/** * This command line PHP script will attempt to synchronize an institution list of Mahara accounts with an LDAP directory * * @param string $institutionname Name of the institution to process * @param array $onlycontexts Restrict searching in these contexts (override values set in authentication plugin) * @param boolean $searchsub search in subcontexts (override values set in authentication plugin) * @param string $extrafilterattribute additional LDAP filter to restrict user searching * @param boolean $doupdate update existing Mahara accounts with LDAP data (this may be long-running) * @param boolean $docreate create new accounts * @param string $tousersgonefromldap What to do with Mahara accounts no longer in LDAP. Should be null, 'delete', or 'suspend' * @param boolean $dryrun dummy execution. Do not perform any database operations * @return boolean */ function auth_ldap_sync_users($institutionname, $onlycontexts = null, $searchsub = null, $extrafilterattribute = null, $doupdate = null, $docreate = null, $tousersgonefromldap = null, $dryrun = false) { log_info('---------- started institution user sync for institution "' . $institutionname . '" at ' . date('r', time()) . ' ----------'); $auths = get_records_select_array('auth_instance', "authname in ('cas', 'ldap') and institution=?", array($institutionname)); if (get_config('auth_ldap_debug_sync_cron')) { log_debug("auths candidates : "); var_dump($auths); } if (count($auths) == 0) { log_warn(get_string('nomatchingauths', 'auth.ldap')); return false; } $success = true; foreach ($auths as $auth) { $instance = new AuthLdap($auth->id); // Override the values stored in the auth_instance (i.e., if this is being called from a standalone cron script) $instance->set_config('syncuserscron', true); if ($onlycontexts !== null) { $instance->set_config('contexts', $onlycontexts); } if ($searchsub !== null) { $instance->set_config('search_sub', $searchsub ? 'yes' : 'no'); } if ($extrafilterattribute !== null) { $instance->set_config('syncusersextrafilterattribute', $extrafilterattribute); } if ($doupdate !== null) { $instance->set_config('syncusersupdate', $doupdate); } if ($docreate !== null) { $instance->set_config('syncuserscreate', $docreate); } if ($tousersgonefromldap !== null) { $instance->set_config('syncusersgonefromldap', $tousersgonefromldap); } $success = $success && $instance->sync_users($dryrun); } log_info('---------- finished institutino user sync at ' . date('r', time()) . ' ----------'); return $success; }