function ldapauth_drupal_user_create in LDAP integration 6
Create a new Drupal user from an LDAP user entry with checks to ensure that:
The admin settings allow account creation The user name is unique. The e-mail is unique and not a reserved address. If PUID are used that the PUID is unique and not null.
Parameters
LDAPInterface $ldap An initialized LDAP server Interface object:
String $name The LDAP user name/login name. If Null, user name will be extracted from attributes.:
Mixed $ldap_user The user's dn or and with the user's ldap attributes.:
String $error An error message or '' if no errors. Errors also logged via watchdog.:
Return value
The new user object or FALSE if an error occured.
3 calls to ldapauth_drupal_user_create()
- ldapauth_authenticate in ./
ldapauth.module - Main user authentication function. Called by form validator.
- _ldapauth_auth in ./
ldapauth.module - Authenticate the user against LDAP servers.
- _ldapsync_process_entry in ./
ldapsync.module - Take an ldap object entry and determine if there is an existing account or a new account needs to be created.
File
- includes/
ldap.core.inc, line 454 - The core functions that ldapauth supplies for submodules. Will be included by default by ldapauth.
Code
function ldapauth_drupal_user_create($ldap, $name, $ldap_user, &$error) {
if (is_string($ldap_user)) {
$is_dn = TRUE;
$dn = $ldap_user;
}
elseif (isset($ldap_user['dn'])) {
$is_dn = FALSE;
$dn = $ldap_user['dn'];
}
else {
// Hmm invalid entry maybe should log this?
$error = t('Invalid LDAP information supplied! Could not find dn.');
watchdog('ldapauth', 'Drupal user %name could not be created because the ldap_user parameter did not contain a valid dn.', array(
'%name' => $name,
), WATCHDOG_ERROR);
return FALSE;
}
$error = '';
// Has the admin turned of automatic account creation?
if (!variable_get('ldapauth_create_users', TRUE)) {
$error = t('Your account is not authorized to access this system.');
watchdog('ldapauth', 'The valid LDAP account %name was denied access because there was no matching Drupal account.', array(
'%name' => $name,
), WATCHDOG_ERROR);
return FALSE;
}
if ($is_dn) {
$ldap_user = ldapauth_user_lookup_by_dn($ldap, $dn, LDAPAUTH_SYNC_CONTEXT_AUTHENTICATE_DRUPAL_USER);
}
// Get drupal name from ldap uid name
if (!$name) {
$name_attr = $ldap
->getOption('user_attr') ? $ldap
->getOption('user_attr') : LDAPAUTH_DEFAULT_USER_ATTR;
$name = isset($ldap_user[$name_attr][0]) ? $ldap_user[$name_attr][0] : (isset($ldap_user[drupal_strtolower($name_attr)][0]) ? $ldap_user[drupal_strtolower($name_attr)][0] : $name);
}
// Let other modules change this if needed.
$drupal_name = ldapauth_drupal_user_name($name, $ldap, $dn);
// Check for unique name probably already done but double check to be sure.
if (user_load(array(
'name' => $drupal_name,
))) {
watchdog('ldapauth', 'LDAP user with DN %dn has a naming conflict with a local Drupal user %name', array(
'%dn' => $dn,
'%name' => $drupal_name,
), WATCHDOG_ERROR);
$error = t('Another user already exists in the system with the same login name. You should contact the system administrator in order to solve this conflict.');
return FALSE;
}
if ($ldap_user) {
// If mail attribute is missing, set the name as mail.
$init = $mail = key_exists($ldap
->getOption('mail_attr') ? $ldap
->getOption('mail_attr') : LDAPAUTH_DEFAULT_MAIL_ATTR, $ldap_user) ? $ldap_user[$ldap
->getOption('mail_attr')][0] : $name;
// Check that the e-mail is not denied.
if (drupal_is_denied('mail', $mail)) {
$error = t('The name %name is registered using a reserved e-mail address and therefore could not be logged in.', array(
'%name' => $name,
));
return FALSE;
}
// Check that e-mail is unique
if ($existing_user_by_email = user_load(array(
'mail' => $mail,
))) {
$error = t('The e-mail address, %mail, associated with this account is already in use.', array(
'%mail' => $mail,
));
watchdog('ldapauth', 'The valid LDAP account %name was denied access their email address, %mail, was already in use.', array(
'%name' => $name,
'%mail' => $mail,
), WATCHDOG_ERROR);
return FALSE;
}
$sid = $ldap
->getOption('sid');
// Validate / Create PUID entry.
if ($ldap
->getOption('puid_attr')) {
$puid = ldapauth_extract_puid($sid, $name, $ldap_user);
if (empty($puid)) {
// Give other modules a chance to create a puid if needed.
drupal_alter('ldap_user_puid', $puid, $name, $dn, $sid);
}
if (empty($puid)) {
$error = t("This LDAP user entry was not configured properly (No PUID). Please contact your system administrator.");
watchdog('ldapauth', 'LDAP user did not have required PUID attribute! ldap_attr=%attr sid=%sid dn=%dn', array(
'%attr' => $ldap
->getOption('puid_attr'),
'%sid' => $sid,
'%dn' => $dn,
), WATCHDOG_ERROR);
return FALSE;
}
if (ldapauth_userinfo_load_by_puid($puid)) {
$error = t("This LDAP user entry was not configured properly (Duplicate PUID). Please contact your system administrator.");
watchdog('ldapauth', 'A duplicate PUID was found! attr=%attr sid=%sid dn=%dn', array(
'%attr' => $ldap
->getOption('puid_attr'),
'%sid' => $sid,
'%dn' => $dn,
), WATCHDOG_ERROR);
return FALSE;
}
}
else {
$puid = $name;
// default to $name for PUID.
}
// Use name as is set in the LDAP server.
$name_attr = $ldap
->getOption('user_attr') ? $ldap
->getOption('user_attr') : LDAPAUTH_DEFAULT_USER_ATTR;
$name_new = isset($ldap_user[$name_attr][0]) ? $ldap_user[$name_attr][0] : (isset($ldap_user[drupal_strtolower($name_attr)][0]) ? $ldap_user[drupal_strtolower($name_attr)][0] : $name);
// Unless another module has altered it.
if ($drupal_name != $name) {
$name_new = $drupal_name;
}
// Generate a random drupal password. LDAP password will be used anyways.
$pass_new = LDAPAUTH_LOGIN_PROCESS == LDAPAUTH_AUTH_EXCLUSIVED || !LDAPAUTH_SYNC_PASSWORDS ? user_password(20) : $pass;
$new_user = array(
'name' => $name_new,
'pass' => $pass_new,
'mail' => $mail,
'init' => $init,
'status' => 1,
'authname_ldapauth' => $name,
'ldap_authentified' => TRUE,
'ldap_dn' => $ldap_user['dn'],
'ldap_config' => $ldap
->getOption('sid'),
'ldap_name' => $name,
);
$account = user_save('', $new_user);
// Save ldapauth_users info.
$user_info = array(
'uid' => $account->uid,
'sid' => $sid,
'machine_name' => $ldap
->getOption('machine_name'),
'dn' => $dn,
'puid' => $puid,
);
ldapauth_userinfo_save($user_info);
watchdog('ldapauth', 'New external user %name created from the LDAP server %server.', array(
'%name' => $name,
'%server' => $ldap
->getOption('name'),
), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $user->uid . '/edit'));
// Invoke post user creation hook.
module_invoke_all('ldapauth_create', $account);
return $account;
}
$error = t("Could not find dn entry! dn=%dn", array(
'%dn' => $dn,
));
return FALSE;
}