function _ldapauth_save_user in LDAP integration 5
Same name and namespace in other branches
- 5.2 ldapauth.module \_ldapauth_save_user()
1 call to _ldapauth_save_user()
File
- ./
ldapauth.module, line 951
Code
function _ldapauth_save_user($login_string, $pass) {
global $user, $ldapauth_ldap;
$account = user_load(array(
'name' => $login_string,
));
//$dn = _ldapauth_login2dn($login_string);
$ldap_user = _ldapauth_user_lookup($login_string);
if ($ldap_user) {
$dn = $ldap_user['dn'];
}
if (!isset($account->uid)) {
// Register this new user.
// Changes to this user_save():
// 1. 'pass' => in "LDAP then Drupal" mode, actual password
// is written. In "LDAP only" mode, a random
// password is set
// Changed to rely only on checkbox setting, not authentication sequence
//if (variable_get('ldap_login_process', LDAP_FIRST_LDAP) == LDAP_FIRST_LDAP) {
if (variable_get('ldap_forget_passwords', true)) {
// generate a random generic password using drupal api
$pass = user_password(20);
}
// 2. 'mail' => we cannot access the LDAP info from here, so
// we just write anything as e-mail address. If
// ldapdata module is enabled, it will write the
// right value upon login
if (key_exists($ldapauth_ldap
->getOption('mail_attr') ? $ldapauth_ldap
->getOption('mail_attr') : LDAP_DEFAULT_MAIL_ATTRIBUTE, $ldap_user)) {
$mail = $ldap_user[$ldapauth_ldap
->getOption('mail_attr')][0];
}
else {
$mail = "";
}
// 3. 'init' => same. BTW: what's the use of this field?
$init = $mail;
// 4. 'ldap_authentified' => TRUE . There is a need to mark
// people as externally authentified.
// Here ldap_dn should not be set (as it was in the 4.7- versions).
// The DN should be determined by the specific LDAP repo that is being used at login time
$userinfo = array(
'name' => $login_string,
'pass' => $pass,
'mail' => $mail,
'init' => $init,
'status' => 1,
'authname_ldapauth' => $login_string,
'ldap_authentified' => TRUE,
'ldap_dn' => $dn,
);
$user = user_save('', $userinfo);
watchdog('user', t('New external user - ldapauth: %user using module %module.', array(
'%user' => theme('placeholder', $login_string),
'%module' => theme('placeholder', 'ldapauth'),
)), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $user->uid . '/edit'));
}
else {
if (!$account->ldap_authentified) {
drupal_set_message(t('Another user already exists in this system with the same login name. You should contact the system\'s administrator in order to solve this conflict.'), 'error');
watchdog('user', t('LDAP user with DN %dn has a naming conflict with non-LDAP user %account', array(
'%dn' => theme('placeholder', $dn),
'%account' => theme('placeholder', $account->name),
)), WATCHDOG_ERROR);
module_invoke_all('user', 'logout', NULL, $user);
}
else {
$user = $account;
}
}
// setup the cookies et al
// We save the config that was used to authenticate the user in the user object.
// This will be used by ldapdata and other ldapXXX modules.
if (key_exists($ldapauth_ldap
->getOption('mail_attr') ? $ldapauth_ldap
->getOption('mail_attr') : LDAP_DEFAULT_MAIL_ATTRIBUTE, $ldap_user)) {
$mail = $ldap_user[$ldapauth_ldap
->getOption('mail_attr')][0];
}
$config_name = $ldapauth_ldap
->getOption('name');
$userinfo = array(
'mail' => $mail,
'ldap_dn' => $dn,
'ldap_config' => $config_name,
);
$user = user_save($user, $userinfo);
// obtain the DN for this user in this specific LDAP repository
$_SESSION['ldap_login']['dn'] = $dn;
$_SESSION['ldap_login']['pass'] = $pass;
return $user;
}