ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilLDAPUserSynchronisation.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/LDAP/classes/class.ilLDAPServer.php';
5include_once './Services/LDAP/exceptions/class.ilLDAPSynchronisationForbiddenException.php';
6include_once './Services/LDAP/exceptions/class.ilLDAPAccountMigrationRequiredException.php';
7
15{
16 private $authmode = 0;
17
18 private $server = null;
19
20 private $extaccount = '';
21 private $intaccount = '';
22
23 private $user_data = array();
24
25 private $force_creation = false;
26 private $force_read_ldap_data = false;
27
28
34 public function __construct($a_authmode, $a_server_id)
35 {
36 $this->initServer($a_authmode, $a_server_id);
37 }
38
43 public function getServer()
44 {
45 return $this->server;
46 }
47
52 public function getAuthMode()
53 {
54 return $this->authmode;
55 }
56
61 public function setExternalAccount($a_ext)
62 {
63 $this->extaccount = $a_ext;
64 }
65
70 public function getExternalAccount()
71 {
72 return $this->extaccount;
73 }
74
79 public function getInternalAccount()
80 {
81 return $this->intaccount;
82 }
83
88 public function forceCreation($a_force)
89 {
90 $this->force_creation = $a_force;
91 }
92
93 public function forceReadLdapData($a_status)
94 {
95 $this->force_read_ldap_data = $a_status;
96 }
97
102 public function isCreationForced()
103 {
104 return (bool) $this->force_creation;
105 }
106
111 public function getUserData()
112 {
113 return (array) $this->user_data;
114 }
115
120 public function setUserData($a_data)
121 {
122 $this->user_data = (array) $a_data;
123 }
124
131 public function sync()
132 {
133 $this->readInternalAccount();
134
135 if (!$this->getInternalAccount()) {
136 ilLoggerFactory::getLogger('auth')->debug('Creating new account');
137 $this->handleCreation();
138 }
139
140 // Nothing to do if sync on login is disabled
141 if (!$this->getServer()->enabledSyncOnLogin()) {
142 return $this->getInternalAccount();
143 }
144
145 // For performance reasons, check if (an update is required)
146 if ($this->isUpdateRequired()) {
147 ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
148 $this->readUserData();
149 $this->performUpdate();
150 }
151 return $this->getInternalAccount();
152 }
153
159 protected function handleCreation()
160 {
161 // Disabled sync on login
162 if (!$this->getServer()->enabledSyncOnLogin()) {
163 throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
164 }
165 // Account migration
166 if ($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced()) {
167 $this->readUserData();
168 throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
169 }
170 }
171
176 protected function performUpdate()
177 {
178 include_once './Services/User/classes/class.ilUserCreationContext.php';
180
181 include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
182 $update = new ilLDAPAttributeToUser($this->getServer());
183 if ($this->isCreationForced()) {
185 }
186 $update->setNewUserAuthMode($this->getAuthMode());
187 $update->setUserData(
188 array(
189 $this->getExternalAccount() => $this->getUserData()
190 )
191 );
192
193 $update->refresh();
194
195 // User has been created, now read internal account again
196 $this->readInternalAccount();
197 return true;
198 }
199
204 protected function readUserData()
205 {
206 // Add internal account to user data
207 $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
208
209 if (!$this->force_read_ldap_data) {
210 if (substr($this->getAuthMode(), 0, 4) == 'ldap') {
211 return true;
212 }
213 }
214
215 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
216 $query = new ilLDAPQuery($this->getServer());
217 $user = $query->fetchUser($this->getExternalAccount());
218
219 ilLoggerFactory::getLogger('auth')->dump($user, ilLogLevel::DEBUG);
220
221 $this->user_data = (array) $user[$this->getExternalAccount()];
222 }
223
224
229 protected function readInternalAccount()
230 {
231 if (!$this->getExternalAccount()) {
232 throw new UnexpectedValueException('No external account given.');
233 }
234 $this->intaccount = ilObjUser::_checkExternalAuthAccount(
235 $this->getAuthMode(),
236 $this->getExternalAccount()
237 );
238 }
239
244 protected function isUpdateRequired()
245 {
246 if ($this->isCreationForced()) {
247 return true;
248 }
249 if (!$this->getInternalAccount()) {
250 return true;
251 }
252
253 // Check attribute mapping on login
254 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
255 if (ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId())) {
256 return true;
257 }
258
259 // Check if there is any change in role assignments
260 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
262 return true;
263 }
264 return false;
265 }
266
267
272 protected function initServer($a_auth_mode, $a_server_id)
273 {
274 $this->authmode = $a_auth_mode;
275 $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
276 }
277}
An exception for terminatinating execution or to throw for unit testing.
Description of ilLDAPAccountMigrationRequiredException.
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
static hasRulesForUpdate()
Check if there any rule for updates.
static getInstanceByServerId($a_server_id)
Get instance by server id.
Synchronization of user accounts used in auth container ldap, radius , cas,...
getInternalAccount()
Get ILIAS unique internal account name.
isCreationForced()
Check if creation of user account is forced (account migration)
forceCreation($a_force)
Force cration of user accounts (Account migration enabled)
performUpdate()
Update user account and role assignments.
initServer($a_auth_mode, $a_server_id)
Init LDAP server.
isUpdateRequired()
Check if an update is required.
handleCreation()
Handle creation of user accounts.
readInternalAccount()
Read internal account of user.
__construct($a_authmode, $a_server_id)
Constructor.
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
static getLogger($a_component_id)
Get component logger.
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
static getInstance()
Get instance.
$query