added Windows cleanup job

This commit is contained in:
Roland Gruber 2016-07-17 10:26:22 +02:00
parent 3bef3a577a
commit 41b0172810
4 changed files with 124 additions and 2 deletions

View File

@ -2,7 +2,7 @@ September 2016
- Windows: allow to show effective members of a group - Windows: allow to show effective members of a group
- LAM Pro: - LAM Pro:
-> Group of names/members + roles: allow to show effective members of a group -> Group of names/members + roles: allow to show effective members of a group
-> Cron jobs: Move or delete expired accounts (Shadow, qmail, FreeRadius) -> Cron jobs: Move or delete expired accounts (Shadow, Windows, qmail, FreeRadius)
21.06.2016 5.4 21.06.2016 5.4

View File

@ -2374,6 +2374,54 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
"2016-12-31".</para> "2016-12-31".</para>
</section> </section>
<section>
<title>Windows: Delete or move expired accounts</title>
<para>You can automatically delete or move expired accounts.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/jobs_windowsCleanup.png" />
</imageobject>
</mediaobject>
</screenshot>
<table>
<title>Options</title>
<tgroup cols="2">
<tbody>
<row>
<entry><emphasis role="bold">Option</emphasis></entry>
<entry><emphasis role="bold">Description</emphasis></entry>
</row>
<row>
<entry>Delay</entry>
<entry>Number of days to wait after the account is
expired.</entry>
</row>
<row>
<entry>Action</entry>
<entry>Delete or move accounts</entry>
</row>
<row>
<entry>Target DN</entry>
<entry>Move only: specifies the DN where accounts are
moved</entry>
</row>
</tbody>
</tgroup>
</table>
</section>
<section> <section>
<title>FreeRadius: Delete or move expired accounts</title> <title>FreeRadius: Delete or move expired accounts</title>

Binary file not shown.

After

Width:  |  Height:  |  Size: 13 KiB

View File

@ -3147,7 +3147,8 @@ class windowsUser extends baseModule implements passwordService {
*/ */
public function getSupportedJobs(&$config) { public function getSupportedJobs(&$config) {
return array( return array(
new WindowsPasswordNotifyJob() new WindowsPasswordNotifyJob(),
new WindowsAccountExpirationCleanupJob()
); );
} }
@ -3309,6 +3310,79 @@ if (interface_exists('\LAM\JOB\Job', false)) {
} }
/**
* Job to delete or move users on account expiration.
*
* @package jobs
*/
class WindowsAccountExpirationCleanupJob extends \LAM\JOB\AccountExpirationCleanupJob {
/**
* Returns the alias name of the job.
*
* @return String name
*/
public function getAlias() {
return _('Windows') . ': ' . _('Cleanup expired user accounts');
}
/**
* Returns the description of the job.
*
* @return String description
*/
public function getDescription() {
return _('This job deletes or moves user accounts when they expire.');
}
/**
* Searches for users in LDAP.
*
* @param String $jobID unique job identifier
* @param array $options config options (name => value)
* @return array list of user attributes
*/
protected function findUsers($jobID, $options) {
// read users
$attrs = array('accountExpires');
$userResults = searchLDAPByFilter('(accountExpires=*)', $attrs, array('user'));
return $userResults;
}
/**
* Checks if a user is expired.
*
* @param integer $jobID job ID
* @param array $options job settings
* @param PDO $pdo PDO
* @param DateTime $now current time
* @param array $policyOptions list of policy options by getPolicyOptions()
* @param array $user user attributes
* @param boolean $isDryRun just do a dry run, nothing is modified
*/
protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
$seconds = substr($user['accountexpires'][0], 0, -7);
$expireTime = new DateTime('1601-01-01', new DateTimeZone('UTC'));
$expireTime->add(new DateInterval('PT' . $seconds . 'S'));
$expireTime->setTimezone(getTimeZone());
logNewMessage(LOG_DEBUG, "Expiration on " . $expireTime->format('Y-m-d'));
$delay = 0;
if (!empty($options[$this->getConfigPrefix() . '_delay' . $jobID][0])) {
$delay = $options[$this->getConfigPrefix() . '_delay' . $jobID][0];
}
$actionTime = clone $expireTime;
if ($delay != 0) {
$actionTime->add(new DateInterval('P' . $delay . 'D'));
}
$actionTime->setTimeZone(getTimeZone());
logNewMessage(LOG_DEBUG, "Action time on " . $actionTime->format('Y-m-d'));
if ($actionTime <= $now) {
$this->performAction($jobID, $options, $user, $isDryRun);
}
}
}
} }
?> ?>