ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5 include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6 include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7 
14 class ilLDAPUserSynchronisation
15 {
16  private $authmode = 0;
17 
18  private $server = null;
19 
20  private $extaccount = '';
21  private $intaccount = '';
22 
23  private $user_data = array();
24 
25  private $force_creation = false;
26  private $force_read_ldap_data = false;
27 
28 
34  public function __construct($a_authmode,$a_server_id)
35  {
36  $this->initServer($a_authmode,$a_server_id);
37  }
38 
43  public function getServer()
44  {
45  return $this->server;
46  }
47 
52  public function getAuthMode()
53  {
54  return $this->authmode;
55  }
56 
61  public function setExternalAccount($a_ext)
62  {
63  $this->extaccount = $a_ext;
64  }
65 
70  public function getExternalAccount()
71  {
72  return $this->extaccount;
73  }
74 
79  public function getInternalAccount()
80  {
81  return $this->intaccount;
82  }
83 
88  public function forceCreation($a_force)
89  {
90  $this->force_creation = $a_force;
91  }
92 
93  public function forceReadLdapData($a_status)
94  {
95  $this->force_read_ldap_data = $a_status;
96  }
97 
102  public function isCreationForced()
103  {
104  return (bool) $this->force_creation;
105  }
106 
111  public function getUserData()
112  {
113  return (array) $this->user_data;
114  }
115 
120  public function setUserData($a_data)
121  {
122  $this->user_data = (array) $a_data;
123  }
124 
131  public function sync()
132  {
133  $this->readInternalAccount();
134 
135  if(!$this->getInternalAccount())
136  {
137  ilLoggerFactory::getLogger('auth')->debug('Creating new account');
138  $this->handleCreation();
139  }
140 
141  // Nothing to do if sync on login is disabled
142  if(!$this->getServer()->enabledSyncOnLogin())
143  {
144  return $this->getInternalAccount();
145  }
146 
147  // For performance reasons, check if (an update is required)
148  if($this->isUpdateRequired())
149  {
150  ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
151  $this->readUserData();
152  $this->performUpdate();
153  }
154  return $this->getInternalAccount();
155  }
156 
162  protected function handleCreation()
163  {
164  // Disabled sync on login
165  if(!$this->getServer()->enabledSyncOnLogin())
166  {
167  throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
168  }
169  // Account migration
170  if($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced())
171  {
172  $this->readUserData();
173  throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
174  }
175  }
176 
181  protected function performUpdate()
182  {
183  include_once './Services/User/classes/class.ilUserCreationContext.php';
184  ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
185 
186  include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
187  $update = new ilLDAPAttributeToUser($this->getServer());
188  if($this->isCreationForced())
189  {
190  $update->addMode(ilLDAPAttributeToUser::MODE_INITIALIZE_ROLES);
191  }
192  $update->setNewUserAuthMode($this->getAuthMode());
193  $update->setUserData(
194  array(
195  $this->getExternalAccount() => $this->getUserData()
196  )
197  );
198 
199  $update->refresh();
200 
201  // User has been created, now read internal account again
202  $this->readInternalAccount();
203  return true;
204  }
205 
210  protected function readUserData()
211  {
212  // Add internal account to user data
213  $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
214 
215  if(!$this->force_read_ldap_data)
216  {
217  if(substr($this->getAuthMode(),0,4) == 'ldap')
218  {
219  return true;
220  }
221  }
222 
223  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
224  $query = new ilLDAPQuery($this->getServer());
225  $user = $query->fetchUser($this->getExternalAccount());
226 
227  ilLoggerFactory::getLogger('auth')->dump($user, ilLogLevel::DEBUG);
228 
229  $this->user_data = (array) $user[$this->getExternalAccount()];
230  }
231 
232 
237  protected function readInternalAccount()
238  {
239  if(!$this->getExternalAccount())
240  {
241  throw new UnexpectedValueException('No external account given.');
242  }
243  $this->intaccount = ilObjUser::_checkExternalAuthAccount(
244  $this->getAuthMode(),
245  $this->getExternalAccount()
246  );
247  }
248 
253  protected function isUpdateRequired()
254  {
255  if($this->isCreationForced())
256  {
257  return true;
258  }
259  if(!$this->getInternalAccount())
260  {
261  return true;
262  }
263 
264  // Check attribute mapping on login
265  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
266  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId()))
267  {
268  return true;
269  }
270 
271  // Check if there is any change in role assignments
272  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
273  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
274  {
275  return true;
276  }
277  return false;
278  }
279 
280 
285  protected function initServer($a_auth_mode,$a_server_id)
286  {
287  $this->authmode = $a_auth_mode;
288  $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
289  }
290 }
291 ?>
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPUserSynchronisation\performUpdate
performUpdate()
Update user account and role assignments.
Definition: class.ilLDAPUserSynchronisation.php:181
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilUserCreationContext\getInstance
static getInstance()
Get instance.
Definition: class.ilUserCreationContext.php:38
ilLDAPUserSynchronisation\initServer
initServer($a_auth_mode, $a_server_id)
Init LDAP server.
Definition: class.ilLDAPUserSynchronisation.php:285
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilLDAPUserSynchronisation\isCreationForced
isCreationForced()
Check if creation of user account is forced (account migration)
Definition: class.ilLDAPUserSynchronisation.php:102
ilLDAPUserSynchronisation\isUpdateRequired
isUpdateRequired()
Check if an update is required.
Definition: class.ilLDAPUserSynchronisation.php:253
ilLDAPUserSynchronisation\getInternalAccount
getInternalAccount()
Get ILIAS unique internal account name.
Definition: class.ilLDAPUserSynchronisation.php:79
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPUserSynchronisation\handleCreation
handleCreation()
Handle creation of user accounts.
Definition: class.ilLDAPUserSynchronisation.php:162
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilLDAPUserSynchronisation\forceCreation
forceCreation($a_force)
Force cration of user accounts (Account migration enabled)
Definition: class.ilLDAPUserSynchronisation.php:88
ilLDAPUserSynchronisation\readInternalAccount
readInternalAccount()
Read internal account of user.
Definition: class.ilLDAPUserSynchronisation.php:237
ilLDAPUserSynchronisation\__construct
__construct($a_authmode, $a_server_id)
Constructor.
Definition: class.ilLDAPUserSynchronisation.php:34
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:34
ilLDAPUserSynchronisation\getExternalAccount
getExternalAccount()
Get external accocunt.
Definition: class.ilLDAPUserSynchronisation.php:70