You are here

public function LdapUserConf::provisionDrupalAccount in Lightweight Directory Access Protocol (LDAP) 8.2

Same name and namespace in other branches
  1. 7.2 ldap_user/LdapUserConf.class.php \LdapUserConf::provisionDrupalAccount()

given a drupal account, query ldap and get all user fields and save user account (note: parameters are in odd order to match synchDrupalAccount handle)

Parameters

array $account drupal account object or null:

array $user_edit drupal edit array in form user_save($account, $user_edit) would take.:

array $ldap_user as user's ldap entry. passed to avoid requerying ldap in cases where already present:

boolean $save indicating if drupal user should be saved. generally depends on where function is called from and if the:

Return value

result of user_save() function is $save is true, otherwise return TRUE on success or FALSE on any problem $user_edit data returned by reference

File

ldap_user/LdapUserConf.class.php, line 1001

Class

LdapUserConf

Code

public function provisionDrupalAccount($account = FALSE, &$user_edit, $ldap_user = NULL, $save = TRUE) {
  $watchdog_tokens = array();

  /**
   * @todo
   * -- add error catching for conflicts, conflicts should be checked before calling this function.
   *
   */
  if (!$account) {
    $account = new stdClass();
  }
  $account->is_new = TRUE;
  if (!$ldap_user && !isset($user_edit['name'])) {
    return FALSE;
  }
  if (!$ldap_user) {
    $watchdog_tokens['%username'] = $user_edit['name'];
    if ($this->drupalAcctProvisionServer) {
      $ldap_user = ldap_servers_get_user_ldap_data($user_edit['name'], $this->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
    }
    if (!$ldap_user) {
      if ($this->detailedWatchdog) {
        watchdog('ldap_user', '%username : failed to find associated ldap entry for username in provision.', $watchdog_tokens, WATCHDOG_DEBUG);
      }
      return FALSE;
    }
  }

  // dpm('ldap_user 675');dpm($ldap_user);
  if (!isset($user_edit['name']) && isset($account->name)) {
    $user_edit['name'] = $account->name;
    $watchdog_tokens['%username'] = $user_edit['name'];
  }
  if ($this->drupalAcctProvisionServer) {
    $ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, 'enabled', TRUE);

    // $ldap_user['sid']
    $params = array(
      'account' => $account,
      'user_edit' => $user_edit,
      'prov_event' => LDAP_USER_EVENT_CREATE_DRUPAL_USER,
      'module' => 'ldap_user',
      'function' => 'provisionDrupalAccount',
      'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
    );
    drupal_alter('ldap_entry', $ldap_user, $params);

    // look for existing drupal account with same puid.  if so update username and attempt to synch in current context
    $puid = $ldap_server
      ->userPuidFromLdapEntry($ldap_user['attr']);
    $account2 = $puid ? $ldap_server
      ->userUserEntityFromPuid($puid) : FALSE;
    if ($account2) {

      // synch drupal account, since drupal account exists
      // 1. correct username and authmap
      $this
        ->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(
        LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
      ));
      $account = user_save($account2, $user_edit, 'ldap_user');
      user_set_authmaps($account, array(
        "authname_ldap_user" => $user_edit['name'],
      ));

      // 2. attempt synch if appropriate for current context
      if ($account) {
        $account = $this
          ->synchToDrupalAccount($account, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user, TRUE);
      }
      return $account;
    }
    else {

      // create drupal account
      $this
        ->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(
        LDAP_USER_EVENT_CREATE_DRUPAL_USER,
      ));
      if ($save) {
        $watchdog_tokens = array(
          '%drupal_username' => $user_edit['name'],
        );
        if (empty($user_edit['name'])) {
          drupal_set_message(t('User account creation failed because of invalid, empty derived Drupal username.'), 'error');
          watchdog('ldap_user', 'Failed to create Drupal account %drupal_username because drupal username could not be derived.', $tokens, WATCHDOG_ERROR);
          return FALSE;
        }
        if (!isset($user_edit['mail']) || !$user_edit['mail']) {
          drupal_set_message(t('User account creation failed because of invalid, empty derived email address.'), 'error');
          watchdog('ldap_user', 'Failed to create Drupal account %drupal_username because email address could not be derived by LDAP User module', $tokens, WATCHDOG_ERROR);
          return FALSE;
        }
        if ($account_with_same_email = user_load_by_mail($user_edit['mail'])) {
          $watchdog_tokens['%email'] = $user_edit['mail'];
          $watchdog_tokens['%duplicate_name'] = $account_with_same_email->name;
          watchdog('ldap_user', 'LDAP user %drupal_username has email address
              (%email) conflict with a drupal user %duplicate_name', $watchdog_tokens, WATCHDOG_ERROR);
          drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');
          return FALSE;
        }
        $account = user_save(NULL, $user_edit, 'ldap_user');
        if (!$account) {
          drupal_set_message(t('User account creation failed because of system problems.'), 'error');
        }
        else {
          user_set_authmaps($account, array(
            'authname_ldap_user' => $user_edit['name'],
          ));
        }
        return $account;
      }
      return TRUE;
    }
  }
}