You are here

function _ldapsync_search in LDAP integration 6

Find all LDAP users from servers and OUs specified in ldapauth settings and create or update existing users as needed.

Return value

An array keyed by lower cased Drupal account name of all users found.

1 call to _ldapsync_search()
_ldapsync_sync in ./ldapsync.module
Main routine.

File

./ldapsync.module, line 149
ldapsync keeps LDAP and Drupal user lists synchronized.

Code

function _ldapsync_search() {
  global $_ldapsync_ldap;
  $users = array();

  // Cycle through LDAP configurations.
  $result = db_query("SELECT sid FROM {ldapauth} WHERE status = %d ORDER BY sid", 1);
  while ($row = db_fetch_object($result)) {

    // Initialize LDAP.
    if (!_ldapsync_init($row->sid)) {
      watchdog('ldapsync', 'ldapsync init failed for ldap server %sid.', array(
        '%sid' => $row->sid,
      ));
      continue;
    }

    // Set up for LDAP search.
    $name_attr = $_ldapsync_ldap
      ->getOption('user_attr') ? $_ldapsync_ldap
      ->getOption('user_attr') : LDAPAUTH_DEFAULT_USER_ATTR;
    $user_attr = drupal_strtolower($name_attr);

    // used to find in results.
    $filters = array();
    if (LDAPSYNC_FILTER) {
      $filters = explode("\r\n", LDAPSYNC_FILTER);
    }
    else {
      $filters[] = "({$name_attr}=*)";
    }
    $attrs = ldapauth_attributes_needed(LDAPAUTH_SYNC_CONTEXT_AUTHENTICATE_DRUPAL_USER, $_ldapsync_ldap
      ->getOption('sid'));

    // If there is no bindn and bindpw - the connect will be an anonymous connect.
    $_ldapsync_ldap
      ->connect($_ldapsync_ldap
      ->getOption('binddn'), $_ldapsync_ldap
      ->getOption('bindpw'));

    // Search each basedn defined for this server
    foreach (explode("\r\n", $_ldapsync_ldap
      ->getOption('basedn')) as $base_dn) {
      if (empty($base_dn)) {
        continue;
      }

      // Re-initialize database object each time.
      $ldapresult = array();
      $filter_found_users = array();

      // Search this server and basedn using all defined filters.
      foreach ($filters as $filter) {
        $filter = trim($filter);
        if (empty($filter)) {
          continue;
        }
        if (variable_get('ldapsync_filter_append_default', 0)) {
          $filter = "(&{$filter}({$name_attr}=*))";
        }
        if (!($ldapresult = $_ldapsync_ldap
          ->search($base_dn, $filter, $attrs))) {
          continue;
        }

        // Cycle through results to build array of user information.
        foreach ($ldapresult as $entry) {
          $name = $entry[$user_attr][0];

          // Don't include if no name attribute.
          if (empty($name)) {
            continue;
          }

          // Don't process the same entry found by different filters twice.
          $lcname = drupal_strtolower($name);
          if (isset($filter_found_users[$lcname])) {
            continue;

            // Already found
          }
          $filter_found_users[$lcname] = $name;
          ldapsync_stats('ldap_users', 1);

          // Don't include if LDAP account is disabled.
          $status = $entry['useraccountcontrol'][0];
          if (($status & 2) != 0) {

            // This only works for Active Directory -- search includes disabled accounts in other directories.
            ldapsync_stats('ldap_users_disabled', 1);
            continue;
          }

          // Process this entry to create/update drupal user (if any).
          $account = _ldapsync_process_entry($_ldapsync_ldap, $name, $entry);
          if (!$account) {
            continue;
          }
          $users[drupal_strtolower($account->name)] = array(
            'uid' => $account->uid,
          );
        }
      }
    }
  }
  return $users;
}