function simple_ldap_role_sync_user_to_drupal in Simple LDAP 7.2
Same name and namespace in other branches
- 7 simple_ldap_role/simple_ldap_role.module \simple_ldap_role_sync_user_to_drupal()
Synchronize LDAP groups to Drupal roles.
2 calls to simple_ldap_role_sync_user_to_drupal()
- simple_ldap_role_user_load in simple_ldap_role/
simple_ldap_role.module - Implements hook_user_load().
- simple_ldap_role_user_login in simple_ldap_role/
simple_ldap_role.module - Implements hook_user_login().
File
- simple_ldap_role/
simple_ldap_role.module, line 242 - Main simple_ldap_role module file.
Code
function simple_ldap_role_sync_user_to_drupal($drupal_user) {
// Get module configuration.
$basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
$scope = simple_ldap_role_variable_get('simple_ldap_role_scope');
$attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
// Get an LDAP server object.
$server = SimpleLdapServer::singleton();
// Determine the search string to use.
if ($attribute_member_format == 'dn') {
$ldap_user = SimpleLdapUser::singleton($drupal_user->name);
$search = $ldap_user->dn;
}
else {
$search = $drupal_user->name;
}
// Generate the LDAP search filter.
$filter = '(&(' . $attribute_member . '=' . $search . ')' . SimpleLdapRole::filter() . ')';
// Get a list of LDAP groups for this user.
$ldap_groups = $server
->search($basedn, $filter, $scope);
// Initialize the $edit array.
$edit['roles'] = array();
// Check that the groups match between Drupal and LDAP.
$dirty = FALSE;
for ($i = 0; $i < $ldap_groups['count']; $i++) {
$name = $ldap_groups[$i][$attribute_name][0];
// Try to load the role.
$drupal_role = user_role_load_by_name($name);
// The role does not exist, create it.
if ($drupal_role === FALSE) {
$role = new stdClass();
$role->name = $name;
user_role_save($role);
$drupal_role = user_role_load_by_name($name);
}
// The role is not currently present in the user. Flag a user_save().
if (!in_array($name, $drupal_user->roles)) {
$dirty = TRUE;
}
$edit['roles'][$drupal_role->rid] = $drupal_role->name;
}
// Remove Drupal roles that are not set in LDAP.
$diff = array_diff($drupal_user->roles, $edit['roles']);
foreach ($diff as $rid => $name) {
// Account for special groups.
$exclude = array(
DRUPAL_AUTHENTICATED_RID,
DRUPAL_ANONYMOUS_RID,
);
// Allow altering excluded roles.
drupal_alter('simple_ldap_role_exclude', $exclude);
if (in_array($rid, $exclude)) {
$edit['roles'][$rid] = $drupal_user->roles[$rid];
continue;
}
$dirty = TRUE;
}
// Save any changes.
if ($dirty) {
if (!isset($drupal_user->original)) {
// This avoids an infinite load/save loop.
$drupal_user->original = clone $drupal_user;
}
$drupal_user = user_save($drupal_user, $edit);
}
// Synchronized user.
return $drupal_user;
}