added Windows cleanup job
This commit is contained in:
parent
3bef3a577a
commit
41b0172810
|
@ -2,7 +2,7 @@ September 2016
|
|||
- Windows: allow to show effective members of a group
|
||||
- LAM Pro:
|
||||
-> Group of names/members + roles: allow to show effective members of a group
|
||||
-> Cron jobs: Move or delete expired accounts (Shadow, qmail, FreeRadius)
|
||||
-> Cron jobs: Move or delete expired accounts (Shadow, Windows, qmail, FreeRadius)
|
||||
|
||||
|
||||
21.06.2016 5.4
|
||||
|
|
|
@ -2374,6 +2374,54 @@ mysql> GRANT ALL PRIVILEGES ON lam_cron.* TO 'lam_cron'@'localhost';
|
|||
"2016-12-31".</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Windows: Delete or move expired accounts</title>
|
||||
|
||||
<para>You can automatically delete or move expired accounts.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/jobs_windowsCleanup.png" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</screenshot>
|
||||
|
||||
<table>
|
||||
<title>Options</title>
|
||||
|
||||
<tgroup cols="2">
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><emphasis role="bold">Option</emphasis></entry>
|
||||
|
||||
<entry><emphasis role="bold">Description</emphasis></entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>Delay</entry>
|
||||
|
||||
<entry>Number of days to wait after the account is
|
||||
expired.</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>Action</entry>
|
||||
|
||||
<entry>Delete or move accounts</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>Target DN</entry>
|
||||
|
||||
<entry>Move only: specifies the DN where accounts are
|
||||
moved</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>FreeRadius: Delete or move expired accounts</title>
|
||||
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 13 KiB |
|
@ -3147,7 +3147,8 @@ class windowsUser extends baseModule implements passwordService {
|
|||
*/
|
||||
public function getSupportedJobs(&$config) {
|
||||
return array(
|
||||
new WindowsPasswordNotifyJob()
|
||||
new WindowsPasswordNotifyJob(),
|
||||
new WindowsAccountExpirationCleanupJob()
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -3309,6 +3310,79 @@ if (interface_exists('\LAM\JOB\Job', false)) {
|
|||
|
||||
}
|
||||
|
||||
/**
|
||||
* Job to delete or move users on account expiration.
|
||||
*
|
||||
* @package jobs
|
||||
*/
|
||||
class WindowsAccountExpirationCleanupJob extends \LAM\JOB\AccountExpirationCleanupJob {
|
||||
|
||||
/**
|
||||
* Returns the alias name of the job.
|
||||
*
|
||||
* @return String name
|
||||
*/
|
||||
public function getAlias() {
|
||||
return _('Windows') . ': ' . _('Cleanup expired user accounts');
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the description of the job.
|
||||
*
|
||||
* @return String description
|
||||
*/
|
||||
public function getDescription() {
|
||||
return _('This job deletes or moves user accounts when they expire.');
|
||||
}
|
||||
|
||||
/**
|
||||
* Searches for users in LDAP.
|
||||
*
|
||||
* @param String $jobID unique job identifier
|
||||
* @param array $options config options (name => value)
|
||||
* @return array list of user attributes
|
||||
*/
|
||||
protected function findUsers($jobID, $options) {
|
||||
// read users
|
||||
$attrs = array('accountExpires');
|
||||
$userResults = searchLDAPByFilter('(accountExpires=*)', $attrs, array('user'));
|
||||
return $userResults;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a user is expired.
|
||||
*
|
||||
* @param integer $jobID job ID
|
||||
* @param array $options job settings
|
||||
* @param PDO $pdo PDO
|
||||
* @param DateTime $now current time
|
||||
* @param array $policyOptions list of policy options by getPolicyOptions()
|
||||
* @param array $user user attributes
|
||||
* @param boolean $isDryRun just do a dry run, nothing is modified
|
||||
*/
|
||||
protected function checkSingleUser($jobID, $options, &$pdo, $now, $policyOptions, $user, $isDryRun) {
|
||||
$seconds = substr($user['accountexpires'][0], 0, -7);
|
||||
$expireTime = new DateTime('1601-01-01', new DateTimeZone('UTC'));
|
||||
$expireTime->add(new DateInterval('PT' . $seconds . 'S'));
|
||||
$expireTime->setTimezone(getTimeZone());
|
||||
logNewMessage(LOG_DEBUG, "Expiration on " . $expireTime->format('Y-m-d'));
|
||||
$delay = 0;
|
||||
if (!empty($options[$this->getConfigPrefix() . '_delay' . $jobID][0])) {
|
||||
$delay = $options[$this->getConfigPrefix() . '_delay' . $jobID][0];
|
||||
}
|
||||
$actionTime = clone $expireTime;
|
||||
if ($delay != 0) {
|
||||
$actionTime->add(new DateInterval('P' . $delay . 'D'));
|
||||
}
|
||||
$actionTime->setTimeZone(getTimeZone());
|
||||
logNewMessage(LOG_DEBUG, "Action time on " . $actionTime->format('Y-m-d'));
|
||||
if ($actionTime <= $now) {
|
||||
$this->performAction($jobID, $options, $user, $isDryRun);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue