ilLDAPUserSynchronisation Class Reference

Synchronization of user accounts used in auth container ldap, ,... More...

Collaboration diagram for ilLDAPUserSynchronisation:

Public Member Functions
	__construct (string $a_authmode, int $a_server_id)
	getServer ()
	Get current ldap server. More...
	getAuthMode ()
	Get Auth Mode. More...
	setExternalAccount (string $a_ext)
	Set external account (unique for each auth mode) More...
	getExternalAccount ()
	Get external accocunt. More...
	getInternalAccount ()
	Get ILIAS unique internal account name. More...
	forceCreation (bool $a_force)
	Force cration of user accounts (Account migration enabled) More...
	forceReadLdapData (bool $a_status)
	getUserData ()
	Get user data. More...
	setUserData (array $a_data)
	Set user data. More...
	sync ()
	Synchronize user account. More...

Protected Member Functions
	handleCreation ()
	Handle creation of user accounts. More...
	performUpdate ()
	Update user account and role assignments. More...
	readUserData ()
	Read user data. More...
	readInternalAccount ()
	Read internal account of user. More...
	isUpdateRequired ()
	Check if an update is required. More...
	initServer (string $a_auth_mode, int $a_server_id)
	Init LDAP server. More...

Private Attributes
string	$authmode
ilLDAPServer	$server
string	$extaccount
string	$intaccount
array	$user_data = array()
bool	$force_creation = false
bool	$force_read_ldap_data = false
ilLogger	$logger

Detailed Description

Synchronization of user accounts used in auth container ldap, ,...

Author

Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 26 of file class.ilLDAPUserSynchronisation.php.

Constructor & Destructor Documentation

__construct()

ilLDAPUserSynchronisation::__construct	(	string	$a_authmode,
		int	$a_server_id
	)

Definition at line 38 of file class.ilLDAPUserSynchronisation.php.

    {
        global $DIC;
 
        $this->logger = $DIC->logger()->auth();
        $this->initServer($a_authmode, $a_server_id);
    }

References $DIC, initServer(), and ILIAS\Repository\logger().

Here is the call graph for this function:

Member Function Documentation

forceCreation()

ilLDAPUserSynchronisation::forceCreation

(

bool

$a_force

)

Force cration of user accounts (Account migration enabled)

Definition at line 91 of file class.ilLDAPUserSynchronisation.php.

                                                : void
    {
        $this->force_creation = $a_force;
    }

forceReadLdapData()

ilLDAPUserSynchronisation::forceReadLdapData

(

bool

$a_status

)

Definition at line 96 of file class.ilLDAPUserSynchronisation.php.

                                                     : void
    {
        $this->force_read_ldap_data = $a_status;
    }

getAuthMode()

ilLDAPUserSynchronisation::getAuthMode

(

)

Get Auth Mode.

Definition at line 58 of file class.ilLDAPUserSynchronisation.php.

                                 : string
    {
        return $this->authmode;
    }

References $authmode.

Referenced by performUpdate(), readInternalAccount(), and readUserData().

Here is the caller graph for this function:

getExternalAccount()

ilLDAPUserSynchronisation::getExternalAccount

(

)

Get external accocunt.

Definition at line 74 of file class.ilLDAPUserSynchronisation.php.

                                        : ?string
    {
        return $this->extaccount;
    }

References $extaccount.

Referenced by performUpdate(), readInternalAccount(), and readUserData().

Here is the caller graph for this function:

getInternalAccount()

ilLDAPUserSynchronisation::getInternalAccount

(

)

Get ILIAS unique internal account name.

Returns

string internal account

Definition at line 83 of file class.ilLDAPUserSynchronisation.php.

                                        : ?string
    {
        return $this->intaccount;
    }

References $intaccount.

Referenced by isUpdateRequired(), readUserData(), and sync().

Here is the caller graph for this function:

getServer()

ilLDAPUserSynchronisation::getServer

(

)

Get current ldap server.

Returns

ilLDAPServer $server

Definition at line 50 of file class.ilLDAPUserSynchronisation.php.

                               : ilLDAPServer
    {
        return $this->server;
    }

References $server.

Referenced by handleCreation(), isUpdateRequired(), performUpdate(), readUserData(), and sync().

Here is the caller graph for this function:

getUserData()

ilLDAPUserSynchronisation::getUserData

(

)

Get user data.

Returns

array $user_data

Definition at line 105 of file class.ilLDAPUserSynchronisation.php.

                                 : array
    {
        return $this->user_data;
    }

References $user_data.

Referenced by performUpdate().

Here is the caller graph for this function:

handleCreation()

ilLDAPUserSynchronisation::handleCreation ( )

protected

Handle creation of user accounts.

Exceptions

ilLDAPSynchronisationForbiddenException
ilLDAPAccountMigrationRequiredException

Definition at line 153 of file class.ilLDAPUserSynchronisation.php.

                                       : void
    {
        // Disabled sync on login
        if (!$this->getServer()->enabledSyncOnLogin()) {
            throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
        }
        // Account migration
        if (!$this->force_creation && $this->getServer()->isAccountMigrationEnabled()) {
            $this->readUserData();
            throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
        }
    }

References getServer(), and readUserData().

Referenced by sync().

Here is the call graph for this function:

Here is the caller graph for this function:

initServer()

ilLDAPUserSynchronisation::initServer ( string  $a_auth_mode, int  $a_server_id  )

protected

Init LDAP server.

Definition at line 262 of file class.ilLDAPUserSynchronisation.php.

                                                                        : void
    {
        $this->authmode = $a_auth_mode;
        $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
    }

References ilLDAPServer\getInstanceByServerId(), and ILIAS\UI\examples\Progress\Bar\server().

Referenced by __construct().

Here is the call graph for this function:

Here is the caller graph for this function:

isUpdateRequired()

ilLDAPUserSynchronisation::isUpdateRequired ( )

protected

Check if an update is required.

Definition at line 237 of file class.ilLDAPUserSynchronisation.php.

                                         : bool
    {
        if ($this->force_creation) {
            return true;
        }
        if (!$this->getInternalAccount()) {
            return true;
        }
 
        // Check attribute mapping on login
        if (ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId())) {
            return true;
        }
 
        // Check if there is any change in role assignments
        if (ilLDAPRoleAssignmentRule::hasRulesForUpdate()) {
            return true;
        }
        return false;
    }

References getInternalAccount(), getServer(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by sync().

Here is the call graph for this function:

Here is the caller graph for this function:

performUpdate()

ilLDAPUserSynchronisation::performUpdate ( )

protected

Update user account and role assignments.

Definition at line 169 of file class.ilLDAPUserSynchronisation.php.

                                      : bool
    {
        ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
 
        $update = new ilLDAPAttributeToUser($this->getServer());
        if ($this->force_creation) {
            $update->addMode(ilLDAPAttributeToUser::MODE_INITIALIZE_ROLES);
        }
        $update->setNewUserAuthMode($this->getAuthMode());
        $update->setUserData(
            array(
                $this->getExternalAccount() => $this->getUserData()
            )
        );
 
        $update->refresh();
 
        // User has been created, now read internal account again
        $this->readInternalAccount();
        return true;
    }

References ilUserCreationContext\CONTEXT_LDAP, getAuthMode(), getExternalAccount(), ilUserCreationContext\getInstance(), getServer(), getUserData(), ilLDAPAttributeToUser\MODE_INITIALIZE_ROLES, and readInternalAccount().

Referenced by sync().

Here is the call graph for this function:

Here is the caller graph for this function:

readInternalAccount()

ilLDAPUserSynchronisation::readInternalAccount ( )

protected

Read internal account of user.

Exceptions

UnexpectedValueException

Definition at line 223 of file class.ilLDAPUserSynchronisation.php.

                                            : void
    {
        if (!$this->getExternalAccount()) {
            throw new UnexpectedValueException('No external account given.');
        }
        $this->intaccount = ilObjUser::_checkExternalAuthAccount(
            $this->getAuthMode(),
            $this->getExternalAccount()
        );
    }

References ilObjUser\_checkExternalAuthAccount(), getAuthMode(), and getExternalAccount().

Referenced by performUpdate(), and sync().

Here is the call graph for this function:

Here is the caller graph for this function:

readUserData()

ilLDAPUserSynchronisation::readUserData ( )

protected

Read user data.

In case of auth mode != 'ldap' start a query with external account name against ldap server

Exceptions

ilLDAPSynchronisationFailedException

Definition at line 196 of file class.ilLDAPUserSynchronisation.php.

                                     : bool
    {
        // Add internal account to user data
        $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
        if (!$this->force_read_ldap_data && strpos($this->getAuthMode(), 'ldap') === 0) {
            return true;
        }
 
        try {
            $query = new ilLDAPQuery($this->getServer());
            $query->bind(ilLDAPQuery::LDAP_BIND_DEFAULT);
            $user = $query->fetchUser($this->getExternalAccount());
            $this->logger->dump($user, ilLogLevel::DEBUG);
            $this->user_data = (array) $user[strtolower($this->getExternalAccount())];
        } catch (ilLDAPQueryException $e) {
            $this->logger->error('LDAP bind failed with message: ' . $e->getMessage());
            throw new ilLDAPSynchronisationFailedException($e->getMessage());
        }
 
        return true;
    }

References Vendor\Package\$e, ilLogLevel\DEBUG, getAuthMode(), getExternalAccount(), getInternalAccount(), getServer(), ilLDAPQuery\LDAP_BIND_DEFAULT, and ILIAS\Repository\logger().

Referenced by handleCreation(), and sync().

Here is the call graph for this function:

Here is the caller graph for this function:

setExternalAccount()

ilLDAPUserSynchronisation::setExternalAccount

(

string

$a_ext

)

Set external account (unique for each auth mode)

Definition at line 66 of file class.ilLDAPUserSynchronisation.php.

                                                     : void
    {
        $this->extaccount = $a_ext;
    }

setUserData()

ilLDAPUserSynchronisation::setUserData

(

array

$a_data

)

Set user data.

Definition at line 113 of file class.ilLDAPUserSynchronisation.php.

                                              : void
    {
        $this->user_data = $a_data;
    }

sync()

ilLDAPUserSynchronisation::sync

(

)

Synchronize user account.

Todo:

Redirects to account migration if required

Exceptions

UnexpectedValueException	missing or wrong external account given
ilLDAPSynchronisationForbiddenException	if user synchronisation is disabled
ilLDAPSynchronisationFailedException	bind failure

Definition at line 125 of file class.ilLDAPUserSynchronisation.php.

                          : string
    {
        $this->readInternalAccount();
 
        if (!$this->getInternalAccount()) {
            ilLoggerFactory::getLogger('auth')->debug('Creating new account');
            $this->handleCreation();
        }
 
        // Nothing to do if sync on login is disabled
        if (!$this->getServer()->enabledSyncOnLogin()) {
            return $this->getInternalAccount();
        }
 
        // For performance reasons, check if (an update is required)
        if ($this->isUpdateRequired()) {
            ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
            $this->readUserData();
            $this->performUpdate();
        }
        return $this->getInternalAccount();
    }

References getInternalAccount(), ilLoggerFactory\getLogger(), getServer(), handleCreation(), isUpdateRequired(), performUpdate(), readInternalAccount(), and readUserData().

Here is the call graph for this function:

Field Documentation

$authmode

string ilLDAPUserSynchronisation::$authmode

private

Definition at line 28 of file class.ilLDAPUserSynchronisation.php.

Referenced by getAuthMode().

$extaccount

string ilLDAPUserSynchronisation::$extaccount

private

Definition at line 30 of file class.ilLDAPUserSynchronisation.php.

Referenced by getExternalAccount().

$force_creation

bool ilLDAPUserSynchronisation::$force_creation = false

private

Definition at line 34 of file class.ilLDAPUserSynchronisation.php.

$force_read_ldap_data

bool ilLDAPUserSynchronisation::$force_read_ldap_data = false

private

Definition at line 35 of file class.ilLDAPUserSynchronisation.php.

$intaccount

string ilLDAPUserSynchronisation::$intaccount

private

Definition at line 31 of file class.ilLDAPUserSynchronisation.php.

Referenced by getInternalAccount().

$logger

ilLogger ilLDAPUserSynchronisation::$logger

private

Definition at line 36 of file class.ilLDAPUserSynchronisation.php.

$server

ilLDAPServer ilLDAPUserSynchronisation::$server

private

Definition at line 29 of file class.ilLDAPUserSynchronisation.php.

Referenced by getServer().

$user_data

array ilLDAPUserSynchronisation::$user_data = array()

private

Definition at line 33 of file class.ilLDAPUserSynchronisation.php.

Referenced by getUserData().

---

The documentation for this class was generated from the following file:

• components/ILIAS/LDAP/classes/class.ilLDAPUserSynchronisation.php