You are here

Home » API reference » LDAP integration 5 » ldapdata.module

function ldapdata_user_update_drupal_account in LDAP integration 5

Same name and namespace in other branches
  1. 5.2 ldapdata.module \ldapdata_user_update_drupal_account()
1 call to ldapdata_user_update_drupal_account()
ldapdata_user_update in ./ldapdata.module

File

./ldapdata.module, line 628

Code

function ldapdata_user_update_drupal_account(&$edit, &$user) {
  $ldap_config_name = $user->ldap_config;

  // we do this as opposed to calling _ldapdata_ldap_info() to save on the multiple sql queries
  $result = db_fetch_array(db_query("SELECT ldapdata_mappings, encrypted FROM {ldapauth} WHERE name = '%s'", $ldap_config_name));
  $mappings = unserialize($result['ldapdata_mappings']);
  $mapping_type = $mappings['access'];
  $encr = $result['encrypted'];
  $account_updated_in_ldap = $mapping_type == LDAP_MAP_ATTRIBUTES;
  $writeout = array();
  if ($user->ldap_dn && $account_updated_in_ldap) {

    // Case 2: updating account data
    $d2l_map = _ldapdata_reverse_mappings($user->ldap_config);
    foreach ($edit as $key => $value) {
      $ldap_attr = $d2l_map[$key];
      if ($ldap_attr) {
        if ($key == 'pass') {
          if ($value) {
            $pw = $encr ? '{md5}' . base64_encode(pack('H*', md5($value))) : $value;
            $writeout[$ldap_attr] = $pw;
          }

          // If authentication is being done in "LDAP only" mode, passwords
          // should not be written to the database, or users would be able
          // to log in even after removing their LDAP entry
          if (variable_get('ldap_login_process', LDAP_FIRST_LDAP) == LDAP_FIRST_LDAP) {
            $edit['pass'] = null;
          }
        }
        else {
          $writeout[$ldap_attr] = $value;
        }
      }
    }
  }
  return $writeout;
}