ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7
14class ilLDAPUserSynchronisation
15{
16 private $authmode = 0;
17
18 private $server = null;
19
20 private $extaccount = '';
21 private $intaccount = '';
22
23 private $user_data = array();
24
25 private $force_creation = false;
26 private $force_read_ldap_data = false;
27
28
34 public function __construct($a_authmode,$a_server_id)
35 {
36 $this->initServer($a_authmode,$a_server_id);
37 }
38
43 public function getServer()
44 {
45 return $this->server;
46 }
47
52 public function getAuthMode()
53 {
54 return $this->authmode;
55 }
56
61 public function setExternalAccount($a_ext)
62 {
63 $this->extaccount = $a_ext;
64 }
65
70 public function getExternalAccount()
71 {
72 return $this->extaccount;
73 }
74
79 public function getInternalAccount()
80 {
81 return $this->intaccount;
82 }
83
88 public function forceCreation($a_force)
89 {
90 $this->force_creation = $a_force;
91 }
92
93 public function forceReadLdapData($a_status)
94 {
95 $this->force_read_ldap_data = $a_status;
96 }
97
102 public function isCreationForced()
103 {
104 return (bool) $this->force_creation;
105 }
106
111 public function getUserData()
112 {
113 return (array) $this->user_data;
114 }
115
120 public function setUserData($a_data)
121 {
122 $this->user_data = (array) $a_data;
123 }
124
131 public function sync()
132 {
133 $this->readInternalAccount();
134
135 if(!$this->getInternalAccount())
136 {
137 ilLoggerFactory::getLogger('auth')->debug('Creating new account');
138 $this->handleCreation();
139 }
140
141 // Nothing to do if sync on login is disabled
142 if(!$this->getServer()->enabledSyncOnLogin())
143 {
144 return $this->getInternalAccount();
145 }
146
147 // For performance reasons, check if (an update is required)
148 if($this->isUpdateRequired())
149 {
150 ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
151 $this->readUserData();
152 $this->performUpdate();
153 }
154 return $this->getInternalAccount();
155 }
156
162 protected function handleCreation()
163 {
164 // Disabled sync on login
165 if(!$this->getServer()->enabledSyncOnLogin())
166 {
167 throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
168 }
169 // Account migration
170 if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
171 {
172 $this->readUserData();
173 throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
174 }
175 }
176
181 protected function performUpdate()
182 {
183 include_once './Services/User/classes/class.ilUserCreationContext.php';
184 ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
185
186 include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
187 $update = new ilLDAPAttributeToUser($this->getServer());
188 if($this->isCreationForced())
189 {
190 $update->addMode(ilLDAPAttributeToUser::MODE_INITIALIZE_ROLES);
191 }
192 $update->setNewUserAuthMode($this->getAuthMode());
193 $update->setUserData(
194 array(
195 $this->getExternalAccount() => $this->getUserData()
196 )
197 );
198
199 $update->refresh();
200
201 // User has been created, now read internal account again
202 $this->readInternalAccount();
203 return true;
204 }
205
210 protected function readUserData()
211 {
212 // Add internal account to user data
213 $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
214
215 if(!$this->force_read_ldap_data)
216 {
217 if(substr($this->getAuthMode(),0,4) == 'ldap')
218 {
219 return true;
220 }
221 }
222
223 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
224 $query = new ilLDAPQuery($this->getServer());
225 $user = $query->fetchUser($this->getExternalAccount());
226
227 ilLoggerFactory::getLogger('auth')->dump($user, ilLogLevel::DEBUG);
228
229 $this->user_data = (array) $user[$this->getExternalAccount()];
230 }
231
232
237 protected function readInternalAccount()
238 {
239 if(!$this->getExternalAccount())
240 {
241 throw new UnexpectedValueException('No external account given.');
242 }
243 $this->intaccount = ilObjUser::_checkExternalAuthAccount(
244 $this->getAuthMode(),
245 $this->getExternalAccount()
246 );
247 }
248
253 protected function isUpdateRequired()
254 {
255 if($this->isCreationForced())
256 {
257 return true;
258 }
259 if(!$this->getInternalAccount())
260 {
261 return true;
262 }
263
264 // Check attribute mapping on login
265 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
266 if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
267 {
268 return true;
269 }
270
271 // Check if there is any change in role assignments
272 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
273 if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
274 {
275 return true;
276 }
277 return false;
278 }
279
280
285 protected function initServer($a_auth_mode,$a_server_id)
286 {
287 $this->authmode = $a_auth_mode;
288 $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
289 }
290}
291?>
php
An exception for terminatinating execution or to throw for unit testing.
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:35
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
ilLDAPUserSynchronisation\getInternalAccount
getInternalAccount()
Get ILIAS unique internal account name.
Definition: class.ilLDAPUserSynchronisation.php:79
ilLDAPUserSynchronisation\isCreationForced
isCreationForced()
Check if creation of user account is forced (account migration)
Definition: class.ilLDAPUserSynchronisation.php:102
ilLDAPUserSynchronisation\forceCreation
forceCreation($a_force)
Force cration of user accounts (Account migration enabled)
Definition: class.ilLDAPUserSynchronisation.php:88
ilLDAPUserSynchronisation\performUpdate
performUpdate()
Update user account and role assignments.
Definition: class.ilLDAPUserSynchronisation.php:181
ilLDAPUserSynchronisation\initServer
initServer($a_auth_mode, $a_server_id)
Init LDAP server.
Definition: class.ilLDAPUserSynchronisation.php:285
ilLDAPUserSynchronisation\isUpdateRequired
isUpdateRequired()
Check if an update is required.
Definition: class.ilLDAPUserSynchronisation.php:253
ilLDAPUserSynchronisation\handleCreation
handleCreation()
Handle creation of user accounts.
Definition: class.ilLDAPUserSynchronisation.php:162
ilLDAPUserSynchronisation\readInternalAccount
readInternalAccount()
Read internal account of user.
Definition: class.ilLDAPUserSynchronisation.php:237
ilLDAPUserSynchronisation\__construct
__construct($a_authmode, $a_server_id)
Constructor.
Definition: class.ilLDAPUserSynchronisation.php:34
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721
ilUserCreationContext\getInstance
static getInstance()
Get instance.
Definition: class.ilUserCreationContext.php:38