Synchronization of user accounts used in auth container ldap, cas,... More...

Collaboration diagram for ilLDAPUserSynchronisation:

Public Member Functions
	__construct (string $a_authmode, int $a_server_id)

	getServer ()
	Get current ldap server. More...

	getAuthMode ()
	Get Auth Mode. More...

	setExternalAccount (string $a_ext)
	Set external account (unique for each auth mode) More...

	getExternalAccount ()
	Get external accocunt. More...

	getInternalAccount ()
	Get ILIAS unique internal account name. More...

	forceCreation (bool $a_force)
	Force cration of user accounts (Account migration enabled) More...

	forceReadLdapData (bool $a_status)

	getUserData ()
	Get user data. More...

	setUserData (array $a_data)
	Set user data. More...

	sync ()
	Synchronize user account. More...

Protected Member Functions
	handleCreation ()
	Handle creation of user accounts. More...

	performUpdate ()
	Update user account and role assignments. More...

	readUserData ()
	Read user data. More...

	readInternalAccount ()
	Read internal account of user. More...

	isUpdateRequired ()
	Check if an update is required. More...

	initServer (string $a_auth_mode, int $a_server_id)
	Init LDAP server. More...

Private Attributes
string	$authmode

ilLDAPServer	$server

string	$extaccount

string	$intaccount

array	$user_data = array()

bool	$force_creation = false

bool	$force_read_ldap_data = false

ilLogger	$logger

Detailed Description

Synchronization of user accounts used in auth container ldap, cas,...

Author: Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 26 of file class.ilLDAPUserSynchronisation.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPUserSynchronisation::__construct	(	string	$a_authmode,
		int	$a_server_id
	)

Definition at line 38 of file class.ilLDAPUserSynchronisation.php.

References $DIC, initServer(), and ILIAS\Repository\logger().

     {
         global $DIC;
 
         $this->logger = $DIC->logger()->auth();
         $this->initServer($a_authmode, $a_server_id);
     }

Here is the call graph for this function:

Member Function Documentation

◆ forceCreation()

ilLDAPUserSynchronisation::forceCreation ( bool $a_force )

Force cration of user accounts (Account migration enabled)

Definition at line 91 of file class.ilLDAPUserSynchronisation.php.

                                                 : void
     {
         $this->force_creation = $a_force;
     }

◆ forceReadLdapData()

ilLDAPUserSynchronisation::forceReadLdapData ( bool $a_status )

Definition at line 96 of file class.ilLDAPUserSynchronisation.php.

                                                      : void
     {
         $this->force_read_ldap_data = $a_status;
     }

◆ getAuthMode()

ilLDAPUserSynchronisation::getAuthMode ( )

Get Auth Mode.

Definition at line 58 of file class.ilLDAPUserSynchronisation.php.

References $authmode.

Referenced by performUpdate(), readInternalAccount(), and readUserData().

                                  : string
     {
         return $this->authmode;
     }

Here is the caller graph for this function:

◆ getExternalAccount()

ilLDAPUserSynchronisation::getExternalAccount ( )

Get external accocunt.

Definition at line 74 of file class.ilLDAPUserSynchronisation.php.

References $extaccount.

Referenced by performUpdate(), readInternalAccount(), and readUserData().

                                         : ?string
     {
         return $this->extaccount;
     }

Here is the caller graph for this function:

◆ getInternalAccount()

ilLDAPUserSynchronisation::getInternalAccount ( )

Get ILIAS unique internal account name.

Returns: string internal account

Definition at line 83 of file class.ilLDAPUserSynchronisation.php.

References $intaccount.

Referenced by isUpdateRequired(), readUserData(), and sync().

                                         : ?string
     {
         return $this->intaccount;
     }

Here is the caller graph for this function:

◆ getServer()

ilLDAPUserSynchronisation::getServer ( )

Get current ldap server.

Returns: ilLDAPServer $server

Definition at line 50 of file class.ilLDAPUserSynchronisation.php.

References $server.

Referenced by handleCreation(), isUpdateRequired(), performUpdate(), readUserData(), and sync().

                                : ilLDAPServer
     {
         return $this->server;
     }

Here is the caller graph for this function:

◆ getUserData()

ilLDAPUserSynchronisation::getUserData ( )

Get user data.

Returns: array $user_data

Definition at line 105 of file class.ilLDAPUserSynchronisation.php.

References $user_data.

Referenced by performUpdate().

                                  : array
     {
         return $this->user_data;
     }

Here is the caller graph for this function:

◆ handleCreation()

ilLDAPUserSynchronisation::handleCreation ( )

protected

Handle creation of user accounts.

Exceptions

ilLDAPSynchronisationForbiddenException
ilLDAPAccountMigrationRequiredException

Definition at line 153 of file class.ilLDAPUserSynchronisation.php.

References getServer(), and readUserData().

Referenced by sync().

                                        : void
     {
         // Disabled sync on login
         if (!$this->getServer()->enabledSyncOnLogin()) {
             throw new ilLDAPSynchronisationForbiddenException('User synchronisation forbidden.');
         }
         // Account migration
         if (!$this->force_creation && $this->getServer()->isAccountMigrationEnabled()) {
             $this->readUserData();
             throw new ilLDAPAccountMigrationRequiredException('Account migration check required.');
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ initServer()

ilLDAPUserSynchronisation::initServer	(	string	$a_auth_mode,
		int	$a_server_id
	)

protected

Init LDAP server.

Definition at line 262 of file class.ilLDAPUserSynchronisation.php.

References ilLDAPServer\getInstanceByServerId(), and ILIAS\UI\examples\Progress\Bar\server().

Referenced by __construct().

                                                                         : void
     {
         $this->authmode = $a_auth_mode;
         $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isUpdateRequired()

ilLDAPUserSynchronisation::isUpdateRequired ( )

protected

Check if an update is required.

Definition at line 237 of file class.ilLDAPUserSynchronisation.php.

References getInternalAccount(), getServer(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by sync().

                                          : bool
     {
         if ($this->force_creation) {
             return true;
         }
         if (!$this->getInternalAccount()) {
             return true;
         }
 
         // Check attribute mapping on login
         if (ilLDAPAttributeMapping::hasRulesForUpdate($this->getServer()->getServerId())) {
             return true;
         }
 
         // Check if there is any change in role assignments
         if (ilLDAPRoleAssignmentRule::hasRulesForUpdate()) {
             return true;
         }
         return false;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ performUpdate()

ilLDAPUserSynchronisation::performUpdate ( )

protected

Update user account and role assignments.

Definition at line 169 of file class.ilLDAPUserSynchronisation.php.

References ilUserCreationContext\CONTEXT_LDAP, getAuthMode(), getExternalAccount(), ilUserCreationContext\getInstance(), getServer(), getUserData(), ilLDAPAttributeToUser\MODE_INITIALIZE_ROLES, and readInternalAccount().

Referenced by sync().

                                       : bool
     {
         ilUserCreationContext::getInstance()->addContext(ilUserCreationContext::CONTEXT_LDAP);
 
         $update = new ilLDAPAttributeToUser($this->getServer());
         if ($this->force_creation) {
             $update->addMode(ilLDAPAttributeToUser::MODE_INITIALIZE_ROLES);
         }
         $update->setNewUserAuthMode($this->getAuthMode());
         $update->setUserData(
             array(
                 $this->getExternalAccount() => $this->getUserData()
             )
         );
 
         $update->refresh();
 
         // User has been created, now read internal account again
         $this->readInternalAccount();
         return true;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ readInternalAccount()

ilLDAPUserSynchronisation::readInternalAccount ( )

protected

Read internal account of user.

Exceptions

UnexpectedValueException

Definition at line 223 of file class.ilLDAPUserSynchronisation.php.

References ilObjUser\_checkExternalAuthAccount(), getAuthMode(), and getExternalAccount().

Referenced by performUpdate(), and sync().

                                             : void
     {
         if (!$this->getExternalAccount()) {
             throw new UnexpectedValueException('No external account given.');
         }
         $this->intaccount = ilObjUser::_checkExternalAuthAccount(
             $this->getAuthMode(),
             $this->getExternalAccount()
         );
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ readUserData()

ilLDAPUserSynchronisation::readUserData ( )

protected

Read user data.

In case of auth mode != 'ldap' start a query with external account name against ldap server

Exceptions

ilLDAPSynchronisationFailedException

Definition at line 196 of file class.ilLDAPUserSynchronisation.php.

References Vendor\Package\$e, ilLogLevel\DEBUG, getAuthMode(), getExternalAccount(), getInternalAccount(), getServer(), ilLDAPQuery\LDAP_BIND_DEFAULT, and ILIAS\Repository\logger().

Referenced by handleCreation(), and sync().

                                      : bool
     {
         // Add internal account to user data
         $this->user_data['ilInternalAccount'] = $this->getInternalAccount();
         if (!$this->force_read_ldap_data && strpos($this->getAuthMode(), 'ldap') === 0) {
             return true;
         }
 
         try {
             $query = new ilLDAPQuery($this->getServer());
             $query->bind(ilLDAPQuery::LDAP_BIND_DEFAULT);
             $user = $query->fetchUser($this->getExternalAccount());
             $this->logger->dump($user, ilLogLevel::DEBUG);
             $this->user_data = (array) $user[strtolower($this->getExternalAccount())];
         } catch (ilLDAPQueryException $e) {
             $this->logger->error('LDAP bind failed with message: ' . $e->getMessage());
             throw new ilLDAPSynchronisationFailedException($e->getMessage());
         }
 
         return true;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setExternalAccount()

ilLDAPUserSynchronisation::setExternalAccount ( string $a_ext )

Set external account (unique for each auth mode)

Definition at line 66 of file class.ilLDAPUserSynchronisation.php.

Referenced by ilAuthProviderCAS\handleLDAPDataSource(), and ilAuthProviderApache\handleLDAPDataSource().

                                                      : void
     {
         $this->extaccount = $a_ext;
     }

Here is the caller graph for this function:

◆ setUserData()

ilLDAPUserSynchronisation::setUserData ( array $a_data )

Set user data.

Definition at line 113 of file class.ilLDAPUserSynchronisation.php.

                                               : void
     {
         $this->user_data = $a_data;
     }

◆ sync()

ilLDAPUserSynchronisation::sync ( )

Synchronize user account.

Todo:: Redirects to account migration if required

Exceptions

UnexpectedValueException	missing or wrong external account given
ilLDAPSynchronisationForbiddenException	if user synchronisation is disabled
ilLDAPSynchronisationFailedException	bind failure

Definition at line 125 of file class.ilLDAPUserSynchronisation.php.

References getInternalAccount(), ilLoggerFactory\getLogger(), getServer(), handleCreation(), isUpdateRequired(), performUpdate(), readInternalAccount(), and readUserData().

                           : string
     {
         $this->readInternalAccount();
 
         if (!$this->getInternalAccount()) {
             ilLoggerFactory::getLogger('auth')->debug('Creating new account');
             $this->handleCreation();
         }
 
         // Nothing to do if sync on login is disabled
         if (!$this->getServer()->enabledSyncOnLogin()) {
             return $this->getInternalAccount();
         }
 
         // For performance reasons, check if (an update is required)
         if ($this->isUpdateRequired()) {
             ilLoggerFactory::getLogger('auth')->debug('Perform update of user data');
             $this->readUserData();
             $this->performUpdate();
         }
         return $this->getInternalAccount();
     }