public function LdapUserConf::provisionDrupalAccount in Lightweight Directory Access Protocol (LDAP) 8.2
Same name and namespace in other branches
- 7.2 ldap_user/LdapUserConf.class.php \LdapUserConf::provisionDrupalAccount()
given a drupal account, query ldap and get all user fields and save user account (note: parameters are in odd order to match synchDrupalAccount handle)
Parameters
array $account drupal account object or null:
array $user_edit drupal edit array in form user_save($account, $user_edit) would take.:
array $ldap_user as user's ldap entry. passed to avoid requerying ldap in cases where already present:
boolean $save indicating if drupal user should be saved. generally depends on where function is called from and if the:
Return value
result of user_save() function is $save is true, otherwise return TRUE on success or FALSE on any problem $user_edit data returned by reference
File
- ldap_user/
LdapUserConf.class.php, line 1001
Class
Code
public function provisionDrupalAccount($account = FALSE, &$user_edit, $ldap_user = NULL, $save = TRUE) {
$watchdog_tokens = array();
/**
* @todo
* -- add error catching for conflicts, conflicts should be checked before calling this function.
*
*/
if (!$account) {
$account = new stdClass();
}
$account->is_new = TRUE;
if (!$ldap_user && !isset($user_edit['name'])) {
return FALSE;
}
if (!$ldap_user) {
$watchdog_tokens['%username'] = $user_edit['name'];
if ($this->drupalAcctProvisionServer) {
$ldap_user = ldap_servers_get_user_ldap_data($user_edit['name'], $this->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
}
if (!$ldap_user) {
if ($this->detailedWatchdog) {
watchdog('ldap_user', '%username : failed to find associated ldap entry for username in provision.', $watchdog_tokens, WATCHDOG_DEBUG);
}
return FALSE;
}
}
// dpm('ldap_user 675');dpm($ldap_user);
if (!isset($user_edit['name']) && isset($account->name)) {
$user_edit['name'] = $account->name;
$watchdog_tokens['%username'] = $user_edit['name'];
}
if ($this->drupalAcctProvisionServer) {
$ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, 'enabled', TRUE);
// $ldap_user['sid']
$params = array(
'account' => $account,
'user_edit' => $user_edit,
'prov_event' => LDAP_USER_EVENT_CREATE_DRUPAL_USER,
'module' => 'ldap_user',
'function' => 'provisionDrupalAccount',
'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER,
);
drupal_alter('ldap_entry', $ldap_user, $params);
// look for existing drupal account with same puid. if so update username and attempt to synch in current context
$puid = $ldap_server
->userPuidFromLdapEntry($ldap_user['attr']);
$account2 = $puid ? $ldap_server
->userUserEntityFromPuid($puid) : FALSE;
if ($account2) {
// synch drupal account, since drupal account exists
// 1. correct username and authmap
$this
->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER,
));
$account = user_save($account2, $user_edit, 'ldap_user');
user_set_authmaps($account, array(
"authname_ldap_user" => $user_edit['name'],
));
// 2. attempt synch if appropriate for current context
if ($account) {
$account = $this
->synchToDrupalAccount($account, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user, TRUE);
}
return $account;
}
else {
// create drupal account
$this
->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(
LDAP_USER_EVENT_CREATE_DRUPAL_USER,
));
if ($save) {
$watchdog_tokens = array(
'%drupal_username' => $user_edit['name'],
);
if (empty($user_edit['name'])) {
drupal_set_message(t('User account creation failed because of invalid, empty derived Drupal username.'), 'error');
watchdog('ldap_user', 'Failed to create Drupal account %drupal_username because drupal username could not be derived.', $tokens, WATCHDOG_ERROR);
return FALSE;
}
if (!isset($user_edit['mail']) || !$user_edit['mail']) {
drupal_set_message(t('User account creation failed because of invalid, empty derived email address.'), 'error');
watchdog('ldap_user', 'Failed to create Drupal account %drupal_username because email address could not be derived by LDAP User module', $tokens, WATCHDOG_ERROR);
return FALSE;
}
if ($account_with_same_email = user_load_by_mail($user_edit['mail'])) {
$watchdog_tokens['%email'] = $user_edit['mail'];
$watchdog_tokens['%duplicate_name'] = $account_with_same_email->name;
watchdog('ldap_user', 'LDAP user %drupal_username has email address
(%email) conflict with a drupal user %duplicate_name', $watchdog_tokens, WATCHDOG_ERROR);
drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');
return FALSE;
}
$account = user_save(NULL, $user_edit, 'ldap_user');
if (!$account) {
drupal_set_message(t('User account creation failed because of system problems.'), 'error');
}
else {
user_set_authmaps($account, array(
'authname_ldap_user' => $user_edit['name'],
));
}
return $account;
}
return TRUE;
}
}
}