1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
#!/usr/bin/env php
<?php
// include required stuff from phpBB
define('IN_PHPBB', true);
define('IN_CRON', true);
$phpbb_root_path = '/var/www/localhost/htdocs/phpBB/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
include($phpbb_root_path . 'includes/auth/auth_ldap.' . $phpEx);
init_ldap();
// config
$dry_run = in_array('--dryrun', $argv) || in_array('-n', $argv);
$verbose = in_array('--verbose', $argv) || in_array('-v', $argv);
/**
* Check if a given username exist in the ldap tree. Uses the configured ldap settings
* and simply returns true or false. If an error occures this function will exit this
* script.
*/
function check_ldap($username) {
global $config;
$config['ldap_port'] = (int) $config['ldap_port'];
if ($config['ldap_port']) {
$ldap = ldap_connect($config['ldap_server'], $config['ldap_port']);
}
else {
$ldap = ldap_connect($config['ldap_server']);
}
if (!$ldap) {
print("Could not connect to LDAP server: '${config['ldap_server']}'\n");
exit;
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($config['ldap_user'] || $config['ldap_password']) {
if (!ldap_bind($ldap, htmlspecialchars_decode($config['ldap_user']),
htmlspecialchars_decode($config['ldap_password']))) {
print("LDAP bind failed for user: '${config['ldap_user']}'.\n");
exit;
}
}
$search = ldap_search($ldap, htmlspecialchars_decode($config['ldap_base_dn']),
ldap_user_filter($username), array(htmlspecialchars_decode($config['ldap_uid'])),
0, 1);
if ($search === false) {
print("LDAP search failed.\n");
exit;
}
$ldap_results = ldap_get_entries($ldap, $search);
return ($ldap_results['count'] == 1) ? true : false;
}
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
WHERE user_password = "*LDAP*"';
$result = $db->sql_query($sql);
while ($user_row = $db->sql_fetchrow($result)) {
if (!check_ldap($user_row['username'])) {
if ($dryrun) {
print("${user_row['username']} would be deleted.\n");
}
else {
print("${user_row['username']} deleted.\n");
// user_delete('retain', $user_row['user_id'], $user_row['username']);
}
}
else {
if ($verbose) {
print("${user_row['username']} ok\n");
}
}
}
$db->sql_freeresult($result);
?>
|