View source
<?php
require_once 'ldap_user.module';
class LdapUserConf {
public $drupalAcctProvisionServer = LDAP_USER_NO_SERVER_SID;
public $ldapEntryProvisionServer = LDAP_USER_NO_SERVER_SID;
public $provisionSidFromDirection = array(
LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER => LDAP_USER_NO_SERVER_SID,
LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY => LDAP_USER_NO_SERVER_SID,
);
public $drupalAcctProvisionTriggers = array(
LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE,
LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE,
LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE,
);
public $ldapEntryProvisionTriggers = array();
public $userConflictResolve = LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
public $acctCreation = LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
public $inDatabase = FALSE;
public $manualAccountConflict = LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT;
public $setsLdapPassword = TRUE;
public $loginConflictResolve = FALSE;
public $synchMapping = NULL;
public $ldapUserSynchMappings = NULL;
public $detailedWatchdog = FALSE;
public $provisionsDrupalAccountsFromLdap = FALSE;
public $provisionsLdapEntriesFromDrupalUsers = FALSE;
public $orphanedDrupalAcctBehavior = 'ldap_user_orphan_email';
public $orphanedCheckQty = 100;
public $provisionsLdapEvents = array();
public $provisionsDrupalEvents = array();
public $saveable = array(
'drupalAcctProvisionServer',
'ldapEntryProvisionServer',
'drupalAcctProvisionTriggers',
'ldapEntryProvisionTriggers',
'orphanedDrupalAcctBehavior',
'orphanedCheckQty',
'userConflictResolve',
'manualAccountConflict',
'acctCreation',
'ldapUserSynchMappings',
);
function __construct() {
$this
->load();
$this->provisionSidFromDirection[LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER] = $this->drupalAcctProvisionServer;
$this->provisionSidFromDirection[LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY] = $this->ldapEntryProvisionServer;
$this->provisionsLdapEvents = array(
LDAP_USER_EVENT_CREATE_LDAP_ENTRY => t('On LDAP Entry Creation'),
LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY => t('On Synch to LDAP Entry'),
);
$this->provisionsDrupalEvents = array(
LDAP_USER_EVENT_CREATE_DRUPAL_USER => t('On Drupal User Creation'),
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER => t('On Synch to Drupal User'),
);
$this->provisionsDrupalAccountsFromLdap = $this->drupalAcctProvisionServer && $this->drupalAcctProvisionServer && count(array_filter(array_values($this->drupalAcctProvisionTriggers))) > 0;
$this->provisionsLdapEntriesFromDrupalUsers = $this->ldapEntryProvisionServer && $this->ldapEntryProvisionServer && count(array_filter(array_values($this->ldapEntryProvisionTriggers))) > 0;
$this
->setSynchMapping(TRUE);
$this->detailedWatchdog = config('ldap_help.settings')
->get('watchdog_detail');
}
function load() {
if ($saved = variable_get("ldap_user_conf", FALSE)) {
$this->inDatabase = TRUE;
foreach ($this->saveable as $property) {
if (isset($saved[$property])) {
$this->{$property} = $saved[$property];
}
}
}
else {
$this->inDatabase = FALSE;
}
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
if ($this->acctCreation == LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT || $user_register == USER_REGISTER_VISITORS) {
$this->createLDAPAccounts = TRUE;
$this->createLDAPAccountsAdminApproval = FALSE;
}
elseif ($user_register == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) {
$this->createLDAPAccounts = FALSE;
$this->createLDAPAccountsAdminApproval = TRUE;
}
else {
$this->createLDAPAccounts = FALSE;
$this->createLDAPAccountsAdminApproval = FALSE;
}
}
function __destruct() {
}
public function getSynchMappings($direction = LDAP_USER_PROV_DIRECTION_ALL, $prov_events = NULL) {
if (!$prov_events) {
$prov_events = ldap_user_all_events();
}
$mappings = array();
if ($direction == LDAP_USER_PROV_DIRECTION_ALL) {
$directions = array(
LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
);
}
else {
$directions = array(
$direction,
);
}
foreach ($directions as $direction) {
if (!empty($this->ldapUserSynchMappings[$direction])) {
foreach ($this->ldapUserSynchMappings[$direction] as $attribute => $mapping) {
if (!empty($mapping['prov_events'])) {
$result = count(array_intersect($prov_events, $mapping['prov_events']));
if ($result) {
$mappings[$attribute] = $mapping;
}
}
}
}
}
return $mappings;
}
public function isDrupalAcctProvisionServer($sid) {
if (!$sid || !$this->drupalAcctProvisionServer) {
return FALSE;
}
elseif ($this->ldapEntryProvisionServer == $sid) {
return TRUE;
}
else {
return FALSE;
}
}
public function isLdapEntryProvisionServer($sid) {
if (!$sid || !$this->ldapEntryProvisionServer) {
return FALSE;
}
elseif ($this->ldapEntryProvisionServer == $sid) {
return TRUE;
}
else {
return FALSE;
}
}
public function getLdapUserRequiredAttributes($direction = LDAP_USER_PROV_DIRECTION_ALL, $ldap_context = NULL) {
$attributes_map = array();
$required_attributes = array();
if ($this->drupalAcctProvisionServer) {
$prov_events = $this
->ldapContextToProvEvents($ldap_context);
$attributes_map = $this
->getSynchMappings($direction, $prov_events);
$required_attributes = array();
foreach ($attributes_map as $detail) {
if (count(array_intersect($prov_events, $detail['prov_events']))) {
if ($detail['ldap_attr']) {
ldap_servers_token_extract_attributes($required_attributes, $detail['ldap_attr']);
}
}
}
}
return $required_attributes;
}
public function ldapContextToProvEvents($ldap_context = NULL) {
switch ($ldap_context) {
case 'ldap_user_prov_to_drupal':
$result = array(
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
LDAP_USER_EVENT_CREATE_DRUPAL_USER,
LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT,
);
break;
case 'ldap_user_prov_to_ldap':
$result = array(
LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY,
LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
);
break;
default:
$result = ldap_user_all_events();
}
return $result;
}
public function ldapContextToProvDirection($ldap_context = NULL) {
switch ($ldap_context) {
case 'ldap_user_prov_to_drupal':
$result = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER;
break;
case 'ldap_user_prov_to_ldap':
case 'ldap_user_delete_drupal_user':
$result = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY;
break;
case 'ldap_user_insert_drupal_user':
case 'ldap_user_update_drupal_user':
case 'ldap_authentication_authenticate':
case 'ldap_user_insert_drupal_user':
case 'ldap_user_disable_drupal_user':
$result = LDAP_USER_PROV_DIRECTION_ALL;
break;
default:
$result = LDAP_USER_PROV_DIRECTION_ALL;
}
return $result;
}
function setSynchMapping($reset = TRUE) {
$synch_mapping_cache = cache_get('ldap_user_synch_mapping');
if (!$reset && $synch_mapping_cache) {
$this->synchMapping = $synch_mapping_cache->data;
}
else {
$available_user_attrs = array();
foreach (array(
LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
) as $direction) {
$sid = $this->provisionSidFromDirection[$direction];
$available_user_attrs[$direction] = array();
$ldap_server = $sid ? ldap_servers_get_servers($sid, NULL, TRUE) : FALSE;
$params = array(
'ldap_server' => $ldap_server,
'ldap_user_conf' => $this,
'direction' => $direction,
);
drupal_alter('ldap_user_attrs_list', $available_user_attrs[$direction], $params);
}
}
$this->synchMapping = $available_user_attrs;
cache_set('ldap_user_synch_mapping', $this->synchMapping);
}
public function provisionEnabled($direction, $provision_trigger) {
$result = FALSE;
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
if (!$this->ldapEntryProvisionServer) {
$result = FALSE;
}
else {
$result = in_array($provision_trigger, $this->ldapEntryProvisionTriggers);
}
}
elseif ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
if (!$this->drupalAcctProvisionServer) {
$result = FALSE;
}
else {
$result = in_array($provision_trigger, $this->drupalAcctProvisionTriggers);
}
}
return $result;
}
public function provisionLdapEntry($account, $ldap_user = NULL, $test_query = FALSE) {
$watchdog_tokens = array();
$result = array(
'status' => NULL,
'ldap_server' => NULL,
'proposed' => NULL,
'existing' => NULL,
'description' => NULL,
);
if (is_scalar($account)) {
$username = $account;
$account = new stdClass();
$acount->name = $username;
}
list($account, $user_entity) = ldap_user_load_user_acct_and_entity($account->name);
if (is_object($account) && property_exists($account, 'uid') && $account->uid == 1) {
$result['status'] = 'fail';
$result['error_description'] = 'can not provision drupal user 1';
return $result;
}
if ($account == FALSE || $account->uid == 0) {
$result['status'] = 'fail';
$result['error_description'] = 'can not provision ldap user unless corresponding drupal account exists first.';
return $result;
}
if (!$this->ldapEntryProvisionServer || !$this->ldapEntryProvisionServer) {
$result['status'] = 'fail';
$result['error_description'] = 'no provisioning server enabled';
return $result;
}
$ldap_server = ldap_servers_get_servers($this->ldapEntryProvisionServer, NULL, TRUE);
$params = array(
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
'prov_events' => array(
LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
),
'module' => 'ldap_user',
'function' => 'provisionLdapEntry',
'include_count' => FALSE,
);
list($proposed_ldap_entry, $error) = $this
->drupalUserToLdapEntry($account, $ldap_server, $params, $ldap_user);
$proposed_dn = is_array($proposed_ldap_entry) && isset($proposed_ldap_entry['dn']) && $proposed_ldap_entry['dn'] ? $proposed_ldap_entry['dn'] : NULL;
$proposed_dn_lcase = drupal_strtolower($proposed_dn);
$existing_ldap_entry = $proposed_dn ? $ldap_server
->dnExists($proposed_dn, 'ldap_entry') : NULL;
if ($error == LDAP_USER_PROV_RESULT_NO_PWD) {
$result['status'] = 'fail';
$result['description'] = 'Can not provision ldap account without user provided password.';
$result['existing'] = $existing_ldap_entry;
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
elseif (!$proposed_dn) {
$result['status'] = 'fail';
$result['description'] = t('failed to derive dn and or mappings');
return $result;
}
elseif ($existing_ldap_entry) {
$result['status'] = 'conflict';
$result['description'] = 'can not provision ldap entry because exists already';
$result['existing'] = $existing_ldap_entry;
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
elseif ($test_query) {
$result['status'] = 'fail';
$result['description'] = 'not created because flagged as test query';
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
else {
$ldap_entries = array(
$proposed_dn_lcase => $proposed_ldap_entry,
);
$context = array(
'action' => 'add',
'corresponding_drupal_data' => array(
$proposed_dn_lcase => $account,
),
'corresponding_drupal_data_type' => 'user',
);
drupal_alter('ldap_entry_pre_provision', $ldap_entries, $ldap_server, $context);
$proposed_ldap_entry = $ldap_entries[$proposed_dn_lcase];
$ldap_entry_created = $ldap_server
->createLdapEntry($proposed_ldap_entry, $proposed_dn);
if ($ldap_entry_created) {
module_invoke_all('ldap_entry_post_provision', $ldap_entries, $ldap_server, $context);
$result['status'] = 'success';
$result['description'] = 'ldap account created';
$result['proposed'] = $proposed_ldap_entry;
$result['created'] = $ldap_entry_created;
$result['ldap_server'] = $ldap_server;
$ldap_user_prov_entry = $ldap_server->sid . '|' . $proposed_ldap_entry['dn'];
if (!isset($user_entity->ldap_user_prov_entries['und'])) {
$user_entity->ldap_user_prov_entries = array(
'und' => array(),
);
}
$ldap_user_prov_entry_exists = FALSE;
foreach ($user_entity->ldap_user_prov_entries['und'] as $i => $field_value_instance) {
if ($field_value_instance == $ldap_user_prov_entry) {
$ldap_user_prov_entry_exists = TRUE;
}
}
if (!$ldap_user_prov_entry_exists) {
$user_entity->ldap_user_prov_entries['und'][] = array(
'value' => $ldap_user_prov_entry,
'format' => NULL,
'save_value' => $ldap_user_prov_entry,
);
$edit = array(
'ldap_user_prov_entries' => $user_entity->ldap_user_prov_entries,
);
$account = user_load($account->uid);
$account = user_save($account, $edit);
}
}
else {
$result['status'] = 'fail';
$result['proposed'] = $proposed_ldap_entry;
$result['created'] = $ldap_entry_created;
$result['ldap_server'] = $ldap_server;
$result['existing'] = NULL;
}
}
$tokens = array(
'%dn' => isset($result['proposed']['dn']) ? $result['proposed']['dn'] : NULL,
'%sid' => isset($result['ldap_server']) && $result['ldap_server'] ? $result['ldap_server']->sid : 0,
'%username' => @$account->name,
'%uid' => @$account->uid,
'%description' => @$result['description'],
);
if (!$test_query && isset($result['status'])) {
if ($result['status'] == 'success') {
if ($this->detailedWatchdog) {
watchdog('ldap_user', 'LDAP entry on server %sid created dn=%dn. %description. username=%username, uid=%uid', $tokens, WATCHDOG_INFO);
}
}
elseif ($result['status'] == 'conflict') {
if ($this->detailedWatchdog) {
watchdog('ldap_user', 'LDAP entry on server %sid not created because of existing ldap entry. %description. username=%username, uid=%uid', $tokens, WATCHDOG_WARNING);
}
}
elseif ($result['status'] == 'fail') {
watchdog('ldap_user', 'LDAP entry on server %sid not created because error. %description. username=%username, uid=%uid', $tokens, WATCHDOG_ERROR);
}
}
return $result;
}
public function synchToLdapEntry($account, $user_edit = NULL, $ldap_user = array(), $test_query = FALSE) {
if (is_object($account) && property_exists($account, 'uid') && $account->uid == 1) {
return FALSE;
}
$watchdog_tokens = array();
$result = FALSE;
$proposed_ldap_entry = FALSE;
if ($this->ldapEntryProvisionServer) {
$ldap_server = ldap_servers_get_servers($this->ldapEntryProvisionServer, NULL, TRUE);
$params = array(
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
'prov_events' => array(
LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY,
),
'module' => 'ldap_user',
'function' => 'synchToLdapEntry',
'include_count' => FALSE,
);
list($proposed_ldap_entry, $error) = $this
->drupalUserToLdapEntry($account, $ldap_server, $params, $ldap_user);
if ($error != LDAP_USER_PROV_RESULT_NO_ERROR) {
$result = FALSE;
}
elseif (is_array($proposed_ldap_entry) && isset($proposed_ldap_entry['dn'])) {
$existing_ldap_entry = $ldap_server
->dnExists($proposed_ldap_entry['dn'], 'ldap_entry');
$attributes = array();
foreach ($proposed_ldap_entry as $attr_name => $attr_values) {
if ($attr_name != 'dn') {
if (isset($attr_values['count'])) {
unset($attr_values['count']);
}
if (count($attr_values) == 1) {
$attributes[$attr_name] = $attr_values[0];
}
else {
$attributes[$attr_name] = $attr_values;
}
}
}
if ($test_query) {
$proposed_ldap_entry = $attributes;
$result = array(
'proposed' => $proposed_ldap_entry,
'server' => $ldap_server,
);
}
else {
$proposed_dn_lcase = drupal_strtolower($proposed_ldap_entry['dn']);
$ldap_entries = array(
$proposed_dn_lcase => $attributes,
);
$context = array(
'action' => 'update',
'corresponding_drupal_data' => array(
$proposed_dn_lcase => $attributes,
),
'corresponding_drupal_data_type' => 'user',
);
drupal_alter('ldap_entry_pre_provision', $ldap_entries, $ldap_server, $context);
$attributes = $ldap_entries[$proposed_dn_lcase];
$result = $ldap_server
->modifyLdapEntry($proposed_ldap_entry['dn'], $attributes);
if ($result) {
module_invoke_all('ldap_entry_post_provision', $ldap_entries, $ldap_server, $context);
}
}
}
else {
$result = FALSE;
}
}
$tokens = array(
'%dn' => isset($result['proposed']['dn']) ? $result['proposed']['dn'] : NULL,
'%sid' => $this->ldapEntryProvisionServer,
'%username' => $account->name,
'%uid' => $test_query || !property_exists($account, 'uid') ? '' : $account->uid,
);
if ($result) {
watchdog('ldap_user', 'LDAP entry on server %sid synched dn=%dn. username=%username, uid=%uid', $tokens, WATCHDOG_INFO);
}
else {
watchdog('ldap_user', 'LDAP entry on server %sid not synched because error. username=%username, uid=%uid', $tokens, WATCHDOG_ERROR);
}
return $result;
}
public function synchToDrupalAccount($drupal_user, &$user_edit, $prov_event = LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user = NULL, $save = FALSE) {
$debug = array(
'account' => $drupal_user,
'user_edit' => $user_edit,
'ldap_user' => $ldap_user,
);
if (!$ldap_user && !isset($drupal_user->name) || !$drupal_user && $save || $ldap_user && !isset($ldap_user['sid'])) {
return FALSE;
}
if (!$ldap_user && $this->drupalAcctProvisionServer) {
$ldap_user = ldap_servers_get_user_ldap_data($drupal_user->name, $this->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
}
if (!$ldap_user) {
return FALSE;
}
if ($this->drupalAcctProvisionServer) {
$ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, NULL, TRUE);
$this
->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(
$prov_event,
));
}
if ($save) {
$account = user_load($drupal_user->uid);
$result = user_save($account, $user_edit, 'ldap_user');
return $result;
}
else {
return TRUE;
}
}
public function deleteDrupalAccount($username) {
$user = user_load_by_name($username);
if (is_object($user)) {
user_delete($user->uid);
return TRUE;
}
else {
return FALSE;
}
}
public function getProvisionRelatedLdapEntry($account, $prov_events = NULL) {
if (!$prov_events) {
$prov_events = ldap_user_all_events();
}
$sid = $this->ldapEntryProvisionServer;
if (!$sid) {
return FALSE;
}
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
$params = array(
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
'prov_events' => $prov_events,
'module' => 'ldap_user',
'function' => 'getProvisionRelatedLdapEntry',
'include_count' => FALSE,
);
list($proposed_ldap_entry, $error) = $this
->drupalUserToLdapEntry($account, $ldap_server, $params);
if (!(is_array($proposed_ldap_entry) && isset($proposed_ldap_entry['dn']) && $proposed_ldap_entry['dn'])) {
return FALSE;
}
$ldap_entry = $ldap_server
->dnExists($proposed_ldap_entry['dn'], 'ldap_entry', array());
return $ldap_entry;
}
public function deleteProvisionedLdapEntries($account) {
$boolean_result = FALSE;
$language = $account->language ? $account->language : 'und';
if (isset($account->ldap_user_prov_entries[$language][0])) {
foreach ($account->ldap_user_prov_entries[$language] as $i => $field_instance) {
$parts = explode('|', $field_instance['value']);
if (count($parts) == 2) {
list($sid, $dn) = $parts;
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
if (is_object($ldap_server) && $dn) {
$boolean_result = $ldap_server
->delete($dn);
$tokens = array(
'%sid' => $sid,
'%dn' => $dn,
'%username' => $account->name,
'%uid' => $account->uid,
);
if ($boolean_result) {
watchdog('ldap_user', 'LDAP entry on server %sid deleted dn=%dn. username=%username, uid=%uid', $tokens, WATCHDOG_INFO);
}
else {
watchdog('ldap_user', 'LDAP entry on server %sid not deleted because error. username=%username, uid=%uid', $tokens, WATCHDOG_ERROR);
}
}
else {
$boolean_result = FALSE;
}
}
}
}
return $boolean_result;
}
function drupalUserToLdapEntry($account, $ldap_server, $params, $ldap_user_entry = NULL) {
$provision = isset($params['function']) && $params['function'] == 'provisionLdapEntry';
$result = LDAP_USER_PROV_RESULT_NO_ERROR;
if (!$ldap_user_entry) {
$ldap_user_entry = array();
}
if (!is_object($account) || !is_object($ldap_server)) {
return array(
NULL,
LDAP_USER_PROV_RESULT_BAD_PARAMS,
);
}
$watchdog_tokens = array(
'%drupal_username' => $account->name,
);
$include_count = isset($params['include_count']) && $params['include_count'];
$direction = isset($params['direction']) ? $params['direction'] : LDAP_USER_PROV_DIRECTION_ALL;
$prov_events = empty($params['prov_events']) ? ldap_user_all_events() : $params['prov_events'];
$mappings = $this
->getSynchMappings($direction, $prov_events);
foreach ($mappings as $field_key => $field_detail) {
list($ldap_attr_name, $ordinal, $conversion) = ldap_servers_token_extract_parts($field_key, TRUE);
$ordinal = !$ordinal ? 0 : $ordinal;
if ($ldap_user_entry && isset($ldap_user_entry[$ldap_attr_name]) && is_array($ldap_user_entry[$ldap_attr_name]) && isset($ldap_user_entry[$ldap_attr_name][$ordinal])) {
continue;
}
$synched = $this
->isSynched($field_key, $params['prov_events'], LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY);
if ($synched) {
$token = $field_detail['user_attr'] == 'user_tokens' ? $field_detail['user_tokens'] : $field_detail['user_attr'];
$value = ldap_servers_token_replace($account, $token, 'user_account');
if (substr($token, 0, 10) == '[password.' && (!$value || $value == $token)) {
if (!$provision) {
continue;
}
}
if ($ldap_attr_name == 'dn' && $value) {
$ldap_user_entry['dn'] = $value;
}
elseif ($value) {
if (!isset($ldap_user_entry[$ldap_attr_name]) || !is_array($ldap_user_entry[$ldap_attr_name])) {
$ldap_user_entry[$ldap_attr_name] = array();
}
$ldap_user_entry[$ldap_attr_name][$ordinal] = $value;
if ($include_count) {
$ldap_user_entry[$ldap_attr_name]['count'] = count($ldap_user_entry[$ldap_attr_name]);
}
}
}
}
drupal_alter('ldap_entry', $ldap_user_entry, $params);
return array(
$ldap_user_entry,
$result,
);
}
public function provisionDrupalAccount($account = FALSE, &$user_edit, $ldap_user = NULL, $save = TRUE) {
$watchdog_tokens = array();
if (!$account) {
$account = new stdClass();
}
$account->is_new = TRUE;
if (!$ldap_user && !isset($user_edit['name'])) {
return FALSE;
}
if (!$ldap_user) {
$watchdog_tokens['%username'] = $user_edit['name'];
if ($this->drupalAcctProvisionServer) {
$ldap_user = ldap_servers_get_user_ldap_data($user_edit['name'], $this->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
}
if (!$ldap_user) {
if ($this->detailedWatchdog) {
watchdog('ldap_user', '%username : failed to find associated ldap entry for username in provision.', $watchdog_tokens, WATCHDOG_DEBUG);
}
return FALSE;
}
}
if (!isset($user_edit['name']) && isset($account->name)) {
$user_edit['name'] = $account->name;
$watchdog_tokens['%username'] = $user_edit['name'];
}
if ($this->drupalAcctProvisionServer) {
$ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, 'enabled', TRUE);
$params = array(
'account' => $account,
'user_edit' => $user_edit,
'prov_event' => LDAP_USER_EVENT_CREATE_DRUPAL_USER,
'module' => 'ldap_user',
'function' => 'provisionDrupalAccount',
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
);
drupal_alter('ldap_entry', $ldap_user, $params);
$puid = $ldap_server
->userPuidFromLdapEntry($ldap_user['attr']);
$account2 = $puid ? $ldap_server
->userUserEntityFromPuid($puid) : FALSE;
if ($account2) {
$this
->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
));
$account = user_save($account2, $user_edit, 'ldap_user');
user_set_authmaps($account, array(
"authname_ldap_user" => $user_edit['name'],
));
if ($account) {
$account = $this
->synchToDrupalAccount($account, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user, TRUE);
}
return $account;
}
else {
$this
->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(
LDAP_USER_EVENT_CREATE_DRUPAL_USER,
));
if ($save) {
$watchdog_tokens = array(
'%drupal_username' => $user_edit['name'],
);
if (empty($user_edit['name'])) {
drupal_set_message(t('User account creation failed because of invalid, empty derived Drupal username.'), 'error');
watchdog('ldap_user', 'Failed to create Drupal account %drupal_username because drupal username could not be derived.', $tokens, WATCHDOG_ERROR);
return FALSE;
}
if (!isset($user_edit['mail']) || !$user_edit['mail']) {
drupal_set_message(t('User account creation failed because of invalid, empty derived email address.'), 'error');
watchdog('ldap_user', 'Failed to create Drupal account %drupal_username because email address could not be derived by LDAP User module', $tokens, WATCHDOG_ERROR);
return FALSE;
}
if ($account_with_same_email = user_load_by_mail($user_edit['mail'])) {
$watchdog_tokens['%email'] = $user_edit['mail'];
$watchdog_tokens['%duplicate_name'] = $account_with_same_email->name;
watchdog('ldap_user', 'LDAP user %drupal_username has email address
(%email) conflict with a drupal user %duplicate_name', $watchdog_tokens, WATCHDOG_ERROR);
drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');
return FALSE;
}
$account = user_save(NULL, $user_edit, 'ldap_user');
if (!$account) {
drupal_set_message(t('User account creation failed because of system problems.'), 'error');
}
else {
user_set_authmaps($account, array(
'authname_ldap_user' => $user_edit['name'],
));
}
return $account;
}
return TRUE;
}
}
}
function ldapAssociateDrupalAccount($drupal_username) {
if ($this->drupalAcctProvisionServer) {
$prov_events = array(
LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT,
);
$ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, 'enabled', TRUE);
$account = user_load_by_name($drupal_username);
$ldap_user = ldap_servers_get_user_ldap_data($drupal_username, $this->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
if (!$account) {
watchdog('ldap_user', 'Failed to LDAP associate drupal account %drupal_username because account not found', array(
'%drupal_username' => $drupal_username,
), WATCHDOG_ERROR);
return FALSE;
}
elseif (!$ldap_user) {
watchdog('ldap_user', 'Failed to LDAP associate drupal account %drupal_username because corresponding LDAP entry not found', array(
'%drupal_username' => $drupal_username,
), WATCHDOG_ERROR);
return FALSE;
}
else {
$user_edit = array();
$user_edit['data']['ldap_user']['init'] = array(
'sid' => $ldap_user['sid'],
'dn' => $ldap_user['dn'],
'mail' => $account->mail,
);
$ldap_user_puid = $ldap_server
->userPuidFromLdapEntry($ldap_user['attr']);
if ($ldap_user_puid) {
$user_edit['ldap_user_puid'][LANGUAGE_NONE][0]['value'] = $ldap_user_puid;
}
$user_edit['ldap_user_puid_property'][LANGUAGE_NONE][0]['value'] = $ldap_server->unique_persistent_attr;
$user_edit['ldap_user_puid_sid'][LANGUAGE_NONE][0]['value'] = $ldap_server->sid;
$user_edit['ldap_user_current_dn'][LANGUAGE_NONE][0]['value'] = $ldap_user['dn'];
$account = user_save($account, $user_edit, 'ldap_user');
return (bool) $account;
}
}
else {
return FALSE;
}
}
function entryToUserEdit($ldap_user, &$edit, $ldap_server, $direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, $prov_events = NULL) {
if (!$prov_events) {
$prov_events = ldap_user_all_events();
}
$mail_synched = $this
->isSynched('[property.mail]', $prov_events, $direction);
if (!isset($edit['mail']) && $mail_synched) {
$derived_mail = $ldap_server
->userEmailFromLdapEntry($ldap_user['attr']);
if ($derived_mail) {
$edit['mail'] = $derived_mail;
}
}
$drupal_username = $ldap_server
->userUsernameFromLdapEntry($ldap_user['attr']);
if ($this
->isSynched('[property.picture]', $prov_events, $direction)) {
$picture = $ldap_server
->userPictureFromLdapEntry($ldap_user['attr'], $drupal_username);
if ($picture) {
$edit['picture'] = $picture;
if (isset($picture->md5Sum)) {
$edit['data']['ldap_user']['init']['thumb5md'] = $picture->md5Sum;
}
}
}
if ($this
->isSynched('[property.name]', $prov_events, $direction) && !isset($edit['name']) && $drupal_username) {
$edit['name'] = $drupal_username;
}
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER && in_array(LDAP_USER_EVENT_CREATE_DRUPAL_USER, $prov_events)) {
$edit['mail'] = isset($edit['mail']) ? $edit['mail'] : $ldap_user['mail'];
$edit['pass'] = isset($edit['pass']) ? $edit['pass'] : user_password(20);
$edit['init'] = isset($edit['init']) ? $edit['init'] : $edit['mail'];
$edit['status'] = isset($edit['status']) ? $edit['status'] : 1;
$edit['signature'] = isset($edit['signature']) ? $edit['signature'] : '';
$edit['data']['ldap_user']['init'] = array(
'sid' => $ldap_user['sid'],
'dn' => $ldap_user['dn'],
'mail' => $edit['mail'],
);
}
if ($this
->isSynched('[field.ldap_user_puid]', $prov_events, $direction)) {
$ldap_user_puid = $ldap_server
->userPuidFromLdapEntry($ldap_user['attr']);
if ($ldap_user_puid) {
$edit['ldap_user_puid'][LANGUAGE_NONE][0]['value'] = $ldap_user_puid;
}
}
if ($this
->isSynched('[field.ldap_user_puid_property]', $prov_events, $direction)) {
$edit['ldap_user_puid_property'][LANGUAGE_NONE][0]['value'] = $ldap_server->unique_persistent_attr;
}
if ($this
->isSynched('[field.ldap_user_puid_sid]', $prov_events, $direction)) {
$edit['ldap_user_puid_sid'][LANGUAGE_NONE][0]['value'] = $ldap_server->sid;
}
if ($this
->isSynched('[field.ldap_user_current_dn]', $prov_events, $direction)) {
$edit['ldap_user_current_dn'][LANGUAGE_NONE][0]['value'] = $ldap_user['dn'];
}
$mappings = $this
->getSynchMappings($direction, $prov_events);
foreach ($mappings as $user_attr_key => $field_detail) {
if (!$this
->isSynched($user_attr_key, $prov_events, $direction)) {
continue;
}
if ($field_detail['convert'] && strpos($field_detail['ldap_attr'], ';') === FALSE) {
$field_detail['ldap_attr'] = str_replace(']', ';binary]', $field_detail['ldap_attr']);
}
$value = ldap_servers_token_replace($ldap_user['attr'], $field_detail['ldap_attr'], 'ldap_entry');
list($value_type, $value_name, $value_instance) = ldap_servers_parse_user_attr_name($user_attr_key);
if ($value_type == 'field') {
$field = field_info_field($value_name);
$columns = array_keys($field['columns']);
$values = $field['cardinality'] == 1 ? array(
$value,
) : (array) $value;
$items = array();
foreach ($values as $delta => $value) {
if (isset($value)) {
$items[$delta][$columns[0]] = $value;
}
}
$edit[$value_name][LANGUAGE_NONE] = $items;
}
elseif ($value_type == 'property') {
$edit[$value_name] = $value;
}
}
drupal_alter('ldap_user_edit_user', $edit, $ldap_user, $ldap_server, $prov_events);
if (isset($edit['name']) && $edit['name'] == '') {
unset($edit['name']);
}
}
public function isSynched($attr_token, $prov_events, $direction) {
$result = (bool) (isset($this->synchMapping[$direction][$attr_token]['prov_events']) && count(array_intersect($prov_events, $this->synchMapping[$direction][$attr_token]['prov_events'])));
if (!$result) {
if (isset($this->synchMapping[$direction][$attr_token])) {
}
else {
}
}
return $result;
}
}