You are here

Home » API reference » LDAP integration 6 » ldapsync.module

function _ldapsync_sync in LDAP integration 6

Main routine.

2 calls to _ldapsync_sync()
ldapsync_admin_settings_sync_now in ./ldapsync.admin.inc
Syncs accounts.
ldapsync_cron in ./ldapsync.module
Implements hook_cron().

File

./ldapsync.module, line 72
ldapsync keeps LDAP and Drupal user lists synchronized.

Code

function _ldapsync_sync() {
  global $_ldapsync_ldap;

  // If ldapgroups is enabled, include it for groups-role sync.
  if (module_exists('ldapgroups')) {
    module_load_include('inc', 'ldapgroups', 'ldapgroups');
  }

  // Find all users in specified OU (using base DN and bind information from ldapauth).
  // and take appropriate action on the Drupal side.
  $ldap_users = _ldapsync_search();
  $count_orphaned_users = 0;

  // Do we have any LDAP-authentified Drupal users who don't exist in LDAP?
  if ($ldap_users) {
    $result = db_query("SELECT uid, name, data FROM {users} WHERE status = %d", 1);
    while ($row = db_fetch_array($result)) {
      if (!isset($ldap_users[drupal_strtolower($row['name'])])) {
        $data = unserialize($row['data']);
        if ($data['ldap_authentified']) {

          // Block user if appropriate module setting is set.
          if (variable_get('ldapsync_missing_users_action', 'warn') == 'block') {

            // Block user.
            db_query("UPDATE {users} SET status=0 WHERE uid=%d", $row['uid']);

            // Log out blocked user.
            $account = user_load(array(
              'uid' => $row['uid'],
            ));
            $array = array();
            user_module_invoke('logout', $array, $account);

            // Log this.
            watchdog('ldapsync', 'Disabled LDAP-authentified user %name because the corresponding LDAP account does not exist or is disabled.', array(
              '%name' => $row['name'],
            ));
          }
          $count_orphaned_users++;
        }
      }
    }
  }

  // Send watchdog message with process summary.
  $params = array(
    '@ldap_users' => ldapsync_stats('ldap_users'),
    '@existing_users' => ldapsync_stats('existing_users'),
    '@new_users' => ldapsync_stats('new_users'),
    '@orphaned_users' => $count_orphaned_users,
  );
  $converted = ldapsync_stats('converted');
  $ldap_disabled = ldapsync_stats('ldap_users_disabled');
  $notices = ldapsync_stats('notices');
  $denied_by_module = ldapsync_stats('denied_by_module');
  $summary = t('Completed LDAP sync. LDAP users found: @ldap_users. Existing users updated: @existing_users. New users created: @new_users. LDAP-authentified users that do not have an enabled LDAP account: @orphaned_users.', $params);
  if ($converted) {
    $summary .= ' ' . t('Existing users converted to LDAP: @converted.', array(
      '@converted' => $converted,
    ));
  }
  if ($ldap_disabled) {
    $summary .= ' ' . t('Disabled LDAP users: @disabled.', array(
      '@disabled' => $ldap_disabled,
    ));
  }
  if ($notices) {
    $summary .= ' ' . t('Watchdog notices/warnings written: @notices.', array(
      '@notices' => $notices,
    ));
  }
  if ($denied_by_module) {
    $summary .= ' ' . t('Access denied by other modules: @denied.', array(
      '@denied' => $denied_by_module,
    ));
  }
  watchdog('ldapsync', $summary, NULL);

  // Update last sync time variable, so that we don't sync again until the specified time period passes again.
  variable_set('ldapsync_last_sync_time', time());

  // Useful if calling manually from settings page.
  return $summary;
}