public function LdapUserConf::provisionLdapEntry in Lightweight Directory Access Protocol (LDAP) 7.2
Same name and namespace in other branches
- 8.2 ldap_user/LdapUserConf.class.php \LdapUserConf::provisionLdapEntry()
Given a drupal account, provision an ldap entry if none exists. if one exists do nothing.
Parameters
object $account: drupal account object with minimum of name property.
array $ldap_user: as prepopulated ldap entry. usually not provided.
Return value
array of form: array('status' => 'success', 'fail', or 'conflict'), array('ldap_server' => ldap server object), array('proposed' => proposed ldap entry), array('existing' => existing ldap entry), array('description' = > blah blah)
File
- ldap_user/
LdapUserConf.class.php, line 533
Class
Code
public function provisionLdapEntry($account, $ldap_user = NULL, $test_query = FALSE) {
$watchdog_tokens = [];
$result = [
'status' => NULL,
'ldap_server' => NULL,
'proposed' => NULL,
'existing' => NULL,
'description' => NULL,
];
if (is_scalar($account)) {
$username = $account;
$account = new stdClass();
$account->name = $username;
}
list($account, $user_entity) = ldap_user_load_user_acct_and_entity($account->name);
if (is_object($account) && property_exists($account, 'uid') && $account->uid == 1) {
$result['status'] = 'fail';
$result['error_description'] = 'can not provision drupal user 1';
// Do not provision or synch user 1.
return $result;
}
if ($account == FALSE || $account->uid == 0) {
$result['status'] = 'fail';
$result['error_description'] = 'can not provision ldap user unless corresponding drupal account exists first.';
return $result;
}
if (!$this->ldapEntryProvisionServer || !$this->ldapEntryProvisionServer) {
$result['status'] = 'fail';
$result['error_description'] = 'no provisioning server enabled';
return $result;
}
$ldap_server = ldap_servers_get_servers($this->ldapEntryProvisionServer, NULL, TRUE);
$params = [
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
'prov_events' => [
LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
],
'module' => 'ldap_user',
'function' => 'provisionLdapEntry',
'include_count' => FALSE,
];
list($proposed_ldap_entry, $error) = $this
->drupalUserToLdapEntry($account, $ldap_server, $params, $ldap_user);
$proposed_dn = is_array($proposed_ldap_entry) && isset($proposed_ldap_entry['dn']) && $proposed_ldap_entry['dn'] ? $proposed_ldap_entry['dn'] : NULL;
$proposed_dn_lcase = drupal_strtolower($proposed_dn);
$existing_ldap_entry = $proposed_dn ? $ldap_server
->dnExists($proposed_dn, 'ldap_entry') : NULL;
if ($error == LDAP_USER_PROV_RESULT_NO_PWD) {
$result['status'] = 'fail';
$result['description'] = 'Can not provision ldap account without user provided password.';
$result['existing'] = $existing_ldap_entry;
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
elseif (!$proposed_dn) {
$result['status'] = 'fail';
$result['description'] = t('failed to derive dn and or mappings');
return $result;
}
elseif ($existing_ldap_entry) {
$result['status'] = 'conflict';
$result['description'] = 'can not provision ldap entry because exists already';
$result['existing'] = $existing_ldap_entry;
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
elseif ($test_query) {
$result['status'] = 'fail';
$result['description'] = 'not created because flagged as test query';
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
else {
// Stick $proposed_ldap_entry in $ldap_entries array for drupal_alter call.
$ldap_entries = [
$proposed_dn_lcase => $proposed_ldap_entry,
];
$context = [
'action' => 'add',
'corresponding_drupal_data' => [
$proposed_dn_lcase => $account,
],
'corresponding_drupal_data_type' => 'user',
];
drupal_alter('ldap_entry_pre_provision', $ldap_entries, $ldap_server, $context);
// Remove altered $proposed_ldap_entry from $ldap_entries array.
$proposed_ldap_entry = $ldap_entries[$proposed_dn_lcase];
$ldap_entry_created = $ldap_server
->createLdapEntry($proposed_ldap_entry, $proposed_dn);
if ($ldap_entry_created) {
module_invoke_all('ldap_entry_post_provision', $ldap_entries, $ldap_server, $context);
$result['status'] = 'success';
$result['description'] = 'ldap account created';
$result['proposed'] = $proposed_ldap_entry;
$result['created'] = $ldap_entry_created;
$result['ldap_server'] = $ldap_server;
// Need to store <sid>|<dn> in ldap_user_prov_entries field, which may contain more than one.
$ldap_user_prov_entry = $ldap_server->sid . '|' . $proposed_ldap_entry['dn'];
if (!isset($user_entity->ldap_user_prov_entries[LANGUAGE_NONE])) {
$user_entity->ldap_user_prov_entries = [
LANGUAGE_NONE => [],
];
}
$ldap_user_prov_entry_exists = FALSE;
foreach ($user_entity->ldap_user_prov_entries[LANGUAGE_NONE] as $i => $field_value_instance) {
if ($field_value_instance == $ldap_user_prov_entry) {
$ldap_user_prov_entry_exists = TRUE;
}
}
if (!$ldap_user_prov_entry_exists) {
$user_entity->ldap_user_prov_entries[LANGUAGE_NONE][] = [
'value' => $ldap_user_prov_entry,
];
// Save the field without calling user_save()
field_attach_presave('user', $user_entity);
field_attach_update('user', $user_entity);
}
}
else {
$result['status'] = 'fail';
$result['proposed'] = $proposed_ldap_entry;
$result['created'] = $ldap_entry_created;
$result['ldap_server'] = $ldap_server;
$result['existing'] = NULL;
}
}
$tokens = [
'%dn' => isset($result['proposed']['dn']) ? $result['proposed']['dn'] : NULL,
'%sid' => isset($result['ldap_server']) && $result['ldap_server'] ? $result['ldap_server']->sid : 0,
'%username' => @$account->name,
'%uid' => @$account->uid,
'%description' => @$result['description'],
];
if (!$test_query && isset($result['status'])) {
if ($result['status'] == 'success') {
if ($this->detailedWatchdog) {
watchdog('ldap_user', 'LDAP entry on server %sid created dn=%dn. %description. username=%username, uid=%uid', $tokens, WATCHDOG_INFO);
}
}
elseif ($result['status'] == 'conflict') {
if ($this->detailedWatchdog) {
watchdog('ldap_user', 'LDAP entry on server %sid not created because of existing ldap entry. %description. username=%username, uid=%uid', $tokens, WATCHDOG_WARNING);
}
}
elseif ($result['status'] == 'fail') {
watchdog('ldap_user', 'LDAP entry on server %sid not created because error. %description. username=%username, uid=%uid', $tokens, WATCHDOG_ERROR);
}
}
return $result;
}