function _ldapsync_sync in LDAP integration 6
Main routine.
2 calls to _ldapsync_sync()
- ldapsync_admin_settings_sync_now in ./
ldapsync.admin.inc - Syncs accounts.
- ldapsync_cron in ./
ldapsync.module - Implements hook_cron().
File
- ./
ldapsync.module, line 72 - ldapsync keeps LDAP and Drupal user lists synchronized.
Code
function _ldapsync_sync() {
global $_ldapsync_ldap;
// If ldapgroups is enabled, include it for groups-role sync.
if (module_exists('ldapgroups')) {
module_load_include('inc', 'ldapgroups', 'ldapgroups');
}
// Find all users in specified OU (using base DN and bind information from ldapauth).
// and take appropriate action on the Drupal side.
$ldap_users = _ldapsync_search();
$count_orphaned_users = 0;
// Do we have any LDAP-authentified Drupal users who don't exist in LDAP?
if ($ldap_users) {
$result = db_query("SELECT uid, name, data FROM {users} WHERE status = %d", 1);
while ($row = db_fetch_array($result)) {
if (!isset($ldap_users[drupal_strtolower($row['name'])])) {
$data = unserialize($row['data']);
if ($data['ldap_authentified']) {
// Block user if appropriate module setting is set.
if (variable_get('ldapsync_missing_users_action', 'warn') == 'block') {
// Block user.
db_query("UPDATE {users} SET status=0 WHERE uid=%d", $row['uid']);
// Log out blocked user.
$account = user_load(array(
'uid' => $row['uid'],
));
$array = array();
user_module_invoke('logout', $array, $account);
// Log this.
watchdog('ldapsync', 'Disabled LDAP-authentified user %name because the corresponding LDAP account does not exist or is disabled.', array(
'%name' => $row['name'],
));
}
$count_orphaned_users++;
}
}
}
}
// Send watchdog message with process summary.
$params = array(
'@ldap_users' => ldapsync_stats('ldap_users'),
'@existing_users' => ldapsync_stats('existing_users'),
'@new_users' => ldapsync_stats('new_users'),
'@orphaned_users' => $count_orphaned_users,
);
$converted = ldapsync_stats('converted');
$ldap_disabled = ldapsync_stats('ldap_users_disabled');
$notices = ldapsync_stats('notices');
$denied_by_module = ldapsync_stats('denied_by_module');
$summary = t('Completed LDAP sync. LDAP users found: @ldap_users. Existing users updated: @existing_users. New users created: @new_users. LDAP-authentified users that do not have an enabled LDAP account: @orphaned_users.', $params);
if ($converted) {
$summary .= ' ' . t('Existing users converted to LDAP: @converted.', array(
'@converted' => $converted,
));
}
if ($ldap_disabled) {
$summary .= ' ' . t('Disabled LDAP users: @disabled.', array(
'@disabled' => $ldap_disabled,
));
}
if ($notices) {
$summary .= ' ' . t('Watchdog notices/warnings written: @notices.', array(
'@notices' => $notices,
));
}
if ($denied_by_module) {
$summary .= ' ' . t('Access denied by other modules: @denied.', array(
'@denied' => $denied_by_module,
));
}
watchdog('ldapsync', $summary, NULL);
// Update last sync time variable, so that we don't sync again until the specified time period passes again.
variable_set('ldapsync_last_sync_time', time());
// Useful if calling manually from settings page.
return $summary;
}