ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilLDAPAttributeToUser.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\User\Profile\Profile;
22
29class ilLDAPAttributeToUser
30{
31 public const MODE_INITIALIZE_ROLES = 1;
32
33 private array $modes = [];
34 private ilLDAPServer $server_settings;
35 private Profile $profile;
36 private array $user_data = [];
37 private ilLDAPAttributeMapping $mapping;
38 private string $new_user_auth_mode = 'ldap';
39 private ilLogger $logger;
40 private ilXmlWriter $writer;
44 private ?array $user_defined_fields = null;
45
50 public function __construct(ilLDAPServer $a_server)
51 {
52 global $DIC;
53
54 $this->logger = $DIC->logger()->auth();
55 $this->profile = $DIC['user']->profile();
56
57 $this->server_settings = $a_server;
58
59 $this->initLDAPAttributeMapping();
60 }
61
66 public function getServer(): ilLDAPServer
67 {
68 return $this->server_settings;
69 }
70
77 public function setUserData(array $a_data): void
78 {
79 $this->user_data = $a_data;
80 }
81
86 public function setNewUserAuthMode(string $a_authmode): void
87 {
88 $this->new_user_auth_mode = $a_authmode;
89 }
90
94 public function getNewUserAuthMode(): string
95 {
96 return $this->new_user_auth_mode;
97 }
98
102 public function addMode(int $a_mode): void
103 {
104 //TODO check for proper value
105 if (!in_array($a_mode, $this->modes, true)) {
106 $this->modes[] = $a_mode;
107 }
108 }
109
115 public function isModeActive(int $a_mode): bool
116 {
117 return in_array($a_mode, $this->modes, true);
118 }
119
120
124 public function refresh(): bool
125 {
126 $this->usersToXML();
127
128 $importParser = new ilUserImportParser();
129 $importParser->setXMLContent($this->writer->xmlDumpMem(false));
130 $importParser->setRoleAssignment(ilLDAPRoleAssignmentRules::getAllPossibleRoles($this->getServer()->getServerId()));
131 $importParser->setFolderId(7);
132 $importParser->startParsing();
133
134 return true;
135 }
136
143 protected function parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_external_account, array $user): void
144 {
145 foreach (ilLDAPRoleAssignmentRules::getAssignmentsForUpdate(
146 $this->getServer()->getServerId(),
147 $a_usr_id,
148 $a_external_account,
149 $user
150 ) as $role_data) {
151 $this->writer->xmlElement(
152 'Role',
153 [
154 'Id' => $role_data['id'],
155 'Type' => $role_data['type'],
156 'Action' => $role_data['action']
157 ],
158 ''
159 );
160 }
161 }
162
168 protected function parseRoleAssignmentsForCreation(string $a_external_account, array $a_user): void
169 {
170 foreach (ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
171 $this->getServer()->getServerId(),
172 $a_external_account,
173 $a_user
174 ) as $role_data) {
175 $this->writer->xmlElement(
176 'Role',
177 [
178 'Id' => $role_data['id'],
179 'Type' => $role_data['type'],
180 'Action' => $role_data['action']
181 ],
182 ''
183 );
184 }
185 }
186
190 private function usersToXML(): void
191 {
192 $this->writer = new ilXmlWriter();
193 $this->writer->xmlStartTag('Users');
194
195 $cnt_update = 0;
196 $cnt_create = 0;
197
198 // Single users
199 foreach ($this->user_data as $external_account => $user) {
200 $external_account = (string) $external_account;
201
202 $user['ilExternalAccount'] = $external_account;
203
204 // Required fields
205 if ($user['ilInternalAccount']) {
206 $usr_id = ilObjUser::_lookupId($user['ilInternalAccount']);
207
208 ++$cnt_update;
209 // User exists
210 $this->writer->xmlStartTag('User', ['Id' => $usr_id, 'Action' => 'Update']);
211 $this->writer->xmlElement('Login', [], $user['ilInternalAccount']);
212 $this->writer->xmlElement('ExternalAccount', [], $external_account);
213 $this->writer->xmlElement('AuthMode', ['type' => $this->getNewUserAuthMode()]);
214
215 if ($this->isModeActive(self::MODE_INITIALIZE_ROLES)) {
216 $this->parseRoleAssignmentsForCreation($external_account, $user);
217 } else {
218 $this->parseRoleAssignmentsForUpdate($usr_id, $external_account, $user);
219 }
220 $rules = $this->mapping->getRulesForUpdate();
221 } else {
222 ++$cnt_create;
223 // Create user
224 $this->writer->xmlStartTag('User', ['Action' => 'Insert']);
225 $this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($external_account));
226
227 $this->parseRoleAssignmentsForCreation($external_account, $user);
228 $rules = $this->mapping->getRules(true);
229 }
230
231 $this->writer->xmlElement('Active', [], "true");
232 $this->writer->xmlElement('TimeLimitOwner', [], 7);
233 $this->writer->xmlElement('TimeLimitUnlimited', [], 1);
234 $this->writer->xmlElement('TimeLimitFrom', [], time());
235 $this->writer->xmlElement('TimeLimitUntil', [], time());
236
237 // only for new users.
238 // If auth_mode is 'default' (ldap) this status should remain.
239 if (!$user['ilInternalAccount']) {
240 $this->writer->xmlElement(
241 'AuthMode',
242 ['type' => $this->getNewUserAuthMode()],
243 $this->getNewUserAuthMode()
244 );
245 $this->writer->xmlElement('ExternalAccount', [], $external_account);
246 }
247 foreach ($rules as $field => $data) {
248 // Do Mapping: it is possible to assign multiple ldap attribute to one user data field
249 if (!($value = $this->doMapping($user, $data))) {
250 continue;
251 }
252
253 switch ($field) {
254 case 'gender':
255 switch (strtolower($value)) {
256 case 'm':
257 case 'male':
258 $this->writer->xmlElement('Gender', [], 'm');
259 break;
260
261 case 'f':
262 case 'female':
263 $this->writer->xmlElement('Gender', [], 'f');
264 break;
265
266 default:
267 // use the default for anything that is not clearly m or f
268 $this->writer->xmlElement('Gender', [], 'n');
269 break;
270 }
271 break;
272
273 case 'firstname':
274 $this->writer->xmlElement('Firstname', [], $value);
275 break;
276
277 case 'lastname':
278 $this->writer->xmlElement('Lastname', [], $value);
279 break;
280
281 case 'hobby':
282 $this->writer->xmlElement('Hobby', [], $value);
283 break;
284
285 case 'title':
286 $this->writer->xmlElement('Title', [], $value);
287 break;
288
289 case 'institution':
290 $this->writer->xmlElement('Institution', [], $value);
291 break;
292
293 case 'department':
294 $this->writer->xmlElement('Department', [], $value);
295 break;
296
297 case 'street':
298 $this->writer->xmlElement('Street', [], $value);
299 break;
300
301 case 'city':
302 $this->writer->xmlElement('City', [], $value);
303 break;
304
305 case 'zipcode':
306 $this->writer->xmlElement('PostalCode', [], $value);
307 break;
308
309 case 'country':
310 $this->writer->xmlElement('Country', [], $value);
311 break;
312
313 case 'phone_office':
314 $this->writer->xmlElement('PhoneOffice', [], $value);
315 break;
316
317 case 'phone_home':
318 $this->writer->xmlElement('PhoneHome', [], $value);
319 break;
320
321 case 'phone_mobile':
322 $this->writer->xmlElement('PhoneMobile', [], $value);
323 break;
324
325 case 'fax':
326 $this->writer->xmlElement('Fax', [], $value);
327 break;
328
329 case 'email':
330 $this->writer->xmlElement('Email', [], $value);
331 break;
332
333 case 'second_email':
334 $this->writer->xmlElement('SecondEmail', [], $value);
335 break;
336
337 case 'matriculation':
338 $this->writer->xmlElement('Matriculation', [], $value);
339 break;
340
341 default:
342 // Handle user defined fields
343 if (strpos($field, 'udf_') !== 0) {
344 continue 2;
345 }
346 $id_data = explode('_', $field);
347 if (!isset($id_data[1])) {
348 continue 2;
349 }
350 $this->initUserDefinedFields();
351 if (!isset($this->user_defined_fields[$id_data[1]])) {
352 $this->logger->warning(sprintf(
353 "Invalid/Orphaned UD field mapping detected: %s",
354 $field
355 ));
356 break;
357 }
358
359 $this->writer->xmlElement(
360 'UserDefinedField',
361 [
362 'Id' => $this->user_defined_fields[$id_data[1]]->getIdentifier(),
363 'Name' => $this->user_defined_fields[$id_data[1]]->getLabel()
364 ],
365 $value
366 );
367 break;
368 }
369 }
370 $this->writer->xmlEndTag('User');
371 }
372
373 if ($cnt_create) {
374 $this->logger->info('LDAP: Started creation of ' . $cnt_create . ' users.');
375 }
376 if ($cnt_update) {
377 $this->logger->info('LDAP: Started update of ' . $cnt_update . ' users.');
378 }
379 $this->writer->xmlEndTag('Users');
380 }
381
389 private function convertInput($a_value): string
390 {
391 if (is_array($a_value)) {
392 return $a_value[0];
393 }
394
395 return $a_value;
396 }
397
398 private function doMapping(array $user, array $rule): string
399 {
400 $mapping = strtolower(trim($rule['value']));
401
402 if (strpos($mapping, ',') === false) {
403 return $this->convertInput($user[$mapping] ?? '');
404 }
405 // Is multiple mapping
406
407 $fields = explode(',', $mapping);
408 $value = '';
409 foreach ($fields as $field) {
410 if ($value !== '') {
411 $value .= ' ';
412 }
413 $value .= ($this->convertInput($user[trim($field)] ?? ''));
414 }
415 return $value;
416 }
417
418 private function initLDAPAttributeMapping(): void
419 {
420 $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->server_settings->getServerId());
421 }
422
423 private function initUserDefinedFields(): void
424 {
425 if ($this->user_defined_fields === null) {
426 $this->user_defined_fields = $this->profile->getAllUserDefinedFields();
427 }
428 }
429}
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:339
ilLDAPAttributeMapping
This class stores the settings that define the mapping between LDAP attribute and user profile fields...
Definition: class.ilLDAPAttributeMapping.php:27
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:30
ilLDAPAttributeToUser\__construct
__construct(ilLDAPServer $a_server)
Construct of ilLDAPAttribute2XML Defines between LDAP and ILIAS user attributes.
Definition: class.ilLDAPAttributeToUser.php:50
ilLDAPAttributeToUser\parseRoleAssignmentsForCreation
parseRoleAssignmentsForCreation(string $a_external_account, array $a_user)
Parse role assignments for update of user account.
Definition: class.ilLDAPAttributeToUser.php:168
ilLDAPAttributeToUser\convertInput
convertInput($a_value)
A value can be an array or a string This function converts arrays to strings.
Definition: class.ilLDAPAttributeToUser.php:389
ilLDAPAttributeToUser\parseRoleAssignmentsForUpdate
parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_external_account, array $user)
Parse role assignments for update of user account.
Definition: class.ilLDAPAttributeToUser.php:143
ilLDAPAttributeToUser\usersToXML
usersToXML()
Create xml string of user according to mapping rules.
Definition: class.ilLDAPAttributeToUser.php:190
ilLDAPAttributeToUser\getNewUserAuthMode
getNewUserAuthMode()
Get auth mode for new users.
Definition: class.ilLDAPAttributeToUser.php:94
ilLDAPAttributeToUser\$mapping
ilLDAPAttributeMapping $mapping
Definition: class.ilLDAPAttributeToUser.php:37
ilLDAPAttributeToUser\doMapping
doMapping(array $user, array $rule)
Definition: class.ilLDAPAttributeToUser.php:398
ilLDAPAttributeToUser\isModeActive
isModeActive(int $a_mode)
Check if mode is active.
Definition: class.ilLDAPAttributeToUser.php:115
ilLDAPAttributeToUser\setUserData
setUserData(array $a_data)
Set user data received from pear auth or by ldap_search.
Definition: class.ilLDAPAttributeToUser.php:77
ilLDAPAttributeToUser\addMode
addMode(int $a_mode)
Add import mode.
Definition: class.ilLDAPAttributeToUser.php:102
ilLDAPAttributeToUser\refresh
refresh()
Create/Update non existing users.
Definition: class.ilLDAPAttributeToUser.php:124
ilLDAPAttributeToUser\setNewUserAuthMode
setNewUserAuthMode(string $a_authmode)
Set auth mode for new users.
Definition: class.ilLDAPAttributeToUser.php:86
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles(int $a_server_id)
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:43
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation(int $a_server_id, string $a_usr_name, array $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:140
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate(int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:90
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2915
ilXmlWriter
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilXmlWriter.php:33
$DIC
global $DIC
Definition: shib_login.php:26