You are here

function _ldapsync_process_entry in LDAP integration 6

Take an ldap object entry and determine if there is an existing account or a new account needs to be created.

Parameters

LDAPInterface $ldap An initialized LDAP server interface object:

String $name The user name attribute value:

Array $ldap_entry LDAP attributes for user.:

Return value

The account object or FALSE if problem

1 call to _ldapsync_process_entry()
_ldapsync_search in ./ldapsync.module
Find all LDAP users from servers and OUs specified in ldapauth settings and create or update existing users as needed.

File

./ldapsync.module, line 252
ldapsync keeps LDAP and Drupal user lists synchronized.

Code

function _ldapsync_process_entry($ldap, $name, $ldap_entry) {

  // check whether user is in an OU mapped in module settings (need to create admin/settings/ldapsync page)
  $dn = $ldap_entry['dn'];
  if ($ldap
    ->getOption('puid_attr')) {
    $puid = ldapauth_extract_puid($server, $name, $ldap_entry);
  }

  // See if there is a matching Drupal user account
  $error = '';
  $account = ldapauth_drupal_user_lookup($ldap, $name, $dn, $error, $puid);
  if ($account === NULL) {
    ldapsync_stats('notices', 1);
    $msg = t('drupal_user_lookup() returned: ') . $error;
    watchdog('ldapsync', $msg, NULL, WATCHDOG_ERROR);
    return FALSE;
  }

  // Handle map by e-mail option (Issue #1209556)
  // If no account or PUID not used and account found does not have matching e-mail
  $user_test_method = variable_get('ldapsync_load_user_by', 'name');
  if ($user_test_method == 'email' && (!$account || !$ldap
    ->getOption('puid_attr') && drupal_strtolower($account->mail) != drupal_strtolower($ldap_entry['mail']))) {
    $account = user_load(array(
      'mail' => $ldap_entry['mail'],
    ));
  }

  // Allow other modules to determine if this ldap user can access server.
  if (ldapauth_user_denied($ldap, $name, $dn, $account)) {
    ldapsync_stats('denied_by_module', 1);
    return;
  }

  // No account found - try to create one
  if (!$account) {
    if (variable_get('ldapsync_existing_only', 0)) {
      return FALSE;
    }
    $error = '';
    $account = ldapauth_drupal_user_create($ldap, $name, $ldap_entry, $error);
    if ($account === FALSE) {
      ldapsync_stats('notices', 1);
      return FALSE;
    }
    ldapsync_stats('new_users', 1);

    // Increment counter
  }
  else {

    // Check authentication method.
    if (!$account->ldap_authentified) {
      $conflict_resolution = LDAPSYNC_LOGIN_CONFLICT;
      if ($conflict_resolution == LDAPSYNC_CONFLICT_FOLLOW_LDAPAUTH) {
        $conflict_resolution = LDAPAUTH_LOGIN_CONFLICT;
      }
      if ($conflict_resolution == LDAPAUTH_CONFLICT_LOG) {
        ldapsync_stats('notices', 1);
        watchdog('ldapsync', 'Could not create ldap-authentified account for user %name because a local user by that %test_value already exists.', array(
          '%name' => $name,
          '%test_value' => $user_test_method,
        ));
        return FALSE;
      }
      else {
        $converted = TRUE;
        ldapsync_stats('converted', 1);
      }
    }

    // Make sure all the information is up to date.
    $drupal_name = ldapauth_drupal_user_name($name, $ldap, $dn);
    $data = array(
      'ldap_dn' => $dn,
      'ldap_config' => $ldap
        ->getOption('sid'),
      'ldap_authentified' => TRUE,
      'authname_ldapauth' => $drupal_name,
      'ldap_name' => $name,
    );

    // Follow ldapauth password sync rules.
    if (LDAPAUTH_LOGIN_PROCESS == LDAPAUTH_AUTH_MIXED && LDAPAUTH_SYNC_PASSWORDS) {
      $data['pass'] = $pass;
    }
    $puid = $account->ldap_puid;

    // save setting from drupal_user_lookupsave.
    $account = user_save($account, $data);

    // Make sure the ldapauth_users info is current (User object may have been moved).
    $user_info = ldapauth_userinfo_load_by_uid($account->uid);
    if (empty($user_info)) {

      // Don't have entry, so make one.
      $user_info = new stdClass();
      $user_info->uid = $account->uid;
    }
    $user_info->sid = $account->ldap_config;
    $user_info->machine_name = $ldap
      ->getOption('machine_name');
    $user_info->dn = $dn;
    $user_info->puid = $puid ? $puid : $account->{$name};
    ldapauth_userinfo_save($user_info);
    if (!$converted) {
      ldapsync_stats('existing_users', 1);
    }
  }

  // Update user's groups if ldapgroups is enabled.
  if (module_exists('ldapgroups')) {
    ldapgroups_user_login($account);
  }

  // Update user's data if ldapdata is enabled.
  if (module_exists('ldapdata')) {
    _ldapdata_user_load($account, TRUE, $ldap_users);
  }

  // Enable any blocked user who is enabled in LDAP.
  if (!$account->status) {
    ldapsync_stats('notices', 1);
    db_query("UPDATE {users} SET status = %d where uid = %d", 1, $account->uid);
    watchdog('ldapsync', 'Enabled LDAP-authentified user %name because the corresponding LDAP account is enabled.', array(
      '%name' => $name,
    ));
  }

  // Reset user specific caches to prevent memory problems
  ldapauth_user_lookup_by_dn(NULL, NULL, NULL, TRUE);
  ldapauth_drupal_user_name(NULL, NULL, NULL, TRUE);
  if (module_exists('ldapgroups')) {
    ldapgroups_groups_load(NULL, NULL, NULL, TRUE);
  }
  return $account;
}