diff --git a/lam/HISTORY b/lam/HISTORY
index 6848675f..50399b73 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -2,7 +2,7 @@ September 2016
- Windows: allow to show effective members of a group
- LAM Pro:
-> Group of names/members + roles: allow to show effective members of a group
- -> Cron jobs: Move or delete expired accounts (Shadow)
+ -> Cron jobs: Move or delete expired accounts (Shadow, FreeRadius)
21.06.2016 5.4
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 7777db2c..3d06a8b1 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -2371,6 +2371,54 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
@@EXPIRE_DATE_YYYYMMDD@@ will print the date as e.g.
"2016-12-31".
+
+
+ FreeRadius: Delete or move expired accounts
+
+ You can automatically delete or move expired accounts.
+
+
+
+
+
+
+
+
+
+
+ Options
+
+
+
+
+ Option
+
+ Description
+
+
+
+ Delay
+
+ Number of days to wait after the account is
+ expired.
+
+
+
+ Action
+
+ Delete or move accounts
+
+
+
+ Target DN
+
+ Move only: specifies the DN where accounts are
+ moved
+
+
+
+
+
diff --git a/lam/docs/manual-sources/images/jobs_freeRadiusCleanup.png b/lam/docs/manual-sources/images/jobs_freeRadiusCleanup.png
new file mode 100644
index 00000000..edf31600
Binary files /dev/null and b/lam/docs/manual-sources/images/jobs_freeRadiusCleanup.png differ
diff --git a/lam/lib/modules/freeRadius.inc b/lam/lib/modules/freeRadius.inc
index bd68af11..989acdc1 100644
--- a/lam/lib/modules/freeRadius.inc
+++ b/lam/lib/modules/freeRadius.inc
@@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
- Copyright (C) 2011 - 2015 Roland Gruber
+ Copyright (C) 2011 - 2016 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -790,6 +790,94 @@ class freeRadius extends baseModule {
return $this->profileCache;
}
+ /**
+ * Returns a list of jobs that can be run.
+ *
+ * @param LAMConfig $config configuration
+ * @return array list of jobs
+ */
+ public function getSupportedJobs(&$config) {
+ return array(
+ new FreeRadiusAccountExpirationCleanupJob()
+ );
+ }
+
+}
+
+if (interface_exists('\LAM\JOB\Job', false)) {
+
+ include_once dirname(__FILE__) . '/../passwordExpirationJob.inc';
+
+ /**
+ * Job to delete or move users on account expiration.
+ *
+ * @package jobs
+ */
+ class FreeRadiusAccountExpirationCleanupJob extends \LAM\JOB\AccountExpirationCleanupJob {
+
+ /**
+ * Returns the alias name of the job.
+ *
+ * @return String name
+ */
+ public function getAlias() {
+ return _('FreeRadius') . ': ' . _('Cleanup expired user accounts');
+ }
+
+ /**
+ * Returns the description of the job.
+ *
+ * @return String description
+ */
+ public function getDescription() {
+ return _('This job deletes or moves user accounts when they expire.');
+ }
+
+ /**
+ * Searches for users in LDAP.
+ *
+ * @param String $jobID unique job identifier
+ * @param array $options config options (name => value)
+ * @return array list of user attributes
+ */
+ protected function findUsers($jobID, $options) {
+ // read users
+ $attrs = array('radiusExpiration');
+ $userResults = searchLDAPByFilter('(radiusExpiration=*)', $attrs, array('user'));
+ return $userResults;
+ }
+
+ /**
+ * Checks if a user is expired.
+ *
+ * @param integer $jobID job ID
+ * @param array $options job settings
+ * @param PDO $pdo PDO
+ * @param DateTime $now current time
+ * @param array $policyOptions list of policy options by getPolicyOptions()
+ * @param array $user user attributes
+ * @param boolean $isDryRun just do a dry run, nothing is modified
+ */
+ protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
+ $expireTime = DateTime::createFromFormat('d M Y H:i', $user['radiusexpiration'][0], new DateTimeZone('UTC'));
+ logNewMessage(LOG_DEBUG, "Expiration on " . $expireTime->format('Y-m-d'));
+ $delay = 0;
+ if (!empty($options[$this->getConfigPrefix() . '_delay' . $jobID][0])) {
+ $delay = $options[$this->getConfigPrefix() . '_delay' . $jobID][0];
+ }
+ $actionTime = clone $expireTime;
+ if ($delay != 0) {
+ $actionTime->add(new DateInterval('P' . $delay . 'D'));
+ }
+ $actionTime->setTimeZone(getTimeZone());
+ logNewMessage(LOG_DEBUG, "Action time on " . $actionTime->format('Y-m-d'));
+ if ($actionTime <= $now) {
+ $this->performAction($jobID, $options, $user, $isDryRun);
+ }
+ }
+
+ }
+
}
diff --git a/lam/lib/modules/shadowAccount.inc b/lam/lib/modules/shadowAccount.inc
index 8c157105..a66b890e 100644
--- a/lam/lib/modules/shadowAccount.inc
+++ b/lam/lib/modules/shadowAccount.inc
@@ -935,7 +935,7 @@ if (interface_exists('\LAM\JOB\Job', false)) {
}
/**
- * Checks if a user needs to change his password.
+ * Checks if a user is expired.
*
* @param integer $jobID job ID
* @param array $options job settings
@@ -953,9 +953,6 @@ if (interface_exists('\LAM\JOB\Job', false)) {
if (!empty($options[$this->getConfigPrefix() . '_delay' . $jobID][0])) {
$delay = $options[$this->getConfigPrefix() . '_delay' . $jobID][0];
}
- if (!empty($user['shadowwarning'][0]) && ($user['shadowwarning'][0] > 0)) {
- $numDaysToWarn += $user['shadowwarning'][0];
- }
$actionTime = clone $expireTime;
if ($delay != 0) {
$actionTime->add(new DateInterval('P' . $delay . 'D'));