xerxes42, Member
Hi,
Is it possible to run the ad_sync.php from command line? I need to make sure that all users are present in the MyDBR database because we use this information when sending emails to users and when populating lists of users in reports.
What we need is the possibility to run the import script once a night from cron to make sure the user data is correct.
Brgds
myDBR Team, Key Master
You can call the sync functionality (mydbr/lib/ad_sync.php) directly using curl / wget. AD sync checks the permissions, so you need to authenticate using basic access authentication as an admin user or user described in $mydbr_defaults['active_directory_sync_users'].
--
myDBR Team
xerxes42, Member
Hi
I have created a ad_sync user in MyDBR and is trying to use it:
$mydbr_defaults['active_directory_sync_users']='ad_sync';
When I try to access it I get this error:
curl -sk -u'ad_sync:PASSWORD' -H 'X-MYDBR-AUTH: 1' "https://MYDBR/lib/ad_sync.php?a=login&local=true"
Warning: in_array() expects parameter 2 to be array, string given in /srv/www/sites/mydbr/lib/ad_sync.php on line 11
So it looks like the active_directory_sync_users should be an array. Any hints on what I'm doing wrong?
Brgds
myDBR Team, Key Master
The active_directory_sync_users is indeed an array. So the user definition should look like:
$mydbr_defaults['active_directory_sync_users']=array('ad_sync');
Alternatively you can use an username which is an admin.
--
myDBR Team
xerxes42, Member
Hi,
The reason I want to use a separate user is because the script will store the password in plain text and I don't want that for an admin user.
I have changed the definition but it doesn't seem to work. I don't get the error but the sync doesn't start. When I use the synchronize button in the web gui I see that sp_MyDBR_ext_user_group is called in the database for all users. I don't get any feed back at all:
curl -vvv -k -u'ad_sync:PASSWORD' -H 'X-MYDBR-AUTH: 1' "https://MYDBR/lib/ad_sync.php?a=login&local=true"
* About to connect() to MYDBR port 443 (#0)
* Trying 172.30.21.39... connected
* Connected to MYDBR (172.30.21.39) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: E=***********,CN=*.**********,OU=Core,O=**************,L=*******,ST=********,C=SE
* start date: Sep 10 08:06:08 2012 GMT
* expire date: Sep 10 08:06:08 2014 GMT
* common name: *.**********
* issuer: CN=**********,DC=*****,DC=*********
* Server auth using Basic with user 'ad_sync'
> GET /lib/ad_sync.php?a=login&local=true HTTP/1.1
> Authorization: Basic ZGJhOmthbGxla3VsYQ==
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: MYDBR
> Accept: */*
> X-MYDBR-AUTH: 1
>
< HTTP/1.1 200 OK
< Date: Wed, 17 Jul 2013 05:53:43 GMT
< Server: Apache/2.2.15 (CentOS)
< X-Powered-By: PHP/5.3.3
< Set-Cookie: mydbr-id=8p26shoi5pjij8dspngqptntj7; path=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
* Closing connection #0
Brgds
myDBR Team, Key Master
We'll take a look what we can do about it.
--
myDBR Team
myDBR Team, Key Master
You can try now with the latest build (3.9.3 / 2075).
We've also added an defaults option 'active_directory_synconly_users' which will allow to block the ad_sync user to login as normal user.
--
myDBR Team
xerxes42, Member
Hi,
Upgraded this morning and now it works like a charm.
Thank you very much for the quick fix!
Brgds
You must log in to post.