ILIAS  release_8 Revision v8.23
class.ilLDAPAttributeToUser.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
27 class ilLDAPAttributeToUser
28 {
29  public const MODE_INITIALIZE_ROLES = 1;
30 
31  private array $modes = [];
32  private ilLDAPServer $server_settings;
33  private array $user_data = [];
34  private ilLDAPAttributeMapping $mapping;
35  private string $new_user_auth_mode = 'ldap';
36  private ilLogger $logger;
37  private ilXmlWriter $writer;
38  private ilUserDefinedFields $udf;
39 
44  public function __construct(ilLDAPServer $a_server)
45  {
46  global $DIC;
47 
48  $this->logger = $DIC->logger()->auth();
49 
50  $this->server_settings = $a_server;
51 
52  $this->initLDAPAttributeMapping();
53  }
54 
59  public function getServer(): ilLDAPServer
60  {
61  return $this->server_settings;
62  }
63 
70  public function setUserData(array $a_data): void
71  {
72  $this->user_data = $a_data;
73  }
74 
79  public function setNewUserAuthMode(string $a_authmode): void
80  {
81  $this->new_user_auth_mode = $a_authmode;
82  }
83 
87  public function getNewUserAuthMode(): string
88  {
89  return $this->new_user_auth_mode;
90  }
91 
95  public function addMode(int $a_mode): void
96  {
97  //TODO check for proper value
98  if (!in_array($a_mode, $this->modes, true)) {
99  $this->modes[] = $a_mode;
100  }
101  }
102 
108  public function isModeActive(int $a_mode): bool
109  {
110  return in_array($a_mode, $this->modes, true);
111  }
112 
113 
117  public function refresh(): bool
118  {
119  $this->usersToXML();
120 
121  $importParser = new ilUserImportParser();
122  $importParser->setXMLContent($this->writer->xmlDumpMem(false));
123  $importParser->setRoleAssignment(ilLDAPRoleAssignmentRules::getAllPossibleRoles($this->getServer()->getServerId()));
124  $importParser->setFolderId(7);
125  $importParser->startParsing();
126 
127  return true;
128  }
129 
136  protected function parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_external_account, array $user): void
137  {
138  foreach (ilLDAPRoleAssignmentRules::getAssignmentsForUpdate(
139  $this->getServer()->getServerId(),
140  $a_usr_id,
141  $a_external_account,
142  $user
143  ) as $role_data) {
144  $this->writer->xmlElement(
145  'Role',
146  [
147  'Id' => $role_data['id'],
148  'Type' => $role_data['type'],
149  'Action' => $role_data['action']
150  ],
151  ''
152  );
153  }
154  }
155 
161  protected function parseRoleAssignmentsForCreation(string $a_external_account, array $a_user): void
162  {
163  foreach (ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
164  $this->getServer()->getServerId(),
165  $a_external_account,
166  $a_user
167  ) as $role_data) {
168  $this->writer->xmlElement(
169  'Role',
170  [
171  'Id' => $role_data['id'],
172  'Type' => $role_data['type'],
173  'Action' => $role_data['action']
174  ],
175  ''
176  );
177  }
178  }
179 
183  private function usersToXML(): void
184  {
185  $this->writer = new ilXmlWriter();
186  $this->writer->xmlStartTag('Users');
187 
188  $cnt_update = 0;
189  $cnt_create = 0;
190 
191  // Single users
192  foreach ($this->user_data as $external_account => $user) {
193  $external_account = (string) $external_account;
194 
195  $user['ilExternalAccount'] = $external_account;
196 
197  // Required fields
198  if ($user['ilInternalAccount']) {
199  $usr_id = ilObjUser::_lookupId($user['ilInternalAccount']);
200 
201  ++$cnt_update;
202  // User exists
203  $this->writer->xmlStartTag('User', ['Id' => $usr_id, 'Action' => 'Update']);
204  $this->writer->xmlElement('Login', [], $user['ilInternalAccount']);
205  $this->writer->xmlElement('ExternalAccount', [], $external_account);
206  $this->writer->xmlElement('AuthMode', ['type' => $this->getNewUserAuthMode()]);
207 
208  if ($this->isModeActive(self::MODE_INITIALIZE_ROLES)) {
209  $this->parseRoleAssignmentsForCreation($external_account, $user);
210  } else {
211  $this->parseRoleAssignmentsForUpdate($usr_id, $external_account, $user);
212  }
213  $rules = $this->mapping->getRulesForUpdate();
214  } else {
215  ++$cnt_create;
216  // Create user
217  $this->writer->xmlStartTag('User', ['Action' => 'Insert']);
218  $this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($external_account));
219 
220  $this->parseRoleAssignmentsForCreation($external_account, $user);
221  $rules = $this->mapping->getRules(true);
222  }
223 
224  $this->writer->xmlElement('Active', [], "true");
225  $this->writer->xmlElement('TimeLimitOwner', [], 7);
226  $this->writer->xmlElement('TimeLimitUnlimited', [], 1);
227  $this->writer->xmlElement('TimeLimitFrom', [], time());
228  $this->writer->xmlElement('TimeLimitUntil', [], time());
229 
230  // only for new users.
231  // If auth_mode is 'default' (ldap) this status should remain.
232  if (!$user['ilInternalAccount']) {
233  $this->writer->xmlElement(
234  'AuthMode',
235  ['type' => $this->getNewUserAuthMode()],
236  $this->getNewUserAuthMode()
237  );
238  $this->writer->xmlElement('ExternalAccount', [], $external_account);
239  }
240  foreach ($rules as $field => $data) {
241  // Do Mapping: it is possible to assign multiple ldap attribute to one user data field
242  if (!($value = $this->doMapping($user, $data))) {
243  continue;
244  }
245 
246  switch ($field) {
247  case 'gender':
248  switch (strtolower($value)) {
249 
250  case 'm':
251  case 'male':
252  $this->writer->xmlElement('Gender', [], 'm');
253  break;
254 
255  case 'f':
256  case 'female':
257  $this->writer->xmlElement('Gender', [], 'f');
258  break;
259 
260  default:
261  // use the default for anything that is not clearly m or f
262  $this->writer->xmlElement('Gender', [], 'n');
263  break;
264  }
265  break;
266 
267  case 'firstname':
268  $this->writer->xmlElement('Firstname', [], $value);
269  break;
270 
271  case 'lastname':
272  $this->writer->xmlElement('Lastname', [], $value);
273  break;
274 
275  case 'hobby':
276  $this->writer->xmlElement('Hobby', [], $value);
277  break;
278 
279  case 'title':
280  $this->writer->xmlElement('Title', [], $value);
281  break;
282 
283  case 'institution':
284  $this->writer->xmlElement('Institution', [], $value);
285  break;
286 
287  case 'department':
288  $this->writer->xmlElement('Department', [], $value);
289  break;
290 
291  case 'street':
292  $this->writer->xmlElement('Street', [], $value);
293  break;
294 
295  case 'city':
296  $this->writer->xmlElement('City', [], $value);
297  break;
298 
299  case 'zipcode':
300  $this->writer->xmlElement('PostalCode', [], $value);
301  break;
302 
303  case 'country':
304  $this->writer->xmlElement('Country', [], $value);
305  break;
306 
307  case 'phone_office':
308  $this->writer->xmlElement('PhoneOffice', [], $value);
309  break;
310 
311  case 'phone_home':
312  $this->writer->xmlElement('PhoneHome', [], $value);
313  break;
314 
315  case 'phone_mobile':
316  $this->writer->xmlElement('PhoneMobile', [], $value);
317  break;
318 
319  case 'fax':
320  $this->writer->xmlElement('Fax', [], $value);
321  break;
322 
323  case 'email':
324  $this->writer->xmlElement('Email', [], $value);
325  break;
326 
327  case 'second_email':
328  $this->writer->xmlElement('SecondEmail', [], $value);
329  break;
330 
331  case 'matriculation':
332  $this->writer->xmlElement('Matriculation', [], $value);
333  break;
334 
335  default:
336  // Handle user defined fields
337  if (strpos($field, 'udf_') !== 0) {
338  continue 2;
339  }
340  $id_data = explode('_', $field);
341  if (!isset($id_data[1])) {
342  continue 2;
343  }
344  $this->initUserDefinedFields();
345  $definition = $this->udf->getDefinition((int) $id_data[1]);
346  if (empty($definition)) {
347  $this->logger->warning(sprintf(
348  "Invalid/Orphaned UD field mapping detected: %s",
349  $field
350  ));
351  break;
352  }
353 
354  $this->writer->xmlElement(
355  'UserDefinedField',
356  [
357  'Id' => $definition['il_id'],
358  'Name' => $definition['field_name']
359  ],
360  $value
361  );
362  break;
363 
364 
365  }
366  }
367  $this->writer->xmlEndTag('User');
368  }
369 
370  if ($cnt_create) {
371  $this->logger->info('LDAP: Started creation of ' . $cnt_create . ' users.');
372  }
373  if ($cnt_update) {
374  $this->logger->info('LDAP: Started update of ' . $cnt_update . ' users.');
375  }
376  $this->writer->xmlEndTag('Users');
377  }
378 
386  private function convertInput($a_value): string
387  {
388  if (is_array($a_value)) {
389  return $a_value[0];
390  }
391 
392  return $a_value;
393  }
394 
395  private function doMapping(array $user, array $rule): string
396  {
397  $mapping = strtolower(trim($rule['value']));
398 
399  if (strpos($mapping, ',') === false) {
400  return $this->convertInput($user[$mapping] ?? '');
401  }
402  // Is multiple mapping
403 
404  $fields = explode(',', $mapping);
405  $value = '';
406  foreach ($fields as $field) {
407  if ($value !== '') {
408  $value .= ' ';
409  }
410  $value .= ($this->convertInput($user[trim($field)] ?? ''));
411  }
412  return $value;
413  }
414 
415  private function initLDAPAttributeMapping(): void
416  {
417  $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->server_settings->getServerId());
418  }
419 
420  private function initUserDefinedFields(): void
421  {
422  $this->udf = ilUserDefinedFields::_getInstance();
423  }
424 }
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate(int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:90
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:370
ilUserDefinedFields
Additional user data fields definition.
Definition: class.ilUserDefinedFields.php:29
ilXmlWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilXmlWriter.php:30
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilLDAPAttributeToUser\setNewUserAuthMode
setNewUserAuthMode(string $a_authmode)
Set auth mode for new users.
Definition: class.ilLDAPAttributeToUser.php:79
ilLDAPAttributeToUser\parseRoleAssignmentsForCreation
parseRoleAssignmentsForCreation(string $a_external_account, array $a_user)
Parse role assignments for update of user account.
Definition: class.ilLDAPAttributeToUser.php:161
$DIC
global $DIC
Definition: feed.php:28
ilLDAPAttributeToUser\parseRoleAssignmentsForUpdate
parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_external_account, array $user)
Parse role assignments for update of user account.
Definition: class.ilLDAPAttributeToUser.php:136
ilLDAPAttributeToUser\convertInput
convertInput($a_value)
A value can be an array or a string This function converts arrays to strings.
Definition: class.ilLDAPAttributeToUser.php:386
ilLDAPAttributeToUser\setUserData
setUserData(array $a_data)
Set user data received from pear auth or by ldap_search.
Definition: class.ilLDAPAttributeToUser.php:70
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles(int $a_server_id)
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:43
ilLDAPAttributeToUser\$mapping
ilLDAPAttributeMapping $mapping
Definition: class.ilLDAPAttributeToUser.php:34
ilLDAPAttributeToUser\__construct
__construct(ilLDAPServer $a_server)
Construct of ilLDAPAttribute2XML Defines between LDAP and ILIAS user attributes.
Definition: class.ilLDAPAttributeToUser.php:44
ilLDAPAttributeToUser\doMapping
doMapping(array $user, array $rule)
Definition: class.ilLDAPAttributeToUser.php:395
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation(int $a_server_id, string $a_usr_name, array $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:140
ilLDAPAttributeToUser\refresh
refresh()
Create/Update non existing users.
Definition: class.ilLDAPAttributeToUser.php:117
ilLDAPAttributeMapping
This class stores the settings that define the mapping between LDAP attribute and user profile fields...
Definition: class.ilLDAPAttributeMapping.php:26
ilLDAPAttributeToUser\getNewUserAuthMode
getNewUserAuthMode()
Get auth mode for new users.
Definition: class.ilLDAPAttributeToUser.php:87
ilLDAPAttributeToUser\isModeActive
isModeActive(int $a_mode)
Check if mode is active.
Definition: class.ilLDAPAttributeToUser.php:108
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:27
ilLDAPAttributeToUser\getServer
getServer()
Get server settings.
Definition: class.ilLDAPAttributeToUser.php:59
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPAttributeToUser\addMode
addMode(int $a_mode)
Add import mode.
Definition: class.ilLDAPAttributeToUser.php:95
ilLDAPAttributeToUser\usersToXML
usersToXML()
Create xml string of user according to mapping rules.
Definition: class.ilLDAPAttributeToUser.php:183