You are here

public function SimpleLdapRole::save in Simple LDAP 7

Same name and namespace in other branches
  1. 7.2 simple_ldap_role/SimpleLdapRole.class.php \SimpleLdapRole::save()

Save role to LDAP.

@throw SimpleLdapException

Return value

boolean TRUE on success, FALSE if unable to save due to objectclass restrictions.

File

simple_ldap_role/SimpleLdapRole.class.php, line 169
SimpleLdapRole class file.

Class

SimpleLdapRole
@file SimpleLdapRole class file.

Code

public function save() {

  // If there is nothing to save, return "success".
  if (!$this->dirty) {
    return TRUE;
  }

  // Move(rename) the entry if the DN was changed.
  if ($this->move && $this->exists) {
    $this->server
      ->move($this->move, $this->dn);
  }

  // Check if there is a default member, and make sure it is part of the
  // attribute array.
  $attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
  $attribute_member_default = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default');
  if (!empty($attribute_member_default) && !in_array($attribute_member_default, $this->attributes[$attribute_member], TRUE)) {
    $this->attributes[$attribute_member][] = $attribute_member_default;
  }

  // Active Directory has some restrictions on what can be modified.
  if ($this->server->type == 'Active Directory') {
    $attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
    unset($this->attributes[$attribute_name]);
  }

  // Save the LDAP entry.
  if ($this->exists) {

    // Update an existing entry.
    try {
      $this->server
        ->modify($this->dn, $this->attributes);
    } catch (SimpleLdapException $e) {
      switch ($e
        ->getCode()) {
        case 19:
        case 65:

          // A "constraint violation" or "object class violation" error was
          // returned, which means that the objectclass requires a member, but
          // no member was present in the attribute array. This also indicates
          // that no default user is specified in the configuration, so the
          // group should be deleted from LDAP.
          $this->server
            ->delete($this->dn);
          break;
        default:
          throw $e;
      }
    }
  }
  else {

    // Create a new entry.
    try {
      $this->attributes['objectclass'] = array_values(variable_get('simple_ldap_role_objectclass'));
      $this->server
        ->add($this->dn, $this->attributes);
    } catch (SimpleLdapException $e) {
      switch ($e
        ->getCode()) {
        case 68:

          // An "already exists" error was returned, try to do a modify
          // instead.
          $this->server
            ->modify($this->dn, $this->attributes);
          break;
        case 19:
        case 65:

          // A "constraint violation" or "object class violation" error was
          // returned, which means that the objectclass requires a member, but
          // no member was present. Return FALSE here to indicate that this is
          // what happened. Creating the LDAP group will have to wait until
          // there is a member of the role.
          return FALSE;
        default:
          throw $e;
      }
    }
  }

  // No exceptions were thrown, so the save was successful.
  $this->exists = TRUE;
  $this->dirty = FALSE;
  $this->move = FALSE;
  return TRUE;
}