From 2a0d335a183e81dc2577ddae286a55c79ddcdd5d Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Mon, 7 Apr 2025 12:50:39 -0400 Subject: [PATCH 1/4] rewrite update-ldap-cache.php --- resources/lib/UnityLDAP.php | 29 ++++++++ resources/lib/UnityRedis.php | 4 + workers/update-ldap-cache.php | 134 ++++++++++++++++++---------------- 3 files changed, 104 insertions(+), 63 deletions(-) diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php index fc44cd4f..5b9d52bb 100644 --- a/resources/lib/UnityLDAP.php +++ b/resources/lib/UnityLDAP.php @@ -336,4 +336,33 @@ public function getOrgGroupEntry($gid) $ldap_entry = new LDAPEntry($this->getConn(), unityLDAP::RDN . "=$gid," . $this->STR_ORGGROUPOU); return $ldap_entry; } + + public static function parseUserChildrenArray(array $userChildrenArray): array{ + // input comes from LdapEntry::getChildrenArray on a UnityUser + $output = []; + $required_string_attributes = [ + "gidnumber", + "givenname", + "homedirectory", + "loginshell", + "mail", + "o", + "sn", + "uid", + "uidnumber", + ]; + foreach($required_string_attributes as $key){ + $output[$key] = $userChildrenArray[$key][0]; + } + $output["firstname"] = $output["givenname"]; + $output["lastname"] = $output["sn"]; + $output["org"] = $output["o"]; + $output["objectclass"] = $userChildrenArray["objectclass"]; + if(array_key_exists("sspublickey", $userChildrenArray)){ + $output["sshpublickey"] = $userChildrenArray["sshpublickey"]; + } else { + $output["sshpublickey"] = []; + } + return $output; + } } diff --git a/resources/lib/UnityRedis.php b/resources/lib/UnityRedis.php index 4fe57700..85cf97a0 100644 --- a/resources/lib/UnityRedis.php +++ b/resources/lib/UnityRedis.php @@ -95,4 +95,8 @@ public function removeCacheArray($object, $key, $value) $this->setCache($object, $key, $cached_val); } } + + public function flushAll(){ + $this->client->flushAll(); + } } diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php index 026b94f5..c43cc44a 100644 --- a/workers/update-ldap-cache.php +++ b/workers/update-ldap-cache.php @@ -2,74 +2,82 @@ require_once "../resources/autoload.php"; -// Get Users -$users = $LDAP->getAllUsers($SQL, $MAILER, $REDIS, $WEBHOOK, true); - -$sorted_uids = array(); - -foreach ($users as $user) { - $uid = $user->getUID(); - array_push($sorted_uids, $uid); - - $REDIS->setCache($uid, "firstname", $user->getFirstname(true)); - $REDIS->setCache($uid, "lastname", $user->getLastname(true)); - $REDIS->setCache($uid, "org", $user->getOrg(true)); - $REDIS->setCache($uid, "mail", $user->getMail(true)); - $REDIS->setCache($uid, "sshkeys", $user->getSSHKeys(true)); - $REDIS->setCache($uid, "loginshell", $user->getLoginShell(true)); - $REDIS->setCache($uid, "homedir", $user->getHomeDir(true)); - - $parsed_groups = array(); - - foreach ($user->getGroups(true) as $cur_group) { - array_push($parsed_groups, $cur_group->getPIUID()); - } - - $REDIS->setCache($uid, "groups", $parsed_groups); +use UnityWebPortal\lib\{ + UnityConfig, + UnityLDAP, + UnityMailer, + UnitySQL, + UnitySite, + UnitySSO, + UnityUser, + UnityRedis, + UnityWebhook +}; +use PHPOpenLDAPer\LDAPEntry; + +$options = getopt("fu"); +if (array_key_exists("f", $options)) { + echo "flushing cache...\n"; + $REDIS->flushAll(); } -sort($sorted_uids); -$REDIS->setCache("sorted_users", "", $sorted_uids); - -// Get groups -$groups = $LDAP->getAllPIGroups($SQL, $MAILER, $REDIS, $WEBHOOK, true); - -$sorted_groups = array(); - -foreach ($groups as $group) { - $gid = $group->getPIUID(); - array_push($sorted_groups, $gid); - - $parsed_members = array(); - foreach ($group->getGroupMembers(true) as $member) { - array_push($parsed_members, $member->getUID()); +if ((!is_null($REDIS->getCache("initialized", "")) and (!array_key_exists("u", $options)))) { + echo "cache is already initialized, nothing doing. use -f argument to flush cache, or -u argument to update without flush.\n"; +} else { + echo "updating cache...\n"; + $user_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["user_ou"]); + echo "waiting for LDAP response (users)...\n"; + $users = $user_ou->getChildrenArray(true); + echo "response received.\n"; + $user_CNs = array_map(function($x){return $x["cn"][0];}, $users); + sort($user_CNs); + $REDIS->setCache("sorted_users", "", $user_CNs); + foreach($users as $user){ + $attribute_array = UnityLDAP::parseUserChildrenArray($user); + foreach($attribute_array as $key => $val){ + $REDIS->setCache($user["cn"][0], $key, $val); + } } - $REDIS->setCache($gid, "members", $parsed_members); -} - -sort($sorted_groups); -$REDIS->setCache("sorted_groups", "", $sorted_groups); - -// Get Orgs -$orgs = $LDAP->getAllOrgGroups($SQL, $MAILER, $REDIS, $WEBHOOK, true); - -$sorted_orgs = array(); - -foreach ($orgs as $org) { - $orgid = $org->getOrgID(); - array_push($sorted_orgs, $orgid); - - $parsed_orgs = array(); - foreach ($org->getOrgMembers(true) as $member) { - array_push($parsed_members, $member->getUID()); + $org_group_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["orggroup_ou"]); + echo "waiting for LDAP response (org_groups)...\n"; + $org_groups = $org_group_ou->getChildrenArray(true); + echo "response received.\n"; + $org_group_CNs = array_map(function($x){return $x["cn"][0];}, $org_groups); + sort($org_group_CNs); + $REDIS->setCache("sorted_orgs", "", $org_group_CNs); + foreach($org_groups as $org_group){ + $REDIS->setCache($org_group["cn"][0], "members", $org_group["memberuid"]); } - $REDIS->setCache($orgid, "members", $parsed_orgs); + $pi_group_ou = new LDAPEntry($LDAP->getConn(), $CONFIG["ldap"]["pigroup_ou"]); + echo "waiting for LDAP response (pi_groups)...\n"; + $pi_groups = $pi_group_ou->getChildrenArray(true); + echo "response received.\n"; + $pi_group_CNs = array_map(function($x){return $x["cn"][0];}, $pi_groups); + sort($pi_group_CNs); + // FIXME should be sorted_pi_groups + $REDIS->setCache("sorted_groups", "", $pi_group_CNs); + $user_pi_group_member_of = []; + foreach($user_CNs as $uid){ + $user_pi_group_member_of[$uid] = []; + } + foreach($pi_groups as $pi_group){ + if (array_key_exists("memberuid", $pi_group)){ + $REDIS->setCache($pi_group["cn"][0], "members", $pi_group["memberuid"]); + foreach($pi_group["memberuid"] as $member_uid){ + array_push($user_pi_group_member_of[$member_uid], $pi_group["cn"][0]); + } + } else { + $REDIS->setCache($pi_group["cn"][0], "members", []); + } + } + foreach($user_pi_group_member_of as $uid => $pi_groups){ + // FIXME should be pi_groups + $REDIS->setCache($uid, "groups", $pi_groups); + } + $REDIS->setCache("initializing", "", false); + $REDIS->setCache("initialized", "", true); + echo "done!\n"; } -sort($sorted_orgs); -$REDIS->setCache("sorted_orgs", "", $sorted_orgs); - -// Confirmation Message -echo "OK\n"; From fd8395d50ac1a54cad001955851abb6d86f36d4d Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Mon, 7 Apr 2025 13:40:21 -0400 Subject: [PATCH 2/4] fix style --- resources/lib/UnityLDAP.php | 7 ++++--- resources/lib/UnityRedis.php | 3 ++- workers/update-ldap-cache.php | 19 ++++++++++++------- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php index 5b9d52bb..2a5f1a6d 100644 --- a/resources/lib/UnityLDAP.php +++ b/resources/lib/UnityLDAP.php @@ -337,7 +337,8 @@ public function getOrgGroupEntry($gid) return $ldap_entry; } - public static function parseUserChildrenArray(array $userChildrenArray): array{ + public static function parseUserChildrenArray(array $userChildrenArray): array + { // input comes from LdapEntry::getChildrenArray on a UnityUser $output = []; $required_string_attributes = [ @@ -351,14 +352,14 @@ public static function parseUserChildrenArray(array $userChildrenArray): array{ "uid", "uidnumber", ]; - foreach($required_string_attributes as $key){ + foreach ($required_string_attributes as $key) { $output[$key] = $userChildrenArray[$key][0]; } $output["firstname"] = $output["givenname"]; $output["lastname"] = $output["sn"]; $output["org"] = $output["o"]; $output["objectclass"] = $userChildrenArray["objectclass"]; - if(array_key_exists("sspublickey", $userChildrenArray)){ + if (array_key_exists("sspublickey", $userChildrenArray)) { $output["sshpublickey"] = $userChildrenArray["sshpublickey"]; } else { $output["sshpublickey"] = []; diff --git a/resources/lib/UnityRedis.php b/resources/lib/UnityRedis.php index 85cf97a0..54af29ad 100644 --- a/resources/lib/UnityRedis.php +++ b/resources/lib/UnityRedis.php @@ -96,7 +96,8 @@ public function removeCacheArray($object, $key, $value) } } - public function flushAll(){ + public function flushAll() + { $this->client->flushAll(); } } diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php index c43cc44a..ce454049 100644 --- a/workers/update-ldap-cache.php +++ b/workers/update-ldap-cache.php @@ -29,7 +29,9 @@ echo "waiting for LDAP response (users)...\n"; $users = $user_ou->getChildrenArray(true); echo "response received.\n"; - $user_CNs = array_map(function($x){return $x["cn"][0];}, $users); + // phpcs:disable + $user_CNs = array_map(function ($x){return $x["cn"][0];}, $users); + // phpcs:enable sort($user_CNs); $REDIS->setCache("sorted_users", "", $user_CNs); foreach($users as $user){ @@ -43,7 +45,9 @@ echo "waiting for LDAP response (org_groups)...\n"; $org_groups = $org_group_ou->getChildrenArray(true); echo "response received.\n"; + // phpcs:disable $org_group_CNs = array_map(function($x){return $x["cn"][0];}, $org_groups); + // phpcs:enable sort($org_group_CNs); $REDIS->setCache("sorted_orgs", "", $org_group_CNs); foreach($org_groups as $org_group){ @@ -54,25 +58,27 @@ echo "waiting for LDAP response (pi_groups)...\n"; $pi_groups = $pi_group_ou->getChildrenArray(true); echo "response received.\n"; + // phpcs:disable $pi_group_CNs = array_map(function($x){return $x["cn"][0];}, $pi_groups); + // phpcs:enable sort($pi_group_CNs); // FIXME should be sorted_pi_groups $REDIS->setCache("sorted_groups", "", $pi_group_CNs); $user_pi_group_member_of = []; - foreach($user_CNs as $uid){ + foreach ($user_CNs as $uid){ $user_pi_group_member_of[$uid] = []; } - foreach($pi_groups as $pi_group){ - if (array_key_exists("memberuid", $pi_group)){ + foreach ($pi_groups as $pi_group) { + if (array_key_exists("memberuid", $pi_group)) { $REDIS->setCache($pi_group["cn"][0], "members", $pi_group["memberuid"]); - foreach($pi_group["memberuid"] as $member_uid){ + foreach ($pi_group["memberuid"] as $member_uid) { array_push($user_pi_group_member_of[$member_uid], $pi_group["cn"][0]); } } else { $REDIS->setCache($pi_group["cn"][0], "members", []); } } - foreach($user_pi_group_member_of as $uid => $pi_groups){ + foreach ($user_pi_group_member_of as $uid => $pi_groups) { // FIXME should be pi_groups $REDIS->setCache($uid, "groups", $pi_groups); } @@ -80,4 +86,3 @@ $REDIS->setCache("initialized", "", true); echo "done!\n"; } - From a3f814feb4a462abc02b8b2d0c711349074ad7fa Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Mon, 7 Apr 2025 13:44:14 -0400 Subject: [PATCH 3/4] fix style --- workers/update-ldap-cache.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php index ce454049..d75d2e94 100644 --- a/workers/update-ldap-cache.php +++ b/workers/update-ldap-cache.php @@ -34,9 +34,9 @@ // phpcs:enable sort($user_CNs); $REDIS->setCache("sorted_users", "", $user_CNs); - foreach($users as $user){ + foreach($users as $user) { $attribute_array = UnityLDAP::parseUserChildrenArray($user); - foreach($attribute_array as $key => $val){ + foreach($attribute_array as $key => $val) { $REDIS->setCache($user["cn"][0], $key, $val); } } @@ -50,7 +50,7 @@ // phpcs:enable sort($org_group_CNs); $REDIS->setCache("sorted_orgs", "", $org_group_CNs); - foreach($org_groups as $org_group){ + foreach($org_groups as $org_group) { $REDIS->setCache($org_group["cn"][0], "members", $org_group["memberuid"]); } @@ -65,7 +65,7 @@ // FIXME should be sorted_pi_groups $REDIS->setCache("sorted_groups", "", $pi_group_CNs); $user_pi_group_member_of = []; - foreach ($user_CNs as $uid){ + foreach ($user_CNs as $uid) { $user_pi_group_member_of[$uid] = []; } foreach ($pi_groups as $pi_group) { From 47ab86605b6bc361ce82b5326db189a33759a65c Mon Sep 17 00:00:00 2001 From: Simon Leary Date: Mon, 7 Apr 2025 13:45:15 -0400 Subject: [PATCH 4/4] fix style --- workers/update-ldap-cache.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/workers/update-ldap-cache.php b/workers/update-ldap-cache.php index d75d2e94..74a4007b 100644 --- a/workers/update-ldap-cache.php +++ b/workers/update-ldap-cache.php @@ -34,9 +34,9 @@ // phpcs:enable sort($user_CNs); $REDIS->setCache("sorted_users", "", $user_CNs); - foreach($users as $user) { + foreach ($users as $user) { $attribute_array = UnityLDAP::parseUserChildrenArray($user); - foreach($attribute_array as $key => $val) { + foreach ($attribute_array as $key => $val) { $REDIS->setCache($user["cn"][0], $key, $val); } } @@ -50,7 +50,7 @@ // phpcs:enable sort($org_group_CNs); $REDIS->setCache("sorted_orgs", "", $org_group_CNs); - foreach($org_groups as $org_group) { + foreach ($org_groups as $org_group) { $REDIS->setCache($org_group["cn"][0], "members", $org_group["memberuid"]); }