Merge pull request #2789 from laf/issue-2761

Updated active directory auth to support dashboards

daily.php

@@ -121,6 +121,9 @@ if ($options['f'] === 'purgeusers') {
     if (is_numeric($config['radius']['users_purge']) && $config['auth_mechanism'] === 'radius') {
         $purge = $config['radius']['users_purge'];
     }
+    if (is_numeric($config['active_directory']['users_purge']) && $config['auth_mechanism'] === 'active_directory') {
+        $purge = $config['active_directory']['users_purge'];
+    }
     if ($purge > 0) {
         foreach (dbFetchRows("SELECT DISTINCT(`user`) FROM `authlog` WHERE `datetime` >= DATE_SUB(NOW(), INTERVAL ? DAY)", array($purge)) as $user) {
             $users[] = $user['user'];

doc/Extensions/Authentication.md

@@ -116,16 +116,20 @@ If you have issues with secure LDAP try setting `$config['auth_ad_check_certific
 
 If you set ```$config['auth_ad_require_groupmembership']``` to 1, the authenticated user has to be a member of the specific group. Otherwise all users can authenticate, but are limited to user level 0 and only have access to shared dashboards. 
 
+> Cleanup of old accounts is done using the authlog. You will need to set the cleanup date for when old accounts will be purged which will happen AUTOMATICALLY.
+> Please ensure that you set the $config['authlog_purge'] value to be greater than $config['active_directory]['users_purge'] otherwise old users won't be removed.
+
 ##### Sample configuration
 
 ```
-$config['auth_ad_url'] = "ldaps://your-domain.controll.er";
-$config['auth_ad_check_certificates'] = 1; // or 0
-$config['auth_ad_domain'] = "your-domain.com";
-$config['auth_ad_base_dn'] = "dc=your-domain,dc=com";
+$config['auth_ad_url']                      = "ldaps://your-domain.controll.er";
+$config['auth_ad_check_certificates']       = 1; // or 0
+$config['auth_ad_domain']                   = "your-domain.com";
+$config['auth_ad_base_dn']                  = "dc=your-domain,dc=com";
 $config['auth_ad_groups']['admin']['level'] = 10;
-$config['auth_ad_groups']['pfy']['level'] = 7;
-$config['auth_ad_require_groupmembership'] = 0;
+$config['auth_ad_groups']['pfy']['level']   = 7;
+$config['auth_ad_require_groupmembership']  = 0;
+$config['active_directory']['users_purge']  = 14;//Purge users who haven't logged in for 14 days.
 ```
 
 #### Radius Authentication

html/includes/authentication/active_directory.inc.php

@@ -83,10 +83,10 @@ function auth_usermanagement() {
 }
 
 
-function adduser($username) {
+function adduser($username, $level=0, $email='', $realname='', $can_modify_passwd=0, $description='', $twofactor=0) {
     // Check to see if user is already added in the database
     if (!user_exists_in_db($username)) {
-        $userid = dbInsert(array('username' => $username, 'user_id' => get_userid($username), 'level' => "0", 'can_modify_passwd' => 0, 'twofactor' => 0), 'users');
+        $userid = dbInsert(array('username' => $username, 'realname' => $realname, 'email' => $email, 'descr' => $description, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'twofactor' => $twofactor, 'user_id' => get_userid($username)), 'users');
         if ($userid == false) {
             return false;
         }
@@ -161,9 +161,13 @@ function get_userid($username) {
 }
 
 
-function deluser() {
-    // not supported so return 0 
-    return 0;
+function deluser($username) {
+    dbDelete('bill_perms', '`user_name` =  ?', array($username));
+    dbDelete('devices_perms', '`user_name` =  ?', array($username));
+    dbDelete('ports_perms', '`user_name` =  ?', array($username));
+    dbDelete('users_prefs', '`user_name` =  ?', array($username));
+    dbDelete('users', '`user_name` =  ?', array($username));
+    return dbDelete('users', '`username` =  ?', array($username));
 }
 
 
@@ -221,14 +225,12 @@ function can_update_users() {
 
 function get_user($user_id) {
     // not supported so return 0
-    return 0;
+    return dbFetchRow('SELECT * FROM `users` WHERE `user_id` = ?', array($user_id), true);
 }
 
 
 function update_user($user_id, $realname, $level, $can_modify_passwd, $email) {
-    // not supported so return 0 
-    return 0;
-
+    dbUpdate(array('realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
 }