ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7
14class ilLDAPUserSynchronisation
15{
16 private $authmode = 0;
17
18 private $server = null;
19
20 private $extaccount = '';
21 private $intaccount = '';
22
23 private $user_data = array();
24
25 private $force_creation = false;
26 private $force_read_ldap_data = false;
27
28
34 public function __construct($a_authmode,$a_server_id)
35 {
36 $this->initServer($a_authmode,$a_server_id);
37 }
38
43 public function getServer()
44 {
45 return $this->server;
46 }
47
52 public function getAuthMode()
53 {
54 return $this->authmode;
55 }
56
61 public function setExternalAccount($a_ext)
62 {
63 $this->extaccount = $a_ext;
64 }
65
70 public function getExternalAccount()
71 {
72 return $this->extaccount;
73 }
74
79 public function getInternalAccount()
80 {
81 return $this->intaccount;
82 }
83
88 public function forceCreation($a_force)
89 {
90 $this->force_creation = $a_force;
91 }
92
93 public function forceReadLdapData($a_status)
94 {
95 $this->force_read_ldap_data = $a_status;
96 }
97
102 public function isCreationForced()
103 {
104 return (bool) $this->force_creation;
105 }
106
111 public function getUserData()
112 {
113 return (array) $this->user_data;
114 }
115
120 public function setUserData($a_data)
121 {
122 $this->user_data = (array) $a_data;
123 }
124
131 public function sync()
132 {
133 $this->readInternalAccount();
134
135 if(!$this->getInternalAccount())
136 {
137 ilLoggerFactory::getLogger('auth')->debug('Creating new account');
138 $this->handleCreation();
139 }
140
141 // Nothing to if sync on login is disabled
142 if(!$this->getServer()->enabledSyncOnLogin())
143 {
144 return $this->getInternalAccount();
145 }
146
147 // For performance reasons, check if (an update is required)
148 if($this->isUpdateRequired())
149 {
150 ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
151 $this->readUserData();
152 $this->performUpdate();
153 }
154 return $this->getInternalAccount();
155 }
156
162 protected function handleCreation()
163 {
164 // Disabled sync on login
165 if(!$this->getServer()->enabledSyncOnLogin())
166 {
167 throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
168 }
169 // Account migration
170 if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
171 {
172 $this->readUserData();
173 $this->handleAccountMigration();
174 throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
175 }
176 }
177
182 protected function handleAccountMigration()
183 {
184 $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
185 $_SESSION['tmp_auth_mode_type'] = 'ldap';
186 $_SESSION['tmp_auth_mode_id'] = $this->getServer()->getServerId();
187 $_SESSION['tmp_external_account'] = $this->getExternalAccount();
188 $_SESSION['tmp_pass'] = $_POST['password'];
189
190 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
191 $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
192 $this->getServer()->getServerId(),
193 $this->getExternalAccount(),
194 $this->getUserData()
195 );
196
197 $_SESSION['tmp_roles'] = array();
198 foreach($roles as $info)
199 {
200 if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
201 {
202 $_SESSION['tmp_roles'][] = $info['id'];
203 }
204 }
205 return true;
206 }
207
212 protected function performUpdate()
213 {
214 #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
215
216 include_once './Services/User/classes/class.ilUserCreationContext.php';
217 ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
218
219 include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
220 $update = new ilLDAPAttributeToUser($this->getServer());
221 // begin-patch
222 $update->setNewUserAuthMode($this->getAuthMode());
223 $update->setUserData(
224 array(
225 $this->getExternalAccount() => $this->getUserData()
226 )
227 );
228 $update->refresh();
229
230 // User has been created, now read internal account again
231 $this->readInternalAccount();
232 return true;
233 }
234
239 protected function readUserData()
240 {
241 // Add internal account to user data
242 $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
243
244 if(!$this->force_read_ldap_data)
245 {
246 if(substr($this->getAuthMode(),0,4) == 'ldap')
247 {
248 return true;
249 }
250 }
251
252 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
253 $query = new ilLDAPQuery($this->getServer());
254 $user = $query->fetchUser($this->getExternalAccount());
255
256 ilLoggerFactory::getLogger('auth')->dump($user, ilLogLevel::DEBUG);
257
258 $this->user_data = (array) $user[$this->getExternalAccount()];
259 }
260
261
266 protected function readInternalAccount()
267 {
268 if(!$this->getExternalAccount())
269 {
270 throw new UnexpectedValueException('No external account given.');
271 }
272 $this->intaccount = ilObjUser::_checkExternalAuthAccount(
273 $this->getAuthMode(),
274 $this->getExternalAccount()
275 );
276 }
277
282 protected function isUpdateRequired()
283 {
284 if(!$this->getInternalAccount())
285 {
286 return true;
287 }
288
289 // Check attribute mapping on login
290 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
291 if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
292 {
293 return true;
294 }
295
296 // Check if there is any change in role assignments
297 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
298 if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
299 {
300 return true;
301 }
302 return false;
303 }
304
305
310 protected function initServer($a_auth_mode,$a_server_id)
311 {
312 $this->authmode = $a_auth_mode;
313 $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
314 }
315}
316?>
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:35
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:181
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
ilLDAPUserSynchronisation\getInternalAccount
getInternalAccount()
Get ILIAS unique internal account name.
Definition: class.ilLDAPUserSynchronisation.php:79
ilLDAPUserSynchronisation\isCreationForced
isCreationForced()
Check if creation of user account is forced (account migration)
Definition: class.ilLDAPUserSynchronisation.php:102
ilLDAPUserSynchronisation\forceCreation
forceCreation($a_force)
Force cration of user accounts (Account migration enabled)
Definition: class.ilLDAPUserSynchronisation.php:88
ilLDAPUserSynchronisation\performUpdate
performUpdate()
Update user account and role assignments.
Definition: class.ilLDAPUserSynchronisation.php:212
ilLDAPUserSynchronisation\initServer
initServer($a_auth_mode, $a_server_id)
Init LDAP server.
Definition: class.ilLDAPUserSynchronisation.php:310
ilLDAPUserSynchronisation\isUpdateRequired
isUpdateRequired()
Check if an update is required.
Definition: class.ilLDAPUserSynchronisation.php:282
ilLDAPUserSynchronisation\handleAccountMigration
handleAccountMigration()
Handle account migration.
Definition: class.ilLDAPUserSynchronisation.php:182
ilLDAPUserSynchronisation\handleCreation
handleCreation()
Handle creation of user accounts.
Definition: class.ilLDAPUserSynchronisation.php:162
ilLDAPUserSynchronisation\readInternalAccount
readInternalAccount()
Read internal account of user.
Definition: class.ilLDAPUserSynchronisation.php:266
ilLDAPUserSynchronisation\__construct
__construct($a_authmode, $a_server_id)
Constructor.
Definition: class.ilLDAPUserSynchronisation.php:34
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3766
ilUserCreationContext\getInstance
static getInstance()
Get instance.
Definition: class.ilUserCreationContext.php:38
$_POST
$_POST['username']
Definition: cron.php:12
$info
$info
Definition: example_052.php:80