diff --git a/src/etc/inc/plugins.inc.d/core.inc b/src/etc/inc/plugins.inc.d/core.inc index edc813bd7..ff956386a 100644 --- a/src/etc/inc/plugins.inc.d/core.inc +++ b/src/etc/inc/plugins.inc.d/core.inc @@ -257,3 +257,35 @@ function core_xmlrpc_sync() return $result; } + +function core_configure() +{ + return array( + 'user_changed' => array('core_user_changed_groups:2'), + ); +} + +/** + * user changed event, synchronize attached system groups for requested user + */ +function core_user_changed_groups($verbose = false, $username) +{ + global $config; + if (is_array($config['system']['user'])) { + foreach ($config['system']['user'] as $user) { + if ($user['name'] == $username) { + exec("/usr/bin/groups " . escapeshellarg($username). ' 2>/dev/null', $out, $ret); + $current_groups = []; + if (!$ret) { + $current_groups = explode(" ", $out[0]); + } + foreach ($config['system']['group'] as $group) { + if (in_array($group['name'], $current_groups) || + (!empty($group['member']) && in_array($user['uid'], $group['member']))) { + local_group_set($group); + } + } + } + } + } +} diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php index 7e79ae1bc..3818c1d96 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php +++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php @@ -29,6 +29,7 @@ namespace OPNsense\Auth; use OPNsense\Core\Config; +use OPNsense\Core\Backend; /** * Class LDAP connector @@ -510,6 +511,7 @@ class LDAP extends Base implements IAuthConnector } } Config::getInstance()->save(); + (new Backend())->configdpRun("auth user changed", array($username)); } } } diff --git a/src/opnsense/service/conf/actions.d/actions_auth.conf b/src/opnsense/service/conf/actions.d/actions_auth.conf new file mode 100644 index 000000000..c34c73ac7 --- /dev/null +++ b/src/opnsense/service/conf/actions.d/actions_auth.conf @@ -0,0 +1,5 @@ +[user.changed] +command:/usr/local/sbin/pluginctl +parameters: -c user_changed %s +type:script +message: User %s changed