ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5 include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6 include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7 
14 class ilLDAPUserSynchronisation
15 {
16  private $authmode = 0;
17 
18  private $server = null;
19 
20  private $extaccount = '';
21  private $intaccount = '';
22 
23  private $user_data = array();
24 
25  private $force_creation = false;
26 
27 
33  public function __construct($a_authmode,$a_server_id)
34  {
35  $this->initServer($a_authmode,$a_server_id);
36  }
37 
42  public function getServer()
43  {
44  return $this->server;
45  }
46 
51  public function getAuthMode()
52  {
53  return $this->authmode;
54  }
55 
60  public function setExternalAccount($a_ext)
61  {
62  $this->extaccount = $a_ext;
63  }
64 
69  public function getExternalAccount()
70  {
71  return $this->extaccount;
72  }
73 
78  public function getInternalAccount()
79  {
80  return $this->intaccount;
81  }
82 
87  public function forceCreation($a_force)
88  {
89  $this->force_creation = $a_force;
90  }
91 
96  public function isCreationForced()
97  {
98  return (bool) $this->force_creation;
99  }
100 
105  public function getUserData()
106  {
107  return (array) $this->user_data;
108  }
109 
114  public function setUserData($a_data)
115  {
116  $this->user_data = (array) $a_data;
117  }
118 
125  public function sync()
126  {
127  $this->readInternalAccount();
128 
129  if(!$this->getInternalAccount())
130  {
131  #$GLOBALS['ilLog']->write(__METHOD__.'Creating new account');
132  $this->handleCreation();
133  }
134 
135  // Nothing to if sync on login is disabled
136  if(!$this->getServer()->enabledSyncOnLogin())
137  {
138  return $this->getInternalAccount();
139  }
140 
141  // For performance reasons, check if (an update is required)
142  if($this->isUpdateRequired())
143  {
144  $this->readUserData();
145  $this->performUpdate();
146  }
147  return $this->getInternalAccount();
148  }
149 
155  protected function handleCreation()
156  {
157  // Disabled sync on login
158  if(!$this->getServer()->enabledSyncOnLogin())
159  {
160  throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
161  }
162  // Account migration
163  if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
164  {
165  $this->readUserData();
166  $this->handleAccountMigration();
167  throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
168  }
169  }
170 
175  protected function handleAccountMigration()
176  {
177  // TODO: handle multiple ldap server
178 
179  $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
180  $_SESSION['tmp_external_account'] = $this->getExternalAccount();
181  $_SESSION['tmp_pass'] = $_POST['password'];
182 
183  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
184  $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
185  $this->getExternalAccount(),
186  $this->getUserData()
187  );
188 
189  $_SESSION['tmp_roles'] = array();
190  foreach($roles as $info)
191  {
192  if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
193  {
194  $_SESSION['tmp_roles'][] = $info['id'];
195  }
196  }
197  return true;
198  }
199 
204  protected function performUpdate()
205  {
206  #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
207 
208  include_once './Services/User/classes/class.ilUserCreationContext.php';
209  ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
210 
211  include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
212  $update = new ilLDAPAttributeToUser($this->getServer());
213  $update->setNewUserAuthMode($this->getAuthMode());
214  $update->setUserData(
215  array(
216  $this->getExternalAccount() => $this->getUserData()
217  )
218  );
219  $update->refresh();
220 
221  // User has been created, now read internal account again
222  $this->readInternalAccount();
223  return true;
224  }
225 
230  protected function readUserData()
231  {
232  // Add internal account to user data
233  $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
234 
235  if(substr($this->getAuthMode(),0,4) == 'ldap')
236  {
237  return true;
238  }
239  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
240  $query = new ilLDAPQuery($this->getServer());
241  $user = $query->fetchUser($this->getExternalAccount());
242 
243  $this->user_data = (array) $user[$this->getExternalAccount()];
244  }
245 
246 
251  protected function readInternalAccount()
252  {
253  if(!$this->getExternalAccount())
254  {
255  throw new UnexpectedValueException('No external account given.');
256  }
257  $this->intaccount = ilObjUser::_checkExternalAuthAccount(
258  $this->getAuthMode(),
259  $this->getExternalAccount()
260  );
261  }
262 
267  protected function isUpdateRequired()
268  {
269  if(!$this->getInternalAccount())
270  {
271  return true;
272  }
273 
274  // Check attribute mapping on login
275  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
276  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
277  {
278  return true;
279  }
280 
281  // Check if there is any change in role assignments
282  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
283  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
284  {
285  return true;
286  }
287  return false;
288  }
289 
290 
295  protected function initServer($a_auth_mode,$a_server_id)
296  {
297  $this->authmode = $a_auth_mode;
298  $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
299  }
300 }
301 ?>
$_SESSION
< a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false">< img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0"/></a >< br/>< strong > Enter Code *if($_SERVER['REQUEST_METHOD']=='POST' &&@ $_POST['do']=='contact') $_SESSION['ctform']['success']
Definition: example_form.php:192
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
$_POST
$_POST['username']
Definition: cron.php:12
ilLDAPUserSynchronisation\performUpdate
performUpdate()
Update user account and role assignments.
Definition: class.ilLDAPUserSynchronisation.php:204
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilLDAPUserSynchronisation\handleAccountMigration
handleAccountMigration()
Handle account migration.
Definition: class.ilLDAPUserSynchronisation.php:175
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation($a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:165
ilUserCreationContext\getInstance
static getInstance()
Get instance.
Definition: class.ilUserCreationContext.php:38
ilLDAPUserSynchronisation\initServer
initServer($a_auth_mode, $a_server_id)
Init LDAP server.
Definition: class.ilLDAPUserSynchronisation.php:295
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilLDAPUserSynchronisation\isCreationForced
isCreationForced()
Check if creation of user account is forced (account migration)
Definition: class.ilLDAPUserSynchronisation.php:96
ilLDAPUserSynchronisation\isUpdateRequired
isUpdateRequired()
Check if an update is required.
Definition: class.ilLDAPUserSynchronisation.php:267
ilLDAPUserSynchronisation\getInternalAccount
getInternalAccount()
Get ILIAS unique internal account name.
Definition: class.ilLDAPUserSynchronisation.php:78
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:60
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Definition: class.ilLDAPServer.php:53
ilLDAPUserSynchronisation\handleCreation
handleCreation()
Handle creation of user accounts.
Definition: class.ilLDAPUserSynchronisation.php:155
ilLDAPUserSynchronisation\forceCreation
forceCreation($a_force)
Force cration of user accounts (Account migration enabled)
Definition: class.ilLDAPUserSynchronisation.php:87
ilLDAPUserSynchronisation\readInternalAccount
readInternalAccount()
Read internal account of user.
Definition: class.ilLDAPUserSynchronisation.php:251
ilLDAPUserSynchronisation\__construct
__construct($a_authmode, $a_server_id)
Constructor.
Definition: class.ilLDAPUserSynchronisation.php:33
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3767
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:34
ilLDAPUserSynchronisation\getExternalAccount
getExternalAccount()
Get external accocunt.
Definition: class.ilLDAPUserSynchronisation.php:69