#140 account expiration job

This commit is contained in:
Roland Gruber 2018-11-03 11:22:19 +01:00
parent b42c694a8a
commit 22bc951171
1 changed files with 99 additions and 2 deletions

View File

@ -1713,7 +1713,12 @@ class windowsUser extends baseModule implements passwordService {
} }
elseif (strpos($buttonName, '_del') !== false) { elseif (strpos($buttonName, '_del') !== false) {
// remove attribute value // remove attribute value
if (!isset($this->orig[$attr][0])) {
unset($this->attributes[$attr]); unset($this->attributes[$attr]);
}
else {
$this->attributes[$attr][0] = '0';
}
// sync other modules // sync other modules
if (isset($_POST['syncShadow']) && ($_POST['syncShadow'] == 'on')) { if (isset($_POST['syncShadow']) && ($_POST['syncShadow'] == 'on')) {
$this->getAccountContainer()->getAccountModule('shadowAccount')->setExpirationDate( $this->getAccountContainer()->getAccountModule('shadowAccount')->setExpirationDate(
@ -3546,7 +3551,8 @@ class windowsUser extends baseModule implements passwordService {
public function getSupportedJobs(&$config) { public function getSupportedJobs(&$config) {
return array( return array(
new WindowsPasswordNotifyJob(), new WindowsPasswordNotifyJob(),
new WindowsAccountExpirationCleanupJob() new WindowsAccountExpirationCleanupJob(),
new WindowsAccountExpirationNotifyJob()
); );
} }
@ -3779,6 +3785,97 @@ if (interface_exists('\LAM\JOB\Job', false)) {
} }
/**
* Job to notify users about account expiration.
*
* @package jobs
*/
class WindowsAccountExpirationNotifyJob extends \LAM\JOB\PasswordExpirationJob {
/**
* {@inheritDoc}
* @see \LAM\JOB\Job::getAlias()
*/
public function getAlias() {
return _('Windows') . ': ' . _('Notify users about account expiration');
}
/**
* {@inheritDoc}
* @see \LAM\JOB\PasswordExpirationJob::getDescription()
*/
public function getDescription() {
return _('This job sends out emails to inform your users that their account will expire soon.');
}
/**
* {@inheritDoc}
* @see \LAM\JOB\PasswordExpirationJob::findUsers()
*/
protected function findUsers($jobID, $options) {
// read users
$sysattrs = array('mail', 'accountExpires', 'useraccountcontrol');
$attrs = $this->getAttrWildcards($jobID, $options);
$attrs = array_values(array_unique(array_merge($attrs, $sysattrs)));
$userResults = searchLDAPByFilter('(&(accountExpires=*)(!(accountExpires=0))(mail=*))', $attrs, array('user'));
return $userResults;
}
/**
* {@inheritDoc}
* @see \LAM\JOB\PasswordExpirationJob::checkSingleUser()
*/
protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
$dn = $user['dn'];
// skip if account is deactivated
if (windowsUser::isDeactivated($user)) {
$this->jobResultLog->logDebug($dn . ' is deactivated.');
return;
}
// skip if account itself is expired
if (!empty($user['accountexpires'][0])) {
$accountExpiration = windowsUser::getFileTime($user['accountexpires'][0]);
if ($accountExpiration <= $now) {
$this->jobResultLog->logDebug($dn . ' already expired');
return;
}
}
// get time when account expires
$expirationTime = windowsUser::getFileTime($user['accountexpires'][0]);
$this->jobResultLog->logDebug("Account expiration on " . $expirationTime->format('Y-m-d'));
$numDaysToWarn = $options[$this->getConfigPrefix() . '_mailNotificationPeriod' . $jobID][0];
$this->jobResultLog->logDebug("Number of days before warning " . $numDaysToWarn);
// calculate time of notification
$notifyTime = clone $expirationTime;
$notifyTime->sub(new DateInterval('P' . $numDaysToWarn . 'D'));
$notifyTime->setTimeZone(getTimeZone());
$this->jobResultLog->logDebug("Password notification on " . $notifyTime->format('Y-m-d H:i'));
// skip if notification is in the future
if ($notifyTime > $now) {
$this->jobResultLog->logDebug($dn . ' does not need notification yet.');
return;
}
$dbLastChange = $this->getDBLastPwdChangeTime($jobID, $pdo, $dn);
// skip entries where mail was already sent
if ($dbLastChange == $user['accountexpires'][0]) {
$this->jobResultLog->logDebug($dn . ' was already notified.');
return;
}
if ($isDryRun) {
// no action for dry run
$this->jobResultLog->logInfo('Not sending email to ' . $dn . ' because of dry run.');
return;
}
// send email
$success = $this->sendMail($options, $jobID, $user, $expirationTime);
// update DB if mail was sent successfully
if ($success) {
$this->setDBLastPwdChangeTime($jobID, $pdo, $dn, $user['accountexpires'][0]);
}
}
}
/** /**
* Job to delete or move users on account expiration. * Job to delete or move users on account expiration.
* *