ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
ilLDAPUserSynchronisation Class Reference

Synchronization of user accounts used in auth container ldap, radius , cas,... More...

+ Collaboration diagram for ilLDAPUserSynchronisation:

Public Member Functions

 __construct ($a_authmode, $a_server_id)
 Constructor. More...
 
 getServer ()
 Get current ldap server. More...
 
 getAuthMode ()
 Get Auth Mode. More...
 
 setExternalAccount ($a_ext)
 Set external account (unique for each auth mode) More...
 
 getExternalAccount ()
 Get external accocunt. More...
 
 getInternalAccount ()
 Get ILIAS unique internal account name. More...
 
 forceCreation ($a_force)
 Force cration of user accounts (Account migration enabled) More...
 
 forceReadLdapData ($a_status)
 
 isCreationForced ()
 Check if creation of user account is forced (account migration) More...
 
 getUserData ()
 Get user data. More...
 
 setUserData ($a_data)
 Set user data. More...
 
 sync ()
 Synchronize user account. More...
 

Protected Member Functions

 handleCreation ()
 Handle creation of user accounts. More...
 
 handleAccountMigration ()
 Handle account migration. More...
 
 performUpdate ()
 Update user account and role assignments. More...
 
 readUserData ()
 Read user data. More...
 
 readInternalAccount ()
 Read internal account of user. More...
 
 isUpdateRequired ()
 Check if an update is required. More...
 
 initServer ($a_auth_mode, $a_server_id)
 Init LDAP server. More...
 

Private Attributes

 $authmode = 0
 
 $server = null
 
 $extaccount = ''
 
 $intaccount = ''
 
 $user_data = array()
 
 $force_creation = false
 
 $force_read_ldap_data = false
 

Detailed Description

Synchronization of user accounts used in auth container ldap, radius , cas,...

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 14 of file class.ilLDAPUserSynchronisation.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPUserSynchronisation::__construct (   $a_authmode,
  $a_server_id 
)

Constructor.

Parameters
string$a_auth_mode

Definition at line 34 of file class.ilLDAPUserSynchronisation.php.

References initServer().

35  {
36  $this->initServer($a_authmode,$a_server_id);
37  }
initServer($a_auth_mode, $a_server_id)
Init LDAP server.
+ Here is the call graph for this function:

Member Function Documentation

◆ forceCreation()

ilLDAPUserSynchronisation::forceCreation (   $a_force)

Force cration of user accounts (Account migration enabled)

Parameters
bool$a_force

Definition at line 88 of file class.ilLDAPUserSynchronisation.php.

89  {
90  $this->force_creation = $a_force;
91  }

◆ forceReadLdapData()

ilLDAPUserSynchronisation::forceReadLdapData (   $a_status)

Definition at line 93 of file class.ilLDAPUserSynchronisation.php.

94  {
95  $this->force_read_ldap_data = $a_status;
96  }

◆ getAuthMode()

ilLDAPUserSynchronisation::getAuthMode ( )

Get Auth Mode.

Returns
int authmode

Definition at line 52 of file class.ilLDAPUserSynchronisation.php.

References $authmode.

Referenced by handleAccountMigration(), performUpdate(), readInternalAccount(), and readUserData().

+ Here is the caller graph for this function:

◆ getExternalAccount()

ilLDAPUserSynchronisation::getExternalAccount ( )

Get external accocunt.

Returns
<type>

Definition at line 70 of file class.ilLDAPUserSynchronisation.php.

References $extaccount.

Referenced by handleAccountMigration(), performUpdate(), readInternalAccount(), and readUserData().

+ Here is the caller graph for this function:

◆ getInternalAccount()

ilLDAPUserSynchronisation::getInternalAccount ( )

Get ILIAS unique internal account name.

Returns
string internal account

Definition at line 79 of file class.ilLDAPUserSynchronisation.php.

References $intaccount.

Referenced by isUpdateRequired(), readUserData(), and sync().

+ Here is the caller graph for this function:

◆ getServer()

ilLDAPUserSynchronisation::getServer ( )

Get current ldap server.

Returns
ilLDAPServer $server

Definition at line 43 of file class.ilLDAPUserSynchronisation.php.

References $server.

Referenced by handleAccountMigration(), handleCreation(), isUpdateRequired(), performUpdate(), readUserData(), and sync().

+ Here is the caller graph for this function:

◆ getUserData()

ilLDAPUserSynchronisation::getUserData ( )

Get user data.

Returns
array $user_data

Definition at line 111 of file class.ilLDAPUserSynchronisation.php.

References $user_data.

Referenced by handleAccountMigration(), and performUpdate().

112  {
113  return (array) $this->user_data;
114  }
+ Here is the caller graph for this function:

◆ handleAccountMigration()

ilLDAPUserSynchronisation::handleAccountMigration ( )
protected

Handle account migration.

Todo:
to much session based handling

Definition at line 182 of file class.ilLDAPUserSynchronisation.php.

References $_POST, $_SESSION, $info, ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), getAuthMode(), getExternalAccount(), getServer(), getUserData(), and ilLDAPRoleAssignmentRules\ROLE_ACTION_ASSIGN.

Referenced by handleCreation().

183  {
184  $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
185  $_SESSION['tmp_auth_mode_type'] = 'ldap';
186  $_SESSION['tmp_auth_mode_id'] = $this->getServer()->getServerId();
187  $_SESSION['tmp_external_account'] = $this->getExternalAccount();
188  $_SESSION['tmp_pass'] = $_POST['password'];
189 
190  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
192  $this->getServer()->getServerId(),
193  $this->getExternalAccount(),
194  $this->getUserData()
195  );
196 
197  $_SESSION['tmp_roles'] = array();
198  foreach($roles as $info)
199  {
200  if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
201  {
202  $_SESSION['tmp_roles'][] = $info['id'];
203  }
204  }
205  return true;
206  }
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
$_POST['username']
Definition: cron.php:12
$_SESSION["AccountId"]
$info
Definition: example_052.php:80
getExternalAccount()
Get external accocunt.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleCreation()

ilLDAPUserSynchronisation::handleCreation ( )
protected

Handle creation of user accounts.

Exceptions
ilLDAPSynchronisationForbiddenException
ilLDAPAccountMigrationRequiredException

Definition at line 162 of file class.ilLDAPUserSynchronisation.php.

References getServer(), handleAccountMigration(), isCreationForced(), and readUserData().

Referenced by sync().

163  {
164  // Disabled sync on login
165  if(!$this->getServer()->enabledSyncOnLogin())
166  {
167  throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
168  }
169  // Account migration
170  if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
171  {
172  $this->readUserData();
173  $this->handleAccountMigration();
174  throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
175  }
176  }
handleAccountMigration()
Handle account migration.
isCreationForced()
Check if creation of user account is forced (account migration)
Description of ilLDAPAccountMigrationRequiredException.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initServer()

ilLDAPUserSynchronisation::initServer (   $a_auth_mode,
  $a_server_id 
)
protected

Init LDAP server.

Parameters
int$a_server_id

Definition at line 310 of file class.ilLDAPUserSynchronisation.php.

References ilLDAPServer\getInstanceByServerId().

Referenced by __construct().

311  {
312  $this->authmode = $a_auth_mode;
313  $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
314  }
static getInstanceByServerId($a_server_id)
Get instance by server id.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isCreationForced()

ilLDAPUserSynchronisation::isCreationForced ( )

Check if creation of user account is forced (account migration)

Returns
bool

Definition at line 102 of file class.ilLDAPUserSynchronisation.php.

References $force_creation.

Referenced by handleCreation().

+ Here is the caller graph for this function:

◆ isUpdateRequired()

ilLDAPUserSynchronisation::isUpdateRequired ( )
protected

Check if an update is required.

Returns
bool

Definition at line 282 of file class.ilLDAPUserSynchronisation.php.

References getInternalAccount(), getServer(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by sync().

283  {
284  if(!$this->getInternalAccount())
285  {
286  return true;
287  }
288 
289  // Check attribute mapping on login
290  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
291  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
292  {
293  return true;
294  }
295 
296  // Check if there is any change in role assignments
297  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
299  {
300  return true;
301  }
302  return false;
303  }
static hasRulesForUpdate()
Check if there any rule for updates.
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
getInternalAccount()
Get ILIAS unique internal account name.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ performUpdate()

ilLDAPUserSynchronisation::performUpdate ( )
protected

Update user account and role assignments.

Returns
bool

Definition at line 212 of file class.ilLDAPUserSynchronisation.php.

References ilUserCreationContext\CONTEXT_LDAP, getAuthMode(), getExternalAccount(), ilUserCreationContext\getInstance(), getServer(), getUserData(), and readInternalAccount().

Referenced by sync().

213  {
214  #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
215 
216  include_once './Services/User/classes/class.ilUserCreationContext.php';
218 
219  include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
220  $update = new ilLDAPAttributeToUser($this->getServer());
221  // begin-patch
222  $update->setNewUserAuthMode($this->getAuthMode());
223  $update->setUserData(
224  array(
225  $this->getExternalAccount() => $this->getUserData()
226  )
227  );
228  $update->refresh();
229 
230  // User has been created, now read internal account again
231  $this->readInternalAccount();
232  return true;
233  }
static getInstance()
Get instance.
readInternalAccount()
Read internal account of user.
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
getExternalAccount()
Get external accocunt.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readInternalAccount()

ilLDAPUserSynchronisation::readInternalAccount ( )
protected

Read internal account of user.

Exceptions
UnexpectedValueException

Definition at line 266 of file class.ilLDAPUserSynchronisation.php.

References ilObjUser\_checkExternalAuthAccount(), getAuthMode(), and getExternalAccount().

Referenced by performUpdate(), and sync().

267  {
268  if(!$this->getExternalAccount())
269  {
270  throw new UnexpectedValueException('No external account given.');
271  }
272  $this->intaccount = ilObjUser::_checkExternalAuthAccount(
273  $this->getAuthMode(),
274  $this->getExternalAccount()
275  );
276  }
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
getExternalAccount()
Get external accocunt.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readUserData()

ilLDAPUserSynchronisation::readUserData ( )
protected

Read user data.

In case of auth mode != 'ldap' start a query with external account name against ldap server

Definition at line 239 of file class.ilLDAPUserSynchronisation.php.

References $query, ilLogLevel\DEBUG, getAuthMode(), getExternalAccount(), getInternalAccount(), ilLoggerFactory\getLogger(), and getServer().

Referenced by handleCreation(), and sync().

240  {
241  // Add internal account to user data
242  $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
243 
244  if(!$this->force_read_ldap_data)
245  {
246  if(substr($this->getAuthMode(),0,4) == 'ldap')
247  {
248  return true;
249  }
250  }
251 
252  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
253  $query = new ilLDAPQuery($this->getServer());
254  $user = $query->fetchUser($this->getExternalAccount());
255 
256  ilLoggerFactory::getLogger('auth')->dump($user, ilLogLevel::DEBUG);
257 
258  $this->user_data = (array) $user[$this->getExternalAccount()];
259  }
getInternalAccount()
Get ILIAS unique internal account name.
static getLogger($a_component_id)
Get component logger.
getExternalAccount()
Get external accocunt.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setExternalAccount()

ilLDAPUserSynchronisation::setExternalAccount (   $a_ext)

Set external account (unique for each auth mode)

Parameters
string$a_ext

Definition at line 61 of file class.ilLDAPUserSynchronisation.php.

Referenced by ilAuthContainerCAS\handleLDAPDataSource(), ilAuthContainerRadius\handleLDAPDataSource(), ilAuthContainerApache\handleLDAPDataSource(), and ilAuthContainerLDAP\loginObserver().

62  {
63  $this->extaccount = $a_ext;
64  }
+ Here is the caller graph for this function:

◆ setUserData()

ilLDAPUserSynchronisation::setUserData (   $a_data)

Set user data.

Parameters
array$a_data

Definition at line 120 of file class.ilLDAPUserSynchronisation.php.

121  {
122  $this->user_data = (array) $a_data;
123  }

◆ sync()

ilLDAPUserSynchronisation::sync ( )

Synchronize user account.

Todo:
Redirects to account migration if required
Exceptions
UnexpectedValueExceptionmissing or wrong external account given
ilLDAPSynchronisationForbiddenExceptionif user synchronisation is disabled

Definition at line 131 of file class.ilLDAPUserSynchronisation.php.

References getInternalAccount(), ilLoggerFactory\getLogger(), getServer(), handleCreation(), isUpdateRequired(), performUpdate(), readInternalAccount(), and readUserData().

132  {
133  $this->readInternalAccount();
134 
135  if(!$this->getInternalAccount())
136  {
137  ilLoggerFactory::getLogger('auth')->debug('Creating new account');
138  $this->handleCreation();
139  }
140 
141  // Nothing to if sync on login is disabled
142  if(!$this->getServer()->enabledSyncOnLogin())
143  {
144  return $this->getInternalAccount();
145  }
146 
147  // For performance reasons, check if (an update is required)
148  if($this->isUpdateRequired())
149  {
150  ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
151  $this->readUserData();
152  $this->performUpdate();
153  }
154  return $this->getInternalAccount();
155  }
performUpdate()
Update user account and role assignments.
isUpdateRequired()
Check if an update is required.
getInternalAccount()
Get ILIAS unique internal account name.
handleCreation()
Handle creation of user accounts.
readInternalAccount()
Read internal account of user.
static getLogger($a_component_id)
Get component logger.
+ Here is the call graph for this function:

Field Documentation

◆ $authmode

ilLDAPUserSynchronisation::$authmode = 0
private

Definition at line 16 of file class.ilLDAPUserSynchronisation.php.

Referenced by getAuthMode().

◆ $extaccount

ilLDAPUserSynchronisation::$extaccount = ''
private

Definition at line 20 of file class.ilLDAPUserSynchronisation.php.

Referenced by getExternalAccount().

◆ $force_creation

ilLDAPUserSynchronisation::$force_creation = false
private

Definition at line 25 of file class.ilLDAPUserSynchronisation.php.

Referenced by isCreationForced().

◆ $force_read_ldap_data

ilLDAPUserSynchronisation::$force_read_ldap_data = false
private

Definition at line 26 of file class.ilLDAPUserSynchronisation.php.

◆ $intaccount

ilLDAPUserSynchronisation::$intaccount = ''
private

Definition at line 21 of file class.ilLDAPUserSynchronisation.php.

Referenced by getInternalAccount().

◆ $server

ilLDAPUserSynchronisation::$server = null
private

Definition at line 18 of file class.ilLDAPUserSynchronisation.php.

Referenced by getServer().

◆ $user_data

ilLDAPUserSynchronisation::$user_data = array()
private

Definition at line 23 of file class.ilLDAPUserSynchronisation.php.

Referenced by getUserData().


The documentation for this class was generated from the following file: