diff --git a/lam/HISTORY b/lam/HISTORY
index e9a71a62..8188ee61 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -2,7 +2,7 @@ September 2016
- Windows: allow to show effective members of a group
- LAM Pro:
-> Group of names/members + roles: allow to show effective members of a group
- -> Cron jobs: Move or delete expired accounts (Shadow, qmail, FreeRadius)
+ -> Cron jobs: Move or delete expired accounts (Shadow, Windows, qmail, FreeRadius)
21.06.2016 5.4
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 65d5c780..6cba09f0 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -2374,6 +2374,54 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
"2016-12-31".
+
+ Windows: Delete or move expired accounts
+
+ You can automatically delete or move expired accounts.
+
+
+
+
+
+
+
+
+
+
+ Options
+
+
+
+
+ Option
+
+ Description
+
+
+
+ Delay
+
+ Number of days to wait after the account is
+ expired.
+
+
+
+ Action
+
+ Delete or move accounts
+
+
+
+ Target DN
+
+ Move only: specifies the DN where accounts are
+ moved
+
+
+
+
+
+
FreeRadius: Delete or move expired accounts
diff --git a/lam/docs/manual-sources/images/jobs_windowsCleanup.png b/lam/docs/manual-sources/images/jobs_windowsCleanup.png
new file mode 100644
index 00000000..42e4a4c3
Binary files /dev/null and b/lam/docs/manual-sources/images/jobs_windowsCleanup.png differ
diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc
index e81d43b3..f91a5dd3 100644
--- a/lam/lib/modules/windowsUser.inc
+++ b/lam/lib/modules/windowsUser.inc
@@ -3147,7 +3147,8 @@ class windowsUser extends baseModule implements passwordService {
*/
public function getSupportedJobs(&$config) {
return array(
- new WindowsPasswordNotifyJob()
+ new WindowsPasswordNotifyJob(),
+ new WindowsAccountExpirationCleanupJob()
);
}
@@ -3309,6 +3310,79 @@ if (interface_exists('\LAM\JOB\Job', false)) {
}
+ /**
+ * Job to delete or move users on account expiration.
+ *
+ * @package jobs
+ */
+ class WindowsAccountExpirationCleanupJob extends \LAM\JOB\AccountExpirationCleanupJob {
+
+ /**
+ * Returns the alias name of the job.
+ *
+ * @return String name
+ */
+ public function getAlias() {
+ return _('Windows') . ': ' . _('Cleanup expired user accounts');
+ }
+
+ /**
+ * Returns the description of the job.
+ *
+ * @return String description
+ */
+ public function getDescription() {
+ return _('This job deletes or moves user accounts when they expire.');
+ }
+
+ /**
+ * Searches for users in LDAP.
+ *
+ * @param String $jobID unique job identifier
+ * @param array $options config options (name => value)
+ * @return array list of user attributes
+ */
+ protected function findUsers($jobID, $options) {
+ // read users
+ $attrs = array('accountExpires');
+ $userResults = searchLDAPByFilter('(accountExpires=*)', $attrs, array('user'));
+ return $userResults;
+ }
+
+ /**
+ * Checks if a user is expired.
+ *
+ * @param integer $jobID job ID
+ * @param array $options job settings
+ * @param PDO $pdo PDO
+ * @param DateTime $now current time
+ * @param array $policyOptions list of policy options by getPolicyOptions()
+ * @param array $user user attributes
+ * @param boolean $isDryRun just do a dry run, nothing is modified
+ */
+ protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
+ $seconds = substr($user['accountexpires'][0], 0, -7);
+ $expireTime = new DateTime('1601-01-01', new DateTimeZone('UTC'));
+ $expireTime->add(new DateInterval('PT' . $seconds . 'S'));
+ $expireTime->setTimezone(getTimeZone());
+ logNewMessage(LOG_DEBUG, "Expiration on " . $expireTime->format('Y-m-d'));
+ $delay = 0;
+ if (!empty($options[$this->getConfigPrefix() . '_delay' . $jobID][0])) {
+ $delay = $options[$this->getConfigPrefix() . '_delay' . $jobID][0];
+ }
+ $actionTime = clone $expireTime;
+ if ($delay != 0) {
+ $actionTime->add(new DateInterval('P' . $delay . 'D'));
+ }
+ $actionTime->setTimeZone(getTimeZone());
+ logNewMessage(LOG_DEBUG, "Action time on " . $actionTime->format('Y-m-d'));
+ if ($actionTime <= $now) {
+ $this->performAction($jobID, $options, $user, $isDryRun);
+ }
+ }
+
+ }
+
}
?>