You are here

Home » API reference » LDAP integration 6 » ldapgroups.inc

function ldapgroups_user_login in LDAP integration 6

Same name and namespace in other branches
  1. 5.2 ldapgroups.module \ldapgroups_user_login()
  2. 5 ldapgroups.module \ldapgroups_user_login()

Implements hook_user() login operation.

Parameters

Object $account A user object verified to be ldap_authentified.:

2 calls to ldapgroups_user_login()
ldapgroups_user in ./ldapgroups.module
Implements hook_user().
_ldapsync_process_entry in ./ldapsync.module
Take an ldap object entry and determine if there is an existing account or a new account needs to be created.

File

./ldapgroups.inc, line 16
ldapgroups include file.

Code

function ldapgroups_user_login(&$account) {

  // Don't do anything if disabled mode has been enabled.
  if (_ldapgroups_ldap_info($account, 'ldapgroups_mappings_filter') == LDAPGROUPS_ROLE_MODE_DISABLED) {
    return;
  }

  // Don't do anything until LDAP groups are configured in admin screens.
  if (!ldapgroups_is_configured($account->ldap_config)) {
    return;
  }

  // Setup the global $_ldapgroups_ldap object.
  if (!_ldapgroups_ldap_init($account)) {
    return;
  }

  // First, we figure out the appropriate groups.
  $groups = _ldapgroups_detect_groups($account);
  if ($groups === FALSE) {

    // Hmm, could not contact LDAP so make no changes..
    return;
  }

  // Then, we take every LDAP mapped role from the user, later below
  // we'll grant back those deserved.
  $account->ldap_drupal_roles = isset($account->ldap_drupal_roles) ? $account->ldap_drupal_roles : array();
  foreach ($account->ldap_drupal_roles as $role) {
    _ldapgroups_deny_role($account, $role);
  }

  // Next, we apply site-specific rules.
  $filtered_groups = _ldapgroups_filter($account, $groups);

  // At this point, the roles are in the full DN format or role names.
  $roles = array();
  if (!empty($filtered_groups)) {
    foreach ($filtered_groups as $group) {
      $role = _ldapgroups_mapping($account, $group);
      $roles[] = $role;
    }
  }
  $roles = array_unique($roles);
  drupal_alter("ldap_user_roles", $roles, $account, $dn, $groups, $filtered_groups);
  foreach ($roles as $role) {
    _ldapgroups_create_role($role);
    _ldapgroups_grant_role($account, $role);
  }

  // Store roles in the user object so we know which ones
  // were granted here.
  user_save($account, array(
    'ldap_drupal_roles' => $roles,
  ));
}