function _ldap_user_orphan_process_batch in Lightweight Directory Access Protocol (LDAP) 7.2
Parameters
$ldap_user_conf:
$batch:
$user_count:
$uids:
$ldap_servers:
$watchdogs_sids_missing_watchdogged:
$query:
$email_list:
Return value
array
Throws
\Exception
1 call to _ldap_user_orphan_process_batch()
- _ldap_user_orphans in ldap_user/
ldap_user.cron.inc - Function to respond to ldap associated drupal accounts which no longer have a related LDAP entry.
File
- ldap_user/
ldap_user.cron.inc, line 106 - Cron relate functions.
Code
function _ldap_user_orphan_process_batch($ldap_user_conf, $batch, $user_count, $uids, $ldap_servers, $watchdogs_sids_missing_watchdogged, $query, $email_list) {
$filters = [];
$drupal_users = [];
/**
* 1. populate $drupal_users[$sid][$puid_attr][$puid]['exists'] = TRUE
*
* e.g. first batch $i=0; $i<50; $i++
* 2nd batch $i=50; $i<100; $i++
* 4th batch $i=150; $i<175; $i++
*/
// e.g 0, 50, 100.
$start = ($batch - 1) * LDAP_SERVERS_MAXFILTER_ORS;
// e.g. 50, 100, 150.
$end_plus_1 = min($batch * LDAP_SERVERS_MAXFILTER_ORS, $user_count);
// e.g. 50, 50; 100, 50.
$batch_uids = array_slice($uids, $start, $end_plus_1 - $start);
$accounts = entity_load('user', $batch_uids);
foreach ($accounts as $uid => $user) {
$sid = @$user->ldap_user_puid_sid[LANGUAGE_NONE][0]['value'];
$puid = @$user->ldap_user_puid[LANGUAGE_NONE][0]['value'];
$puid_attr = @$user->ldap_user_puid_property[LANGUAGE_NONE][0]['value'];
if ($sid && $puid && $puid_attr) {
if ($ldap_servers[$sid]->unique_persistent_attr_binary) {
$filters[$sid][$puid_attr][] = "({$puid_attr}=" . ldap_servers_binary_filter($puid) . ")";
}
else {
$filters[$sid][$puid_attr][] = "({$puid_attr}={$puid})";
}
$drupal_users[$sid][$puid_attr][$puid]['uid'] = $uid;
$drupal_users[$sid][$puid_attr][$puid]['exists'] = FALSE;
}
else {
// User with missing ldap data fields
// perhaps should be watchdogged?
}
}
// 2. set $drupal_users[$sid][$puid_attr][$puid]['exists'] to FALSE
// if entry doesn't exist.
foreach ($filters as $sid => $puid_attrs) {
if (!isset($ldap_servers[$sid])) {
if (!isset($watchdogs_sids_missing_watchdogged[$sid])) {
watchdog('ldap_user', 'Server %sid not enabled, but needed to remove orphaned ldap users', [
'%sid' => $sid,
], WATCHDOG_ERROR);
$watchdogs_sids_missing_watchdogged[$sid] = TRUE;
}
continue;
}
foreach ($puid_attrs as $puid_attr => $ors) {
// Query should look like (|(guid=3243243)(guid=3243243)(guid=3243243))
$ldap_filter = '(|' . join("", $ors) . ')';
$ldap_entries = $ldap_servers[$sid]
->searchAllBaseDns($ldap_filter, [
$puid_attr,
]);
if ($ldap_entries === FALSE) {
// If query has error, don't remove ldap entries!
unset($drupal_users[$sid]);
watchdog('ldap_user', 'ldap server %sid had error while querying to
deal with orphaned ldap user entries. Please check that the ldap
server is configured correctly. Query; %query', [
'%sid' => $sid,
'%query' => serialize($query),
], WATCHDOG_ERROR);
continue;
}
unset($ldap_entries['count']);
foreach ($ldap_entries as $i => $ldap_entry) {
$puid = $ldap_servers[$sid]
->userPuidFromLdapEntry($ldap_entry);
$drupal_users[$sid][$puid_attr][$puid]['exists'] = TRUE;
}
}
}
// 3. we now have $drupal_users[$sid][$puid_attr][$puid]['exists'] = bool.
global $base_url;
foreach ($drupal_users as $sid => $puid_x_puid_attrs) {
foreach ($puid_x_puid_attrs as $puid_attr => $puids) {
foreach ($puids as $puid => $user_data) {
if ($account = $accounts[$user_data['uid']]) {
$user_edit = [];
$user_edit['ldap_user_last_checked'][LANGUAGE_NONE][0]['value'] = time();
$account = user_save($account, $user_edit, 'ldap_user');
if (!$user_data['exists']) {
/**
* $ldap_user_conf->orphanedDrupalAcctBehavior will either be
* 'ldap_user_orphan_email' or one of the user module options:
* user_cancel_block, user_cancel_block_unpublish,
* user_cancel_reassign, user_cancel_delete
*/
if ($ldap_user_conf->orphanedDrupalAcctBehavior == 'ldap_user_orphan_email') {
$email_list[] = $account->name . "," . $account->mail . "," . $base_url . "/user/" . $account->uid . "/edit";
}
else {
_user_cancel([], $account, $ldap_user_conf->orphanedDrupalAcctBehavior);
}
}
}
}
}
}
return $email_list;
}