added Windows cleanup job
This commit is contained in:
Roland Gruber
parent
3bef3a577a
commit
41b0172810
|
|
@ -2,7 +2,7 @@ September 2016
|
||||||
- Windows: allow to show effective members of a group
|
- Windows: allow to show effective members of a group
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
-> Group of names/members + roles: allow to show effective members of a group
|
-> Group of names/members + roles: allow to show effective members of a group
|
||||||
-> Cron jobs: Move or delete expired accounts (Shadow, qmail, FreeRadius)
|
-> Cron jobs: Move or delete expired accounts (Shadow, Windows, qmail, FreeRadius)
|
||||||
|
|
||||||
|
|
||||||
21.06.2016 5.4
|
21.06.2016 5.4
|
||||||
|
|
|
||||||
|
|
@ -2374,6 +2374,54 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
||||||
"2016-12-31".</para>
|
"2016-12-31".</para>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Windows: Delete or move expired accounts</title>
|
||||||
|
|
||||||
|
<para>You can automatically delete or move expired accounts.</para>
|
||||||
|
|
||||||
|
<screenshot>
|
||||||
|
<mediaobject>
|
||||||
|
<imageobject>
|
||||||
|
<imagedata fileref="images/jobs_windowsCleanup.png" />
|
||||||
|
</imageobject>
|
||||||
|
</mediaobject>
|
||||||
|
</screenshot>
|
||||||
|
|
||||||
|
<table>
|
||||||
|
<title>Options</title>
|
||||||
|
|
||||||
|
<tgroup cols="2">
|
||||||
|
<tbody>
|
||||||
|
<row>
|
||||||
|
<entry><emphasis role="bold">Option</emphasis></entry>
|
||||||
|
|
||||||
|
<entry><emphasis role="bold">Description</emphasis></entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Delay</entry>
|
||||||
|
|
||||||
|
<entry>Number of days to wait after the account is
|
||||||
|
expired.</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Action</entry>
|
||||||
|
|
||||||
|
<entry>Delete or move accounts</entry>
|
||||||
|
</row>
|
||||||
|
|
||||||
|
<row>
|
||||||
|
<entry>Target DN</entry>
|
||||||
|
|
||||||
|
<entry>Move only: specifies the DN where accounts are
|
||||||
|
moved</entry>
|
||||||
|
</row>
|
||||||
|
</tbody>
|
||||||
|
</tgroup>
|
||||||
|
</table>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section>
|
<section>
|
||||||
<title>FreeRadius: Delete or move expired accounts</title>
|
<title>FreeRadius: Delete or move expired accounts</title>
|
||||||
|
|
||||||
|
|
|
||||||
Binary file not shown.
|
After Width: | Height: | Size: 13 KiB |
|
|
@ -3147,7 +3147,8 @@ class windowsUser extends baseModule implements passwordService {
|
||||||
*/
|
*/
|
||||||
public function getSupportedJobs(&$config) {
|
public function getSupportedJobs(&$config) {
|
||||||
return array(
|
return array(
|
||||||
new WindowsPasswordNotifyJob()
|
new WindowsPasswordNotifyJob(),
|
||||||
|
new WindowsAccountExpirationCleanupJob()
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -3309,6 +3310,79 @@ if (interface_exists('\LAM\JOB\Job', false)) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Job to delete or move users on account expiration.
|
||||||
|
*
|
||||||
|
* @package jobs
|
||||||
|
*/
|
||||||
|
class WindowsAccountExpirationCleanupJob extends \LAM\JOB\AccountExpirationCleanupJob {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the alias name of the job.
|
||||||
|
*
|
||||||
|
* @return String name
|
||||||
|
*/
|
||||||
|
public function getAlias() {
|
||||||
|
return _('Windows') . ': ' . _('Cleanup expired user accounts');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the description of the job.
|
||||||
|
*
|
||||||
|
* @return String description
|
||||||
|
*/
|
||||||
|
public function getDescription() {
|
||||||
|
return _('This job deletes or moves user accounts when they expire.');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Searches for users in LDAP.
|
||||||
|
*
|
||||||
|
* @param String $jobID unique job identifier
|
||||||
|
* @param array $options config options (name => value)
|
||||||
|
* @return array list of user attributes
|
||||||
|
*/
|
||||||
|
protected function findUsers($jobID, $options) {
|
||||||
|
// read users
|
||||||
|
$attrs = array('accountExpires');
|
||||||
|
$userResults = searchLDAPByFilter('(accountExpires=*)', $attrs, array('user'));
|
||||||
|
return $userResults;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if a user is expired.
|
||||||
|
*
|
||||||
|
* @param integer $jobID job ID
|
||||||
|
* @param array $options job settings
|
||||||
|
* @param PDO $pdo PDO
|
||||||
|
* @param DateTime $now current time
|
||||||
|
* @param array $policyOptions list of policy options by getPolicyOptions()
|
||||||
|
* @param array $user user attributes
|
||||||
|
* @param boolean $isDryRun just do a dry run, nothing is modified
|
||||||
|
*/
|
||||||
|
protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
|
||||||
|
$seconds = substr($user['accountexpires'][0], 0, -7);
|
||||||
|
$expireTime = new DateTime('1601-01-01', new DateTimeZone('UTC'));
|
||||||
|
$expireTime->add(new DateInterval('PT' . $seconds . 'S'));
|
||||||
|
$expireTime->setTimezone(getTimeZone());
|
||||||
|
logNewMessage(LOG_DEBUG, "Expiration on " . $expireTime->format('Y-m-d'));
|
||||||
|
$delay = 0;
|
||||||
|
if (!empty($options[$this->getConfigPrefix() . '_delay' . $jobID][0])) {
|
||||||
|
$delay = $options[$this->getConfigPrefix() . '_delay' . $jobID][0];
|
||||||
|
}
|
||||||
|
$actionTime = clone $expireTime;
|
||||||
|
if ($delay != 0) {
|
||||||
|
$actionTime->add(new DateInterval('P' . $delay . 'D'));
|
||||||
|
}
|
||||||
|
$actionTime->setTimeZone(getTimeZone());
|
||||||
|
logNewMessage(LOG_DEBUG, "Action time on " . $actionTime->format('Y-m-d'));
|
||||||
|
if ($actionTime <= $now) {
|
||||||
|
$this->performAction($jobID, $options, $user, $isDryRun);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue