Synchronization of user accounts used in auth container ldap, radius , cas,... More...

Collaboration diagram for ilLDAPUserSynchronisation:

Public Member Functions
	__construct ($a_authmode, $a_server_id)
	Constructor. More...

	getServer ()
	Get current ldap server. More...

	getAuthMode ()
	Get Auth Mode. More...

	setExternalAccount ($a_ext)
	Set external account (unique for each auth mode) More...

	getExternalAccount ()
	Get external accocunt. More...

	getInternalAccount ()
	Get ILIAS unique internal account name. More...

	forceCreation ($a_force)
	Force cration of user accounts (Account migration enabled) More...

	forceReadLdapData ($a_status)

	isCreationForced ()
	Check if creation of user account is forced (account migration) More...

	getUserData ()
	Get user data. More...

	setUserData ($a_data)
	Set user data. More...

	sync ()
	Synchronize user account. More...

Protected Member Functions
	handleCreation ()
	Handle creation of user accounts. More...

	handleAccountMigration ()
	Handle account migration. More...

	performUpdate ()
	Update user account and role assignments. More...

	readUserData ()
	Read user data. More...

	readInternalAccount ()
	Read internal account of user. More...

	isUpdateRequired ()
	Check if an update is required. More...

	initServer ($a_auth_mode, $a_server_id)
	Init LDAP server. More...

Private Attributes
	$authmode = 0

	$server = null

	$extaccount = ''

	$intaccount = ''

	$user_data = array()

	$force_creation = false

	$force_read_ldap_data = false

Detailed Description

Synchronization of user accounts used in auth container ldap, radius , cas,...

Author: Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 14 of file class.ilLDAPUserSynchronisation.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPUserSynchronisation::__construct	(	$a_authmode,
		$a_server_id
	)

Constructor.

Parameters

string $a_auth_mode

Definition at line 34 of file class.ilLDAPUserSynchronisation.php.

References initServer().

         {
                 $this->initServer($a_authmode,$a_server_id);
         }

Here is the call graph for this function:

Member Function Documentation

◆ forceCreation()

ilLDAPUserSynchronisation::forceCreation ( $a_force )

Force cration of user accounts (Account migration enabled)

Parameters

bool $a_force

Definition at line 88 of file class.ilLDAPUserSynchronisation.php.

         {
                 $this->force_creation = $a_force;
         }

◆ forceReadLdapData()

ilLDAPUserSynchronisation::forceReadLdapData ( $a_status )

Definition at line 93 of file class.ilLDAPUserSynchronisation.php.

         {
                 $this->force_read_ldap_data = $a_status;
         }

◆ getAuthMode()

ilLDAPUserSynchronisation::getAuthMode ( )

Get Auth Mode.

Returns: int authmode

Definition at line 52 of file class.ilLDAPUserSynchronisation.php.

References $authmode.

Referenced by handleAccountMigration(), performUpdate(), readInternalAccount(), and readUserData().

         {
                 return $this->authmode;
         }

Here is the caller graph for this function:

◆ getExternalAccount()

ilLDAPUserSynchronisation::getExternalAccount ( )

Get external accocunt.

Returns: <type>

Definition at line 70 of file class.ilLDAPUserSynchronisation.php.

References $extaccount.

Referenced by handleAccountMigration(), performUpdate(), readInternalAccount(), and readUserData().

         {
                 return $this->extaccount;
         }

Here is the caller graph for this function:

◆ getInternalAccount()

ilLDAPUserSynchronisation::getInternalAccount ( )

Get ILIAS unique internal account name.

Returns: string internal account

Definition at line 79 of file class.ilLDAPUserSynchronisation.php.

References $intaccount.

Referenced by isUpdateRequired(), readUserData(), and sync().

         {
                 return $this->intaccount;
         }

Here is the caller graph for this function:

◆ getServer()

ilLDAPUserSynchronisation::getServer ( )

Get current ldap server.

Returns: ilLDAPServer $server

Definition at line 43 of file class.ilLDAPUserSynchronisation.php.

References $server.

Referenced by handleAccountMigration(), handleCreation(), isUpdateRequired(), performUpdate(), readUserData(), and sync().

         {
                 return $this->server;
         }

Here is the caller graph for this function:

◆ getUserData()

ilLDAPUserSynchronisation::getUserData ( )

Get user data.

Returns: array $user_data

Definition at line 111 of file class.ilLDAPUserSynchronisation.php.

References $user_data.

Referenced by handleAccountMigration(), and performUpdate().

         {
                 return (array) $this->user_data;
         }

Here is the caller graph for this function:

◆ handleAccountMigration()

ilLDAPUserSynchronisation::handleAccountMigration ( )

protected

Handle account migration.

Todo:: to much session based handling

Definition at line 182 of file class.ilLDAPUserSynchronisation.php.

References $_POST, $_SESSION, $info, ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), getAuthMode(), getExternalAccount(), getServer(), getUserData(), and ilLDAPRoleAssignmentRules\ROLE_ACTION_ASSIGN.

Referenced by handleCreation().

         {
                 $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
                 $_SESSION['tmp_auth_mode_type'] = 'ldap';
                 $_SESSION['tmp_auth_mode_id'] = $this->getServer()->getServerId();
                 $_SESSION['tmp_external_account'] = $this->getExternalAccount();
                 $_SESSION['tmp_pass'] = $_POST['password'];
                 
                 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
                 $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
                         $this->getServer()->getServerId(),
                         $this->getExternalAccount(),
                         $this->getUserData()
                 );
                 
                 $_SESSION['tmp_roles'] = array();
                 foreach($roles as $info)
                 {
                         if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
                         {
                                 $_SESSION['tmp_roles'][] = $info['id']; 
                         }
                 }
                 return true;
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ handleCreation()

ilLDAPUserSynchronisation::handleCreation ( )

protected

Handle creation of user accounts.

Exceptions

ilLDAPSynchronisationForbiddenException
ilLDAPAccountMigrationRequiredException

Definition at line 162 of file class.ilLDAPUserSynchronisation.php.

References getServer(), handleAccountMigration(), isCreationForced(), and readUserData().

Referenced by sync().

         {
                 // Disabled sync on login
                 if(!$this->getServer()->enabledSyncOnLogin())
                 {
                         throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
                 }
                 // Account migration
                 if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
                 {
                         $this->readUserData();
                         $this->handleAccountMigration();
                         throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
                 }
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ initServer()

ilLDAPUserSynchronisation::initServer	(	$a_auth_mode,
		$a_server_id
	)

protected

Init LDAP server.

Parameters

int $a_server_id

Definition at line 310 of file class.ilLDAPUserSynchronisation.php.

References ilLDAPServer\getInstanceByServerId().

Referenced by __construct().

         {
                 $this->authmode = $a_auth_mode;
                 $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isCreationForced()

ilLDAPUserSynchronisation::isCreationForced ( )

Check if creation of user account is forced (account migration)

Returns: bool

Definition at line 102 of file class.ilLDAPUserSynchronisation.php.

References $force_creation.

Referenced by handleCreation().

         {
                 return (bool) $this->force_creation;
         }

Here is the caller graph for this function:

◆ isUpdateRequired()

ilLDAPUserSynchronisation::isUpdateRequired ( )

protected

Check if an update is required.

Returns: bool

Definition at line 282 of file class.ilLDAPUserSynchronisation.php.

References getInternalAccount(), getServer(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by sync().

         {
                 if(!$this->getInternalAccount())
                 {
                         return true;
                 }
 
                 // Check attribute mapping on login
                 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
                 if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
                 {
                         return true;
                 }
 
                 // Check if there is any change in role assignments
                 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
                 if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
                 {
                         return true;
                 }
                 return false;
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ performUpdate()

ilLDAPUserSynchronisation::performUpdate ( )

protected

Update user account and role assignments.

Returns: bool

Definition at line 212 of file class.ilLDAPUserSynchronisation.php.

References ilUserCreationContext\CONTEXT_LDAP, getAuthMode(), getExternalAccount(), ilUserCreationContext\getInstance(), getServer(), getUserData(), and readInternalAccount().

Referenced by sync().

         {
                 #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
 
                 include_once './Services/User/classes/class.ilUserCreationContext.php';
                 ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
 
                 include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
                 $update = new ilLDAPAttributeToUser($this->getServer());
                 // begin-patch 
                 $update->setNewUserAuthMode($this->getAuthMode());
                 $update->setUserData(
                         array(
                                 $this->getExternalAccount() => $this->getUserData()
                         )
                 );
                 $update->refresh();
 
                 // User has been created, now read internal account again
                 $this->readInternalAccount();
                 return true;
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ readInternalAccount()

ilLDAPUserSynchronisation::readInternalAccount ( )

protected

Read internal account of user.

Exceptions

UnexpectedValueException

Definition at line 266 of file class.ilLDAPUserSynchronisation.php.

References ilObjUser\_checkExternalAuthAccount(), getAuthMode(), and getExternalAccount().

Referenced by performUpdate(), and sync().

         {
                 if(!$this->getExternalAccount())
                 {
                         throw new UnexpectedValueException('No external account given.');
                 }
                 $this->intaccount = ilObjUser::_checkExternalAuthAccount(
                         $this->getAuthMode(),
                         $this->getExternalAccount()
                 );
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ readUserData()

ilLDAPUserSynchronisation::readUserData ( )

protected

Read user data.

In case of auth mode != 'ldap' start a query with external account name against ldap server

Definition at line 239 of file class.ilLDAPUserSynchronisation.php.

References $query, ilLogLevel\DEBUG, getAuthMode(), getExternalAccount(), getInternalAccount(), ilLoggerFactory\getLogger(), and getServer().

Referenced by handleCreation(), and sync().

         {
                 // Add internal account to user data
                 $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
 
                 if(!$this->force_read_ldap_data)
                 {
                         if(substr($this->getAuthMode(),0,4) == 'ldap')
                         {
                                 return true;
                         }
                 }
                 
                 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
                 $query = new ilLDAPQuery($this->getServer());
                 $user = $query->fetchUser($this->getExternalAccount());
                 
                 ilLoggerFactory::getLogger('auth')->dump($user, ilLogLevel::DEBUG);
 
                 $this->user_data = (array) $user[$this->getExternalAccount()];
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setExternalAccount()

ilLDAPUserSynchronisation::setExternalAccount ( $a_ext )

Set external account (unique for each auth mode)

Parameters

string $a_ext

Definition at line 61 of file class.ilLDAPUserSynchronisation.php.

Referenced by ilAuthContainerCAS\handleLDAPDataSource(), ilAuthContainerRadius\handleLDAPDataSource(), ilAuthContainerApache\handleLDAPDataSource(), and ilAuthContainerLDAP\loginObserver().

         {
                 $this->extaccount = $a_ext;
         }

Here is the caller graph for this function:

◆ setUserData()

ilLDAPUserSynchronisation::setUserData ( $a_data )

Set user data.

Parameters

array $a_data

Definition at line 120 of file class.ilLDAPUserSynchronisation.php.

         {
                 $this->user_data = (array) $a_data;
         }

◆ sync()

ilLDAPUserSynchronisation::sync ( )

Synchronize user account.

Todo:: Redirects to account migration if required

Exceptions

UnexpectedValueException	missing or wrong external account given
ilLDAPSynchronisationForbiddenException	if user synchronisation is disabled

Definition at line 131 of file class.ilLDAPUserSynchronisation.php.

References getInternalAccount(), ilLoggerFactory\getLogger(), getServer(), handleCreation(), isUpdateRequired(), performUpdate(), readInternalAccount(), and readUserData().

         {
                 $this->readInternalAccount();
                 
                 if(!$this->getInternalAccount())
                 {
                         ilLoggerFactory::getLogger('auth')->debug('Creating new account');
                         $this->handleCreation();
                 }
 
                 // Nothing to if sync on login is disabled
                 if(!$this->getServer()->enabledSyncOnLogin())
                 {
                         return $this->getInternalAccount();
                 }
 
                 // For performance reasons, check if (an update is required)
                 if($this->isUpdateRequired())
                 {
                         ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
                         $this->readUserData();
                         $this->performUpdate();
                 }
                 return $this->getInternalAccount();
         }