ad-import-to-racktables.php

#!/usr/bin/php -q
<?php
// Path to racktables secret.php file with db credentials
require "/var/www/html/inc/secret.php";

$racktables_perms = "# NOTE: Do not edit this file since it is created automatically by a cron job every night\n\n";

$ds=ldap_connect("ad.yourcompany.com");

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

// Create this normal Domain User first to be able to read from AD
$ldapbind = ldap_bind($ds, "ServiceAccount", "ThePasswordHere");

if (!$ldapbind) {
   echo "LDAP bind failed...";
}

// START
$group = "MyAdminGroup";
$racktables_perms .= "# Users imported from Active Directory group $group at " . date("Y-m-d H:i:s") . "\n\n";
$dn = "DC=ad,DC=yourcompany,DC=com";
$filter="(|(cn=$group))";
$props = array("member");

$sr=ldap_search($ds, $dn, $filter, $props);

$entry = ldap_first_entry($ds, $sr);
$attrs = ldap_get_attributes($ds, $entry);
$values = ldap_get_values($ds, $entry,"member");

for ($i=0; $i < $values["count"]; $i++)
{

  $filter = "(objectclass=*)";

  $props = array("sAMAccountName");
  $sr=ldap_read($ds, $values[$i], $filter, $props);

  $entry = ldap_get_entries($ds, $sr);
  $user = strtolower($entry[0]["samaccountname"][0]);

  $racktables_perms .= "allow {\$username_$user}\n";
}

$racktables_perms .= "\n";

//END
//ADD ANOTHER GROUP IMPORT HERE IF NEEDED

ldap_close($ds);

$racktables_perms .= "\n";
$racktables_perms .= "# Admin and Default (read-only)\n";
$racktables_perms .= "allow {\$userid_1} or {\$tab_default}\n";

//Now update the database

try {
    $dbh = new PDO($pdo_dsn, $db_username, $db_password);

    $count = $dbh->exec("UPDATE Script SET script_text = '$racktables_perms' WHERE script_name = 'RackCode'");

    if ($count != 1) {
      echo "Warning: No records affected by UPDATE statement!";
    }

    $dbh->exec ('UPDATE Script SET script_text = NULL WHERE script_name = "RackCodeCache"');
    $dbh = null;
    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    }