Synchronization of user accounts used in auth container ldap, radius , cas,... More...

Collaboration diagram for ilLDAPUserSynchronisation:

Public Member Functions
	__construct ($a_authmode, $a_server_id)
	Constructor. More...

	getServer ()
	Get current ldap server. More...

	getAuthMode ()
	Get Auth Mode. More...

	setExternalAccount ($a_ext)
	Set external account (unique for each auth mode) More...

	getExternalAccount ()
	Get external accocunt. More...

	getInternalAccount ()
	Get ILIAS unique internal account name. More...

	forceCreation ($a_force)
	Force cration of user accounts (Account migration enabled) More...

	forceReadLdapData ($a_status)

	isCreationForced ()
	Check if creation of user account is forced (account migration) More...

	getUserData ()
	Get user data. More...

	setUserData ($a_data)
	Set user data. More...

	sync ()
	Synchronize user account. More...

Protected Member Functions
	handleCreation ()
	Handle creation of user accounts. More...

	performUpdate ()
	Update user account and role assignments. More...

	readUserData ()
	Read user data. More...

	readInternalAccount ()
	Read internal account of user. More...

	isUpdateRequired ()
	Check if an update is required. More...

	initServer ($a_auth_mode, $a_server_id)
	Init LDAP server. More...

Private Attributes
	$authmode = 0

	$server = null

	$extaccount = ''

	$intaccount = ''

	$user_data = array()

	$force_creation = false

	$force_read_ldap_data = false

	$logger

Detailed Description

Synchronization of user accounts used in auth container ldap, radius , cas,...

Author: Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 14 of file class.ilLDAPUserSynchronisation.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPUserSynchronisation::__construct	(	$a_authmode,
		$a_server_id
	)

Constructor.

Parameters

string $a_auth_mode

Definition at line 36 of file class.ilLDAPUserSynchronisation.php.

    {
        global $DIC;
 
        $this->logger = $DIC->logger()->auth();
        $this->initServer($a_authmode, $a_server_id);
    }

References $DIC, and initServer().

Here is the call graph for this function:

Member Function Documentation

◆ forceCreation()

ilLDAPUserSynchronisation::forceCreation ( $a_force )

Force cration of user accounts (Account migration enabled)

Parameters

bool $a_force

Definition at line 93 of file class.ilLDAPUserSynchronisation.php.

    {
        $this->force_creation = $a_force;
    }

◆ forceReadLdapData()

ilLDAPUserSynchronisation::forceReadLdapData ( $a_status )

Definition at line 98 of file class.ilLDAPUserSynchronisation.php.

    {
        $this->force_read_ldap_data = $a_status;
    }

◆ getAuthMode()

ilLDAPUserSynchronisation::getAuthMode ( )

Get Auth Mode.

Returns: int authmode

Definition at line 57 of file class.ilLDAPUserSynchronisation.php.

    {
        return $this->authmode;
    }

References $authmode.

Referenced by performUpdate(), readInternalAccount(), and readUserData().

Here is the caller graph for this function:

◆ getExternalAccount()

ilLDAPUserSynchronisation::getExternalAccount ( )

Get external accocunt.

Returns: <type>

Definition at line 75 of file class.ilLDAPUserSynchronisation.php.

    {
        return $this->extaccount;
    }

References $extaccount.

Referenced by performUpdate(), readInternalAccount(), and readUserData().

Here is the caller graph for this function:

◆ getInternalAccount()

ilLDAPUserSynchronisation::getInternalAccount ( )

Get ILIAS unique internal account name.

Returns: string internal account

Definition at line 84 of file class.ilLDAPUserSynchronisation.php.

    {
        return $this->intaccount;
    }

References $intaccount.

Referenced by isUpdateRequired(), readUserData(), and sync().

Here is the caller graph for this function:

◆ getServer()

ilLDAPUserSynchronisation::getServer ( )

Get current ldap server.

Returns: ilLDAPServer $server

Definition at line 48 of file class.ilLDAPUserSynchronisation.php.

    {
        return $this->server;
    }

References $server.

Referenced by handleCreation(), isUpdateRequired(), performUpdate(), readUserData(), and sync().

Here is the caller graph for this function:

◆ getUserData()

ilLDAPUserSynchronisation::getUserData ( )

Get user data.

Returns: array $user_data

Definition at line 116 of file class.ilLDAPUserSynchronisation.php.

    {
        return (array) $this->user_data;
    }

References $user_data.

Referenced by performUpdate().

Here is the caller graph for this function:

◆ handleCreation()

ilLDAPUserSynchronisation::handleCreation ( )

protected

Handle creation of user accounts.

Exceptions

ilLDAPSynchronisationForbiddenException
ilLDAPAccountMigrationRequiredException

Definition at line 165 of file class.ilLDAPUserSynchronisation.php.

    {
        // Disabled sync on login
        if (!$this->getServer()->enabledSyncOnLogin()) {
            throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
        }
        // Account migration
        if ($this->getServer()->isAccountMigrationEnabled() and !$this->isCreationForced()) {
            $this->readUserData();
            throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
        }
    }

References getServer(), isCreationForced(), and readUserData().

Referenced by sync().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ initServer()

ilLDAPUserSynchronisation::initServer	(	$a_auth_mode,
		$a_server_id
	)

protected

Init LDAP server.

Parameters

int $a_server_id

Definition at line 281 of file class.ilLDAPUserSynchronisation.php.

    {
        $this->authmode = $a_auth_mode;
        $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
    }

References ilLDAPServer\getInstanceByServerId().

Referenced by __construct().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isCreationForced()

ilLDAPUserSynchronisation::isCreationForced ( )

Check if creation of user account is forced (account migration)

Returns: bool

Definition at line 107 of file class.ilLDAPUserSynchronisation.php.

    {
        return (bool) $this->force_creation;
    }

References $force_creation.

Referenced by handleCreation(), isUpdateRequired(), and performUpdate().

Here is the caller graph for this function:

◆ isUpdateRequired()

ilLDAPUserSynchronisation::isUpdateRequired ( )

protected

Check if an update is required.

Returns: bool

Definition at line 253 of file class.ilLDAPUserSynchronisation.php.

    {
        if ($this->isCreationForced()) {
            return true;
        }
        if (!$this->getInternalAccount()) {
            return true;
        }
 
        // Check attribute mapping on login
        include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
        if (ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId())) {
            return true;
        }
 
        // Check if there is any change in role assignments
        include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
        if (ilLDAPRoleAssignmentRule::hasRulesForUpdate()) {
            return true;
        }
        return false;
    }

References getInternalAccount(), getServer(), ilLDAPAttributeMapping\hasRulesForUpdate(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and isCreationForced().

Referenced by sync().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ performUpdate()

ilLDAPUserSynchronisation::performUpdate ( )

protected

Update user account and role assignments.

Returns: bool

Definition at line 182 of file class.ilLDAPUserSynchronisation.php.

    {
        include_once './Services/User/classes/class.ilUserCreationContext.php';
        ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
 
        include_once 'Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
        $update = new ilLDAPAttributeToUser($this->getServer());
        if ($this->isCreationForced()) {
            $update->addMode(ilLDAPAttributeToUser::MODE_INITIALIZE_ROLES);
        }
        $update->setNewUserAuthMode($this->getAuthMode());
        $update->setUserData(
            array(
                $this->getExternalAccount() => $this->getUserData()
            )
        );
 
        $update->refresh();
 
        // User has been created, now read internal account again
        $this->readInternalAccount();
        return true;
    }

References ilUserCreationContext\CONTEXT_LDAP, getAuthMode(), getExternalAccount(), ilUserCreationContext\getInstance(), getServer(), getUserData(), isCreationForced(), ilLDAPAttributeToUser\MODE_INITIALIZE_ROLES, and readInternalAccount().

Referenced by sync().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ readInternalAccount()

ilLDAPUserSynchronisation::readInternalAccount ( )

protected

Read internal account of user.

Exceptions

UnexpectedValueException

Definition at line 238 of file class.ilLDAPUserSynchronisation.php.

    {
        if (!$this->getExternalAccount()) {
            throw new UnexpectedValueException('No external account given.');
        }
        $this->intaccount = ilObjUser::_checkExternalAuthAccount(
            $this->getAuthMode(),
            $this->getExternalAccount()
        );
    }

References ilObjUser\_checkExternalAuthAccount(), getAuthMode(), and getExternalAccount().

Referenced by performUpdate(), and sync().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ readUserData()

ilLDAPUserSynchronisation::readUserData ( )

protected

Read user data.

In case of auth mode != 'ldap' start a query with external account name against ldap server

Exceptions

ilLDAPSynchronisationFailedException

Definition at line 211 of file class.ilLDAPUserSynchronisation.php.

                                      : bool
    {
        // Add internal account to user data
        $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
        if (!$this->force_read_ldap_data && strpos($this->getAuthMode(), 'ldap') === 0) {
            return true;
        }
 
        try {
            $query = new ilLDAPQuery($this->getServer());
            $query->bind(ilLDAPQuery::LDAP_BIND_DEFAULT);
            $user = $query->fetchUser($this->getExternalAccount());
            $this->logger->dump($user, ilLogLevel::DEBUG);
            $this->user_data = (array) $user[strtolower($this->getExternalAccount())];
        } catch (ilLDAPQueryException $e) {
            $this->logger->error('LDAP bind failed with message: ' . $e->getMessage());
            throw new ilLDAPSynchronisationFailedException($e->getMessage());
        }
 
        return true;
    }

References Vendor\Package\$e, $query, ilLogLevel\DEBUG, getAuthMode(), getExternalAccount(), getInternalAccount(), getServer(), and ilLDAPQuery\LDAP_BIND_DEFAULT.

Referenced by handleCreation(), and sync().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setExternalAccount()

ilLDAPUserSynchronisation::setExternalAccount ( $a_ext )

Set external account (unique for each auth mode)

Parameters

string $a_ext

Definition at line 66 of file class.ilLDAPUserSynchronisation.php.

    {
        $this->extaccount = $a_ext;
    }

◆ setUserData()

ilLDAPUserSynchronisation::setUserData ( $a_data )

Set user data.

Parameters

array $a_data

Definition at line 125 of file class.ilLDAPUserSynchronisation.php.

    {
        $this->user_data = (array) $a_data;
    }

◆ sync()

ilLDAPUserSynchronisation::sync ( )

Synchronize user account.

Todo:: Redirects to account migration if required

Exceptions

UnexpectedValueException	missing or wrong external account given
ilLDAPSynchronisationForbiddenException	if user synchronisation is disabled
ilLDAPSynchronisationFailedException	bind failure

Definition at line 137 of file class.ilLDAPUserSynchronisation.php.

    {
        $this->readInternalAccount();
        
        if (!$this->getInternalAccount()) {
            ilLoggerFactory::getLogger('auth')->debug('Creating new account');
            $this->handleCreation();
        }
 
        // Nothing to do if sync on login is disabled
        if (!$this->getServer()->enabledSyncOnLogin()) {
            return $this->getInternalAccount();
        }
 
        // For performance reasons, check if (an update is required)
        if ($this->isUpdateRequired()) {
            ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
            $this->readUserData();
            $this->performUpdate();
        }
        return $this->getInternalAccount();
    }