You are here

Home » API reference » LDAP integration 5.2 » ldapauth.module

function _ldapauth_save_user in LDAP integration 5.2

Same name and namespace in other branches
  1. 5 ldapauth.module \_ldapauth_save_user()
1 call to _ldapauth_save_user()
_ldapauth_user_authenticate in ./ldapauth.module

File

./ldapauth.module, line 859

Code

function _ldapauth_save_user($login_string, $pass) {
  global $user, $ldap;
  $account = user_load(array(
    'name' => $login_string,
  ));

  //$dn = _ldapauth_login2dn($login_string);
  $ldap_user = _ldapauth_user_lookup($login_string);
  if ($ldap_user) {
    $dn = $ldap_user['dn'];
  }
  if (!isset($account->uid)) {

    // Register this new user.
    // Changes to this user_save():
    //   1. 'pass' => in "LDAP then Drupal" mode, actual password
    //                is written. In "LDAP only" mode, a random
    //                password is set
    if (variable_get('ldap_login_process', LDAP_FIRST_LDAP) == LDAP_FIRST_LDAP) {
      $pass = user_password(20);
    }

    //   2. 'mail' => we cannot access the LDAP info from here, so
    //                we just write anything as e-mail address. If
    //                ldapdata module is enabled, it will write the
    //                right value upon login
    if (key_exists($ldap
      ->getOption('mail_attr') ? $ldap
      ->getOption('mail_attr') : LDAP_DEFAULT_MAIL_ATTRIBUTE, $ldap_user)) {
      $mail = $ldap_user[$ldap
        ->getOption('mail_attr')][0];
    }
    else {
      $mail = "";
    }

    //   3. 'init' => same. BTW: what's the use of this field?
    $init = $dn;

    //   4. 'ldap_authentified' => TRUE . There is a need to mark
    //      people as externally authentified.
    // Here ldap_dn should not be set (as it was in the 4.7- versions).
    // The DN should be determined by the specific LDAP repo that is being used at login time
    $userinfo = array(
      'name' => $login_string,
      'pass' => $pass,
      'mail' => $mail,
      'init' => $init,
      'status' => 1,
      'authname_ldapauth' => $login_string,
      'roles' => array(
        DRUPAL_AUTHENTICATED_RID,
      ),
      'ldap_authentified' => TRUE,
      'ldap_dn' => $dn,
    );
    $user = user_save('', $userinfo);
    watchdog('user', t('New external user - ldapauth: %user using module %module.', array(
      '%user' => theme('placeholder', $login_string),
      '%module' => theme('placeholder', 'ldapauth'),
    )), WATCHDOG_NOTICE, l(t('edit'), 'user/' . $user->uid . '/edit'));
  }
  else {
    if (!$account->ldap_authentified) {
      drupal_set_message(t('Another user already exists in this system with the same login name. You should contact the system\'s administrator in order to solve this conflict.'), 'error');
      watchdog('user', t("LDAP user with DN {$dn} has a naming conflict with non-LDAP user {$account->name}"), WATCHDOG_ERROR);
      module_invoke_all('user', 'logout', NULL, $user);
    }
    else {
      $user = $account;
    }
  }

  // setup the cookies et al
  // We save the config that was used to authenticate the user in the user object.
  // This will be used by ldapdata and other ldapXXX modules.
  $config_name = $ldap
    ->getOption('name');
  user_save($user, array(
    'ldap_config' => $config_name,
  ));

  // obtain the DN for this user in this specific LDAP repository
  $_SESSION['ldap_login']['dn'] = $dn;
  $_SESSION['ldap_login']['pass'] = $pass;
  return $user;
}