function simple_ldap_role_sync_user_to_ldap in Simple LDAP 7.2
Same name and namespace in other branches
- 7 simple_ldap_role/simple_ldap_role.module \simple_ldap_role_sync_user_to_ldap()
Implements hook_sync_user_to_ldap().
Synchronize Drupal roles to LDAP groups.
2 calls to simple_ldap_role_sync_user_to_ldap()
- simple_ldap_role_user_load in simple_ldap_role/
simple_ldap_role.module - Implements hook_user_load().
- simple_ldap_role_user_login in simple_ldap_role/
simple_ldap_role.module - Implements hook_user_login().
File
- simple_ldap_role/
simple_ldap_role.module, line 159 - Main simple_ldap_role module file.
Code
function simple_ldap_role_sync_user_to_ldap($drupal_user) {
// Get module configuration.
$basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
$scope = simple_ldap_role_variable_get('simple_ldap_role_scope');
$objectclass = simple_ldap_role_variable_get('simple_ldap_role_objectclass');
$attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
$attribute_member_default = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default');
// Get an LDAP server object.
$server = SimpleLdapServer::singleton();
// Determine the search string to use depending on the module configuration.
if ($attribute_member_format == 'dn') {
$ldap_user = SimpleLdapUser::singleton($drupal_user->name);
$search = $ldap_user->dn;
}
else {
$search = $drupal_user->name;
}
// Generate the LDAP search filter.
$safe_search = preg_replace(array(
'/\\(/',
'/\\)/',
), array(
'\\\\(',
'\\\\)',
), $search);
$filter = '(&(' . $attribute_member . '=' . $safe_search . ')' . SimpleLdapRole::filter() . ')';
// Get a list of LDAP groups of which this user is a member.
$ldap_groups = $server
->search($basedn, $filter, $scope, array(
$attribute_name,
$attribute_member,
));
// Get a list of Drupal roles for this user.
$drupal_roles = array();
foreach (array_keys($drupal_user->roles) as $rid) {
// Skip "special" roles.
$exclude = array(
DRUPAL_AUTHENTICATED_RID,
DRUPAL_ANONYMOUS_RID,
);
// Allow altering excluded roles.
drupal_alter('simple_ldap_role_exclude', $exclude);
if (in_array($rid, $exclude)) {
continue;
}
$role = user_role_load($rid);
$drupal_roles[$rid] = $role->name;
}
foreach ($drupal_roles as $rid => $name) {
// Check if the user is a member of the ldap group.
$found = FALSE;
for ($i = 0; $i < $ldap_groups['count']; $i++) {
if (isset($ldap_groups[$i][$attribute_name][0]) && $ldap_groups[$i][$attribute_name][0] == $name) {
$found = TRUE;
}
}
// Add or modify the LDAP group to make sure the user is a member.
if (!$found) {
$ldap_group = SimpleLdapRole::singleton($name);
$ldap_group
->addUser($drupal_user->name);
$ldap_group
->save();
}
}
// Check if the member attribute is required.
$required = FALSE;
foreach ($objectclass as $o) {
$must = $server->schema
->must($o, TRUE);
$required = $required || in_array($attribute_member, $must);
}
// Remove user from LDAP groups.
for ($i = 0; $i < $ldap_groups['count']; $i++) {
$name = $ldap_groups[$i][$attribute_name][0];
$dn = $ldap_groups[$i]['dn'];
if (!in_array($name, $drupal_roles)) {
$ldap_group = SimpleLdapRole::singleton($name);
$ldap_group
->deleteUser($drupal_user->name);
$ldap_group
->save();
}
}
}