Merge pull request #10850 from Godmartinz/feature/sc-18937/add-manager-to-ldap-sync

This looks good, thanks!
2024-12-25 13:44:06 -08:00 · 2022-03-29 12:06:01 +01:00 · 2022-03-29 12:06:01 +01:00 · b5f3a357e2
parent e207a5043e a1429ce86b
commit b5f3a357e2
6 changed files with 62 additions and 1 deletions
--- a/app/Console/Commands/LdapSync.php
+++ b/app/Console/Commands/LdapSync.php
@ -56,6 +56,7 @@ class LdapSync extends Command
        $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle;
        $ldap_result_country = Setting::getSettings()->ldap_country;
        $ldap_result_dept = Setting::getSettings()->ldap_dept;
+        $ldap_result_manager = Setting::getSettings()->ldap_manager;

        try {
            $ldapconn = Ldap::connectToLdap();
@ -184,12 +185,12 @@ class LdapSync extends Command
                $item['jobtitle'] = isset($results[$i][$ldap_result_jobtitle][0]) ? $results[$i][$ldap_result_jobtitle][0] : '';
                $item['country'] = isset($results[$i][$ldap_result_country][0]) ? $results[$i][$ldap_result_country][0] : '';
                $item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : '';
+                $item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : '';

                $department = Department::firstOrCreate([
                    'name' => $item['department'],
                ]);

-
                $user = User::where('username', $item['username'])->first();
                if ($user) {
                    // Updating an existing user.
@ -212,6 +213,15 @@ class LdapSync extends Command
                $user->country = $item['country'];
                $user->department_id = $department->id;

+                if($item['manager']!= null) {
+                    //Captures only the Canonical Name
+                    $item['manager'] = ltrim($item['manager'], "CN=");
+                    $item['manager'] = substr($item['manager'],0, strpos($item['manager'], ','));
+                    $ldap_manager = User::where('username', $item['manager'])->first();
+                    $user->manager_id = $ldap_manager->id;
+                }
+
+
                // Sync activated state for Active Directory.
                if (array_key_exists('useraccountcontrol', $results[$i])) {
                    /* The following is _probably_ the correct logic, but we can't use it because
--- a/app/Http/Controllers/SettingsController.php
+++ b/app/Http/Controllers/SettingsController.php
@ -946,6 +946,7 @@ class SettingsController extends Controller
            $setting->ldap_active_flag = $request->input('ldap_active_flag');
            $setting->ldap_emp_num = $request->input('ldap_emp_num');
            $setting->ldap_email = $request->input('ldap_email');
+            $setting->ldap_manager = $request->input('ldap_manager');
            $setting->ad_domain = $request->input('ad_domain');
            $setting->is_ad = $request->input('is_ad', '0');
            $setting->ad_append_domain = $request->input('ad_append_domain', '0');
--- a/app/Models/Ldap.php
+++ b/app/Models/Ldap.php
@ -208,6 +208,7 @@ class Ldap extends Model
        $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle;
        $ldap_result_country = Setting::getSettings()->ldap_country;
        $ldap_result_dept = Setting::getSettings()->ldap_dept;
+        $ldap_result_manager = Setting::getSettings()->ldap_manager;
        // Get LDAP user data
        $item = [];
        $item['username'] = isset($ldapattributes[$ldap_result_username][0]) ? $ldapattributes[$ldap_result_username][0] : '';
@ -219,6 +220,7 @@ class Ldap extends Model
        $item['jobtitle'] = isset($ldapattributes[$ldap_result_jobtitle][0]) ? $ldapattributes[$ldap_result_jobtitle][0] : '';
        $item['country'] = isset($ldapattributes[$ldap_result_country][0]) ? $ldapattributes[$ldap_result_country][0] : '';
        $item['department'] = isset($ldapattributes[$ldap_result_dept][0]) ? $ldapattributes[$ldap_result_dept][0] : '';
+        $item['manager'] = isset($ldapattributes[$ldap_result_manager][0]) ? $ldapattributes[$ldap_result_manager][0] : '';

        return $item;
    }
--- a/database/migrations/2022_03_21_162724_adds_ldap_manager.php
+++ b/database/migrations/2022_03_21_162724_adds_ldap_manager.php
@ -0,0 +1,34 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddsLdapManager extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        //Updates the Settings Table
+        Schema::table('settings', function (Blueprint $table) {
+            $table->string('ldap_manager')->after('ldap_jobtitle')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        //
+        Schema::table('settings', function (Blueprint $table) {
+            $table->dropColumn('ldap_manager');
+        });
+    }
+}
--- a/resources/lang/en/admin/settings/general.php
+++ b/resources/lang/en/admin/settings/general.php
@ -84,6 +84,7 @@ return [
     'ldap_client_tls_key'       => 'LDAP Client-Side TLS key',
    'ldap_login_test_help'      => 'Enter a valid LDAP username and password from the base DN you specified above to test whether your LDAP login is configured correctly. YOU MUST SAVE YOUR UPDATED LDAP SETTINGS FIRST.',
    'ldap_login_sync_help'      => 'This only tests that LDAP can sync correctly. If your LDAP Authentication query is not correct, users may still not be able to login. YOU MUST SAVE YOUR UPDATED LDAP SETTINGS FIRST.',
+    'ldap_manager'              => 'LDAP Manager',
    'ldap_server'               => 'LDAP Server',
    'ldap_server_help'          => 'This should start with ldap:// (for unencrypted or TLS) or ldaps:// (for SSL)',
    'ldap_server_cert'			=> 'LDAP SSL certificate validation',
--- a/resources/views/settings/ldap.blade.php
+++ b/resources/views/settings/ldap.blade.php
@ -383,6 +383,19 @@
                                @endif
                            </div>
                        </div>
+                        <!-- LDAP Manager -->
+                        <div class="form-group {{ $errors->has('ldap_dept') ? 'error' : '' }}">
+                            <div class="col-md-3">
+                                {{ Form::label('ldap_dept', trans('admin/settings/general.ldap_manager')) }}
+                            </div>
+                            <div class="col-md-9">
+                                {{ Form::text('ldap_manager', Request::old('ldap_manager', $setting->ldap_manager), ['class' => 'form-control','placeholder' => 'manager', $setting->demoMode]) }}
+                                {!! $errors->first('ldap_manager', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
+                                @if (config('app.lock_passwords')===true)
+                                    <p class="text-warning"><i class="fas fa-lock" aria-hidden="true"></i> {{ trans('general.feature_disabled') }}</p>
+                                @endif
+                            </div>
+                        </div>

                        <!-- LDAP email -->
                        <div class="form-group {{ $errors->has('ldap_email') ? 'error' : '' }}">