Zabbix
Public
Source
xxxxxxxxxx * ['usrgrps'] Matched mapping user groups to set for user. Empty array when no match.<?php declare(strict_types = 0);/*** Zabbix** Copyright (C) 2001-2023 Zabbix SIA**** This program is free software; you can redistribute it and/or modify** it under the terms of the GNU General Public License as published by** the Free Software Foundation; either version 2 of the License, or** (at your option) any later version.**** This program is distributed in the hope that it will be useful,** but WITHOUT ANY WARRANTY; without even the implied warranty of** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the** GNU General Public License for more details.**** You should have received a copy of the GNU General Public License** along with this program; if not, write to the Free Software** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.**//** * Class used for user fields, media and groups provisioning. */class CProvisioning { public const AUDITLOG_USERNAME = 'System'; /** * User directory data array. * * @var int $userdirectory['userdirectoryid'] * @var int $userdirectory['provision_status'] * @var string $userdirectory['user_username'] * @var string $userdirectory['user_lastname'] * @var string $userdirectory['search_attribute'] * @var array $userdirectory['provision_media'] * @var string $userdirectory['provision_media'][]['mediatypeid'] * @var string $userdirectory['provision_media'][]['attribute'] * @var string $userdirectory['provision_groups'] * * @var array */ protected $userdirectory = []; /** * Array of user roles data used in group mappings. * * @var array $mapping_roles[] * @var int $mapping_roles[roleid]['roleid'] * @var int $mapping_roles[roleid]['user_type'] * @var string $mapping_roles[roleid]['name'] */ protected $mapping_roles = []; public function __construct(array $userdirectory, array $mapping_roles) { $this->userdirectory = $userdirectory; $this->mapping_roles = $mapping_roles; } /** * Create instance for specific user directory by id. * * @param int $userdirectoryid User directory id to create CProvisioning instance for. */ public static function forUserDirectoryId($userdirectoryid): self { $userdirectories = API::getApiService('userdirectory')->get([ 'output' => ['userdirectoryid', 'idp_type', 'provision_status', 'user_username', 'user_lastname', 'host', 'port', 'base_dn', 'bind_dn', 'search_attribute', 'start_tls', 'idp_entityid', 'sso_url', 'slo_url', 'username_attribute', 'sp_entityid', 'nameid_format', 'sign_messages', 'sign_assertions', 'sign_authn_requests', 'sign_logout_requests', 'sign_logout_responses', 'encrypt_nameid', 'encrypt_assertions', 'search_filter', 'group_basedn', 'group_name', 'group_member', 'user_ref_attr', 'group_filter', 'group_membership' ], 'userdirectoryids' => [$userdirectoryid], 'selectProvisionMedia' => ['name', 'mediatypeid', 'attribute'], 'selectProvisionGroups' => ['name', 'roleid', 'user_groups'] ]); $userdirectory = reset($userdirectories); if (!$userdirectory || $userdirectory['provision_status'] == JIT_PROVISIONING_DISABLED) { return new self($userdirectory, []); } if ($userdirectory['idp_type'] == IDP_TYPE_LDAP) { $userdirectory += DB::select('userdirectory_ldap', [ 'output' => ['bind_password'], 'filter' => ['userdirectoryid' => $userdirectoryid] ])[0]; }