ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
ilLDAPUserSynchronisation Class Reference

Synchronization of user accounts used in auth container ldap, radius , cas,... More...

+ Collaboration diagram for ilLDAPUserSynchronisation:

Public Member Functions

 __construct ($a_authmode, $a_server_id)
 Constructor.
 getServer ()
 Get current ldap server.
 getAuthMode ()
 Get Auth Mode.
 setExternalAccount ($a_ext)
 Set external account (unique for each auth mode)
 getExternalAccount ()
 Get external accocunt.
 getInternalAccount ()
 Get ILIAS unique internal account name.
 forceCreation ($a_force)
 Force cration of user accounts (Account migration enabled)
 isCreationForced ()
 Check if creation of user account is forced (account migration)
 getUserData ()
 Get user data.
 setUserData ($a_data)
 Set user data.
 sync ()
 Synchronize user account.

Protected Member Functions

 handleCreation ()
 Handle creation of user accounts.
 handleAccountMigration ()
 Handle account migration.
 performUpdate ()
 Update user account and role assignments.
 readUserData ()
 Read user data.
 readInternalAccount ()
 Read internal account of user.
 isUpdateRequired ()
 Check if an update is required.
 initServer ($a_auth_mode, $a_server_id)
 Init LDAP server.

Private Attributes

 $authmode = 0
 $server = null
 $extaccount = ''
 $intaccount = ''
 $user_data = array()
 $force_creation = false

Detailed Description

Synchronization of user accounts used in auth container ldap, radius , cas,...

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 14 of file class.ilLDAPUserSynchronisation.php.

Constructor & Destructor Documentation

ilLDAPUserSynchronisation::__construct (   $a_authmode,
  $a_server_id 
)

Constructor.

Parameters
string$a_auth_mode

Definition at line 33 of file class.ilLDAPUserSynchronisation.php.

References initServer().

{
$this->initServer($a_authmode,$a_server_id);
}

+ Here is the call graph for this function:

Member Function Documentation

ilLDAPUserSynchronisation::forceCreation (   $a_force)

Force cration of user accounts (Account migration enabled)

Parameters
bool$a_force

Definition at line 87 of file class.ilLDAPUserSynchronisation.php.

{
$this->force_creation = $a_force;
}
ilLDAPUserSynchronisation::getAuthMode ( )

Get Auth Mode.

Returns
int authmode

Definition at line 51 of file class.ilLDAPUserSynchronisation.php.

References $authmode.

Referenced by handleAccountMigration(), performUpdate(), readInternalAccount(), and readUserData().

{
}

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::getExternalAccount ( )

Get external accocunt.

Returns
<type>

Definition at line 69 of file class.ilLDAPUserSynchronisation.php.

References $extaccount.

Referenced by handleAccountMigration(), performUpdate(), readInternalAccount(), and readUserData().

{
}

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::getInternalAccount ( )

Get ILIAS unique internal account name.

Returns
string internal account

Definition at line 78 of file class.ilLDAPUserSynchronisation.php.

References $intaccount.

Referenced by isUpdateRequired(), readUserData(), and sync().

{
}

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::getServer ( )

Get current ldap server.

Returns
ilLDAPServer $server

Definition at line 42 of file class.ilLDAPUserSynchronisation.php.

References $server.

Referenced by handleCreation(), isUpdateRequired(), performUpdate(), readUserData(), and sync().

{
return $this->server;
}

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::getUserData ( )

Get user data.

Returns
array $user_data

Definition at line 105 of file class.ilLDAPUserSynchronisation.php.

References $user_data.

Referenced by handleAccountMigration(), and performUpdate().

{
return (array) $this->user_data;
}

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::handleAccountMigration ( )
protected

Handle account migration.

Todo:
to much session based handling

Definition at line 175 of file class.ilLDAPUserSynchronisation.php.

References $_POST, $_SESSION, ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), getAuthMode(), getExternalAccount(), getUserData(), and ilLDAPRoleAssignmentRules\ROLE_ACTION_ASSIGN.

Referenced by handleCreation().

{
// TODO: handle multiple ldap server
$_SESSION['tmp_auth_mode'] = $this->getAuthMode();
$_SESSION['tmp_external_account'] = $this->getExternalAccount();
$_SESSION['tmp_pass'] = $_POST['password'];
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
$this->getUserData()
);
$_SESSION['tmp_roles'] = array();
foreach($roles as $info)
{
{
$_SESSION['tmp_roles'][] = $info['id'];
}
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::handleCreation ( )
protected

Handle creation of user accounts.

Exceptions
ilLDAPSynchronisationForbiddenException
ilLDAPAccountMigrationRequiredException

Definition at line 155 of file class.ilLDAPUserSynchronisation.php.

References getServer(), handleAccountMigration(), isCreationForced(), and readUserData().

Referenced by sync().

{
// Disabled sync on login
if(!$this->getServer()->enabledSyncOnLogin())
{
throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
}
// Account migration
if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
{
$this->readUserData();
throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::initServer (   $a_auth_mode,
  $a_server_id 
)
protected

Init LDAP server.

Parameters
int$a_server_id

Definition at line 293 of file class.ilLDAPUserSynchronisation.php.

References ilLDAPServer\getInstanceByServerId().

Referenced by __construct().

{
$this->authmode = $a_auth_mode;
$this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::isCreationForced ( )

Check if creation of user account is forced (account migration)

Returns
bool

Definition at line 96 of file class.ilLDAPUserSynchronisation.php.

References $force_creation.

Referenced by handleCreation().

{
return (bool) $this->force_creation;
}

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::isUpdateRequired ( )
protected

Check if an update is required.

Returns
bool

Definition at line 265 of file class.ilLDAPUserSynchronisation.php.

References getInternalAccount(), getServer(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by sync().

{
if(!$this->getInternalAccount())
{
return true;
}
// Check attribute mapping on login
include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
{
return true;
}
// Check if there is any change in role assignments
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
{
return true;
}
return false;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::performUpdate ( )
protected

Update user account and role assignments.

Returns
bool

Definition at line 204 of file class.ilLDAPUserSynchronisation.php.

References getAuthMode(), getExternalAccount(), getServer(), getUserData(), and readInternalAccount().

Referenced by sync().

{
#$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
$update = new ilLDAPAttributeToUser($this->getServer());
$update->setNewUserAuthMode($this->getAuthMode());
$update->setUserData(
array(
$this->getExternalAccount() => $this->getUserData()
)
);
$update->refresh();
// User has been created, now read internal account again
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::readInternalAccount ( )
protected

Read internal account of user.

Exceptions
UnexpectedValueException

Definition at line 249 of file class.ilLDAPUserSynchronisation.php.

References ilObjUser\_checkExternalAuthAccount(), getAuthMode(), and getExternalAccount().

Referenced by performUpdate(), and sync().

{
if(!$this->getExternalAccount())
{
throw new UnexpectedValueException('No external account given.');
}
$this->getAuthMode(),
);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::readUserData ( )
protected

Read user data.

In case of auth mode != 'ldap' start a query with external account name against ldap server

Definition at line 228 of file class.ilLDAPUserSynchronisation.php.

References $query, getAuthMode(), getExternalAccount(), getInternalAccount(), and getServer().

Referenced by handleCreation(), and sync().

{
// Add internal account to user data
$this->user_data['ilInternalAccount'] = $this->getInternalAccount();
if(substr($this->getAuthMode(),0,4) == 'ldap')
{
return true;
}
include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
$query = new ilLDAPQuery($this->getServer());
$user = $query->fetchUser($this->getExternalAccount());
$this->user_data = (array) $user[$this->getExternalAccount()];
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::setExternalAccount (   $a_ext)

Set external account (unique for each auth mode)

Parameters
string$a_ext

Definition at line 60 of file class.ilLDAPUserSynchronisation.php.

Referenced by ilAuthContainerCAS\handleLDAPDataSource(), ilAuthContainerRadius\handleLDAPDataSource(), and ilAuthContainerLDAP\loginObserver().

{
$this->extaccount = $a_ext;
}

+ Here is the caller graph for this function:

ilLDAPUserSynchronisation::setUserData (   $a_data)

Set user data.

Parameters
array$a_data

Definition at line 114 of file class.ilLDAPUserSynchronisation.php.

{
$this->user_data = (array) $a_data;
}
ilLDAPUserSynchronisation::sync ( )

Synchronize user account.

Todo:
Redirects to account migration if required
Exceptions
UnexpectedValueExceptionmissing or wrong external account given
ilLDAPSynchronisationForbiddenExceptionif user synchronisation is disabled

Definition at line 125 of file class.ilLDAPUserSynchronisation.php.

References getInternalAccount(), getServer(), handleCreation(), isUpdateRequired(), performUpdate(), readInternalAccount(), and readUserData().

{
if(!$this->getInternalAccount())
{
#$GLOBALS['ilLog']->write(__METHOD__.'Creating new account');
$this->handleCreation();
}
// Nothing to if sync on login is disabled
if(!$this->getServer()->enabledSyncOnLogin())
{
return $this->getInternalAccount();
}
// For performance reasons, check if (an update is required)
if($this->isUpdateRequired())
{
$this->readUserData();
$this->performUpdate();
}
return $this->getInternalAccount();
}

+ Here is the call graph for this function:

Field Documentation

ilLDAPUserSynchronisation::$authmode = 0
private

Definition at line 16 of file class.ilLDAPUserSynchronisation.php.

Referenced by getAuthMode().

ilLDAPUserSynchronisation::$extaccount = ''
private

Definition at line 20 of file class.ilLDAPUserSynchronisation.php.

Referenced by getExternalAccount().

ilLDAPUserSynchronisation::$force_creation = false
private

Definition at line 25 of file class.ilLDAPUserSynchronisation.php.

Referenced by isCreationForced().

ilLDAPUserSynchronisation::$intaccount = ''
private

Definition at line 21 of file class.ilLDAPUserSynchronisation.php.

Referenced by getInternalAccount().

ilLDAPUserSynchronisation::$server = null
private

Definition at line 18 of file class.ilLDAPUserSynchronisation.php.

Referenced by getServer().

ilLDAPUserSynchronisation::$user_data = array()
private

Definition at line 23 of file class.ilLDAPUserSynchronisation.php.

Referenced by getUserData().


The documentation for this class was generated from the following file: