You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.3 » ServerFactory.php

class ServerFactory in Lightweight Directory Access Protocol (LDAP) 8.3

Helper class to working with the Server classes.

Normally called if you need specific sets of serves, such as all enabled ones.

@Todo: Split class to remove out-of-scope functions.

Hierarchy

Expanded class hierarchy of ServerFactory

6 files declare their use of ServerFactory
DebuggingReviewForm.php in ldap_help/src/Form/DebuggingReviewForm.php
GroupUserUpdateProcessor.php in ldap_user/src/Processor/GroupUserUpdateProcessor.php
LdapAuthenticationAdminForm.php in ldap_authentication/src/Form/LdapAuthenticationAdminForm.php
LdapUserAdminForm.php in ldap_user/src/Form/LdapUserAdminForm.php
LdapUserTestForm.php in ldap_user/src/Form/LdapUserTestForm.php

... See full list

1 string reference to 'ServerFactory'
ldap_servers.services.yml in ldap_servers/ldap_servers.services.yml
ldap_servers/ldap_servers.services.yml
1 service uses ServerFactory
ldap.servers in ldap_servers/ldap_servers.services.yml
Drupal\ldap_servers\ServerFactory

File

ldap_servers/src/ServerFactory.php, line 25

Namespace

Drupal\ldap_servers
View source 
class ServerFactory implements LdapUserAttributesInterface {
  use StringTranslationTrait;
  protected $config;
  protected $logger;
  protected $entityManager;
  protected $cache;

  /**
   * Constructor.
   */
  public function __construct(ConfigFactoryInterface $config_factory, LoggerInterface $logger, EntityTypeManagerInterface $entity_type_manager, CacheBackendInterface $cache) {
    $this->config = $config_factory;
    $this->logger = $logger;
    $this->entityManager = $entity_type_manager
      ->getStorage('ldap_server');
    $this->cache = $cache;
  }

  /**
   * Fetch server by ID.
   *
   * @param string $sid
   *   Server id.
   *
   * @return \Drupal\Core\Entity\EntityInterface|\Drupal\ldap_servers\Entity\Server
   *   Server entity.
   */
  public function getServerById($sid) {
    return $this->entityManager
      ->load($sid);
  }

  /**
   * Fetch server by ID if enabled.
   *
   * @param string $sid
   *   Server id.
   *
   * @return bool|EntityInterface|\Drupal\ldap_servers\Entity\Server
   *   Server entity if enabled or false.
   */
  public function getServerByIdEnabled($sid) {
    $server = $this->entityManager
      ->load($sid);
    if ($server && $server
      ->status()) {
      return $server;
    }
    else {
      return FALSE;
    }
  }

  /**
   * Fetch all servers.
   *
   * @return \Drupal\Core\Entity\EntityInterface[]|\Drupal\ldap_servers\Entity\Server[]
   *   An array of all servers.
   */
  public function getAllServers() {
    $ids = $this->entityManager
      ->getQuery()
      ->execute();
    return $this->entityManager
      ->loadMultiple($ids);
  }

  /**
   * Fetch all enabled servers.
   *
   * @return \Drupal\Core\Entity\EntityInterface[]|\Drupal\ldap_servers\Entity\Server[]
   *   An array of all enabled servers.
   */
  public function getEnabledServers() {
    $ids = $this->entityManager
      ->getQuery()
      ->condition('status', 1)
      ->execute();
    return $this->entityManager
      ->loadMultiple($ids);
  }

  /**
   * Fetch user data from server by Identifier.
   *
   * @param string $identifier
   *   User identifier.
   * @param string $id
   *   Server id.
   *
   * @return array|bool
   *   Result data or false.
   */
  public function getUserDataFromServerByIdentifier($identifier, $id) {

    // Try to retrieve the user from the cache.
    $cache = $this->cache
      ->get('ldap_servers:user_data:' . $identifier);
    if ($cache && $cache->data) {
      return $cache->data;
    }
    $server = $this
      ->getServerByIdEnabled($id);
    if (!$server) {
      $this->logger
        ->error('Failed to load server object %sid in _ldap_servers_get_user_ldap_data', [
        '%sid' => $id,
      ]);
      return FALSE;
    }
    $ldap_user = $server
      ->matchUsernameToExistingLdapEntry($identifier);
    if ($ldap_user) {
      $ldap_user['id'] = $id;
      $cache_expiry = 5 * 60 + time();
      $cache_tags = [
        'ldap',
        'ldap_servers',
        'ldap_servers.user_data',
      ];
      $this->cache
        ->set('ldap_servers:user_data:' . $identifier, $ldap_user, $cache_expiry, $cache_tags);
    }
    return $ldap_user;
  }

  /**
   * Fetch user data from server by user account.
   *
   * @param \Drupal\user\UserInterface $account
   *   Drupal user account.
   * @param string $id
   *   Server id.
   * @param string $ldap_context
   *   Provisioning direction.
   *
   * @return array|bool
   *   Returns data or FALSE.
   */
  public function getUserDataFromServerByAccount(UserInterface $account, $id, $ldap_context = NULL) {
    $identifier = ExternalAuthenticationHelper::getUserIdentifierFromMap($account
      ->id());
    if ($identifier) {

      // TODO: Fix parameters.
      return $this
        ->getUserDataFromServerByIdentifier($identifier, $id, $ldap_context);
    }
    else {
      return FALSE;
    }
  }

  /**
   * Fetch user data from account.
   *
   *  Uses the regular provisioning server.
   *
   * @param \Drupal\user\UserInterface $account
   *   Drupal user account.
   * @param array $ldap_context
   *   LDAP context.
   *
   * @return array|bool
   *   Returns data or FALSE.
   */
  public function getUserDataByAccount(UserInterface $account, array $ldap_context = NULL) {
    $provisioningServer = $this
      ->config('ldap_user.settings')
      ->get('drupalAcctProvisionServer');
    $id = NULL;
    if (!$account) {
      return FALSE;
    }

    // TODO: While this functionality is now consistent with 7.x, it hides
    // a corner case: server which are no longer available can still be set in
    // the user as a preference and those users will not be able to sync.
    // This needs to get cleaned up or fallback differently.
    if (property_exists($account, 'ldap_user_puid_sid') && !empty($account
      ->get('ldap_user_puid_sid')->value)) {
      $id = $account
        ->get('ldap_user_puid_sid')->value;
    }
    elseif ($provisioningServer) {
      $id = $provisioningServer;
    }
    else {
      $servers = $this
        ->getEnabledServers();
      if (count($servers) == 1) {
        $ids = array_keys($servers);
        $id = $ids[0];
      }
      else {
        $this->logger
          ->error('Multiple servers enabled, one has to be set up for user provision.');
        return FALSE;
      }
    }
    return $this
      ->getUserDataFromServerByAccount($account, $id, $ldap_context);
  }

  /**
   * Alter the LDAP attributes.
   *
   * @param array $attributes
   *   Attributes.
   * @param array $params
   *   Parameters.
   *
   * @return array
   *   Altered attributes.
   */
  public function alterLdapAttributes(array &$attributes, array $params) {

    // Force this data type.
    $attributes['dn'] = ConversionHelper::setAttributeMap(@$attributes['dn'], 'ldap_dn');

    // Puid attributes are server specific.
    if (isset($params['sid']) && $params['sid']) {
      if (is_scalar($params['sid'])) {
        $ldap_server = $this
          ->getServerById($params['sid']);
        if ($ldap_server) {

          // The attributes mail, unique_persistent_attr, user_attr,
          // mail_template, and user_dn_expression are needed for all
          // functionality.
          if (!isset($attributes[$ldap_server
            ->get('mail_attr')])) {
            $attributes[$ldap_server
              ->get('mail_attr')] = ConversionHelper::setAttributeMap();
          }
          if ($ldap_server
            ->get('picture_attr') && !isset($attributes[$ldap_server
            ->get('picture_attr')])) {
            $attributes[$ldap_server
              ->get('picture_attr')] = ConversionHelper::setAttributeMap();
          }
          if ($ldap_server
            ->get('unique_persistent_attr') && !isset($attributes[$ldap_server
            ->get('unique_persistent_attr')])) {
            $attributes[$ldap_server
              ->get('unique_persistent_attr')] = ConversionHelper::setAttributeMap();
          }
          if ($ldap_server
            ->get('user_dn_expression')) {
            ConversionHelper::extractTokenAttributes($attributes, $ldap_server
              ->get('user_dn_expression'));
          }
          if ($ldap_server
            ->get('mail_template')) {
            ConversionHelper::extractTokenAttributes($attributes, $ldap_server
              ->get('mail_template'));
          }
          if (!isset($attributes[$ldap_server
            ->get('user_attr')])) {
            $attributes[$ldap_server
              ->get('user_attr')] = ConversionHelper::setAttributeMap();
          }
        }
      }
    }
    return $attributes;
  }

  /**
   * Alter ldap_user attributes lists.
   *
   * @param array $available_user_attrs
   *   Available user attributes.
   * @param array $params
   *   Parameters.
   *
   * @return array
   *   Attribute list.
   */
  public function alterLdapUserAttributesList(array &$available_user_attrs, array &$params) {
    if (isset($params['ldap_server']) && $params['ldap_server']) {

      /** @var \Drupal\ldap_servers\Entity\Server $ldap_server */
      $ldap_server = $params['ldap_server'];
      $direction = $params['direction'];
      $url = Url::fromRoute('entity.ldap_server.collection');

      // A plain $url->toString() call in some places (early in the request)
      // can cause Drupal to throw a 'leaked metadata' exception. To prevent
      // toString() from handling any metadata in the background, we pass TRUE.
      $url_string = $url
        ->toString(TRUE)
        ->getGeneratedUrl();
      $tokens = [
        '%edit_link' => Link::fromTextAndUrl($url_string, $url)
          ->toString(),
        '%sid' => $ldap_server
          ->id(),
      ];
      $server_edit_path = 'admin/config/people/ldap/servers/edit/' . $ldap_server
        ->id();
      if ($direction == self::PROVISION_TO_DRUPAL) {

        // These 4 user fields identify where in LDAP and which LDAP server they
        // are associated with. They are required for a Drupal account to be
        // "LDAP associated" regardless of if any other fields/properties are
        // provisioned or synced.
        if ($ldap_server
          ->get('unique_persistent_attr')) {
          $attributes = [
            'field.ldap_user_puid_sid',
            'field.ldap_user_puid',
            'field.ldap_user_puid_property',
          ];
          foreach ($attributes as $property_id) {
            $property_token = '[' . $property_id . ']';
            if (!isset($available_user_attrs[$property_token]) || !is_array($available_user_attrs[$property_token])) {
              $available_user_attrs[$property_token] = [];
            }
          }
          $available_user_attrs['[field.ldap_user_puid_sid]'] = [
            'name' => $this
              ->t('Field: sid providing PUID'),
            'configurable_to_drupal' => 0,
            'configurable_to_ldap' => 1,
            'source' => $this
              ->t('%sid', $tokens),
            'notes' => 'not configurable',
            'direction' => self::PROVISION_TO_DRUPAL,
            'enabled' => TRUE,
            'prov_events' => [
              self::EVENT_CREATE_DRUPAL_USER,
            ],
            'config_module' => 'ldap_servers',
            'prov_module' => 'ldap_user',
          ] + $available_user_attrs['[field.ldap_user_puid_sid]'];
          $available_user_attrs['[field.ldap_user_puid]'] = [
            'name' => $this
              ->t('Field: PUID', $tokens),
            'configurable_to_drupal' => 0,
            'configurable_to_ldap' => 1,
            'source' => '[' . $ldap_server
              ->get('unique_persistent_attr') . ']',
            'notes' => 'configure at ' . $server_edit_path,
            'convert' => $ldap_server
              ->get('unique_persistent_attr_binary'),
            'direction' => self::PROVISION_TO_DRUPAL,
            'enabled' => TRUE,
            'prov_events' => [
              self::EVENT_CREATE_DRUPAL_USER,
            ],
            'config_module' => 'ldap_servers',
            'prov_module' => 'ldap_user',
          ] + $available_user_attrs['[field.ldap_user_puid]'];
          $available_user_attrs['[field.ldap_user_puid_property]'] = [
            'name' => $this
              ->t('Field: PUID Attribute', $tokens),
            'configurable_to_drupal' => 0,
            'configurable_to_ldap' => 1,
            'source' => $ldap_server
              ->get('unique_persistent_attr'),
            'notes' => 'configure at ' . $server_edit_path,
            'direction' => self::PROVISION_TO_DRUPAL,
            'enabled' => TRUE,
            'prov_events' => [
              self::EVENT_CREATE_DRUPAL_USER,
            ],
            'config_module' => 'ldap_servers',
            'prov_module' => 'ldap_user',
          ] + $available_user_attrs['[field.ldap_user_puid_property]'];
        }
        $token = '[field.ldap_user_current_dn]';
        if (!isset($available_user_attrs[$token]) || !is_array($available_user_attrs[$token])) {
          $available_user_attrs[$token] = [];
        }
        $available_user_attrs[$token] = [
          'name' => $this
            ->t('Field: Most Recent DN', $tokens),
          'configurable_to_drupal' => 0,
          'configurable_to_ldap' => 0,
          'source' => '[dn]',
          'notes' => 'not configurable',
          'direction' => self::PROVISION_TO_DRUPAL,
          'enabled' => TRUE,
          'prov_events' => [
            self::EVENT_CREATE_DRUPAL_USER,
            self::EVENT_SYNC_TO_DRUPAL_USER,
          ],
          'config_module' => 'ldap_servers',
          'prov_module' => 'ldap_user',
        ] + $available_user_attrs[$token];
        if (LdapConfiguration::provisionsDrupalAccountsFromLdap()) {
          if (!isset($available_user_attrs['[property.name]']) || !is_array($available_user_attrs['[property.name]'])) {
            $available_user_attrs['[property.name]'] = [];
          }
          $available_user_attrs['[property.name]'] = [
            'name' => 'Property: Username',
            'source' => '[' . $ldap_server
              ->get('user_attr') . ']',
            'direction' => self::PROVISION_TO_DRUPAL,
            'enabled' => TRUE,
            'prov_events' => [
              self::EVENT_CREATE_DRUPAL_USER,
              self::EVENT_SYNC_TO_DRUPAL_USER,
            ],
            'config_module' => 'ldap_servers',
            'prov_module' => 'ldap_user',
          ] + $available_user_attrs['[property.name]'];
          if (!isset($available_user_attrs['[property.mail]']) || !is_array($available_user_attrs['[property.mail]'])) {
            $available_user_attrs['[property.mail]'] = [];
          }
          $available_user_attrs['[property.mail]'] = [
            'name' => 'Property: Email',
            'source' => $ldap_server
              ->get('mail_template') ? $ldap_server
              ->get('mail_template') : '[' . $ldap_server
              ->get('mail_attr') . ']',
            'direction' => self::PROVISION_TO_DRUPAL,
            'enabled' => TRUE,
            'prov_events' => [
              self::EVENT_CREATE_DRUPAL_USER,
              self::EVENT_SYNC_TO_DRUPAL_USER,
            ],
            'config_module' => 'ldap_servers',
            'prov_module' => 'ldap_user',
          ] + $available_user_attrs['[property.mail]'];
          if ($ldap_server
            ->get('picture_attr')) {
            if (!isset($available_user_attrs['[property.picture]']) || !is_array($available_user_attrs['[property.picture]'])) {
              $available_user_attrs['[property.picture]'] = [];
            }
            $available_user_attrs['[property.picture]'] = [
              'name' => 'Property: Picture',
              'source' => '[' . $ldap_server
                ->get('picture_attr') . ']',
              'direction' => self::PROVISION_TO_DRUPAL,
              'enabled' => TRUE,
              'prov_events' => [
                self::EVENT_CREATE_DRUPAL_USER,
                self::EVENT_SYNC_TO_DRUPAL_USER,
              ],
              'config_module' => 'ldap_servers',
              'prov_module' => 'ldap_user',
            ] + $available_user_attrs['[property.picture]'];
          }
        }
      }
    }
    return [
      $params,
      $available_user_attrs,
    ];
  }

}

Members

Namesort descending Modifiers Type Description Overrides
LdapUserAttributesInterface::ACCOUNT_CREATION_LDAP_BEHAVIOUR constant
LdapUserAttributesInterface::ACCOUNT_CREATION_USER_SETTINGS_FOR_LDAP constant
LdapUserAttributesInterface::EVENT_CREATE_DRUPAL_USER constant
LdapUserAttributesInterface::EVENT_CREATE_LDAP_ENTRY constant
LdapUserAttributesInterface::EVENT_LDAP_ASSOCIATE_DRUPAL_USER constant
LdapUserAttributesInterface::EVENT_SYNC_TO_DRUPAL_USER constant
LdapUserAttributesInterface::EVENT_SYNC_TO_LDAP_ENTRY constant
LdapUserAttributesInterface::MANUAL_ACCOUNT_CONFLICT_LDAP_ASSOCIATE constant
LdapUserAttributesInterface::MANUAL_ACCOUNT_CONFLICT_NO_LDAP_ASSOCIATE constant
LdapUserAttributesInterface::MANUAL_ACCOUNT_CONFLICT_REJECT constant
LdapUserAttributesInterface::MANUAL_ACCOUNT_CONFLICT_SHOW_OPTION_ON_FORM constant
LdapUserAttributesInterface::PROVISION_DRUPAL_USER_ON_USER_AUTHENTICATION constant
LdapUserAttributesInterface::PROVISION_DRUPAL_USER_ON_USER_ON_MANUAL_CREATION constant
LdapUserAttributesInterface::PROVISION_DRUPAL_USER_ON_USER_UPDATE_CREATE constant
LdapUserAttributesInterface::PROVISION_LDAP_ENTRY_ON_USER_ON_USER_AUTHENTICATION constant
LdapUserAttributesInterface::PROVISION_LDAP_ENTRY_ON_USER_ON_USER_DELETE constant
LdapUserAttributesInterface::PROVISION_LDAP_ENTRY_ON_USER_ON_USER_UPDATE_CREATE constant
LdapUserAttributesInterface::PROVISION_TO_ALL constant
LdapUserAttributesInterface::PROVISION_TO_DRUPAL constant
LdapUserAttributesInterface::PROVISION_TO_LDAP constant
LdapUserAttributesInterface::PROVISION_TO_NONE constant
LdapUserAttributesInterface::USER_CONFLICT_ATTEMPT_RESOLVE constant
LdapUserAttributesInterface::USER_CONFLICT_LOG constant
ServerFactory::$cache protected property
ServerFactory::$config protected property
ServerFactory::$entityManager protected property
ServerFactory::$logger protected property
ServerFactory::alterLdapAttributes public function Alter the LDAP attributes.
ServerFactory::alterLdapUserAttributesList public function Alter ldap_user attributes lists.
ServerFactory::getAllServers public function Fetch all servers.
ServerFactory::getEnabledServers public function Fetch all enabled servers.
ServerFactory::getServerById public function Fetch server by ID.
ServerFactory::getServerByIdEnabled public function Fetch server by ID if enabled.
ServerFactory::getUserDataByAccount public function Fetch user data from account.
ServerFactory::getUserDataFromServerByAccount public function Fetch user data from server by user account.
ServerFactory::getUserDataFromServerByIdentifier public function Fetch user data from server by Identifier.
ServerFactory::__construct public function Constructor.
StringTranslationTrait::$stringTranslation protected property The string translation service. 1
StringTranslationTrait::formatPlural protected function Formats a string containing a count of items.
StringTranslationTrait::getNumberOfPlurals protected function Returns the number of plurals supported by a given language.
StringTranslationTrait::getStringTranslation protected function Gets the string translation service.
StringTranslationTrait::setStringTranslation public function Sets the string translation service to use. 2
StringTranslationTrait::t protected function Translates a string to the current language or to a given language.