You are here

Home » API reference » Simple LDAP 7.2 » simple_ldap_role.module

function simple_ldap_role_sync_user_to_drupal in Simple LDAP 7.2

Same name and namespace in other branches
  1. 7 simple_ldap_role/simple_ldap_role.module \simple_ldap_role_sync_user_to_drupal()

Synchronize LDAP groups to Drupal roles.

2 calls to simple_ldap_role_sync_user_to_drupal()
simple_ldap_role_user_load in simple_ldap_role/simple_ldap_role.module
Implements hook_user_load().
simple_ldap_role_user_login in simple_ldap_role/simple_ldap_role.module
Implements hook_user_login().

File

simple_ldap_role/simple_ldap_role.module, line 242
Main simple_ldap_role module file.

Code

function simple_ldap_role_sync_user_to_drupal($drupal_user) {

  // Get module configuration.
  $basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
  $scope = simple_ldap_role_variable_get('simple_ldap_role_scope');
  $attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
  $attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
  $attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');

  // Get an LDAP server object.
  $server = SimpleLdapServer::singleton();

  // Determine the search string to use.
  if ($attribute_member_format == 'dn') {
    $ldap_user = SimpleLdapUser::singleton($drupal_user->name);
    $search = $ldap_user->dn;
  }
  else {
    $search = $drupal_user->name;
  }

  // Generate the LDAP search filter.
  $filter = '(&(' . $attribute_member . '=' . $search . ')' . SimpleLdapRole::filter() . ')';

  // Get a list of LDAP groups for this user.
  $ldap_groups = $server
    ->search($basedn, $filter, $scope);

  // Initialize the $edit array.
  $edit['roles'] = array();

  // Check that the groups match between Drupal and LDAP.
  $dirty = FALSE;
  for ($i = 0; $i < $ldap_groups['count']; $i++) {
    $name = $ldap_groups[$i][$attribute_name][0];

    // Try to load the role.
    $drupal_role = user_role_load_by_name($name);

    // The role does not exist, create it.
    if ($drupal_role === FALSE) {
      $role = new stdClass();
      $role->name = $name;
      user_role_save($role);
      $drupal_role = user_role_load_by_name($name);
    }

    // The role is not currently present in the user. Flag a user_save().
    if (!in_array($name, $drupal_user->roles)) {
      $dirty = TRUE;
    }
    $edit['roles'][$drupal_role->rid] = $drupal_role->name;
  }

  // Remove Drupal roles that are not set in LDAP.
  $diff = array_diff($drupal_user->roles, $edit['roles']);
  foreach ($diff as $rid => $name) {

    // Account for special groups.
    $exclude = array(
      DRUPAL_AUTHENTICATED_RID,
      DRUPAL_ANONYMOUS_RID,
    );

    // Allow altering excluded roles.
    drupal_alter('simple_ldap_role_exclude', $exclude);
    if (in_array($rid, $exclude)) {
      $edit['roles'][$rid] = $drupal_user->roles[$rid];
      continue;
    }
    $dirty = TRUE;
  }

  // Save any changes.
  if ($dirty) {
    if (!isset($drupal_user->original)) {

      // This avoids an infinite load/save loop.
      $drupal_user->original = clone $drupal_user;
    }
    $drupal_user = user_save($drupal_user, $edit);
  }

  // Synchronized user.
  return $drupal_user;
}