ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5 include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6 include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7 
14 class ilLDAPUserSynchronisation
15 {
16  private $authmode = 0;
17 
18  private $server = null;
19 
20  private $extaccount = '';
21  private $intaccount = '';
22 
23  private $user_data = array();
24 
25  private $force_creation = false;
26 
27 
33  public function __construct($a_authmode,$a_server_id)
34  {
35  $this->initServer($a_authmode,$a_server_id);
36  }
37 
42  public function getServer()
43  {
44  return $this->server;
45  }
46 
51  public function getAuthMode()
52  {
53  return $this->authmode;
54  }
55 
60  public function setExternalAccount($a_ext)
61  {
62  $this->extaccount = $a_ext;
63  }
64 
69  public function getExternalAccount()
70  {
71  return $this->extaccount;
72  }
73 
78  public function getInternalAccount()
79  {
80  return $this->intaccount;
81  }
82 
87  public function forceCreation($a_force)
88  {
89  $this->force_creation = $a_force;
90  }
91 
96  public function isCreationForced()
97  {
98  return (bool) $this->force_creation;
99  }
100 
105  public function getUserData()
106  {
107  return (array) $this->user_data;
108  }
109 
114  public function setUserData($a_data)
115  {
116  $this->user_data = (array) $a_data;
117  }
118 
125  public function sync()
126  {
127  $this->readInternalAccount();
128 
129  if(!$this->getInternalAccount())
130  {
131  #$GLOBALS['ilLog']->write(__METHOD__.'Creating new account');
132  $this->handleCreation();
133  }
134 
135  // Nothing to if sync on login is disabled
136  if(!$this->getServer()->enabledSyncOnLogin())
137  {
138  return $this->getInternalAccount();
139  }
140 
141  // For performance reasons, check if (an update is required)
142  if($this->isUpdateRequired())
143  {
144  $this->readUserData();
145  $this->performUpdate();
146  }
147  return $this->getInternalAccount();
148  }
149 
155  protected function handleCreation()
156  {
157  // Disabled sync on login
158  if(!$this->getServer()->enabledSyncOnLogin())
159  {
160  throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
161  }
162  // Account migration
163  if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
164  {
165  $this->readUserData();
166  $this->handleAccountMigration();
167  throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
168  }
169  }
170 
175  protected function handleAccountMigration()
176  {
177  // TODO: handle multiple ldap server
178 
179  $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
180  $_SESSION['tmp_external_account'] = $this->getExternalAccount();
181  $_SESSION['tmp_pass'] = $_POST['password'];
182 
183  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
184  $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
185  $this->getExternalAccount(),
186  $this->getUserData()
187  );
188 
189  $_SESSION['tmp_roles'] = array();
190  foreach($roles as $info)
191  {
192  if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
193  {
194  $_SESSION['tmp_roles'][] = $info['id'];
195  }
196  }
197  return true;
198  }
199 
204  protected function performUpdate()
205  {
206  #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
207 
208  include_once './Services/User/classes/class.ilUserCreationContext.php';
209  ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
210 
211  include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
212  $update = new ilLDAPAttributeToUser($this->getServer());
213  $update->setNewUserAuthMode($this->getAuthMode());
214  $update->setUserData(
215  array(
216  $this->getExternalAccount() => $this->getUserData()
217  )
218  );
219  $update->refresh();
220 
221  // User has been created, now read internal account again
222  $this->readInternalAccount();
223  return true;
224  }
225 
230  protected function readUserData()
231  {
232  // Add internal account to user data
233  $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
234 
235  if(substr($this->getAuthMode(),0,4) == 'ldap')
236  {
237  return true;
238  }
239  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
240  $query = new ilLDAPQuery($this->getServer());
241  $user = $query->fetchUser($this->getExternalAccount());
242 
243  $this->user_data = (array) $user[$this->getExternalAccount()];
244  }
245 
246 
251  protected function readInternalAccount()
252  {
253  if(!$this->getExternalAccount())
254  {
255  throw new UnexpectedValueException('No external account given.');
256  }
257  $this->intaccount = ilObjUser::_checkExternalAuthAccount(
258  $this->getAuthMode(),
259  $this->getExternalAccount()
260  );
261  }
262 
267  protected function isUpdateRequired()
268  {
269  if(!$this->getInternalAccount())
270  {
271  return true;
272  }
273 
274  // Check attribute mapping on login
275  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
276  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
277  {
278  return true;
279  }
280 
281  // Check if there is any change in role assignments
282  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
283  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
284  {
285  return true;
286  }
287  return false;
288  }
289 
290 
295  protected function initServer($a_auth_mode,$a_server_id)
296  {
297  $this->authmode = $a_auth_mode;
298  $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
299  }
300 }
301 ?>