ILIAS  release_8 Revision v8.24
Public Member Functions | Protected Member Functions | Private Attributes
ilLDAPUserSynchronisation Class Reference

Synchronization of user accounts used in auth container ldap, cas,... More...

+ Collaboration diagram for ilLDAPUserSynchronisation:

Public Member Functions

 __construct (string $a_authmode, int $a_server_id)
 
 getServer ()
 Get current ldap server. More...
 
 getAuthMode ()
 Get Auth Mode. More...
 
 setExternalAccount (string $a_ext)
 Set external account (unique for each auth mode) More...
 
 getExternalAccount ()
 Get external accocunt. More...
 
 getInternalAccount ()
 Get ILIAS unique internal account name. More...
 
 forceCreation (bool $a_force)
 Force cration of user accounts (Account migration enabled) More...
 
 forceReadLdapData (bool $a_status)
 
 getUserData ()
 Get user data. More...
 
 setUserData (array $a_data)
 Set user data. More...
 
 sync ()
 Synchronize user account. More...
 

Protected Member Functions

 handleCreation ()
 Handle creation of user accounts. More...
 
 performUpdate ()
 Update user account and role assignments. More...
 
 readUserData ()
 Read user data. More...
 
 readInternalAccount ()
 Read internal account of user. More...
 
 isUpdateRequired ()
 Check if an update is required. More...
 
 initServer (string $a_auth_mode, int $a_server_id)
 Init LDAP server. More...
 

Private Attributes

string $authmode
 
ilLDAPServer $server
 
string $extaccount
 
string $intaccount
 
array $user_data = array()
 
bool $force_creation = false
 
bool $force_read_ldap_data = false
 
ilLogger $logger
 

Detailed Description

Synchronization of user accounts used in auth container ldap, cas,...

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 26 of file class.ilLDAPUserSynchronisation.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPUserSynchronisation::__construct ( string  $a_authmode,
int  $a_server_id 
)

Definition at line 38 of file class.ilLDAPUserSynchronisation.php.

39 {
40 global $DIC;
41
42 $this->logger = $DIC->logger()->auth();
43 $this->initServer($a_authmode, $a_server_id);
44 }
ilLDAPUserSynchronisation\initServer
initServer(string $a_auth_mode, int $a_server_id)
Init LDAP server.
Definition: class.ilLDAPUserSynchronisation.php:262
$DIC
global $DIC
Definition: feed.php:28

References $DIC, initServer(), and ILIAS\Repository\logger().

+ Here is the call graph for this function:

Member Function Documentation

◆ forceCreation()

ilLDAPUserSynchronisation::forceCreation ( bool  $a_force)

Force cration of user accounts (Account migration enabled)

Definition at line 91 of file class.ilLDAPUserSynchronisation.php.

91 : void
92 {
93 $this->force_creation = $a_force;
94 }

◆ forceReadLdapData()

ilLDAPUserSynchronisation::forceReadLdapData ( bool  $a_status)

Definition at line 96 of file class.ilLDAPUserSynchronisation.php.

96 : void
97 {
98 $this->force_read_ldap_data = $a_status;
99 }

◆ getAuthMode()

ilLDAPUserSynchronisation::getAuthMode ( )

Get Auth Mode.

Definition at line 58 of file class.ilLDAPUserSynchronisation.php.

58 : string
59 {
60 return $this->authmode;
61 }

References $authmode.

Referenced by performUpdate(), readInternalAccount(), and readUserData().

+ Here is the caller graph for this function:

◆ getExternalAccount()

ilLDAPUserSynchronisation::getExternalAccount ( )

Get external accocunt.

Definition at line 74 of file class.ilLDAPUserSynchronisation.php.

74 : ?string
75 {
76 return $this->extaccount;
77 }

References $extaccount.

Referenced by performUpdate(), readInternalAccount(), and readUserData().

+ Here is the caller graph for this function:

◆ getInternalAccount()

ilLDAPUserSynchronisation::getInternalAccount ( )

Get ILIAS unique internal account name.

Returns
string internal account

Definition at line 83 of file class.ilLDAPUserSynchronisation.php.

83 : ?string
84 {
85 return $this->intaccount;
86 }

References $intaccount.

Referenced by isUpdateRequired(), readUserData(), and sync().

+ Here is the caller graph for this function:

◆ getServer()

ilLDAPUserSynchronisation::getServer ( )

Get current ldap server.

Returns
ilLDAPServer $server

Definition at line 50 of file class.ilLDAPUserSynchronisation.php.

50 : ilLDAPServer
51 {
52 return $this->server;
53 }

References $server.

Referenced by handleCreation(), isUpdateRequired(), performUpdate(), readUserData(), and sync().

+ Here is the caller graph for this function:

◆ getUserData()

ilLDAPUserSynchronisation::getUserData ( )

Get user data.

Returns
array $user_data

Definition at line 105 of file class.ilLDAPUserSynchronisation.php.

105 : array
106 {
107 return $this->user_data;
108 }

References $user_data.

Referenced by performUpdate().

+ Here is the caller graph for this function:

◆ handleCreation()

ilLDAPUserSynchronisation::handleCreation ( )
protected

Handle creation of user accounts.

Exceptions
ilLDAPSynchronisationForbiddenException
ilLDAPAccountMigrationRequiredException

Definition at line 153 of file class.ilLDAPUserSynchronisation.php.

153 : void
154 {
155 // Disabled sync on login
156 if (!$this->getServer()->enabledSyncOnLogin()) {
157 throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
158 }
159 // Account migration
160 if (!$this->force_creation && $this->getServer()->isAccountMigrationEnabled()) {
161 $this->readUserData();
162 throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
163 }
164 }
ilLDAPAccountMigrationRequiredException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPAccountMigrationRequiredException.php:25
ilLDAPSynchronisationForbiddenException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPSynchronisationForbiddenException.php:25

References getServer(), and readUserData().

Referenced by sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initServer()

ilLDAPUserSynchronisation::initServer ( string  $a_auth_mode,
int  $a_server_id 
)
protected

Init LDAP server.

Definition at line 262 of file class.ilLDAPUserSynchronisation.php.

262 : void
263 {
264 $this->authmode = $a_auth_mode;
265 $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
266 }
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101

References ilLDAPServer\getInstanceByServerId().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isUpdateRequired()

ilLDAPUserSynchronisation::isUpdateRequired ( )
protected

Check if an update is required.

Definition at line 237 of file class.ilLDAPUserSynchronisation.php.

237 : bool
238 {
239 if ($this->force_creation) {
240 return true;
241 }
242 if (!$this->getInternalAccount()) {
243 return true;
244 }
245
246 // Check attribute mapping on login
247 if (ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId())) {
248 return true;
249 }
250
251 // Check if there is any change in role assignments
252 if (ilLDAPRoleAssignmentRule::hasRulesForUpdate()) {
253 return true;
254 }
255 return false;
256 }
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate(int $a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:87
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPUserSynchronisation\getInternalAccount
getInternalAccount()
Get ILIAS unique internal account name.
Definition: class.ilLDAPUserSynchronisation.php:83

References getInternalAccount(), getServer(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ performUpdate()

ilLDAPUserSynchronisation::performUpdate ( )
protected

Update user account and role assignments.

Definition at line 169 of file class.ilLDAPUserSynchronisation.php.

169 : bool
170 {
171 ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
172
173 $update = new ilLDAPAttributeToUser($this->getServer());
174 if ($this->force_creation) {
175 $update->addMode(ilLDAPAttributeToUser::MODE_INITIALIZE_ROLES);
176 }
177 $update->setNewUserAuthMode($this->getAuthMode());
178 $update->setUserData(
179 array(
180 $this->getExternalAccount() => $this->getUserData()
181 )
182 );
183
184 $update->refresh();
185
186 // User has been created, now read internal account again
187 $this->readInternalAccount();
188 return true;
189 }
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:28
ilLDAPUserSynchronisation\readInternalAccount
readInternalAccount()
Read internal account of user.
Definition: class.ilLDAPUserSynchronisation.php:223
$update
$update
Definition: imgupload.php:92

References $update, ilUserCreationContext\CONTEXT_LDAP, getAuthMode(), getExternalAccount(), ilUserCreationContext\getInstance(), getServer(), getUserData(), ilLDAPAttributeToUser\MODE_INITIALIZE_ROLES, and readInternalAccount().

Referenced by sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readInternalAccount()

ilLDAPUserSynchronisation::readInternalAccount ( )
protected

Read internal account of user.

Exceptions
UnexpectedValueException

Definition at line 223 of file class.ilLDAPUserSynchronisation.php.

223 : void
224 {
225 if (!$this->getExternalAccount()) {
226 throw new UnexpectedValueException('No external account given.');
227 }
228 $this->intaccount = ilObjUser::_checkExternalAuthAccount(
229 $this->getAuthMode(),
230 $this->getExternalAccount()
231 );
232 }
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2700

References ilObjUser\_checkExternalAuthAccount(), getAuthMode(), and getExternalAccount().

Referenced by performUpdate(), and sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readUserData()

ilLDAPUserSynchronisation::readUserData ( )
protected

Read user data.

In case of auth mode != 'ldap' start a query with external account name against ldap server

Exceptions
ilLDAPSynchronisationFailedException

Definition at line 196 of file class.ilLDAPUserSynchronisation.php.

196 : bool
197 {
198 // Add internal account to user data
199 $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
200 if (!$this->force_read_ldap_data && strpos($this->getAuthMode(), 'ldap') === 0) {
201 return true;
202 }
203
204 try {
205 $query = new ilLDAPQuery($this->getServer());
206 $query->bind(ilLDAPQuery::LDAP_BIND_DEFAULT);
207 $user = $query->fetchUser($this->getExternalAccount());
208 $this->logger->dump($user, ilLogLevel::DEBUG);
209 $this->user_data = (array) $user[strtolower($this->getExternalAccount())];
210 } catch (ilLDAPQueryException $e) {
211 $this->logger->error('LDAP bind failed with message: ' . $e->getMessage());
212 throw new ilLDAPSynchronisationFailedException($e->getMessage());
213 }
214
215 return true;
216 }
ilLDAPSynchronisationFailedException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPSynchronisationFailedException.php:27
$query
$query
Definition: proxy_ylocal.php:13

References Vendor\Package\$e, $query, ilLogLevel\DEBUG, getAuthMode(), getExternalAccount(), getInternalAccount(), getServer(), ilLDAPQuery\LDAP_BIND_DEFAULT, and ILIAS\Repository\logger().

Referenced by handleCreation(), and sync().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setExternalAccount()

ilLDAPUserSynchronisation::setExternalAccount ( string  $a_ext)

Set external account (unique for each auth mode)

Definition at line 66 of file class.ilLDAPUserSynchronisation.php.

66 : void
67 {
68 $this->extaccount = $a_ext;
69 }

◆ setUserData()

ilLDAPUserSynchronisation::setUserData ( array  $a_data)

Set user data.

Definition at line 113 of file class.ilLDAPUserSynchronisation.php.

113 : void
114 {
115 $this->user_data = $a_data;
116 }

◆ sync()

ilLDAPUserSynchronisation::sync ( )

Synchronize user account.

Todo:
Redirects to account migration if required
Exceptions
UnexpectedValueExceptionmissing or wrong external account given
ilLDAPSynchronisationForbiddenExceptionif user synchronisation is disabled
ilLDAPSynchronisationFailedExceptionbind failure

Definition at line 125 of file class.ilLDAPUserSynchronisation.php.

125 : string
126 {
127 $this->readInternalAccount();
128
129 if (!$this->getInternalAccount()) {
130 ilLoggerFactory::getLogger('auth')->debug('Creating new account');
131 $this->handleCreation();
132 }
133
134 // Nothing to do if sync on login is disabled
135 if (!$this->getServer()->enabledSyncOnLogin()) {
136 return $this->getInternalAccount();
137 }
138
139 // For performance reasons, check if (an update is required)
140 if ($this->isUpdateRequired()) {
141 ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
142 $this->readUserData();
143 $this->performUpdate();
144 }
145 return $this->getInternalAccount();
146 }
ilLDAPUserSynchronisation\performUpdate
performUpdate()
Update user account and role assignments.
Definition: class.ilLDAPUserSynchronisation.php:169
ilLDAPUserSynchronisation\isUpdateRequired
isUpdateRequired()
Check if an update is required.
Definition: class.ilLDAPUserSynchronisation.php:237
ilLDAPUserSynchronisation\handleCreation
handleCreation()
Handle creation of user accounts.
Definition: class.ilLDAPUserSynchronisation.php:153
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89

References getInternalAccount(), ilLoggerFactory\getLogger(), getServer(), handleCreation(), isUpdateRequired(), performUpdate(), readInternalAccount(), and readUserData().

+ Here is the call graph for this function:

Field Documentation

◆ $authmode

string ilLDAPUserSynchronisation::$authmode
private

Definition at line 28 of file class.ilLDAPUserSynchronisation.php.

Referenced by getAuthMode().

◆ $extaccount

string ilLDAPUserSynchronisation::$extaccount
private

Definition at line 30 of file class.ilLDAPUserSynchronisation.php.

Referenced by getExternalAccount().

◆ $force_creation

bool ilLDAPUserSynchronisation::$force_creation = false
private

Definition at line 34 of file class.ilLDAPUserSynchronisation.php.

◆ $force_read_ldap_data

bool ilLDAPUserSynchronisation::$force_read_ldap_data = false
private

Definition at line 35 of file class.ilLDAPUserSynchronisation.php.

◆ $intaccount

string ilLDAPUserSynchronisation::$intaccount
private

Definition at line 31 of file class.ilLDAPUserSynchronisation.php.

Referenced by getInternalAccount().

◆ $logger

ilLogger ilLDAPUserSynchronisation::$logger
private

Definition at line 36 of file class.ilLDAPUserSynchronisation.php.

◆ $server

ilLDAPServer ilLDAPUserSynchronisation::$server
private

Definition at line 29 of file class.ilLDAPUserSynchronisation.php.

Referenced by getServer().

◆ $user_data

array ilLDAPUserSynchronisation::$user_data = array()
private

Definition at line 33 of file class.ilLDAPUserSynchronisation.php.

Referenced by getUserData().

The documentation for this class was generated from the following file: