ILIAS  trunk Revision v11.0_alpha-1753-gb21ca8c4367
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilLDAPAttributeToUser.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
27 class ilLDAPAttributeToUser
28 {
29  public const MODE_INITIALIZE_ROLES = 1;
30 
31  private array $modes = [];
32  private ilLDAPServer $server_settings;
33  private array $user_data = [];
34  private ilLDAPAttributeMapping $mapping;
35  private string $new_user_auth_mode = 'ldap';
36  private ilLogger $logger;
37  private ilXmlWriter $writer;
38  private ilUserDefinedFields $udf;
39 
44  public function __construct(ilLDAPServer $a_server)
45  {
46  global $DIC;
47 
48  $this->logger = $DIC->logger()->auth();
49 
50  $this->server_settings = $a_server;
51 
52  $this->initLDAPAttributeMapping();
53  }
54 
59  public function getServer(): ilLDAPServer
60  {
61  return $this->server_settings;
62  }
63 
70  public function setUserData(array $a_data): void
71  {
72  $this->user_data = $a_data;
73  }
74 
79  public function setNewUserAuthMode(string $a_authmode): void
80  {
81  $this->new_user_auth_mode = $a_authmode;
82  }
83 
87  public function getNewUserAuthMode(): string
88  {
89  return $this->new_user_auth_mode;
90  }
91 
95  public function addMode(int $a_mode): void
96  {
97  //TODO check for proper value
98  if (!in_array($a_mode, $this->modes, true)) {
99  $this->modes[] = $a_mode;
100  }
101  }
102 
108  public function isModeActive(int $a_mode): bool
109  {
110  return in_array($a_mode, $this->modes, true);
111  }
112 
113 
117  public function refresh(): bool
118  {
119  $this->usersToXML();
120 
121  $importParser = new ilUserImportParser();
122  $importParser->setXMLContent($this->writer->xmlDumpMem(false));
123  $importParser->setRoleAssignment(ilLDAPRoleAssignmentRules::getAllPossibleRoles($this->getServer()->getServerId()));
124  $importParser->setFolderId(7);
125  $importParser->startParsing();
126 
127  return true;
128  }
129 
136  protected function parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_external_account, array $user): void
137  {
138  foreach (ilLDAPRoleAssignmentRules::getAssignmentsForUpdate(
139  $this->getServer()->getServerId(),
140  $a_usr_id,
141  $a_external_account,
142  $user
143  ) as $role_data) {
144  $this->writer->xmlElement(
145  'Role',
146  [
147  'Id' => $role_data['id'],
148  'Type' => $role_data['type'],
149  'Action' => $role_data['action']
150  ],
151  ''
152  );
153  }
154  }
155 
161  protected function parseRoleAssignmentsForCreation(string $a_external_account, array $a_user): void
162  {
163  foreach (ilLDAPRoleAssignmentRules::getAssignmentsForCreation(
164  $this->getServer()->getServerId(),
165  $a_external_account,
166  $a_user
167  ) as $role_data) {
168  $this->writer->xmlElement(
169  'Role',
170  [
171  'Id' => $role_data['id'],
172  'Type' => $role_data['type'],
173  'Action' => $role_data['action']
174  ],
175  ''
176  );
177  }
178  }
179 
183  private function usersToXML(): void
184  {
185  $this->writer = new ilXmlWriter();
186  $this->writer->xmlStartTag('Users');
187 
188  $cnt_update = 0;
189  $cnt_create = 0;
190 
191  // Single users
192  foreach ($this->user_data as $external_account => $user) {
193  $external_account = (string) $external_account;
194 
195  $user['ilExternalAccount'] = $external_account;
196 
197  // Required fields
198  if ($user['ilInternalAccount']) {
199  $usr_id = ilObjUser::_lookupId($user['ilInternalAccount']);
200 
201  ++$cnt_update;
202  // User exists
203  $this->writer->xmlStartTag('User', ['Id' => $usr_id, 'Action' => 'Update']);
204  $this->writer->xmlElement('Login', [], $user['ilInternalAccount']);
205  $this->writer->xmlElement('ExternalAccount', [], $external_account);
206  $this->writer->xmlElement('AuthMode', ['type' => $this->getNewUserAuthMode()]);
207 
208  if ($this->isModeActive(self::MODE_INITIALIZE_ROLES)) {
209  $this->parseRoleAssignmentsForCreation($external_account, $user);
210  } else {
211  $this->parseRoleAssignmentsForUpdate($usr_id, $external_account, $user);
212  }
213  $rules = $this->mapping->getRulesForUpdate();
214  } else {
215  ++$cnt_create;
216  // Create user
217  $this->writer->xmlStartTag('User', ['Action' => 'Insert']);
218  $this->writer->xmlElement('Login', [], ilAuthUtils::_generateLogin($external_account));
219 
220  $this->parseRoleAssignmentsForCreation($external_account, $user);
221  $rules = $this->mapping->getRules(true);
222  }
223 
224  $this->writer->xmlElement('Active', [], "true");
225  $this->writer->xmlElement('TimeLimitOwner', [], 7);
226  $this->writer->xmlElement('TimeLimitUnlimited', [], 1);
227  $this->writer->xmlElement('TimeLimitFrom', [], time());
228  $this->writer->xmlElement('TimeLimitUntil', [], time());
229 
230  // only for new users.
231  // If auth_mode is 'default' (ldap) this status should remain.
232  if (!$user['ilInternalAccount']) {
233  $this->writer->xmlElement(
234  'AuthMode',
235  ['type' => $this->getNewUserAuthMode()],
236  $this->getNewUserAuthMode()
237  );
238  $this->writer->xmlElement('ExternalAccount', [], $external_account);
239  }
240  foreach ($rules as $field => $data) {
241  // Do Mapping: it is possible to assign multiple ldap attribute to one user data field
242  if (!($value = $this->doMapping($user, $data))) {
243  continue;
244  }
245 
246  switch ($field) {
247  case 'gender':
248  switch (strtolower($value)) {
249  case 'm':
250  case 'male':
251  $this->writer->xmlElement('Gender', [], 'm');
252  break;
253 
254  case 'f':
255  case 'female':
256  $this->writer->xmlElement('Gender', [], 'f');
257  break;
258 
259  default:
260  // use the default for anything that is not clearly m or f
261  $this->writer->xmlElement('Gender', [], 'n');
262  break;
263  }
264  break;
265 
266  case 'firstname':
267  $this->writer->xmlElement('Firstname', [], $value);
268  break;
269 
270  case 'lastname':
271  $this->writer->xmlElement('Lastname', [], $value);
272  break;
273 
274  case 'hobby':
275  $this->writer->xmlElement('Hobby', [], $value);
276  break;
277 
278  case 'title':
279  $this->writer->xmlElement('Title', [], $value);
280  break;
281 
282  case 'institution':
283  $this->writer->xmlElement('Institution', [], $value);
284  break;
285 
286  case 'department':
287  $this->writer->xmlElement('Department', [], $value);
288  break;
289 
290  case 'street':
291  $this->writer->xmlElement('Street', [], $value);
292  break;
293 
294  case 'city':
295  $this->writer->xmlElement('City', [], $value);
296  break;
297 
298  case 'zipcode':
299  $this->writer->xmlElement('PostalCode', [], $value);
300  break;
301 
302  case 'country':
303  $this->writer->xmlElement('Country', [], $value);
304  break;
305 
306  case 'phone_office':
307  $this->writer->xmlElement('PhoneOffice', [], $value);
308  break;
309 
310  case 'phone_home':
311  $this->writer->xmlElement('PhoneHome', [], $value);
312  break;
313 
314  case 'phone_mobile':
315  $this->writer->xmlElement('PhoneMobile', [], $value);
316  break;
317 
318  case 'fax':
319  $this->writer->xmlElement('Fax', [], $value);
320  break;
321 
322  case 'email':
323  $this->writer->xmlElement('Email', [], $value);
324  break;
325 
326  case 'second_email':
327  $this->writer->xmlElement('SecondEmail', [], $value);
328  break;
329 
330  case 'matriculation':
331  $this->writer->xmlElement('Matriculation', [], $value);
332  break;
333 
334  default:
335  // Handle user defined fields
336  if (strpos($field, 'udf_') !== 0) {
337  continue 2;
338  }
339  $id_data = explode('_', $field);
340  if (!isset($id_data[1])) {
341  continue 2;
342  }
343  $this->initUserDefinedFields();
344  $definition = $this->udf->getDefinition((int) $id_data[1]);
345  if (empty($definition)) {
346  $this->logger->warning(sprintf(
347  "Invalid/Orphaned UD field mapping detected: %s",
348  $field
349  ));
350  break;
351  }
352 
353  $this->writer->xmlElement(
354  'UserDefinedField',
355  [
356  'Id' => $definition['il_id'],
357  'Name' => $definition['field_name']
358  ],
359  $value
360  );
361  break;
362  }
363  }
364  $this->writer->xmlEndTag('User');
365  }
366 
367  if ($cnt_create) {
368  $this->logger->info('LDAP: Started creation of ' . $cnt_create . ' users.');
369  }
370  if ($cnt_update) {
371  $this->logger->info('LDAP: Started update of ' . $cnt_update . ' users.');
372  }
373  $this->writer->xmlEndTag('Users');
374  }
375 
383  private function convertInput($a_value): string
384  {
385  if (is_array($a_value)) {
386  return $a_value[0];
387  }
388 
389  return $a_value;
390  }
391 
392  private function doMapping(array $user, array $rule): string
393  {
394  $mapping = strtolower(trim($rule['value']));
395 
396  if (strpos($mapping, ',') === false) {
397  return $this->convertInput($user[$mapping] ?? '');
398  }
399  // Is multiple mapping
400 
401  $fields = explode(',', $mapping);
402  $value = '';
403  foreach ($fields as $field) {
404  if ($value !== '') {
405  $value .= ' ';
406  }
407  $value .= ($this->convertInput($user[trim($field)] ?? ''));
408  }
409  return $value;
410  }
411 
412  private function initLDAPAttributeMapping(): void
413  {
414  $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->server_settings->getServerId());
415  }
416 
417  private function initUserDefinedFields(): void
418  {
419  $this->udf = ilUserDefinedFields::_getInstance();
420  }
421 }
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate(int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:90
ilAuthUtils\_generateLogin
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:373
ilUserDefinedFields
Additional user data fields definition.
Definition: class.ilUserDefinedFields.php:29
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:692
ilLDAPAttributeToUser\setNewUserAuthMode
setNewUserAuthMode(string $a_authmode)
Set auth mode for new users.
Definition: class.ilLDAPAttributeToUser.php:79
ilLDAPAttributeToUser\parseRoleAssignmentsForCreation
parseRoleAssignmentsForCreation(string $a_external_account, array $a_user)
Parse role assignments for update of user account.
Definition: class.ilLDAPAttributeToUser.php:161
ilLDAPAttributeToUser\parseRoleAssignmentsForUpdate
parseRoleAssignmentsForUpdate(int $a_usr_id, string $a_external_account, array $user)
Parse role assignments for update of user account.
Definition: class.ilLDAPAttributeToUser.php:136
ilLDAPAttributeToUser\convertInput
convertInput($a_value)
A value can be an array or a string This function converts arrays to strings.
Definition: class.ilLDAPAttributeToUser.php:383
ilLDAPAttributeToUser\setUserData
setUserData(array $a_data)
Set user data received from pear auth or by ldap_search.
Definition: class.ilLDAPAttributeToUser.php:70
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles(int $a_server_id)
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:43
ilLDAPAttributeToUser\$mapping
ilLDAPAttributeMapping $mapping
Definition: class.ilLDAPAttributeToUser.php:34
$DIC
global $DIC
Definition: shib_login.php:22
ilLDAPAttributeToUser\__construct
__construct(ilLDAPServer $a_server)
Construct of ilLDAPAttribute2XML Defines between LDAP and ILIAS user attributes.
Definition: class.ilLDAPAttributeToUser.php:44
ilLDAPAttributeToUser\doMapping
doMapping(array $user, array $rule)
Definition: class.ilLDAPAttributeToUser.php:392
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation(int $a_server_id, string $a_usr_name, array $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:140
ilLDAPAttributeToUser\refresh
refresh()
Create/Update non existing users.
Definition: class.ilLDAPAttributeToUser.php:117
ilLDAPAttributeMapping
This class stores the settings that define the mapping between LDAP attribute and user profile fields...
Definition: class.ilLDAPAttributeMapping.php:26
ilLDAPAttributeToUser\getNewUserAuthMode
getNewUserAuthMode()
Get auth mode for new users.
Definition: class.ilLDAPAttributeToUser.php:87
ilLDAPAttributeToUser\isModeActive
isModeActive(int $a_mode)
Check if mode is active.
Definition: class.ilLDAPAttributeToUser.php:108
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:27
ilLDAPAttributeToUser\getServer
getServer()
Get server settings.
Definition: class.ilLDAPAttributeToUser.php:59
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPAttributeToUser\addMode
addMode(int $a_mode)
Add import mode.
Definition: class.ilLDAPAttributeToUser.php:95
ilLDAPAttributeToUser\usersToXML
usersToXML()
Create xml string of user according to mapping rules.
Definition: class.ilLDAPAttributeToUser.php:183