ILIAS  release_8 Revision v8.24
class.ilLDAPAttributeToUser.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
27class ilLDAPAttributeToUser
28{
29 public const MODE_INITIALIZE_ROLES = 1;
30
31 private array $modes = [];
32 private ilLDAPServer $server_settings;
33 private array $user_data = [];
34 private ilLDAPAttributeMapping $mapping;
35 private string $new_user_auth_mode = 'ldap';
36 private ilLogger $logger;
37 private ilXmlWriter $writer;
38 private ilUserDefinedFields $udf;
39
44 public function __construct(ilLDAPServer $a_server)
45 {
46 global $DIC;
47
48 $this->logger = $DIC->logger()->auth();
49
50 $this->server_settings = $a_server;
51
52 $this->initLDAPAttributeMapping();
53 }
54
59 public function getServer(): ilLDAPServer
60 {
61 return $this->server_settings;
62 }
63
70 public function setUserData(array $a_data): void
71 {
72 $this->user_data = $a_data;
73 }
74
79 public function setNewUserAuthMode(string $a_authmode): void
80 {
81 $this->new_user_auth_mode = $a_authmode;
82 }
83
87 public function getNewUserAuthMode(): string
88 {
89 return $this->new_user_auth_mode;
90 }
91
95 public function addMode(int $a_mode): void
96 {
97 //TODO check for proper value
98 if (!in_array($a_mode, $this->modes, true)) {
99 $this->modes[] = $a_mode;
100 }
101 }
102
108 public function isModeActive(int $a_mode): bool
109 {
110 return in_array($a_mode, $this->modes, true);
111 }
112
113
117 public function refresh(): bool
118 {
119 $this->usersToXML();
120
121 $importParser = new ilUserImportParser();
122 $importParser->setXMLContent($this->writer->xmlDumpMem(false));
123 $importParser->setRoleAssignment(ilLDAPRoleAssignmentRules::getAllPossibleRoles($this->getServer()->getServerId()));
124 $importParser->setFolderId(7);
125 $importParser->startParsing();
126
127 return true;
128 }
129
136 protected function parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_external_account, array $user): void
137 {
138 foreach (ilLDAPRoleAssignmentRules::getAssignmentsForUpdate(
139 $this->getServer()->getServerId(),
140 $a_usr_id,
141 $a_external_account,
142 $user
143 ) as $role_data) {
144 $this->writer->xmlElement(
145 'Role',
146 [
147 'Id' => $role_data['id'],
148 'Type' => $role_data['type'],
149 'Action' => $role_data['action']
150 ],
151 ''
152 );
153 }
154 }
155
161 protected function parseRoleAssignmentsForCreation(string $a_external_account, array $a_user): void
162 {
163 foreach (ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
164 $this->getServer()->getServerId(),
165 $a_external_account,
166 $a_user
167 ) as $role_data) {
168 $this->writer->xmlElement(
169 'Role',
170 [
171 'Id' => $role_data['id'],
172 'Type' => $role_data['type'],
173 'Action' => $role_data['action']
174 ],
175 ''
176 );
177 }
178 }
179
183 private function usersToXML(): void
184 {
185 $this->writer = new ilXmlWriter();
186 $this->writer->xmlStartTag('Users');
187
188 $cnt_update = 0;
189 $cnt_create = 0;
190
191 // Single users
192 foreach ($this->user_data as $external_account => $user) {
193 $external_account = (string) $external_account;
194
195 $user['ilExternalAccount'] = $external_account;
196
197 // Required fields
198 if ($user['ilInternalAccount']) {
199 $usr_id = ilObjUser::_lookupId($user['ilInternalAccount']);
200
201 ++$cnt_update;
202 // User exists
203 $this->writer->xmlStartTag('User', ['Id' => $usr_id, 'Action' => 'Update']);
204 $this->writer->xmlElement('Login', [], $user['ilInternalAccount']);
205 $this->writer->xmlElement('ExternalAccount', [], $external_account);
206 $this->writer->xmlElement('AuthMode', ['type' => $this->getNewUserAuthMode()]);
207
208 if ($this->isModeActive(self::MODE_INITIALIZE_ROLES)) {
209 $this->parseRoleAssignmentsForCreation($external_account, $user);
210 } else {
211 $this->parseRoleAssignmentsForUpdate($usr_id, $external_account, $user);
212 }
213 $rules = $this->mapping->getRulesForUpdate();
214 } else {
215 ++$cnt_create;
216 // Create user
217 $this->writer->xmlStartTag('User', ['Action' => 'Insert']);
218 $this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($external_account));
219
220 $this->parseRoleAssignmentsForCreation($external_account, $user);
221 $rules = $this->mapping->getRules(true);
222 }
223
224 $this->writer->xmlElement('Active', [], "true");
225 $this->writer->xmlElement('TimeLimitOwner', [], 7);
226 $this->writer->xmlElement('TimeLimitUnlimited', [], 1);
227 $this->writer->xmlElement('TimeLimitFrom', [], time());
228 $this->writer->xmlElement('TimeLimitUntil', [], time());
229
230 // only for new users.
231 // If auth_mode is 'default' (ldap) this status should remain.
232 if (!$user['ilInternalAccount']) {
233 $this->writer->xmlElement(
234 'AuthMode',
235 ['type' => $this->getNewUserAuthMode()],
236 $this->getNewUserAuthMode()
237 );
238 $this->writer->xmlElement('ExternalAccount', [], $external_account);
239 }
240 foreach ($rules as $field => $data) {
241 // Do Mapping: it is possible to assign multiple ldap attribute to one user data field
242 if (!($value = $this->doMapping($user, $data))) {
243 continue;
244 }
245
246 switch ($field) {
247 case 'gender':
248 switch (strtolower($value)) {
249
250 case 'm':
251 case 'male':
252 $this->writer->xmlElement('Gender', [], 'm');
253 break;
254
255 case 'f':
256 case 'female':
257 $this->writer->xmlElement('Gender', [], 'f');
258 break;
259
260 default:
261 // use the default for anything that is not clearly m or f
262 $this->writer->xmlElement('Gender', [], 'n');
263 break;
264 }
265 break;
266
267 case 'firstname':
268 $this->writer->xmlElement('Firstname', [], $value);
269 break;
270
271 case 'lastname':
272 $this->writer->xmlElement('Lastname', [], $value);
273 break;
274
275 case 'hobby':
276 $this->writer->xmlElement('Hobby', [], $value);
277 break;
278
279 case 'title':
280 $this->writer->xmlElement('Title', [], $value);
281 break;
282
283 case 'institution':
284 $this->writer->xmlElement('Institution', [], $value);
285 break;
286
287 case 'department':
288 $this->writer->xmlElement('Department', [], $value);
289 break;
290
291 case 'street':
292 $this->writer->xmlElement('Street', [], $value);
293 break;
294
295 case 'city':
296 $this->writer->xmlElement('City', [], $value);
297 break;
298
299 case 'zipcode':
300 $this->writer->xmlElement('PostalCode', [], $value);
301 break;
302
303 case 'country':
304 $this->writer->xmlElement('Country', [], $value);
305 break;
306
307 case 'phone_office':
308 $this->writer->xmlElement('PhoneOffice', [], $value);
309 break;
310
311 case 'phone_home':
312 $this->writer->xmlElement('PhoneHome', [], $value);
313 break;
314
315 case 'phone_mobile':
316 $this->writer->xmlElement('PhoneMobile', [], $value);
317 break;
318
319 case 'fax':
320 $this->writer->xmlElement('Fax', [], $value);
321 break;
322
323 case 'email':
324 $this->writer->xmlElement('Email', [], $value);
325 break;
326
327 case 'second_email':
328 $this->writer->xmlElement('SecondEmail', [], $value);
329 break;
330
331 case 'matriculation':
332 $this->writer->xmlElement('Matriculation', [], $value);
333 break;
334
335 default:
336 // Handle user defined fields
337 if (strpos($field, 'udf_') !== 0) {
338 continue 2;
339 }
340 $id_data = explode('_', $field);
341 if (!isset($id_data[1])) {
342 continue 2;
343 }
344 $this->initUserDefinedFields();
345 $definition = $this->udf->getDefinition((int) $id_data[1]);
346 if (empty($definition)) {
347 $this->logger->warning(sprintf(
348 "Invalid/Orphaned UD field mapping detected: %s",
349 $field
350 ));
351 break;
352 }
353
354 $this->writer->xmlElement(
355 'UserDefinedField',
356 [
357 'Id' => $definition['il_id'],
358 'Name' => $definition['field_name']
359 ],
360 $value
361 );
362 break;
363
364
365 }
366 }
367 $this->writer->xmlEndTag('User');
368 }
369
370 if ($cnt_create) {
371 $this->logger->info('LDAP: Started creation of ' . $cnt_create . ' users.');
372 }
373 if ($cnt_update) {
374 $this->logger->info('LDAP: Started update of ' . $cnt_update . ' users.');
375 }
376 $this->writer->xmlEndTag('Users');
377 }
378
386 private function convertInput($a_value): string
387 {
388 if (is_array($a_value)) {
389 return $a_value[0];
390 }
391
392 return $a_value;
393 }
394
395 private function doMapping(array $user, array $rule): string
396 {
397 $mapping = strtolower(trim($rule['value']));
398
399 if (strpos($mapping, ',') === false) {
400 return $this->convertInput($user[$mapping] ?? '');
401 }
402 // Is multiple mapping
403
404 $fields = explode(',', $mapping);
405 $value = '';
406 foreach ($fields as $field) {
407 if ($value !== '') {
408 $value .= ' ';
409 }
410 $value .= ($this->convertInput($user[trim($field)] ?? ''));
411 }
412 return $value;
413 }
414
415 private function initLDAPAttributeMapping(): void
416 {
417 $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->server_settings->getServerId());
418 }
419
420 private function initUserDefinedFields(): void
421 {
422 $this->udf = ilUserDefinedFields::_getInstance();
423 }
424}
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:370
ilLDAPAttributeMapping
This class stores the settings that define the mapping between LDAP attribute and user profile fields...
Definition: class.ilLDAPAttributeMapping.php:27
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:28
ilLDAPAttributeToUser\__construct
__construct(ilLDAPServer $a_server)
Construct of ilLDAPAttribute2XML Defines between LDAP and ILIAS user attributes.
Definition: class.ilLDAPAttributeToUser.php:44
ilLDAPAttributeToUser\parseRoleAssignmentsForCreation
parseRoleAssignmentsForCreation(string $a_external_account, array $a_user)
Parse role assignments for update of user account.
Definition: class.ilLDAPAttributeToUser.php:161
ilLDAPAttributeToUser\convertInput
convertInput($a_value)
A value can be an array or a string This function converts arrays to strings.
Definition: class.ilLDAPAttributeToUser.php:386
ilLDAPAttributeToUser\parseRoleAssignmentsForUpdate
parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_external_account, array $user)
Parse role assignments for update of user account.
Definition: class.ilLDAPAttributeToUser.php:136
ilLDAPAttributeToUser\usersToXML
usersToXML()
Create xml string of user according to mapping rules.
Definition: class.ilLDAPAttributeToUser.php:183
ilLDAPAttributeToUser\getNewUserAuthMode
getNewUserAuthMode()
Get auth mode for new users.
Definition: class.ilLDAPAttributeToUser.php:87
ilLDAPAttributeToUser\$mapping
ilLDAPAttributeMapping $mapping
Definition: class.ilLDAPAttributeToUser.php:34
ilLDAPAttributeToUser\doMapping
doMapping(array $user, array $rule)
Definition: class.ilLDAPAttributeToUser.php:395
ilLDAPAttributeToUser\isModeActive
isModeActive(int $a_mode)
Check if mode is active.
Definition: class.ilLDAPAttributeToUser.php:108
ilLDAPAttributeToUser\setUserData
setUserData(array $a_data)
Set user data received from pear auth or by ldap_search.
Definition: class.ilLDAPAttributeToUser.php:70
ilLDAPAttributeToUser\addMode
addMode(int $a_mode)
Add import mode.
Definition: class.ilLDAPAttributeToUser.php:95
ilLDAPAttributeToUser\refresh
refresh()
Create/Update non existing users.
Definition: class.ilLDAPAttributeToUser.php:117
ilLDAPAttributeToUser\setNewUserAuthMode
setNewUserAuthMode(string $a_authmode)
Set auth mode for new users.
Definition: class.ilLDAPAttributeToUser.php:79
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles(int $a_server_id)
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:43
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation(int $a_server_id, string $a_usr_name, array $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:140
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate(int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:90
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:17
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilUserDefinedFields
Additional user data fields definition.
Definition: class.ilUserDefinedFields.php:30
ilXmlWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilXmlWriter.php:31
$DIC
global $DIC
Definition: feed.php:28