function ldapauth_drupal_user_lookup in LDAP integration 6
Map an LDAP user to a Drupal user account if one exists.
Parameters
LDAPInterface $ldap An initialized LDAP server interface object.:
String $name The user name (from login form):
String $dn The user's dn:
String $error An error message or '' if no errors. NOTE: Errors NOT reported via watchdog:
String $puid Save an ldap query if the PUID is already known (e.g ldapsync):
Return value
A user object, FALSE (user not found) or NULL (if error)
3 calls to ldapauth_drupal_user_lookup()
- ldapauth_authenticate in ./
ldapauth.module - Main user authentication function. Called by form validator.
- ldapgroups_user_test_output in ./
ldapgroups.admin.inc - Generate the test results for the user and ldap settings.
- _ldapsync_process_entry in ./
ldapsync.module - Take an ldap object entry and determine if there is an existing account or a new account needs to be created.
File
- includes/
ldap.core.inc, line 336 - The core functions that ldapauth supplies for submodules. Will be included by default by ldapauth.
Code
function ldapauth_drupal_user_lookup($ldap, $name, $dn, &$error, $puid = NULL) {
$error = '';
if (!$ldap) {
$error = t('LDAPInterface not initialized in ldapauth_drupal_user_lookup!');
return NULL;
}
$sid = $ldap
->getOption('sid');
// If a PUID attribute is set, then use this to map users
if ($ldap
->getOption('puid_attr')) {
if (!$puid) {
$ldap_entry = ldapauth_user_lookup_by_dn($ldap, $dn, LDAPAUTH_SYNC_CONTEXT_AUTHENTICATE_DRUPAL_USER);
if (empty($ldap_entry)) {
$error = t("Error looking up user in LDAP: Supplied dn not found! sid=%sid dn=%dn", array(
'%sid' => $sid,
'%dn' => $dn,
));
return NULL;
}
$puid = ldapauth_extract_puid($sid, $name, $ldap_entry);
}
// Try to get PUID to UID mapping.
if (!empty($puid)) {
$user_info = ldapauth_userinfo_load_by_puid($puid);
// Found matching ldapauth_users entry. Return this users.
if (isset($user_info->uid)) {
$account = user_load($user_info->uid);
$account->ldap_puid = $puid;
return $account;
}
}
else {
$error = t("LDAP user did not have required PUID attribute, %puid_attr! sid=%sid dn=%dn", array(
'%puid_attr' => $ldap
->getOption('puid_attr'),
'%sid' => $sid,
'%dn' => $dn,
));
return NULL;
}
// Have PUID but no matching userinfo, then see if entry needs to be rebuilt.
// Most likely one of the following:
// Converting from prePUID to PUID;
// Changed PUID attribute; or
// Server re-created with new sid.
// TODO: Make this configurable?
$drupal_name = ldapauth_drupal_user_name($name, $ldap, $dn);
$account = user_load(array(
'name' => $drupal_name,
));
if (!$account) {
return FALSE;
}
// Does the name map to an existing LDAP related account.
if (isset($account->ldap_authentified)) {
$user_info = ldapauth_userinfo_load_by_uid($account->uid);
// No user with different PUID
if (empty($user_info)) {
// DNs match.
if (drupal_strtolower($account->ldap_dn) == drupal_strtolower($dn)) {
$old_server = ldapauth_server_load($account->ldap_config);
// Do sids match or old sid does not exist
if ($account->ldap_config == $sid || empty($old_server)) {
$user_info = array(
'uid' => $account->uid,
'sid' => $sid,
'machine_name' => $ldap
->getOption('machine_name'),
'dn' => $dn,
'puid' => $puid,
);
ldapauth_userinfo_save($user_info);
$account->ldap_puid = $puid;
return $account;
}
}
}
else {
$error = t('User, %name, already associated with a different LDAP user', array(
'%name' => $name,
));
return NULL;
}
}
// Return normal drupal account so login process can decide to map or not.
$account->ldap_puid = $puid;
return $account;
}
else {
$drupal_name = ldapauth_drupal_user_name($name, $ldap, $dn);
$account = user_load(array(
'name' => $drupal_name,
));
if (!$account) {
return FALSE;
}
// Double check that ldap user matches this account.
if ($account->ldap_authentified) {
// Do DNs map
if (drupal_strtolower($account->ldap_dn) == drupal_strtolower($dn)) {
$old_server = ldapauth_server_load($account->ldap_config);
// Do sids match or old sid does not exist
if ($account->ldap_config == $sid || empty($old_server)) {
$account->ldap_puid = $name;
// Default if puid attr not set.
return $account;
}
}
return FALSE;
}
$account->ldap_puid = $name;
// Default if puid attr not set.
return $account;
}
}