ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
ilLDAPUserSynchronisation Class Reference

Synchronization of user accounts used in auth container ldap, radius , cas,... More...

+ Collaboration diagram for ilLDAPUserSynchronisation:

Public Member Functions

 __construct ($a_authmode, $a_server_id)
 Constructor. More...
 
 getServer ()
 Get current ldap server. More...
 
 getAuthMode ()
 Get Auth Mode. More...
 
 setExternalAccount ($a_ext)
 Set external account (unique for each auth mode) More...
 
 getExternalAccount ()
 Get external accocunt. More...
 
 getInternalAccount ()
 Get ILIAS unique internal account name. More...
 
 forceCreation ($a_force)
 Force cration of user accounts (Account migration enabled) More...
 
 forceReadLdapData ($a_status)
 
 isCreationForced ()
 Check if creation of user account is forced (account migration) More...
 
 getUserData ()
 Get user data. More...
 
 setUserData ($a_data)
 Set user data. More...
 
 sync ()
 Synchronize user account. More...
 

Protected Member Functions

 handleCreation ()
 Handle creation of user accounts. More...
 
 handleAccountMigration ()
 Handle account migration. More...
 
 performUpdate ()
 Update user account and role assignments. More...
 
 readUserData ()
 Read user data. More...
 
 readInternalAccount ()
 Read internal account of user. More...
 
 isUpdateRequired ()
 Check if an update is required. More...
 
 initServer ($a_auth_mode, $a_server_id)
 Init LDAP server. More...
 

Private Attributes

 $authmode = 0
 
 $server = null
 
 $extaccount = ''
 
 $intaccount = ''
 
 $user_data = array()
 
 $force_creation = false
 
 $force_read_ldap_data = false
 

Detailed Description

Synchronization of user accounts used in auth container ldap, radius , cas,...

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 14 of file class.ilLDAPUserSynchronisation.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPUserSynchronisation::__construct (   $a_authmode,
  $a_server_id 
)

Constructor.

Parameters
string$a_auth_mode

Definition at line 34 of file class.ilLDAPUserSynchronisation.php.

35 {
36 $this->initServer($a_authmode,$a_server_id);
37 }
initServer($a_auth_mode, $a_server_id)
Init LDAP server.

References initServer().

+ Here is the call graph for this function:

Member Function Documentation

◆ forceCreation()

ilLDAPUserSynchronisation::forceCreation (   $a_force)

Force cration of user accounts (Account migration enabled)

Parameters
bool$a_force

Definition at line 88 of file class.ilLDAPUserSynchronisation.php.

89 {
90 $this->force_creation = $a_force;
91 }

◆ forceReadLdapData()

ilLDAPUserSynchronisation::forceReadLdapData (   $a_status)

Definition at line 93 of file class.ilLDAPUserSynchronisation.php.

94 {
95 $this->force_read_ldap_data = $a_status;
96 }

◆ getAuthMode()

ilLDAPUserSynchronisation::getAuthMode ( )

Get Auth Mode.

Returns
int authmode

Definition at line 52 of file class.ilLDAPUserSynchronisation.php.

References $authmode.

Referenced by handleAccountMigration(), performUpdate(), readInternalAccount(), and readUserData().

+ Here is the caller graph for this function:

◆ getExternalAccount()

ilLDAPUserSynchronisation::getExternalAccount ( )

Get external accocunt.

Returns
<type>

Definition at line 70 of file class.ilLDAPUserSynchronisation.php.

References $extaccount.

Referenced by handleAccountMigration(), performUpdate(), readInternalAccount(), and readUserData().

+ Here is the caller graph for this function:

◆ getInternalAccount()

ilLDAPUserSynchronisation::getInternalAccount ( )

Get ILIAS unique internal account name.

Returns
string internal account

Definition at line 79 of file class.ilLDAPUserSynchronisation.php.

References $intaccount.

Referenced by isUpdateRequired(), readUserData(), and sync().

+ Here is the caller graph for this function:

◆ getServer()

ilLDAPUserSynchronisation::getServer ( )

Get current ldap server.

Returns
ilLDAPServer $server

Definition at line 43 of file class.ilLDAPUserSynchronisation.php.

References $server.

Referenced by handleAccountMigration(), handleCreation(), isUpdateRequired(), performUpdate(), readUserData(), and sync().

+ Here is the caller graph for this function:

◆ getUserData()

ilLDAPUserSynchronisation::getUserData ( )

Get user data.

Returns
array $user_data

Definition at line 111 of file class.ilLDAPUserSynchronisation.php.

References $user_data.

Referenced by handleAccountMigration(), and performUpdate().

+ Here is the caller graph for this function:

◆ handleAccountMigration()

ilLDAPUserSynchronisation::handleAccountMigration ( )
protected

Handle account migration.

Todo:
to much session based handling

Definition at line 182 of file class.ilLDAPUserSynchronisation.php.

183 {
184 $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
185 $_SESSION['tmp_auth_mode_type'] = 'ldap';
186 $_SESSION['tmp_auth_mode_id'] = $this->getServer()->getServerId();
187 $_SESSION['tmp_external_account'] = $this->getExternalAccount();
188 $_SESSION['tmp_pass'] = $_POST['password'];
189
190 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
192 $this->getServer()->getServerId(),
193 $this->getExternalAccount(),
194 $this->getUserData()
195 );
196
197 $_SESSION['tmp_roles'] = array();
198 foreach($roles as $info)
199 {
201 {
202 $_SESSION['tmp_roles'][] = $info['id'];
203 }
204 }
205 return true;
206 }
$_SESSION["AccountId"]
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
$_POST['username']
Definition: cron.php:12
$info
Definition: example_052.php:80

References $_POST, $_SESSION, $info, ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), getAuthMode(), getExternalAccount(), getServer(), getUserData(), and ilLDAPRoleAssignmentRules\ROLE_ACTION_ASSIGN.

Referenced by handleCreation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleCreation()

ilLDAPUserSynchronisation::handleCreation ( )
protected

Handle creation of user accounts.

Exceptions
ilLDAPSynchronisationForbiddenException
ilLDAPAccountMigrationRequiredException

Definition at line 162 of file class.ilLDAPUserSynchronisation.php.

163 {
164 // Disabled sync on login
165 if(!$this->getServer()->enabledSyncOnLogin())
166 {
167 throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
168 }
169 // Account migration
170 if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
171 {
172 $this->readUserData();
173 $this->handleAccountMigration();
174 throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
175 }
176 }
Description of ilLDAPAccountMigrationRequiredException.
isCreationForced()
Check if creation of user account is forced (account migration)
handleAccountMigration()
Handle account migration.

References getServer(), handleAccountMigration(), isCreationForced(), and readUserData().

Referenced by sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initServer()

ilLDAPUserSynchronisation::initServer (   $a_auth_mode,
  $a_server_id 
)
protected

Init LDAP server.

Parameters
int$a_server_id

Definition at line 310 of file class.ilLDAPUserSynchronisation.php.

311 {
312 $this->authmode = $a_auth_mode;
313 $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
314 }
static getInstanceByServerId($a_server_id)
Get instance by server id.

References ilLDAPServer\getInstanceByServerId().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isCreationForced()

ilLDAPUserSynchronisation::isCreationForced ( )

Check if creation of user account is forced (account migration)

Returns
bool

Definition at line 102 of file class.ilLDAPUserSynchronisation.php.

References $force_creation.

Referenced by handleCreation().

+ Here is the caller graph for this function:

◆ isUpdateRequired()

ilLDAPUserSynchronisation::isUpdateRequired ( )
protected

Check if an update is required.

Returns
bool

Definition at line 282 of file class.ilLDAPUserSynchronisation.php.

283 {
284 if(!$this->getInternalAccount())
285 {
286 return true;
287 }
288
289 // Check attribute mapping on login
290 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
291 if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
292 {
293 return true;
294 }
295
296 // Check if there is any change in role assignments
297 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
299 {
300 return true;
301 }
302 return false;
303 }
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
static hasRulesForUpdate()
Check if there any rule for updates.
getInternalAccount()
Get ILIAS unique internal account name.

References getInternalAccount(), getServer(), ilLDAPAttributeMapping\hasRulesForUpdate(), and ilLDAPRoleAssignmentRule\hasRulesForUpdate().

Referenced by sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ performUpdate()

ilLDAPUserSynchronisation::performUpdate ( )
protected

Update user account and role assignments.

Returns
bool

Definition at line 212 of file class.ilLDAPUserSynchronisation.php.

213 {
214 #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
215
216 include_once './Services/User/classes/class.ilUserCreationContext.php';
218
219 include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
220 $update = new ilLDAPAttributeToUser($this->getServer());
221 // begin-patch
222 $update->setNewUserAuthMode($this->getAuthMode());
223 $update->setUserData(
224 array(
225 $this->getExternalAccount() => $this->getUserData()
226 )
227 );
228 $update->refresh();
229
230 // User has been created, now read internal account again
231 $this->readInternalAccount();
232 return true;
233 }
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
readInternalAccount()
Read internal account of user.
static getInstance()
Get instance.

References ilUserCreationContext\CONTEXT_LDAP, getAuthMode(), getExternalAccount(), ilUserCreationContext\getInstance(), getServer(), getUserData(), and readInternalAccount().

Referenced by sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readInternalAccount()

ilLDAPUserSynchronisation::readInternalAccount ( )
protected

Read internal account of user.

Exceptions
UnexpectedValueException

Definition at line 266 of file class.ilLDAPUserSynchronisation.php.

267 {
268 if(!$this->getExternalAccount())
269 {
270 throw new UnexpectedValueException('No external account given.');
271 }
272 $this->intaccount = ilObjUser::_checkExternalAuthAccount(
273 $this->getAuthMode(),
274 $this->getExternalAccount()
275 );
276 }
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user

References ilObjUser\_checkExternalAuthAccount(), getAuthMode(), and getExternalAccount().

Referenced by performUpdate(), and sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readUserData()

ilLDAPUserSynchronisation::readUserData ( )
protected

Read user data.

In case of auth mode != 'ldap' start a query with external account name against ldap server

Definition at line 239 of file class.ilLDAPUserSynchronisation.php.

240 {
241 // Add internal account to user data
242 $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
243
244 if(!$this->force_read_ldap_data)
245 {
246 if(substr($this->getAuthMode(),0,4) == 'ldap')
247 {
248 return true;
249 }
250 }
251
252 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
253 $query = new ilLDAPQuery($this->getServer());
254 $user = $query->fetchUser($this->getExternalAccount());
255
256 ilLoggerFactory::getLogger('auth')->dump($user, ilLogLevel::DEBUG);
257
258 $this->user_data = (array) $user[$this->getExternalAccount()];
259 }
static getLogger($a_component_id)
Get component logger.

References $query, ilLogLevel\DEBUG, getAuthMode(), getExternalAccount(), getInternalAccount(), ilLoggerFactory\getLogger(), and getServer().

Referenced by handleCreation(), and sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setExternalAccount()

ilLDAPUserSynchronisation::setExternalAccount (   $a_ext)

Set external account (unique for each auth mode)

Parameters
string$a_ext

Definition at line 61 of file class.ilLDAPUserSynchronisation.php.

62 {
63 $this->extaccount = $a_ext;
64 }

◆ setUserData()

ilLDAPUserSynchronisation::setUserData (   $a_data)

Set user data.

Parameters
array$a_data

Definition at line 120 of file class.ilLDAPUserSynchronisation.php.

121 {
122 $this->user_data = (array) $a_data;
123 }

◆ sync()

ilLDAPUserSynchronisation::sync ( )

Synchronize user account.

Todo:
Redirects to account migration if required
Exceptions
UnexpectedValueExceptionmissing or wrong external account given
ilLDAPSynchronisationForbiddenExceptionif user synchronisation is disabled

Definition at line 131 of file class.ilLDAPUserSynchronisation.php.

132 {
133 $this->readInternalAccount();
134
135 if(!$this->getInternalAccount())
136 {
137 ilLoggerFactory::getLogger('auth')->debug('Creating new account');
138 $this->handleCreation();
139 }
140
141 // Nothing to if sync on login is disabled
142 if(!$this->getServer()->enabledSyncOnLogin())
143 {
144 return $this->getInternalAccount();
145 }
146
147 // For performance reasons, check if (an update is required)
148 if($this->isUpdateRequired())
149 {
150 ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
151 $this->readUserData();
152 $this->performUpdate();
153 }
154 return $this->getInternalAccount();
155 }
performUpdate()
Update user account and role assignments.
isUpdateRequired()
Check if an update is required.
handleCreation()
Handle creation of user accounts.

References getInternalAccount(), ilLoggerFactory\getLogger(), getServer(), handleCreation(), isUpdateRequired(), performUpdate(), readInternalAccount(), and readUserData().

+ Here is the call graph for this function:

Field Documentation

◆ $authmode

ilLDAPUserSynchronisation::$authmode = 0
private

Definition at line 16 of file class.ilLDAPUserSynchronisation.php.

Referenced by getAuthMode().

◆ $extaccount

ilLDAPUserSynchronisation::$extaccount = ''
private

Definition at line 20 of file class.ilLDAPUserSynchronisation.php.

Referenced by getExternalAccount().

◆ $force_creation

ilLDAPUserSynchronisation::$force_creation = false
private

Definition at line 25 of file class.ilLDAPUserSynchronisation.php.

Referenced by isCreationForced().

◆ $force_read_ldap_data

ilLDAPUserSynchronisation::$force_read_ldap_data = false
private

Definition at line 26 of file class.ilLDAPUserSynchronisation.php.

◆ $intaccount

ilLDAPUserSynchronisation::$intaccount = ''
private

Definition at line 21 of file class.ilLDAPUserSynchronisation.php.

Referenced by getInternalAccount().

◆ $server

ilLDAPUserSynchronisation::$server = null
private

Definition at line 18 of file class.ilLDAPUserSynchronisation.php.

Referenced by getServer().

◆ $user_data

ilLDAPUserSynchronisation::$user_data = array()
private

Definition at line 23 of file class.ilLDAPUserSynchronisation.php.

Referenced by getUserData().


The documentation for this class was generated from the following file: