class LdapUserManager in Lightweight Directory Access Protocol (LDAP) 8.4
LDAP User Manager.
Hierarchy
- class \Drupal\ldap_servers\LdapBaseManager uses LdapTransformationTraits
- class \Drupal\ldap_servers\LdapUserManager
Expanded class hierarchy of LdapUserManager
6 files declare their use of LdapUserManager
- DrupalUserProcessor.php in ldap_user/
src/ Processor/ DrupalUserProcessor.php - LdapEntryDeletionSubscriber.php in ldap_user/
src/ EventSubscriber/ LdapEntryDeletionSubscriber.php - LdapEntryProvisionSubscriber.php in ldap_user/
src/ EventSubscriber/ LdapEntryProvisionSubscriber.php - LdapUserTestForm.php in ldap_user/
src/ Form/ LdapUserTestForm.php - LoginValidatorBase.php in ldap_authentication/
src/ Controller/ LoginValidatorBase.php
1 string reference to 'LdapUserManager'
- ldap_servers.services.yml in ldap_servers/
ldap_servers.services.yml - ldap_servers/ldap_servers.services.yml
1 service uses LdapUserManager
File
- ldap_servers/
src/ LdapUserManager.php, line 20
Namespace
Drupal\ldap_serversView source
class LdapUserManager extends LdapBaseManager {
/**
* Cache.
*
* @var \Drupal\Core\Cache\CacheBackendInterface
*/
protected $cache;
/**
* Externalauth.
*
* @var \Drupal\externalauth\Authmap
*/
protected $externalAuth;
/**
* Constructor.
*
* @param \Psr\Log\LoggerInterface $logger
* Logger.
* @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
* Entity Type Manager.
* @param \Drupal\ldap_servers\LdapBridgeInterface $ldap_bridge
* LDAP bridge.
* @param \Drupal\Core\Extension\ModuleHandler $module_handler
* Module handler.
* @param \Drupal\Core\Cache\CacheBackendInterface $cache
* Cache.
* @param \Drupal\externalauth\Authmap $external_auth
* External auth.
*/
public function __construct(LoggerInterface $logger, EntityTypeManagerInterface $entity_type_manager, LdapBridgeInterface $ldap_bridge, ModuleHandler $module_handler, CacheBackendInterface $cache, Authmap $external_auth) {
parent::__construct($logger, $entity_type_manager, $ldap_bridge, $module_handler);
$this->cache = $cache;
$this->externalAuth = $external_auth;
}
/**
* Create LDAP User entry.
*
* Adds AD-specific password handling.
*
* @param \Symfony\Component\Ldap\Entry $entry
* LDAP Entry.
*
* @return bool
* Result of action.
*/
public function createLdapEntry(Entry $entry) : bool {
if (!$this
->checkAvailability()) {
return FALSE;
}
// Can be mixed case on direction-to-LDAP.
if ($entry
->hasAttribute('unicodePwd', FALSE) && $this->server
->get('type') === 'ad') {
$converted = $this
->convertPasswordForActiveDirectoryUnicodePwd($entry
->getAttribute('unicodePwd', FALSE)[0]);
$entry
->setAttribute('unicodePwd', [
$converted,
]);
}
try {
$this->ldap
->getEntryManager()
->add($entry);
} catch (LdapException $e) {
$this->logger
->error("LDAP server %id exception: %ldap_error", [
'%id' => $this->server
->id(),
'%ldap_error' => $e
->getMessage(),
]);
return FALSE;
}
return TRUE;
}
/**
* Apply modifications to entry.
*
* @param \Symfony\Component\Ldap\Entry $entry
* LDAP Entry.
* @param \Symfony\Component\Ldap\Entry $current
* LDAP Entry.
*
* @todo / @FIXME: This is not called.
*/
protected function applyModificationsToEntry(Entry $entry, Entry $current) : void {
if ($entry
->hasAttribute('unicodePwd', FALSE) && $this->server
->get('type') === 'ad') {
$converted = $this
->convertPasswordForActiveDirectoryUnicodePwd($entry
->getAttribute('unicodePwd', FALSE)[0]);
$entry
->setAttribute('unicodePwd', [
$converted,
]);
}
parent::applyModificationsToEntry($entry, $current);
}
/**
* Convert password to format required by Active Directory.
*
* For the purpose of changing or setting the password. Note that AD needs the
* field to be called unicodePwd (as opposed to userPassword).
*
* @param string|array $password
* The password that is being formatted for Active Directory unicodePwd
* field.
*
* @return string|array
* $password surrounded with quotes and in UTF-16LE encoding
*/
protected function convertPasswordForActiveDirectoryUnicodePwd($password) {
// This function can be called with $attributes['unicodePwd'] as an array.
if (!is_array($password)) {
return mb_convert_encoding(sprintf('"%s"', $password), 'UTF-16LE');
}
// Presumably there is no use case for there being more than one password
// in the $attributes array, hence it will be at index 0, and we return in
// kind.
return [
mb_convert_encoding(sprintf('"%s"', $password[0]), 'UTF-16LE'),
];
}
/**
* Fetches the user account based on the persistent UID.
*
* @param string $puid
* As returned from ldap_read or other LDAP function (can be binary).
*
* @return \Drupal\user\UserInterface|null
* The updated user or error.
*/
public function getUserAccountFromPuid(string $puid) : ?UserInterface {
$result = NULL;
if ($this
->checkAvailability()) {
$storage = $this->entityTypeManager
->getStorage('user');
$query = $storage
->getQuery();
$query
->condition('ldap_user_puid_sid', $this->server
->id(), '=')
->condition('ldap_user_puid', $puid, '=')
->condition('ldap_user_puid_property', $this->server
->getUniquePersistentAttribute(), '=')
->accessCheck(FALSE);
$queryResult = $query
->execute();
if (count($queryResult) === 1) {
/** @var \Drupal\user\UserInterface $result */
$result = $storage
->load(array_values($queryResult)[0]);
}
if (count($queryResult) > 1) {
$uids = implode(',', $queryResult);
$this->logger
->error('Multiple users (uids: %uids) with same puid (puid=%puid, sid=%sid, ldap_user_puid_property=%ldap_user_puid_property)', [
'%uids' => $uids,
'%puid' => $puid,
'%id' => $this->server
->id(),
'%ldap_user_puid_property' => $this->server
->getUniquePersistentAttribute(),
]);
}
}
return $result;
}
/**
* Fetch user data from server by Identifier.
*
* @param string $identifier
* User identifier.
*
* @return \Symfony\Component\Ldap\Entry|false
*
* This should go into LdapUserProcessor or LdapUserManager, leaning toward
* the former.
*/
public function getUserDataByIdentifier(string $identifier) {
if (!$this
->checkAvailability()) {
return FALSE;
}
// Try to retrieve the user from the cache.
$cache = $this->cache
->get('ldap_servers:user_data:' . $identifier);
if ($cache && $cache->data) {
return $cache->data;
}
$ldap_entry = $this
->queryAllBaseDnLdapForUsername($identifier);
if ($ldap_entry) {
$ldap_entry = $this
->sanitizeUserDataResponse($ldap_entry, $identifier);
$cache_expiry = 5 * 60 + time();
$cache_tags = [
'ldap',
'ldap_servers',
'ldap_servers.user_data',
];
$this->cache
->set('ldap_servers:user_data:' . $identifier, $ldap_entry, $cache_expiry, $cache_tags);
}
return $ldap_entry;
}
/**
* Fetch user data from server by user account.
*
* @param \Drupal\user\UserInterface $account
* Drupal user account.
*
* @return \Symfony\Component\Ldap\Entry|false
* Returns entry or FALSE.
*
* @todo This should go into LdapUserProcessor or LdapUserManager,
* leaning toward the former.
*/
public function getUserDataByAccount(UserInterface $account) {
if (!$this
->checkAvailability()) {
return FALSE;
}
$identifier = $this->externalAuth
->get($account
->id(), 'ldap_user');
if ($identifier) {
return $this
->getUserDataByIdentifier($identifier);
}
return FALSE;
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
LdapBaseManager:: |
protected | property | Entity Type Manager. | |
LdapBaseManager:: |
protected | property | Symfony Ldap. | |
LdapBaseManager:: |
protected | property | LDAP Bridge. | |
LdapBaseManager:: |
protected | property | Logger. | |
LdapBaseManager:: |
protected | property | Module handler. | |
LdapBaseManager:: |
protected | property | Server. | |
LdapBaseManager:: |
protected | function | Check availability of service. | |
LdapBaseManager:: |
public | function | Does dn exist for this server? | |
LdapBaseManager:: |
public | function | Does dn exist for this server and what is its data? | |
LdapBaseManager:: |
public | function | Perform an LDAP delete. | |
LdapBaseManager:: |
public | function | Match username to existing LDAP entry. | |
LdapBaseManager:: |
public | function | Modify attributes of LDAP entry. | |
LdapBaseManager:: |
public | function | Queries LDAP server for the user. | |
LdapBaseManager:: |
public | function | Queries LDAP server for the user. | |
LdapBaseManager:: |
public | function | Sanitize user data response. | |
LdapBaseManager:: |
public | function | Perform an LDAP search on all base dns and aggregate into one result. | |
LdapBaseManager:: |
public | function | Set server by ID. | |
LdapBaseManager:: |
public | function | Set server by ID. | |
LdapTransformationTraits:: |
protected | function | Wrapper for ldap_escape(). | |
LdapTransformationTraits:: |
protected | function | Wrapper for ldap_escape(). | |
LdapTransformationTraits:: |
public static | function | Stub implementation of the {@link ldap_escape()} function of ext-ldap. | |
LdapTransformationTraits:: |
public static | function | Wrapper for ldap_explode_dn(). | |
LdapTransformationTraits:: |
public static | function | Wrapper for ldap_explode_dn(). | |
LdapUserManager:: |
protected | property | Cache. | |
LdapUserManager:: |
protected | property | Externalauth. | |
LdapUserManager:: |
protected | function |
Apply modifications to entry. Overrides LdapBaseManager:: |
|
LdapUserManager:: |
protected | function | Convert password to format required by Active Directory. | |
LdapUserManager:: |
public | function |
Create LDAP User entry. Overrides LdapBaseManager:: |
|
LdapUserManager:: |
public | function | Fetches the user account based on the persistent UID. | |
LdapUserManager:: |
public | function | Fetch user data from server by user account. | |
LdapUserManager:: |
public | function | Fetch user data from server by Identifier. | |
LdapUserManager:: |
public | function |
Constructor. Overrides LdapBaseManager:: |