feat: Add LDAP/Active Directory integration with group-based access control

- Add PHP LDAP extension to Docker container - Implement LdapSync class for authentication and user synchronization - Add automatic user sync via cron (every 30 minutes) - Create role-based access control system (admin, manager, viewer) - Add LDAP configuration UI in settings - Support for both Active Directory and OpenLDAP - Group-to-role mapping with flexible configuration - Add 50+ translations (EN + RU) for LDAP features - Include comprehensive setup documentation - Enhance Auth::login() with LDAP fallback - Add LDAP settings page with connection testing
2025-11-10 17:46:27 +03:00
parent 406d3439e7
commit e7e901f6e5
13 changed files with 1141 additions and 3 deletions
@@ -0,0 +1,38 @@
+#!/usr/bin/env php
+<?php
+/**
+ * LDAP User Synchronization Script
+ * Runs periodically to sync users from LDAP/AD
+ */
+
+require_once __DIR__ . '/../vendor/autoload.php';
+require_once __DIR__ . '/../inc/Config.php';
+require_once __DIR__ . '/../inc/DB.php';
+require_once __DIR__ . '/../inc/LdapSync.php';
+
+try {
+    $ldap = new LdapSync();
+    
+    if (!$ldap->isEnabled()) {
+        exit(0); // LDAP not enabled, nothing to do
+    }
+    
+    echo "[" . date('Y-m-d H:i:s') . "] Starting LDAP user synchronization...\n";
+    
+    $result = $ldap->syncUsers();
+    
+    if ($result['success']) {
+        echo "✓ Synchronization completed successfully:\n";
+        echo "  - Total users in LDAP: {$result['total']}\n";
+        echo "  - Synced (updated): {$result['synced']}\n";
+        echo "  - Created: {$result['created']}\n";
+        echo "  - Disabled: {$result['disabled']}\n";
+    } else {
+        echo "✗ Synchronization failed: {$result['error']}\n";
+        exit(1);
+    }
+    
+} catch (Exception $e) {
+    echo "✗ Error: " . $e->getMessage() . "\n";
+    exit(1);
+}