View source
<?php
namespace Drupal\ldap_servers;
use Drupal\Core\Cache\CacheBackendInterface;
use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Link;
use Drupal\Core\StringTranslation\StringTranslationTrait;
use Drupal\Core\Url;
use Drupal\ldap_servers\Helper\ConversionHelper;
use Drupal\ldap_user\Helper\ExternalAuthenticationHelper;
use Drupal\ldap_user\Helper\LdapConfiguration;
use Drupal\user\UserInterface;
use Psr\Log\LoggerInterface;
class ServerFactory implements LdapUserAttributesInterface {
use StringTranslationTrait;
protected $config;
protected $logger;
protected $entityManager;
protected $cache;
public function __construct(ConfigFactoryInterface $config_factory, LoggerInterface $logger, EntityTypeManagerInterface $entity_type_manager, CacheBackendInterface $cache) {
$this->config = $config_factory;
$this->logger = $logger;
$this->entityManager = $entity_type_manager
->getStorage('ldap_server');
$this->cache = $cache;
}
public function getServerById($sid) {
return $this->entityManager
->load($sid);
}
public function getServerByIdEnabled($sid) {
$server = $this->entityManager
->load($sid);
if ($server && $server
->status()) {
return $server;
}
else {
return FALSE;
}
}
public function getAllServers() {
$ids = $this->entityManager
->getQuery()
->execute();
return $this->entityManager
->loadMultiple($ids);
}
public function getEnabledServers() {
$ids = $this->entityManager
->getQuery()
->condition('status', 1)
->execute();
return $this->entityManager
->loadMultiple($ids);
}
public function getUserDataFromServerByIdentifier($identifier, $id) {
$cache = $this->cache
->get('ldap_servers:user_data:' . $identifier);
if ($cache && $cache->data) {
return $cache->data;
}
$server = $this
->getServerByIdEnabled($id);
if (!$server) {
$this->logger
->error('Failed to load server object %sid in _ldap_servers_get_user_ldap_data', [
'%sid' => $id,
]);
return FALSE;
}
$ldap_user = $server
->matchUsernameToExistingLdapEntry($identifier);
if ($ldap_user) {
$ldap_user['id'] = $id;
$cache_expiry = 5 * 60 + time();
$cache_tags = [
'ldap',
'ldap_servers',
'ldap_servers.user_data',
];
$this->cache
->set('ldap_servers:user_data:' . $identifier, $ldap_user, $cache_expiry, $cache_tags);
}
return $ldap_user;
}
public function getUserDataFromServerByAccount(UserInterface $account, $id, $ldap_context = NULL) {
$identifier = ExternalAuthenticationHelper::getUserIdentifierFromMap($account
->id());
if ($identifier) {
return $this
->getUserDataFromServerByIdentifier($identifier, $id, $ldap_context);
}
else {
return FALSE;
}
}
public function getUserDataByAccount(UserInterface $account, array $ldap_context = NULL) {
$provisioningServer = $this
->config('ldap_user.settings')
->get('drupalAcctProvisionServer');
$id = NULL;
if (!$account) {
return FALSE;
}
if (property_exists($account, 'ldap_user_puid_sid') && !empty($account
->get('ldap_user_puid_sid')->value)) {
$id = $account
->get('ldap_user_puid_sid')->value;
}
elseif ($provisioningServer) {
$id = $provisioningServer;
}
else {
$servers = $this
->getEnabledServers();
if (count($servers) == 1) {
$ids = array_keys($servers);
$id = $ids[0];
}
else {
$this->logger
->error('Multiple servers enabled, one has to be set up for user provision.');
return FALSE;
}
}
return $this
->getUserDataFromServerByAccount($account, $id, $ldap_context);
}
public function alterLdapAttributes(array &$attributes, array $params) {
$attributes['dn'] = ConversionHelper::setAttributeMap(@$attributes['dn'], 'ldap_dn');
if (isset($params['sid']) && $params['sid']) {
if (is_scalar($params['sid'])) {
$ldap_server = $this
->getServerById($params['sid']);
if ($ldap_server) {
if (!isset($attributes[$ldap_server
->get('mail_attr')])) {
$attributes[$ldap_server
->get('mail_attr')] = ConversionHelper::setAttributeMap();
}
if ($ldap_server
->get('picture_attr') && !isset($attributes[$ldap_server
->get('picture_attr')])) {
$attributes[$ldap_server
->get('picture_attr')] = ConversionHelper::setAttributeMap();
}
if ($ldap_server
->get('unique_persistent_attr') && !isset($attributes[$ldap_server
->get('unique_persistent_attr')])) {
$attributes[$ldap_server
->get('unique_persistent_attr')] = ConversionHelper::setAttributeMap();
}
if ($ldap_server
->get('user_dn_expression')) {
ConversionHelper::extractTokenAttributes($attributes, $ldap_server
->get('user_dn_expression'));
}
if ($ldap_server
->get('mail_template')) {
ConversionHelper::extractTokenAttributes($attributes, $ldap_server
->get('mail_template'));
}
if (!isset($attributes[$ldap_server
->get('user_attr')])) {
$attributes[$ldap_server
->get('user_attr')] = ConversionHelper::setAttributeMap();
}
}
}
}
return $attributes;
}
public function alterLdapUserAttributesList(array &$available_user_attrs, array &$params) {
if (isset($params['ldap_server']) && $params['ldap_server']) {
$ldap_server = $params['ldap_server'];
$direction = $params['direction'];
$url = Url::fromRoute('entity.ldap_server.collection');
$url_string = $url
->toString(TRUE)
->getGeneratedUrl();
$tokens = [
'%edit_link' => Link::fromTextAndUrl($url_string, $url)
->toString(),
'%sid' => $ldap_server
->id(),
];
$server_edit_path = 'admin/config/people/ldap/servers/edit/' . $ldap_server
->id();
if ($direction == self::PROVISION_TO_DRUPAL) {
if ($ldap_server
->get('unique_persistent_attr')) {
$attributes = [
'field.ldap_user_puid_sid',
'field.ldap_user_puid',
'field.ldap_user_puid_property',
];
foreach ($attributes as $property_id) {
$property_token = '[' . $property_id . ']';
if (!isset($available_user_attrs[$property_token]) || !is_array($available_user_attrs[$property_token])) {
$available_user_attrs[$property_token] = [];
}
}
$available_user_attrs['[field.ldap_user_puid_sid]'] = [
'name' => $this
->t('Field: sid providing PUID'),
'configurable_to_drupal' => 0,
'configurable_to_ldap' => 1,
'source' => $this
->t('%sid', $tokens),
'notes' => 'not configurable',
'direction' => self::PROVISION_TO_DRUPAL,
'enabled' => TRUE,
'prov_events' => [
self::EVENT_CREATE_DRUPAL_USER,
],
'config_module' => 'ldap_servers',
'prov_module' => 'ldap_user',
] + $available_user_attrs['[field.ldap_user_puid_sid]'];
$available_user_attrs['[field.ldap_user_puid]'] = [
'name' => $this
->t('Field: PUID', $tokens),
'configurable_to_drupal' => 0,
'configurable_to_ldap' => 1,
'source' => '[' . $ldap_server
->get('unique_persistent_attr') . ']',
'notes' => 'configure at ' . $server_edit_path,
'convert' => $ldap_server
->get('unique_persistent_attr_binary'),
'direction' => self::PROVISION_TO_DRUPAL,
'enabled' => TRUE,
'prov_events' => [
self::EVENT_CREATE_DRUPAL_USER,
],
'config_module' => 'ldap_servers',
'prov_module' => 'ldap_user',
] + $available_user_attrs['[field.ldap_user_puid]'];
$available_user_attrs['[field.ldap_user_puid_property]'] = [
'name' => $this
->t('Field: PUID Attribute', $tokens),
'configurable_to_drupal' => 0,
'configurable_to_ldap' => 1,
'source' => $ldap_server
->get('unique_persistent_attr'),
'notes' => 'configure at ' . $server_edit_path,
'direction' => self::PROVISION_TO_DRUPAL,
'enabled' => TRUE,
'prov_events' => [
self::EVENT_CREATE_DRUPAL_USER,
],
'config_module' => 'ldap_servers',
'prov_module' => 'ldap_user',
] + $available_user_attrs['[field.ldap_user_puid_property]'];
}
$token = '[field.ldap_user_current_dn]';
if (!isset($available_user_attrs[$token]) || !is_array($available_user_attrs[$token])) {
$available_user_attrs[$token] = [];
}
$available_user_attrs[$token] = [
'name' => $this
->t('Field: Most Recent DN', $tokens),
'configurable_to_drupal' => 0,
'configurable_to_ldap' => 0,
'source' => '[dn]',
'notes' => 'not configurable',
'direction' => self::PROVISION_TO_DRUPAL,
'enabled' => TRUE,
'prov_events' => [
self::EVENT_CREATE_DRUPAL_USER,
self::EVENT_SYNC_TO_DRUPAL_USER,
],
'config_module' => 'ldap_servers',
'prov_module' => 'ldap_user',
] + $available_user_attrs[$token];
if (LdapConfiguration::provisionsDrupalAccountsFromLdap()) {
if (!isset($available_user_attrs['[property.name]']) || !is_array($available_user_attrs['[property.name]'])) {
$available_user_attrs['[property.name]'] = [];
}
$available_user_attrs['[property.name]'] = [
'name' => 'Property: Username',
'source' => '[' . $ldap_server
->get('user_attr') . ']',
'direction' => self::PROVISION_TO_DRUPAL,
'enabled' => TRUE,
'prov_events' => [
self::EVENT_CREATE_DRUPAL_USER,
self::EVENT_SYNC_TO_DRUPAL_USER,
],
'config_module' => 'ldap_servers',
'prov_module' => 'ldap_user',
] + $available_user_attrs['[property.name]'];
if (!isset($available_user_attrs['[property.mail]']) || !is_array($available_user_attrs['[property.mail]'])) {
$available_user_attrs['[property.mail]'] = [];
}
$available_user_attrs['[property.mail]'] = [
'name' => 'Property: Email',
'source' => $ldap_server
->get('mail_template') ? $ldap_server
->get('mail_template') : '[' . $ldap_server
->get('mail_attr') . ']',
'direction' => self::PROVISION_TO_DRUPAL,
'enabled' => TRUE,
'prov_events' => [
self::EVENT_CREATE_DRUPAL_USER,
self::EVENT_SYNC_TO_DRUPAL_USER,
],
'config_module' => 'ldap_servers',
'prov_module' => 'ldap_user',
] + $available_user_attrs['[property.mail]'];
if ($ldap_server
->get('picture_attr')) {
if (!isset($available_user_attrs['[property.picture]']) || !is_array($available_user_attrs['[property.picture]'])) {
$available_user_attrs['[property.picture]'] = [];
}
$available_user_attrs['[property.picture]'] = [
'name' => 'Property: Picture',
'source' => '[' . $ldap_server
->get('picture_attr') . ']',
'direction' => self::PROVISION_TO_DRUPAL,
'enabled' => TRUE,
'prov_events' => [
self::EVENT_CREATE_DRUPAL_USER,
self::EVENT_SYNC_TO_DRUPAL_USER,
],
'config_module' => 'ldap_servers',
'prov_module' => 'ldap_user',
] + $available_user_attrs['[property.picture]'];
}
}
}
}
return [
$params,
$available_user_attrs,
];
}
}