Remove davical upgrade log on package removal.
[davical.git] / inc / drivers_ldap.php
bloba784e48e6cc1837c17e2609b6fe1471598107311
1 <?php
2 /**
3 * Manages LDAP repository connection
5 * @package davical
6 * @category Technical
7 * @subpackage ldap
8 * @author Maxime Delorme <mdelorme@tennaxia.net>,
9 * Andrew McMillan <andrew@mcmillan.net.nz>
10 * @copyright Maxime Delorme
11 * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
14 require_once("auth-functions.php");
16 class ldapDrivers
18 /**#@+
19 * @access private
22 /**
23 * Holds the LDAP connection parameters
25 var $connect;
27 /**#@-*/
30 /**
31 * Initializes the LDAP connection
33 * @param array $config The configuration data
35 function __construct($config)
37 global $c;
38 $host=$config['host'];
39 $port=$config['port'];
40 if(!function_exists('ldap_connect')){
41 $c->messages[] = i18n("drivers_ldap : function ldap_connect not defined, check your php_ldap module");
42 $this->valid=false;
43 return ;
46 //Set LDAP protocol version
47 if (isset($config['protocolVersion']))
48 ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, $config['protocolVersion']);
49 if (isset($config['optReferrals']))
50 ldap_set_option($this->connect, LDAP_OPT_REFERRALS, $config['optReferrals']);
52 if ($port)
53 $this->connect=ldap_connect($host, $port);
54 else
55 $this->connect=ldap_connect($host);
57 if (! $this->connect){
58 $c->messages[] = sprintf(translate( 'drivers_ldap : Unable to connect to LDAP with port %s on host %s'), $port, $host );
59 $this->valid=false;
60 return ;
63 dbg_error_log( "LDAP", "drivers_ldap : Connected to LDAP server %s",$host );
65 // Start TLS if desired (requires protocol version 3)
66 if (isset($config['startTLS'])) {
67 if (!ldap_set_option($this->connect, LDAP_OPT_PROTOCOL_VERSION, 3)) {
68 $c->messages[] = i18n('drivers_ldap : Failed to set LDAP to use protocol version 3, TLS not supported');
69 $this->valid=false;
70 return;
72 if (!ldap_start_tls($this->connect)) {
73 $c->messages[] = i18n('drivers_ldap : Could not start TLS: ldap_start_tls() failed');
74 $this->valid=false;
75 return;
79 //Set the search scope to be used, default to subtree. This sets the functions to be called later.
80 if (!isset($config['scope'])) $config['scope'] = 'subtree';
81 switch (strtolower($config['scope'])) {
82 case "base":
83 $this->ldap_query_one = 'ldap_read';
84 $this->ldap_query_all = 'ldap_read';
85 break;
86 case "onelevel":
87 $this->ldap_query_one = 'ldap_list';
88 $this->ldap_query_all = 'ldap_search';
89 break;
90 default:
91 $this->ldap_query_one = 'ldap_search';
92 $this->ldap_query_all = 'ldap_search';
93 break;
96 //connect as root
97 if (!ldap_bind($this->connect, (isset($config['bindDN']) ? $config['bindDN'] : null), (isset($config['passDN']) ? $config['passDN'] : null) ) ){
98 $bindDN = isset($config['bindDN']) ? $config['bindDN'] : 'anonymous';
99 $passDN = isset($config['passDN']) ? $config['passDN'] : 'anonymous';
100 dbg_error_log( "LDAP", i18n('drivers_ldap : Failed to bind to host %1$s on port %2$s with bindDN of %3$s'), $host, $port, $bindDN );
101 $c->messages[] = i18n( 'drivers_ldap : Unable to bind to LDAP - check your configuration for bindDN and passDN, and that your LDAP server is reachable');
102 $this->valid=false;
103 return ;
105 $this->valid = true;
106 //root to start search
107 $this->baseDNUsers = is_string($config['baseDNUsers']) ? array($config['baseDNUsers']) : $config['baseDNUsers'];
108 $this->filterUsers = (isset($config['filterUsers']) ? $config['filterUsers'] : null);
109 $this->baseDNGroups = is_string($config['baseDNGroups']) ? array($config['baseDNGroups']) : $config['baseDNGroups'];
110 $this->filterGroups = (isset($config['filterGroups']) ? $config['filterGroups'] : null);
114 * Retrieve all users from the LDAP directory
116 function getAllUsers($attributes){
117 global $c;
119 $query = $this->ldap_query_all;
121 foreach($this->baseDNUsers as $baseDNUsers) {
122 $entry = $query($this->connect,$baseDNUsers,$this->filterUsers,$attributes);
124 if (!ldap_first_entry($this->connect,$entry)) {
125 $c->messages[] = sprintf(translate('Error NoUserFound with filter >%s<, attributes >%s< , dn >%s<'),
126 $this->filterUsers,
127 join(', ', $attributes),
128 $baseDNUsers);
130 $row = array();
131 for($i = ldap_first_entry($this->connect,$entry);
132 $i && $arr = ldap_get_attributes($this->connect,$i);
133 $i = ldap_next_entry($this->connect,$i) ) {
134 $row = array();
135 for ($j=0; $j < $arr['count']; $j++) {
136 $row[$arr[$j]] = $arr[$arr[$j]][0];
138 $ret[]=$row;
141 return $ret;
145 * Retrieve all groups from the LDAP directory
147 function getAllGroups($attributes){
148 global $c;
150 $query = $this->ldap_query_all;
152 foreach($this->baseDNGroups as $baseDNGroups) {
153 $entry = $query($this->connect,$baseDNGroups,$this->filterGroups,$attributes);
155 if (!ldap_first_entry($this->connect,$entry)) {
156 $c->messages[] = sprintf(translate('Error NoGroupFound with filter >%s<, attributes >%s< , dn >%s<'),
157 $this->filterGroups,
158 join(', ', $attributes),
159 $baseDNGroups);
161 $row = array();
162 for($i = ldap_first_entry($this->connect,$entry);
163 $i && $arr = ldap_get_attributes($this->connect,$i);
164 $i = ldap_next_entry($this->connect,$i) ) {
165 for ($j=0; $j < $arr['count']; $j++) {
166 $row[$arr[$j]] = count($arr[$arr[$j]])>2?$arr[$arr[$j]]:$arr[$arr[$j]][0];
168 $ret[]=$row;
171 return $ret;
175 * Returns the result of the LDAP query
177 * @param string $filter The filter used to search entries
178 * @param array $attributes Attributes to be returned
179 * @param string $passwd password to check
180 * @return array Contains selected attributes from all entries corresponding to the given filter
182 function requestUser( $filter, $attributes=NULL, $username, $passwd) {
183 global $c;
185 $entry=NULL;
186 // We get the DN of the USER
187 $query = $this->ldap_query_one;
189 foreach($this->baseDNUsers as $baseDNUsers) {
190 $entry = $query($this->connect, $baseDNUsers, $filter, $attributes);
192 if (ldap_first_entry($this->connect,$entry) )
193 break;
195 dbg_error_log( "LDAP", "drivers_ldap : Failed to find user with baseDN: %s", $baseDNUsers );
198 if ( !ldap_first_entry($this->connect, $entry) ){
199 dbg_error_log( "ERROR", "drivers_ldap : Unable to find the user with filter %s",$filter );
200 return false;
201 } else {
202 dbg_error_log( "LDAP", "drivers_ldap : Found a user using filter %s",$filter );
205 $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
207 if ( isset($c->authenticate_hook['config']['i_use_mode_kerberos']) && $c->authenticate_hook['config']['i_use_mode_kerberos'] == "i_know_what_i_am_doing") {
208 dbg_error_log( "LOG", "drivers_ldap : Skipping password Check for user %s which should be the same as %s",$username , $_SERVER["REMOTE_USER"]);
209 if ($username != $_SERVER["REMOTE_USER"]) {
210 return false;
213 else if ( empty($passwd) || preg_match('/[\x00-\x19]/',$passwd) ) {
214 // See http://www.php.net/manual/en/function.ldap-bind.php#73718 for more background
215 dbg_error_log( 'LDAP', 'drivers_ldap : user %s supplied empty or invalid password: login rejected', $dnUser );
216 return false;
218 else {
219 if ( !@ldap_bind($this->connect, $dnUser, $passwd) ) {
220 dbg_error_log( "LDAP", "drivers_ldap : Failed to bind to user %s ", $dnUser );
221 return false;
225 dbg_error_log( "LDAP", "drivers_ldap : Bound to user %s using password %s", $dnUser,
226 (isset($c->dbg['password']) && $c->dbg['password'] ? $passwd : 'another delicious password for the debugging monster!') );
228 $i = ldap_first_entry($this->connect,$entry);
229 $arr = ldap_get_attributes($this->connect,$i);
230 for( $i=0; $i<$arr['count']; $i++ ) {
231 $ret[$arr[$i]]=$arr[$arr[$i]][0];
233 return $ret;
240 * A generic function to create and fetch static objects
242 function getStaticLdap() {
243 global $c;
244 // Declare a static variable to hold the object instance
245 static $instance;
247 // If the instance is not there, create one
248 if(!isset($instance)) {
249 $ldapDrivers = new ldapDrivers($c->authenticate_hook['config']);
251 return $ldapDrivers;
256 * Synchronise a cached user with one from LDAP
257 * @param object $principal A Principal object to be updated (or created)
259 function sync_user_from_LDAP( Principal &$principal, $mapping, $ldap_values ) {
260 global $c;
262 dbg_error_log( "LDAP", "Going to sync the user from LDAP" );
264 $fields_to_set = array();
265 $updateable_fields = Principal::updateableFields();
266 foreach( $updateable_fields AS $field ) {
267 if ( isset($mapping[$field]) && isset($ldap_values[$mapping[$field]]) ) {
268 $fields_to_set[$field] = $ldap_values[$mapping[$field]];
269 dbg_error_log( "LDAP", "Setting usr->%s to %s from LDAP field %s", $field, $ldap_values[$mapping[$field]], $mapping[$field] );
271 else if ( isset($c->authenticate_hook['config']['default_value']) && is_array($c->authenticate_hook['config']['default_value'])
272 && isset($c->authenticate_hook['config']['default_value'][$field] ) ) {
273 $fields_to_set[$field] = $c->authenticate_hook['config']['default_value'][$field];
274 dbg_error_log( "LDAP", "Setting usr->%s to %s from configured defaults", $field, $c->authenticate_hook['config']['default_value'][$field] );
278 if ( $principal->Exists() ) {
279 $principal->Update($fields_to_set);
281 else {
282 $principal->Create($fields_to_set);
283 CreateHomeCollections($principal->username());
284 CreateDefaultRelationships($principal->username());
290 * Check the username / password against the LDAP server
292 function LDAP_check($username, $password ){
293 global $c;
295 $ldapDriver = getStaticLdap();
296 if ( !$ldapDriver->valid ) {
297 dbg_error_log( "ERROR", "Couldn't contact LDAP server for authentication" );
298 return false;
301 $mapping = $c->authenticate_hook['config']['mapping_field'];
302 if ( isset($mapping['active']) && !isset($mapping['user_active']) ) {
303 // Backward compatibility: now 'user_active'
304 $mapping['user_active'] = $mapping['active'];
305 unset($mapping['active']);
307 if ( isset($mapping['updated']) && !isset($mapping['modified']) ) {
308 // Backward compatibility: now 'modified'
309 $mapping['modified'] = $mapping['updated'];
310 unset($mapping['updated']);
312 $attributes = array_values($mapping);
315 * If the config contains a filter that starts with a ( then believe
316 * them and don't modify it, otherwise wrap the filter.
318 $filter_munge = "";
319 if ( preg_match( '/^\(/', $ldapDriver->filterUsers ) ) {
320 $filter_munge = $ldapDriver->filterUsers;
322 else if ( isset($ldapDriver->filterUsers) && $ldapDriver->filterUsers != '' ) {
323 $filter_munge = "($ldapDriver->filterUsers)";
326 $filter = "(&$filter_munge(".$mapping['username']."=$username))";
327 $valid = $ldapDriver->requestUser( $filter, $attributes, $username, $password );
329 // is a valid user or not
330 if ( !$valid ) {
331 dbg_error_log( "LDAP", "user %s is not a valid user",$username );
332 return false;
335 $ldap_timestamp = $valid[$mapping['modified']];
338 * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
340 foreach($c->authenticate_hook['config']['format_updated'] as $k => $v)
341 $$k = substr($ldap_timestamp,$v[0],$v[1]);
343 $ldap_timestamp = "$Y"."$m"."$d"."$H"."$M"."$S";
344 $valid[$mapping['modified']] = "$Y-$m-$d $H:$M:$S";
346 $principal = new Principal('username',$username);
347 if ( $principal->Exists() ) {
348 // should we update it ?
349 $db_timestamp = $principal->modified;
350 $db_timestamp = substr(strtr($db_timestamp, array(':' => '',' '=>'','-'=>'')),0,14);
351 if( $ldap_timestamp <= $db_timestamp ) {
352 return $principal; // no need to update
354 // we will need to update the user record
356 else {
357 dbg_error_log( "LDAP", "user %s doesn't exist in local DB, we need to create it",$username );
359 $principal->setUsername($username);
361 // The local cached user doesn't exist, or is older, so we create/update their details
362 sync_user_from_LDAP( $principal, $mapping, $valid );
364 return $principal;
369 * sync LDAP Groups against the DB
371 function sync_LDAP_groups(){
372 global $c;
373 $ldapDriver = getStaticLdap();
374 if ( ! $ldapDriver->valid ) return;
376 $mapping = $c->authenticate_hook['config']['group_mapping_field'];
377 //$attributes = array('cn','modifyTimestamp','memberUid');
378 $attributes = array_values($mapping);
379 $ldap_groups_tmp = $ldapDriver->getAllGroups($attributes);
381 if ( sizeof($ldap_groups_tmp) == 0 ) return;
383 $member_field = $mapping['members'];
385 foreach($ldap_groups_tmp as $key => $ldap_group){
386 $group_mapping = $ldap_group[$mapping['username']];
387 $ldap_groups_info[$group_mapping] = $ldap_group;
388 if ( is_array($ldap_groups_info[$group_mapping][$member_field]) ) {
389 unset( $ldap_groups_info[$group_mapping][$member_field]['count'] );
391 else {
392 $ldap_groups_info[$group_mapping][$member_field] = array($ldap_groups_info[$group_mapping][$member_field]);
394 unset($ldap_groups_tmp[$key]);
396 $db_groups = array();
397 $db_group_members = array();
398 $qry = new AwlQuery( "SELECT g.username AS group_name, member.username AS member_name FROM dav_principal g LEFT JOIN group_member ON (g.principal_id=group_member.group_id) LEFT JOIN dav_principal member ON (member.principal_id=group_member.member_id) WHERE g.type_id = 3");
399 $qry->Exec('sync_LDAP',__LINE__,__FILE__);
400 while($db_group = $qry->Fetch()) {
401 $db_groups[$db_group->group_name] = $db_group->group_name;
402 $db_group_members[$db_group->group_name][] = $db_group->member_name;
405 $ldap_groups = array_keys($ldap_groups_info);
406 // users only in ldap
407 $groups_to_create = array_diff($ldap_groups,$db_groups);
408 // users only in db
409 $groups_to_deactivate = array_diff($db_groups,$ldap_groups);
410 // users present in ldap and in the db
411 $groups_to_update = array_intersect($db_groups,$ldap_groups);
413 if ( sizeof ( $groups_to_create ) ){
414 $c->messages[] = sprintf(i18n('- creating groups : %s'),join(', ',$groups_to_create));
415 $validUserFields = get_fields('usr');
416 foreach ( $groups_to_create as $k => $group ){
417 $user = (object) array();
419 if ( isset($c->authenticate_hook['config']['default_value']) && is_array($c->authenticate_hook['config']['default_value']) ) {
420 foreach ( $c->authenticate_hook['config']['default_value'] as $field => $value ) {
421 if ( isset($validUserFields[$field]) ) {
422 $user->{$field} = $value;
423 dbg_error_log( "LDAP", "Setting usr->%s to %s from configured defaults", $field, $value );
427 $user->user_no = 0;
428 $ldap_values = $ldap_groups_info[$group];
429 foreach ( $mapping as $field => $value ) {
430 dbg_error_log( "LDAP", "Considering copying %s", $field );
431 if ( isset($validUserFields[$field]) ) {
432 $user->{$field} = $ldap_values[$value];
433 dbg_error_log( "LDAP", "Setting usr->%s to %s from LDAP field %s", $field, $ldap_values[$value], $value );
436 if ($user->fullname=="") {
437 $user->fullname = $group;
439 if ($user->displayname=="") {
440 $user->displayname = $group;
442 $user->username = $group;
443 $user->updated = "now"; /** @todo Use the 'updated' timestamp from LDAP for groups too */
445 $principal = new Principal('username',$group);
446 if ( $principal->Exists() ) {
447 $principal->Update($user);
449 else {
450 $principal->Create($user);
453 $qry = new AwlQuery( "UPDATE dav_principal set type_id = 3 WHERE username=:group ",array(':group'=>$group) );
454 $qry->Exec('sync_LDAP',__LINE__,__FILE__);
455 Principal::cacheDelete('username', $group);
456 $c->messages[] = sprintf(i18n('- adding users %s to group : %s'),join(',',$ldap_groups_info[$group][$mapping['members']]),$group);
457 foreach ( $ldap_groups_info[$group][$mapping['members']] as $member ){
458 $qry = new AwlQuery( "INSERT INTO group_member SELECT g.principal_id AS group_id,u.principal_id AS member_id FROM dav_principal g, dav_principal u WHERE g.username=:group AND u.username=:member;",array (':group'=>$group,':member'=>$member) );
459 $qry->Exec('sync_LDAP_groups',__LINE__,__FILE__);
460 Principal::cacheDelete('username', $member);
465 if ( sizeof ( $groups_to_update ) ){
466 $c->messages[] = sprintf(i18n('- updating groups : %s'),join(', ',$groups_to_update));
467 foreach ( $groups_to_update as $group ){
468 $db_members = array_values ( $db_group_members[$group] );
469 $ldap_members = array_values ( $ldap_groups_info[$group][$member_field] );
470 $add_users = array_diff ( $ldap_members, $db_members );
471 if ( sizeof ( $add_users ) ){
472 $c->messages[] = sprintf(i18n('- adding %s to group : %s'),join(', ', $add_users ), $group);
473 foreach ( $add_users as $member ){
474 $qry = new AwlQuery( "INSERT INTO group_member SELECT g.principal_id AS group_id,u.principal_id AS member_id FROM dav_principal g, dav_principal u WHERE g.username=:group AND u.username=:member",array (':group'=>$group,':member'=>$member) );
475 $qry->Exec('sync_LDAP_groups',__LINE__,__FILE__);
476 Principal::cacheDelete('username', $member);
479 $remove_users = @array_flip( @array_flip( array_diff( $db_members, $ldap_members ) ));
480 if ( sizeof ( $remove_users ) ){
481 $c->messages[] = sprintf(i18n('- removing %s from group : %s'),join(', ', $remove_users ), $group);
482 foreach ( $remove_users as $member ){
483 $qry = new AwlQuery( "DELETE FROM group_member USING dav_principal g,dav_principal m WHERE group_id=g.principal_id AND member_id=m.principal_id AND g.username=:group AND m.username=:member",array (':group'=>$group,':member'=>$member) );
484 $qry->Exec('sync_LDAP_groups',__LINE__,__FILE__);
485 Principal::cacheDelete('username', $member);
491 if ( sizeof ( $groups_to_deactivate ) ){
492 $c->messages[] = sprintf(i18n('- deactivate groups : %s'),join(', ',$groups_to_deactivate));
493 foreach ( $groups_to_deactivate as $group ){
494 $qry = new AwlQuery( 'UPDATE dav_principal set active=FALSE WHERE username=:group AND type_id = 3',array(':group'=>$group) );
495 $qry->Exec('sync_LDAP',__LINE__,__FILE__);
496 Principal::cacheFlush('username=:group AND type_id = 3', array(':group'=>$group) );
503 * sync LDAP against the DB
505 function sync_LDAP(){
506 global $c;
507 $ldapDriver = getStaticLdap();
508 if ( ! $ldapDriver->valid ) return;
510 $mapping = $c->authenticate_hook['config']['mapping_field'];
511 $attributes = array_values($mapping);
512 $ldap_users_tmp = $ldapDriver->getAllUsers($attributes);
514 if ( sizeof($ldap_users_tmp) == 0 ) return;
516 foreach($ldap_users_tmp as $key => $ldap_user){
517 $ldap_users_info[$ldap_user[$mapping['username']]] = $ldap_user;
518 unset($ldap_users_tmp[$key]);
520 $qry = new AwlQuery( "SELECT username, user_no, modified as updated FROM dav_principal where type_id=1");
521 $qry->Exec('sync_LDAP',__LINE__,__FILE__);
522 while($db_user = $qry->Fetch()) {
523 $db_users[] = $db_user->username;
524 $db_users_info[$db_user->username] = array('user_no' => $db_user->user_no, 'updated' => $db_user->updated);
527 // all users from ldap
528 $ldap_users = array_keys($ldap_users_info);
529 // users only in ldap
530 $users_to_create = array_diff($ldap_users,$db_users);
531 // users only in db
532 $users_to_deactivate = array_diff($db_users,$ldap_users);
533 // users present in ldap and in the db
534 $users_to_update = array_intersect($db_users,$ldap_users);
536 // creation of all users;
537 if ( sizeof($users_to_create) ) {
538 $c->messages[] = sprintf(i18n('- creating record for users : %s'),join(', ',$users_to_create));
540 foreach( $users_to_create as $username ) {
541 $principal = new Principal( 'username', $username );
542 $valid = $ldap_users_info[$username];
543 $ldap_timestamp = $valid[$mapping['modified']];
545 if ( !empty($c->authenticate_hook['config']['format_updated']) ) {
547 * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
549 foreach($c->authenticate_hook['config']['format_updated'] as $k => $v)
550 $$k = substr($ldap_timestamp,$v[0],$v[1]);
551 $ldap_timestamp = $Y.$m.$d.$H.$M.$S;
553 else if ( preg_match('{^(\d{8})(\d{6})(Z)?$', $ldap_timestamp, $matches ) ) {
554 $ldap_timestamp = $matches[1].'T'.$matches[2].$matches[3];
556 else if ( empty($ldap_timestamp) ) {
557 $ldap_timestamp = date('c');
559 $valid[$mapping['modified']] = $ldap_timestamp;
561 sync_user_from_LDAP( $principal, $mapping, $valid );
565 // deactivating all users
566 $params = array();
567 $i = 0;
568 foreach( $users_to_deactivate AS $v ) {
569 if ( isset($c->do_not_sync_from_ldap) && isset($c->do_not_sync_from_ldap[$v]) ) continue;
570 $params[':u'.$i++] = strtolower($v);
572 if ( count($params) > 0 ) {
573 $c->messages[] = sprintf(i18n('- deactivating users : %s'),join(', ',$users_to_deactivate));
574 $qry = new AwlQuery( 'UPDATE usr SET active = FALSE WHERE lower(username) IN ('.implode(',',array_keys($params)).')', $params);
575 $qry->Exec('sync_LDAP',__LINE__,__FILE__);
577 Principal::cacheFlush('lower(username) IN ('.implode(',',array_keys($params)).')', $params);
580 // updating all users
581 if ( sizeof($users_to_update) ) {
582 foreach ( $users_to_update as $key=> $username ) {
583 $principal = new Principal( 'username', $username );
584 $valid=$ldap_users_info[$username];
585 $ldap_timestamp = $valid[$mapping['modified']];
587 $valid['user_no'] = $db_users_info[$username]['user_no'];
588 $mapping['user_no'] = 'user_no';
591 * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
593 foreach($c->authenticate_hook['config']['format_updated'] as $k => $v) {
594 $$k = substr($ldap_timestamp,$v[0],$v[1]);
596 $ldap_timestamp = $Y.$m.$d.$H.$M.$S;
597 $valid[$mapping['modified']] = "$Y-$m-$d $H:$M:$S";
599 $db_timestamp = substr(strtr($db_users_info[$username]['updated'], array(':' => '',' '=>'','-'=>'')),0,14);
600 if ( $ldap_timestamp > $db_timestamp ) {
601 sync_user_from_LDAP($principal, $mapping, $valid );
603 else {
604 unset($users_to_update[$key]);
605 $users_nothing_done[] = $username;
608 if ( sizeof($users_to_update) )
609 $c->messages[] = sprintf(i18n('- updating user records : %s'),join(', ',$users_to_update));
610 if ( sizeof($users_nothing_done) )
611 $c->messages[] = sprintf(i18n('- nothing done on : %s'),join(', ', $users_nothing_done));
614 $admins = 0;
615 $qry = new AwlQuery( "SELECT count(*) AS admins FROM usr JOIN role_member USING ( user_no ) JOIN roles USING (role_no) WHERE usr.active=TRUE AND role_name='Admin'");
616 $qry->Exec('sync_LDAP',__LINE__,__FILE__);
617 while ( $db_user = $qry->Fetch() ) {
618 $admins = $db_user->admins;
620 if ( $admins == 0 ) {
621 $c->messages[] = sprintf(i18n('Warning: there are no active admin users! You should fix this before logging out. Consider using the $c->do_not_sync_from_ldap configuration setting.'));