ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7
14class ilLDAPUserSynchronisation
15{
16 private $authmode = 0;
17
18 private $server = null;
19
20 private $extaccount = '';
21 private $intaccount = '';
22
23 private $user_data = array();
24
25 private $force_creation = false;
26
27
33 public function __construct($a_authmode,$a_server_id)
34 {
35 $this->initServer($a_authmode,$a_server_id);
36 }
37
42 public function getServer()
43 {
44 return $this->server;
45 }
46
51 public function getAuthMode()
52 {
53 return $this->authmode;
54 }
55
60 public function setExternalAccount($a_ext)
61 {
62 $this->extaccount = $a_ext;
63 }
64
69 public function getExternalAccount()
70 {
71 return $this->extaccount;
72 }
73
78 public function getInternalAccount()
79 {
80 return $this->intaccount;
81 }
82
87 public function forceCreation($a_force)
88 {
89 $this->force_creation = $a_force;
90 }
91
96 public function isCreationForced()
97 {
98 return (bool) $this->force_creation;
99 }
100
105 public function getUserData()
106 {
107 return (array) $this->user_data;
108 }
109
114 public function setUserData($a_data)
115 {
116 $this->user_data = (array) $a_data;
117 }
118
125 public function sync()
126 {
127 $this->readInternalAccount();
128
129 if(!$this->getInternalAccount())
130 {
131 #$GLOBALS['ilLog']->write(__METHOD__.'Creating new account');
132 $this->handleCreation();
133 }
134
135 // Nothing to if sync on login is disabled
136 if(!$this->getServer()->enabledSyncOnLogin())
137 {
138 return $this->getInternalAccount();
139 }
140
141 // For performance reasons, check if (an update is required)
142 if($this->isUpdateRequired())
143 {
144 $this->readUserData();
145 $this->performUpdate();
146 }
147 return $this->getInternalAccount();
148 }
149
155 protected function handleCreation()
156 {
157 // Disabled sync on login
158 if(!$this->getServer()->enabledSyncOnLogin())
159 {
160 throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
161 }
162 // Account migration
163 if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
164 {
165 $this->readUserData();
166 $this->handleAccountMigration();
167 throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
168 }
169 }
170
175 protected function handleAccountMigration()
176 {
177 // TODO: handle multiple ldap server
178
179 $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
180 $_SESSION['tmp_external_account'] = $this->getExternalAccount();
181 $_SESSION['tmp_pass'] = $_POST['password'];
182
183 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
184 $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
185 $this->getExternalAccount(),
186 $this->getUserData()
187 );
188
189 $_SESSION['tmp_roles'] = array();
190 foreach($roles as $info)
191 {
192 if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
193 {
194 $_SESSION['tmp_roles'][] = $info['id'];
195 }
196 }
197 return true;
198 }
199
204 protected function performUpdate()
205 {
206 #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
207
208 include_once './Services/User/classes/class.ilUserCreationContext.php';
209 ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
210
211 include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
212 $update = new ilLDAPAttributeToUser($this->getServer());
213 $update->setNewUserAuthMode($this->getAuthMode());
214 $update->setUserData(
215 array(
216 $this->getExternalAccount() => $this->getUserData()
217 )
218 );
219 $update->refresh();
220
221 // User has been created, now read internal account again
222 $this->readInternalAccount();
223 return true;
224 }
225
230 protected function readUserData()
231 {
232 // Add internal account to user data
233 $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
234
235 if(substr($this->getAuthMode(),0,4) == 'ldap')
236 {
237 return true;
238 }
239 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
240 $query = new ilLDAPQuery($this->getServer());
241 $user = $query->fetchUser($this->getExternalAccount());
242
243 $this->user_data = (array) $user[$this->getExternalAccount()];
244 }
245
246
251 protected function readInternalAccount()
252 {
253 if(!$this->getExternalAccount())
254 {
255 throw new UnexpectedValueException('No external account given.');
256 }
257 $this->intaccount = ilObjUser::_checkExternalAuthAccount(
258 $this->getAuthMode(),
259 $this->getExternalAccount()
260 );
261 }
262
267 protected function isUpdateRequired()
268 {
269 if(!$this->getInternalAccount())
270 {
271 return true;
272 }
273
274 // Check attribute mapping on login
275 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
276 if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
277 {
278 return true;
279 }
280
281 // Check if there is any change in role assignments
282 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
283 if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
284 {
285 return true;
286 }
287 return false;
288 }
289
290
295 protected function initServer($a_auth_mode,$a_server_id)
296 {
297 $this->authmode = $a_auth_mode;
298 $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
299 }
300}
301?>
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:35
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation($a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:165
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Definition: class.ilLDAPServer.php:53
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
ilLDAPUserSynchronisation\getInternalAccount
getInternalAccount()
Get ILIAS unique internal account name.
Definition: class.ilLDAPUserSynchronisation.php:78
ilLDAPUserSynchronisation\isCreationForced
isCreationForced()
Check if creation of user account is forced (account migration)
Definition: class.ilLDAPUserSynchronisation.php:96
ilLDAPUserSynchronisation\forceCreation
forceCreation($a_force)
Force cration of user accounts (Account migration enabled)
Definition: class.ilLDAPUserSynchronisation.php:87
ilLDAPUserSynchronisation\performUpdate
performUpdate()
Update user account and role assignments.
Definition: class.ilLDAPUserSynchronisation.php:204
ilLDAPUserSynchronisation\initServer
initServer($a_auth_mode, $a_server_id)
Init LDAP server.
Definition: class.ilLDAPUserSynchronisation.php:295
ilLDAPUserSynchronisation\isUpdateRequired
isUpdateRequired()
Check if an update is required.
Definition: class.ilLDAPUserSynchronisation.php:267
ilLDAPUserSynchronisation\handleAccountMigration
handleAccountMigration()
Handle account migration.
Definition: class.ilLDAPUserSynchronisation.php:175
ilLDAPUserSynchronisation\handleCreation
handleCreation()
Handle creation of user accounts.
Definition: class.ilLDAPUserSynchronisation.php:155
ilLDAPUserSynchronisation\readInternalAccount
readInternalAccount()
Read internal account of user.
Definition: class.ilLDAPUserSynchronisation.php:251
ilLDAPUserSynchronisation\__construct
__construct($a_authmode, $a_server_id)
Constructor.
Definition: class.ilLDAPUserSynchronisation.php:33
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:60
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3767
ilUserCreationContext\getInstance
static getInstance()
Get instance.
Definition: class.ilUserCreationContext.php:38
$_POST
$_POST['username']
Definition: cron.php:12
$_SESSION
< a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false">< img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0"/></a >< br/>< strong > Enter Code *if($_SERVER['REQUEST_METHOD']=='POST' &&@ $_POST['do']=='contact') $_SESSION['ctform']['success']
Definition: example_form.php:192