ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5 include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6 include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7 
14 class ilLDAPUserSynchronisation
15 {
16  private $authmode = 0;
17 
18  private $server = null;
19 
20  private $extaccount = '';
21  private $intaccount = '';
22 
23  private $user_data = array();
24 
25  private $force_creation = false;
26  private $force_read_ldap_data = false;
27 
28 
34  public function __construct($a_authmode,$a_server_id)
35  {
36  $this->initServer($a_authmode,$a_server_id);
37  }
38 
43  public function getServer()
44  {
45  return $this->server;
46  }
47 
52  public function getAuthMode()
53  {
54  return $this->authmode;
55  }
56 
61  public function setExternalAccount($a_ext)
62  {
63  $this->extaccount = $a_ext;
64  }
65 
70  public function getExternalAccount()
71  {
72  return $this->extaccount;
73  }
74 
79  public function getInternalAccount()
80  {
81  return $this->intaccount;
82  }
83 
88  public function forceCreation($a_force)
89  {
90  $this->force_creation = $a_force;
91  }
92 
93  public function forceReadLdapData($a_status)
94  {
95  $this->force_read_ldap_data = $a_status;
96  }
97 
102  public function isCreationForced()
103  {
104  return (bool) $this->force_creation;
105  }
106 
111  public function getUserData()
112  {
113  return (array) $this->user_data;
114  }
115 
120  public function setUserData($a_data)
121  {
122  $this->user_data = (array) $a_data;
123  }
124 
131  public function sync()
132  {
133  $this->readInternalAccount();
134 
135  if(!$this->getInternalAccount())
136  {
137  ilLoggerFactory::getLogger('auth')->debug('Creating new account');
138  $this->handleCreation();
139  }
140 
141  // Nothing to if sync on login is disabled
142  if(!$this->getServer()->enabledSyncOnLogin())
143  {
144  return $this->getInternalAccount();
145  }
146 
147  // For performance reasons, check if (an update is required)
148  if($this->isUpdateRequired())
149  {
150  ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
151  $this->readUserData();
152  $this->performUpdate();
153  }
154  return $this->getInternalAccount();
155  }
156 
162  protected function handleCreation()
163  {
164  // Disabled sync on login
165  if(!$this->getServer()->enabledSyncOnLogin())
166  {
167  throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
168  }
169  // Account migration
170  if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
171  {
172  $this->readUserData();
173  $this->handleAccountMigration();
174  throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
175  }
176  }
177 
182  protected function handleAccountMigration()
183  {
184  $_SESSION['tmp_auth_mode'] = $this->getAuthMode();
185  $_SESSION['tmp_auth_mode_type'] = 'ldap';
186  $_SESSION['tmp_auth_mode_id'] = $this->getServer()->getServerId();
187  $_SESSION['tmp_external_account'] = $this->getExternalAccount();
188  $_SESSION['tmp_pass'] = $_POST['password'];
189 
190  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
191  $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
192  $this->getServer()->getServerId(),
193  $this->getExternalAccount(),
194  $this->getUserData()
195  );
196 
197  $_SESSION['tmp_roles'] = array();
198  foreach($roles as $info)
199  {
200  if($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN)
201  {
202  $_SESSION['tmp_roles'][] = $info['id'];
203  }
204  }
205  return true;
206  }
207 
212  protected function performUpdate()
213  {
214  #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($this->getUserData(),true));
215 
216  include_once './Services/User/classes/class.ilUserCreationContext.php';
217  ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
218 
219  include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
220  $update = new ilLDAPAttributeToUser($this->getServer());
221  // begin-patch
222  $update->setNewUserAuthMode($this->getAuthMode());
223  $update->setUserData(
224  array(
225  $this->getExternalAccount() => $this->getUserData()
226  )
227  );
228  $update->refresh();
229 
230  // User has been created, now read internal account again
231  $this->readInternalAccount();
232  return true;
233  }
234 
239  protected function readUserData()
240  {
241  // Add internal account to user data
242  $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
243 
244  if(!$this->force_read_ldap_data)
245  {
246  if(substr($this->getAuthMode(),0,4) == 'ldap')
247  {
248  return true;
249  }
250  }
251 
252  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
253  $query = new ilLDAPQuery($this->getServer());
254  $user = $query->fetchUser($this->getExternalAccount());
255 
256  ilLoggerFactory::getLogger('auth')->dump($user, ilLogLevel::DEBUG);
257 
258  $this->user_data = (array) $user[$this->getExternalAccount()];
259  }
260 
261 
266  protected function readInternalAccount()
267  {
268  if(!$this->getExternalAccount())
269  {
270  throw new UnexpectedValueException('No external account given.');
271  }
272  $this->intaccount = ilObjUser::_checkExternalAuthAccount(
273  $this->getAuthMode(),
274  $this->getExternalAccount()
275  );
276  }
277 
282  protected function isUpdateRequired()
283  {
284  if(!$this->getInternalAccount())
285  {
286  return true;
287  }
288 
289  // Check attribute mapping on login
290  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
291  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
292  {
293  return true;
294  }
295 
296  // Check if there is any change in role assignments
297  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
298  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
299  {
300  return true;
301  }
302  return false;
303  }
304 
305 
310  protected function initServer($a_auth_mode,$a_server_id)
311  {
312  $this->authmode = $a_auth_mode;
313  $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
314  }
315 }
316 ?>
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:181
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
$_POST
$_POST['username']
Definition: cron.php:12
ilLDAPUserSynchronisation\performUpdate
performUpdate()
Update user account and role assignments.
Definition: class.ilLDAPUserSynchronisation.php:212
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilLDAPUserSynchronisation\handleAccountMigration
handleAccountMigration()
Handle account migration.
Definition: class.ilLDAPUserSynchronisation.php:182
ilUserCreationContext\getInstance
static getInstance()
Get instance.
Definition: class.ilUserCreationContext.php:38
ilLDAPUserSynchronisation\initServer
initServer($a_auth_mode, $a_server_id)
Init LDAP server.
Definition: class.ilLDAPUserSynchronisation.php:310
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilLDAPUserSynchronisation\isCreationForced
isCreationForced()
Check if creation of user account is forced (account migration)
Definition: class.ilLDAPUserSynchronisation.php:102
ilLDAPUserSynchronisation\isUpdateRequired
isUpdateRequired()
Check if an update is required.
Definition: class.ilLDAPUserSynchronisation.php:282
ilLDAPUserSynchronisation\getInternalAccount
getInternalAccount()
Get ILIAS unique internal account name.
Definition: class.ilLDAPUserSynchronisation.php:79
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
$info
$info
Definition: example_052.php:80
ilLDAPUserSynchronisation\handleCreation
handleCreation()
Handle creation of user accounts.
Definition: class.ilLDAPUserSynchronisation.php:162
ilLDAPUserSynchronisation\forceCreation
forceCreation($a_force)
Force cration of user accounts (Account migration enabled)
Definition: class.ilLDAPUserSynchronisation.php:88
ilLDAPUserSynchronisation\readInternalAccount
readInternalAccount()
Read internal account of user.
Definition: class.ilLDAPUserSynchronisation.php:266
ilLDAPUserSynchronisation\__construct
__construct($a_authmode, $a_server_id)
Constructor.
Definition: class.ilLDAPUserSynchronisation.php:34
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3766
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:34
ilLDAPUserSynchronisation\getExternalAccount
getExternalAccount()
Get external accocunt.
Definition: class.ilLDAPUserSynchronisation.php:70