function _ldapsync_process_entry in LDAP integration 6
Take an ldap object entry and determine if there is an existing account or a new account needs to be created.
Parameters
LDAPInterface $ldap An initialized LDAP server interface object:
String $name The user name attribute value:
Array $ldap_entry LDAP attributes for user.:
Return value
The account object or FALSE if problem
1 call to _ldapsync_process_entry()
- _ldapsync_search in ./
ldapsync.module - Find all LDAP users from servers and OUs specified in ldapauth settings and create or update existing users as needed.
File
- ./
ldapsync.module, line 252 - ldapsync keeps LDAP and Drupal user lists synchronized.
Code
function _ldapsync_process_entry($ldap, $name, $ldap_entry) {
// check whether user is in an OU mapped in module settings (need to create admin/settings/ldapsync page)
$dn = $ldap_entry['dn'];
if ($ldap
->getOption('puid_attr')) {
$puid = ldapauth_extract_puid($server, $name, $ldap_entry);
}
// See if there is a matching Drupal user account
$error = '';
$account = ldapauth_drupal_user_lookup($ldap, $name, $dn, $error, $puid);
if ($account === NULL) {
ldapsync_stats('notices', 1);
$msg = t('drupal_user_lookup() returned: ') . $error;
watchdog('ldapsync', $msg, NULL, WATCHDOG_ERROR);
return FALSE;
}
// Handle map by e-mail option (Issue #1209556)
// If no account or PUID not used and account found does not have matching e-mail
$user_test_method = variable_get('ldapsync_load_user_by', 'name');
if ($user_test_method == 'email' && (!$account || !$ldap
->getOption('puid_attr') && drupal_strtolower($account->mail) != drupal_strtolower($ldap_entry['mail']))) {
$account = user_load(array(
'mail' => $ldap_entry['mail'],
));
}
// Allow other modules to determine if this ldap user can access server.
if (ldapauth_user_denied($ldap, $name, $dn, $account)) {
ldapsync_stats('denied_by_module', 1);
return;
}
// No account found - try to create one
if (!$account) {
if (variable_get('ldapsync_existing_only', 0)) {
return FALSE;
}
$error = '';
$account = ldapauth_drupal_user_create($ldap, $name, $ldap_entry, $error);
if ($account === FALSE) {
ldapsync_stats('notices', 1);
return FALSE;
}
ldapsync_stats('new_users', 1);
// Increment counter
}
else {
// Check authentication method.
if (!$account->ldap_authentified) {
$conflict_resolution = LDAPSYNC_LOGIN_CONFLICT;
if ($conflict_resolution == LDAPSYNC_CONFLICT_FOLLOW_LDAPAUTH) {
$conflict_resolution = LDAPAUTH_LOGIN_CONFLICT;
}
if ($conflict_resolution == LDAPAUTH_CONFLICT_LOG) {
ldapsync_stats('notices', 1);
watchdog('ldapsync', 'Could not create ldap-authentified account for user %name because a local user by that %test_value already exists.', array(
'%name' => $name,
'%test_value' => $user_test_method,
));
return FALSE;
}
else {
$converted = TRUE;
ldapsync_stats('converted', 1);
}
}
// Make sure all the information is up to date.
$drupal_name = ldapauth_drupal_user_name($name, $ldap, $dn);
$data = array(
'ldap_dn' => $dn,
'ldap_config' => $ldap
->getOption('sid'),
'ldap_authentified' => TRUE,
'authname_ldapauth' => $drupal_name,
'ldap_name' => $name,
);
// Follow ldapauth password sync rules.
if (LDAPAUTH_LOGIN_PROCESS == LDAPAUTH_AUTH_MIXED && LDAPAUTH_SYNC_PASSWORDS) {
$data['pass'] = $pass;
}
$puid = $account->ldap_puid;
// save setting from drupal_user_lookupsave.
$account = user_save($account, $data);
// Make sure the ldapauth_users info is current (User object may have been moved).
$user_info = ldapauth_userinfo_load_by_uid($account->uid);
if (empty($user_info)) {
// Don't have entry, so make one.
$user_info = new stdClass();
$user_info->uid = $account->uid;
}
$user_info->sid = $account->ldap_config;
$user_info->machine_name = $ldap
->getOption('machine_name');
$user_info->dn = $dn;
$user_info->puid = $puid ? $puid : $account->{$name};
ldapauth_userinfo_save($user_info);
if (!$converted) {
ldapsync_stats('existing_users', 1);
}
}
// Update user's groups if ldapgroups is enabled.
if (module_exists('ldapgroups')) {
ldapgroups_user_login($account);
}
// Update user's data if ldapdata is enabled.
if (module_exists('ldapdata')) {
_ldapdata_user_load($account, TRUE, $ldap_users);
}
// Enable any blocked user who is enabled in LDAP.
if (!$account->status) {
ldapsync_stats('notices', 1);
db_query("UPDATE {users} SET status = %d where uid = %d", 1, $account->uid);
watchdog('ldapsync', 'Enabled LDAP-authentified user %name because the corresponding LDAP account is enabled.', array(
'%name' => $name,
));
}
// Reset user specific caches to prevent memory problems
ldapauth_user_lookup_by_dn(NULL, NULL, NULL, TRUE);
ldapauth_drupal_user_name(NULL, NULL, NULL, TRUE);
if (module_exists('ldapgroups')) {
ldapgroups_groups_load(NULL, NULL, NULL, TRUE);
}
return $account;
}