries[0]["employeenumber"][0];
214 $nikENCNByUid[$gentries[0]["uid"][0]] = $gentries[0]["cn"][0];
215
216 return true;
217 }
218
219
220
221 // ---------------------------------------------------------------------------
222 // ---------------------------------------------------------------------------
223 // Examples and unit tests
224 //
225
226 if ( $nikENtesting ) {
227 print "<html><head><title>Testing nikEN</title></head>\n<body>\n<pre>\n";
228 print "employeeNumber of davidg is ".nikENfindEmployeeNumberByUid("davidg")."\n";
229 print "Name of davidg is ".nikENfindCNByUid("davidg")."\n";
230 print "Name of employee 35470 is ".nikENfindCNByEmployeeNumber(35470)."\n";
231
232 print "The following people are elegible to urenreg:\n";
233 foreach ( nikENlistAllElegibleUids() as $k ) {
234 print " $k\n";
235 }
236
237 print "\n</pre>\n</body></html>\n";
238 }

Properties

Name Value
svn:keywords Id

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28