public function LdapUserConf::provisionLdapEntry in Lightweight Directory Access Protocol (LDAP) 8.2
Same name and namespace in other branches
- 7.2 ldap_user/LdapUserConf.class.php \LdapUserConf::provisionLdapEntry()
given a drupal account, provision an ldap entry if none exists. if one exists do nothing
Parameters
object $account drupal account object with minimum of name property:
array $ldap_user as prepopulated ldap entry. usually not provided:
Return value
array of form: array('status' => 'success', 'fail', or 'conflict'), array('ldap_server' => ldap server object), array('proposed' => proposed ldap entry), array('existing' => existing ldap entry), array('description' = > blah blah)
File
- ldap_user/
LdapUserConf.class.php, line 495
Class
Code
public function provisionLdapEntry($account, $ldap_user = NULL, $test_query = FALSE) {
//debug('provisionLdapEntry account'); //debug($account);
$watchdog_tokens = array();
$result = array(
'status' => NULL,
'ldap_server' => NULL,
'proposed' => NULL,
'existing' => NULL,
'description' => NULL,
);
if (is_scalar($account)) {
$username = $account;
$account = new stdClass();
$acount->name = $username;
}
list($account, $user_entity) = ldap_user_load_user_acct_and_entity($account->name);
if (is_object($account) && property_exists($account, 'uid') && $account->uid == 1) {
$result['status'] = 'fail';
$result['error_description'] = 'can not provision drupal user 1';
return $result;
// do not provision or synch user 1
}
if ($account == FALSE || $account->uid == 0) {
$result['status'] = 'fail';
$result['error_description'] = 'can not provision ldap user unless corresponding drupal account exists first.';
return $result;
}
if (!$this->ldapEntryProvisionServer || !$this->ldapEntryProvisionServer) {
$result['status'] = 'fail';
$result['error_description'] = 'no provisioning server enabled';
return $result;
}
$ldap_server = ldap_servers_get_servers($this->ldapEntryProvisionServer, NULL, TRUE);
$params = array(
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
'prov_events' => array(
LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
),
'module' => 'ldap_user',
'function' => 'provisionLdapEntry',
'include_count' => FALSE,
);
list($proposed_ldap_entry, $error) = $this
->drupalUserToLdapEntry($account, $ldap_server, $params, $ldap_user);
$proposed_dn = is_array($proposed_ldap_entry) && isset($proposed_ldap_entry['dn']) && $proposed_ldap_entry['dn'] ? $proposed_ldap_entry['dn'] : NULL;
$proposed_dn_lcase = drupal_strtolower($proposed_dn);
$existing_ldap_entry = $proposed_dn ? $ldap_server
->dnExists($proposed_dn, 'ldap_entry') : NULL;
if ($error == LDAP_USER_PROV_RESULT_NO_PWD) {
$result['status'] = 'fail';
$result['description'] = 'Can not provision ldap account without user provided password.';
$result['existing'] = $existing_ldap_entry;
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
elseif (!$proposed_dn) {
$result['status'] = 'fail';
$result['description'] = t('failed to derive dn and or mappings');
return $result;
}
elseif ($existing_ldap_entry) {
$result['status'] = 'conflict';
$result['description'] = 'can not provision ldap entry because exists already';
$result['existing'] = $existing_ldap_entry;
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
elseif ($test_query) {
$result['status'] = 'fail';
$result['description'] = 'not created because flagged as test query';
$result['proposed'] = $proposed_ldap_entry;
$result['ldap_server'] = $ldap_server;
}
else {
// stick $proposed_ldap_entry in $ldap_entries array for drupal_alter call
$ldap_entries = array(
$proposed_dn_lcase => $proposed_ldap_entry,
);
$context = array(
'action' => 'add',
'corresponding_drupal_data' => array(
$proposed_dn_lcase => $account,
),
'corresponding_drupal_data_type' => 'user',
);
drupal_alter('ldap_entry_pre_provision', $ldap_entries, $ldap_server, $context);
// remove altered $proposed_ldap_entry from $ldap_entries array
$proposed_ldap_entry = $ldap_entries[$proposed_dn_lcase];
$ldap_entry_created = $ldap_server
->createLdapEntry($proposed_ldap_entry, $proposed_dn);
if ($ldap_entry_created) {
module_invoke_all('ldap_entry_post_provision', $ldap_entries, $ldap_server, $context);
$result['status'] = 'success';
$result['description'] = 'ldap account created';
$result['proposed'] = $proposed_ldap_entry;
$result['created'] = $ldap_entry_created;
$result['ldap_server'] = $ldap_server;
// need to store <sid>|<dn> in ldap_user_prov_entries field, which may contain more than one
$ldap_user_prov_entry = $ldap_server->sid . '|' . $proposed_ldap_entry['dn'];
if (!isset($user_entity->ldap_user_prov_entries['und'])) {
$user_entity->ldap_user_prov_entries = array(
'und' => array(),
);
}
$ldap_user_prov_entry_exists = FALSE;
foreach ($user_entity->ldap_user_prov_entries['und'] as $i => $field_value_instance) {
if ($field_value_instance == $ldap_user_prov_entry) {
$ldap_user_prov_entry_exists = TRUE;
}
}
if (!$ldap_user_prov_entry_exists) {
$user_entity->ldap_user_prov_entries['und'][] = array(
'value' => $ldap_user_prov_entry,
'format' => NULL,
'save_value' => $ldap_user_prov_entry,
);
$edit = array(
'ldap_user_prov_entries' => $user_entity->ldap_user_prov_entries,
);
$account = user_load($account->uid);
$account = user_save($account, $edit);
}
}
else {
$result['status'] = 'fail';
$result['proposed'] = $proposed_ldap_entry;
$result['created'] = $ldap_entry_created;
$result['ldap_server'] = $ldap_server;
$result['existing'] = NULL;
}
}
$tokens = array(
'%dn' => isset($result['proposed']['dn']) ? $result['proposed']['dn'] : NULL,
'%sid' => isset($result['ldap_server']) && $result['ldap_server'] ? $result['ldap_server']->sid : 0,
'%username' => @$account->name,
'%uid' => @$account->uid,
'%description' => @$result['description'],
);
if (!$test_query && isset($result['status'])) {
if ($result['status'] == 'success') {
if ($this->detailedWatchdog) {
watchdog('ldap_user', 'LDAP entry on server %sid created dn=%dn. %description. username=%username, uid=%uid', $tokens, WATCHDOG_INFO);
}
}
elseif ($result['status'] == 'conflict') {
if ($this->detailedWatchdog) {
watchdog('ldap_user', 'LDAP entry on server %sid not created because of existing ldap entry. %description. username=%username, uid=%uid', $tokens, WATCHDOG_WARNING);
}
}
elseif ($result['status'] == 'fail') {
watchdog('ldap_user', 'LDAP entry on server %sid not created because error. %description. username=%username, uid=%uid', $tokens, WATCHDOG_ERROR);
}
}
return $result;
}