ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5 include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6 include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7 
14 class ilLDAPUserSynchronisation
15 {
16  private $authmode = 0;
17 
18  private $server = null;
19 
20  private $extaccount = '';
21  private $intaccount = '';
22 
23  private $user_data = array();
24 
25  private $force_creation = false;
26 
27 
33  public function __construct($a_authmode,$a_server_id)
34  {
35  $this->initServer($a_authmode,$a_server_id);
36  }
37 
42  public function getServer()
43  {
44  return $this->server;
45  }
46 
51  public function getAuthMode()
52  {
53  return $this->authmode;
54  }
55 
60  public function setExternalAccount($a_ext)
61  {
62  $this->extaccount = $a_ext;
63  }
64 
69  public function getExternalAccount()
70  {
71  return $this->extaccount;
72  }
73 
78  public function getInternalAccount()
79  {
80  return $this->intaccount;
81  }
82 
87  public function forceCreation($a_force)
88  {
89  $this->force_creation = $a_force;
90  }
91 
96  public function isCreationForced()
97  {
98  return (bool) $this->force_creation;
99  }
100 
105  public function getUserData()
106  {
107  return (array) $this->user_data;
108  }
109 
114  public function setUserData($a_data)
115  {
116  $this->user_data = (array) $a_data;
117  }
118 
125  public function sync()
126  {
127  $this->readInternalAccount();
128 
129  if(!$this->getInternalAccount())
130  {
131  #$GLOBALS['ilLog']->write(__METHOD__.'Creating new account');
132  $this->handleCreation();
133  }
134 
135  // Nothing to if sync on login is disabled
136  if(!$this->getServer()->enabledSyncOnLogin())
137  {
138  return $this->getInternalAccount();
139  }
140 
141  // For performance reasons, check if (an update is required)
142  if($this->isUpdateRequired())
143  {
144  $this->readUserData();
145  $this->performUpdate();
146  }
147  return $this->getInternalAccount();
148  }
149 
155  protected function handleCreation()
156  {
157  // Disabled sync on login
158  if(!$this->getServer()->enabledSyncOnLogin())
159  {
160  throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
161  }
162  // Account migration
163  if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
164  {
165  $this->readUserData();
166  $this->handleAccountMigration();
167  throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
168  }
169  }
170 
175  protected function handleAccountMigration()
176  {
177  // TODO: handle multiple ldap server
178 
179  $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
180  $_SESSION['tmp_external_account'] = $this->getExternalAccount();
181  $_SESSION['tmp_pass'] = $_POST['password'];
182 
183  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
184  $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
185  $this->getExternalAccount(),
186  $this->getUserData()
187  );
188 
189  $_SESSION['tmp_roles'] = array();
190  foreach($roles as $info)
191  {
192  if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
193  {
194  $_SESSION['tmp_roles'][] = $info['id'];
195  }
196  }
197  return true;
198  }
199 
204  protected function performUpdate()
205  {
206  #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
207 
208 
209  include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
210  $update = new ilLDAPAttributeToUser($this->getServer());
211  $update->setNewUserAuthMode($this->getAuthMode());
212  $update->setUserData(
213  array(
214  $this->getExternalAccount() => $this->getUserData()
215  )
216  );
217  $update->refresh();
218 
219  // User has been created, now read internal account again
220  $this->readInternalAccount();
221  return true;
222  }
223 
228  protected function readUserData()
229  {
230  // Add internal account to user data
231  $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
232 
233  if(substr($this->getAuthMode(),0,4) == 'ldap')
234  {
235  return true;
236  }
237  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
238  $query = new ilLDAPQuery($this->getServer());
239  $user = $query->fetchUser($this->getExternalAccount());
240 
241  $this->user_data = (array) $user[$this->getExternalAccount()];
242  }
243 
244 
249  protected function readInternalAccount()
250  {
251  if(!$this->getExternalAccount())
252  {
253  throw new UnexpectedValueException('No external account given.');
254  }
255  $this->intaccount = ilObjUser::_checkExternalAuthAccount(
256  $this->getAuthMode(),
257  $this->getExternalAccount()
258  );
259  }
260 
265  protected function isUpdateRequired()
266  {
267  if(!$this->getInternalAccount())
268  {
269  return true;
270  }
271 
272  // Check attribute mapping on login
273  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
274  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
275  {
276  return true;
277  }
278 
279  // Check if there is any change in role assignments
280  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
281  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
282  {
283  return true;
284  }
285  return false;
286  }
287 
288 
293  protected function initServer($a_auth_mode,$a_server_id)
294  {
295  $this->authmode = $a_auth_mode;
296  $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
297  }
298 }
299 ?>