You are here

public function LdapUserConf::provisionLdapEntry in Lightweight Directory Access Protocol (LDAP) 8.2

Same name and namespace in other branches
  1. 7.2 ldap_user/LdapUserConf.class.php \LdapUserConf::provisionLdapEntry()

given a drupal account, provision an ldap entry if none exists. if one exists do nothing

Parameters

object $account drupal account object with minimum of name property:

array $ldap_user as prepopulated ldap entry. usually not provided:

Return value

array of form: array('status' => 'success', 'fail', or 'conflict'), array('ldap_server' => ldap server object), array('proposed' => proposed ldap entry), array('existing' => existing ldap entry), array('description' = > blah blah)

File

ldap_user/LdapUserConf.class.php, line 495

Class

LdapUserConf

Code

public function provisionLdapEntry($account, $ldap_user = NULL, $test_query = FALSE) {

  //debug('provisionLdapEntry account'); //debug($account);
  $watchdog_tokens = array();
  $result = array(
    'status' => NULL,
    'ldap_server' => NULL,
    'proposed' => NULL,
    'existing' => NULL,
    'description' => NULL,
  );
  if (is_scalar($account)) {
    $username = $account;
    $account = new stdClass();
    $acount->name = $username;
  }
  list($account, $user_entity) = ldap_user_load_user_acct_and_entity($account->name);
  if (is_object($account) && property_exists($account, 'uid') && $account->uid == 1) {
    $result['status'] = 'fail';
    $result['error_description'] = 'can not provision drupal user 1';
    return $result;

    // do not provision or synch user 1
  }
  if ($account == FALSE || $account->uid == 0) {
    $result['status'] = 'fail';
    $result['error_description'] = 'can not provision ldap user unless corresponding drupal account exists first.';
    return $result;
  }
  if (!$this->ldapEntryProvisionServer || !$this->ldapEntryProvisionServer) {
    $result['status'] = 'fail';
    $result['error_description'] = 'no provisioning server enabled';
    return $result;
  }
  $ldap_server = ldap_servers_get_servers($this->ldapEntryProvisionServer, NULL, TRUE);
  $params = array(
    'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
    'prov_events' => array(
      LDAP_USER_EVENT_CREATE_LDAP_ENTRY,
    ),
    'module' => 'ldap_user',
    'function' => 'provisionLdapEntry',
    'include_count' => FALSE,
  );
  list($proposed_ldap_entry, $error) = $this
    ->drupalUserToLdapEntry($account, $ldap_server, $params, $ldap_user);
  $proposed_dn = is_array($proposed_ldap_entry) && isset($proposed_ldap_entry['dn']) && $proposed_ldap_entry['dn'] ? $proposed_ldap_entry['dn'] : NULL;
  $proposed_dn_lcase = drupal_strtolower($proposed_dn);
  $existing_ldap_entry = $proposed_dn ? $ldap_server
    ->dnExists($proposed_dn, 'ldap_entry') : NULL;
  if ($error == LDAP_USER_PROV_RESULT_NO_PWD) {
    $result['status'] = 'fail';
    $result['description'] = 'Can not provision ldap account without user provided password.';
    $result['existing'] = $existing_ldap_entry;
    $result['proposed'] = $proposed_ldap_entry;
    $result['ldap_server'] = $ldap_server;
  }
  elseif (!$proposed_dn) {
    $result['status'] = 'fail';
    $result['description'] = t('failed to derive dn and or mappings');
    return $result;
  }
  elseif ($existing_ldap_entry) {
    $result['status'] = 'conflict';
    $result['description'] = 'can not provision ldap entry because exists already';
    $result['existing'] = $existing_ldap_entry;
    $result['proposed'] = $proposed_ldap_entry;
    $result['ldap_server'] = $ldap_server;
  }
  elseif ($test_query) {
    $result['status'] = 'fail';
    $result['description'] = 'not created because flagged as test query';
    $result['proposed'] = $proposed_ldap_entry;
    $result['ldap_server'] = $ldap_server;
  }
  else {

    // stick $proposed_ldap_entry in $ldap_entries array for drupal_alter call
    $ldap_entries = array(
      $proposed_dn_lcase => $proposed_ldap_entry,
    );
    $context = array(
      'action' => 'add',
      'corresponding_drupal_data' => array(
        $proposed_dn_lcase => $account,
      ),
      'corresponding_drupal_data_type' => 'user',
    );
    drupal_alter('ldap_entry_pre_provision', $ldap_entries, $ldap_server, $context);

    // remove altered $proposed_ldap_entry from $ldap_entries array
    $proposed_ldap_entry = $ldap_entries[$proposed_dn_lcase];
    $ldap_entry_created = $ldap_server
      ->createLdapEntry($proposed_ldap_entry, $proposed_dn);
    if ($ldap_entry_created) {
      module_invoke_all('ldap_entry_post_provision', $ldap_entries, $ldap_server, $context);
      $result['status'] = 'success';
      $result['description'] = 'ldap account created';
      $result['proposed'] = $proposed_ldap_entry;
      $result['created'] = $ldap_entry_created;
      $result['ldap_server'] = $ldap_server;

      // need to store <sid>|<dn> in ldap_user_prov_entries field, which may contain more than one
      $ldap_user_prov_entry = $ldap_server->sid . '|' . $proposed_ldap_entry['dn'];
      if (!isset($user_entity->ldap_user_prov_entries['und'])) {
        $user_entity->ldap_user_prov_entries = array(
          'und' => array(),
        );
      }
      $ldap_user_prov_entry_exists = FALSE;
      foreach ($user_entity->ldap_user_prov_entries['und'] as $i => $field_value_instance) {
        if ($field_value_instance == $ldap_user_prov_entry) {
          $ldap_user_prov_entry_exists = TRUE;
        }
      }
      if (!$ldap_user_prov_entry_exists) {
        $user_entity->ldap_user_prov_entries['und'][] = array(
          'value' => $ldap_user_prov_entry,
          'format' => NULL,
          'save_value' => $ldap_user_prov_entry,
        );
        $edit = array(
          'ldap_user_prov_entries' => $user_entity->ldap_user_prov_entries,
        );
        $account = user_load($account->uid);
        $account = user_save($account, $edit);
      }
    }
    else {
      $result['status'] = 'fail';
      $result['proposed'] = $proposed_ldap_entry;
      $result['created'] = $ldap_entry_created;
      $result['ldap_server'] = $ldap_server;
      $result['existing'] = NULL;
    }
  }
  $tokens = array(
    '%dn' => isset($result['proposed']['dn']) ? $result['proposed']['dn'] : NULL,
    '%sid' => isset($result['ldap_server']) && $result['ldap_server'] ? $result['ldap_server']->sid : 0,
    '%username' => @$account->name,
    '%uid' => @$account->uid,
    '%description' => @$result['description'],
  );
  if (!$test_query && isset($result['status'])) {
    if ($result['status'] == 'success') {
      if ($this->detailedWatchdog) {
        watchdog('ldap_user', 'LDAP entry on server %sid created dn=%dn.  %description. username=%username, uid=%uid', $tokens, WATCHDOG_INFO);
      }
    }
    elseif ($result['status'] == 'conflict') {
      if ($this->detailedWatchdog) {
        watchdog('ldap_user', 'LDAP entry on server %sid not created because of existing ldap entry. %description. username=%username, uid=%uid', $tokens, WATCHDOG_WARNING);
      }
    }
    elseif ($result['status'] == 'fail') {
      watchdog('ldap_user', 'LDAP entry on server %sid not created because error.  %description. username=%username, uid=%uid', $tokens, WATCHDOG_ERROR);
    }
  }
  return $result;
}