You are here

function _ldapgroups_detect_groups in LDAP integration 6

Same name and namespace in other branches
  1. 5.2 ldapgroups.module \_ldapgroups_detect_groups()
  2. 5 ldapgroups.module \_ldapgroups_detect_groups()

Detect user groups from the LDAP.

Parameters

$account: A user object that has already been checked if it is "ldap_authentified".

Return value

An array of user groups, an empty array if none found and FALSE if none defined/could not search LDAP.

1 call to _ldapgroups_detect_groups()
ldapgroups_user_login in ./ldapgroups.inc
Implements hook_user() login operation.

File

./ldapgroups.inc, line 81
ldapgroups include file.

Code

function _ldapgroups_detect_groups($account) {
  global $_ldapgroups_ldap;

  // Nothing to do if there are no groups configured.
  if (!ldapgroups_is_configured($account->ldap_config)) {
    return FALSE;
  }

  // First try to connect with the stored user's DN and password.
  // If unsuccessful, connect with the BINDDN and BINDPW stored in the database for this config.
  $dn = isset($_SESSION['ldap_login']['dn']) ? $_SESSION['ldap_login']['dn'] : '';
  $pass = isset($_SESSION['ldap_login']['pass']) ? $_SESSION['ldap_login']['pass'] : '';

  // If I try to connect using a blank dn and pass, I dont get an error until ldap_read,
  // so I just check to see if they would be blank, based on ldap_forget_passwords, and
  // make it read from the database.
  if (LDAPAUTH_FORGET_PASSWORDS || !$_ldapgroups_ldap
    ->connect($dn, $pass)) {
    $row2 = db_fetch_object(db_query("SELECT binddn, bindpw FROM {ldapauth} WHERE sid = %d", $_ldapgroups_ldap
      ->getOption('sid')));
    $dn = $row2->binddn;
    $pass = $row2->bindpw;
    if (!$_ldapgroups_ldap
      ->connect($dn, $pass)) {
      watchdog('ldapgroups', "User login: user %name data could not be read in the LDAP directory", array(
        '%name' => $account->name,
      ), WATCHDOG_WARNING);
      return FALSE;
    }
  }
  $groups = ldapgroups_groups_load($_ldapgroups_ldap, $account->ldap_dn, $account->name);
  $_ldapgroups_ldap
    ->disconnect();
  return $groups;
}