function drupalLdapUpdateUser($edit = array(), $ldap_authenticated = FALSE, $user) { if (count($edit)) { $user = user_save($user, $edit); } if ($ldap_authenticated) { user_set_authmaps($user, array('authname_ldap_authentication' => $user->name)); } return $user; }
function brukar_client_login($data) { global $user; $edit = array('name' => t(variable_get('brukar_name', '!name'), array('!name' => $data['name'], '!sident' => substr($data['id'], 0, 4), '!ident' => $data['id'])), 'mail' => $data['mail'], 'status' => 1, 'data' => array('brukar' => $data)); if ($user->uid != 0) { user_save($user, $edit); user_set_authmaps($user, array('authname_brukar' => $data['id'])); drupal_goto('user'); } $authmap_user = db_query('SELECT uid FROM {authmap} WHERE module = :module AND authname = :ident', array(':ident' => $data['id'], ':module' => 'brukar'))->fetch(); if ($authmap_user === FALSE) { $provided = module_invoke_all('brukar_client_user', $edit); $user = !empty($provided) ? $provided[0] : user_save(user_load_by_mail($data['mail']), $edit); user_set_authmaps($user, array('authname_brukar' => $data['id'])); } else { $user = user_save(user_load($authmap_user->uid), $edit); } $form_state = (array) $user; user_login_submit(array(), $form_state); // Better solution available? $query = $_GET; unset($query['q']); drupal_goto($_GET['q'] == variable_get('site_frontpage') ? '<front>' : url($_GET['q'], array('absolute' => TRUE, 'query' => $query))); }
/** * given a drupal account, query ldap and get all user fields and save user account * (note: parameters are in odd order to match synchDrupalAccount handle) * * @param array $account drupal account object or null * @param array $user_edit drupal edit array in form user_save($account, $user_edit) would take. * @param array $ldap_user as user's ldap entry. passed to avoid requerying ldap in cases where already present * @param boolean $save indicating if drupal user should be saved. generally depends on where function is called from and if the * * @return result of user_save() function is $save is true, otherwise return TRUE on success or FALSE on any problem * $user_edit data returned by reference * */ public function provisionDrupalAccount($account = FALSE, &$user_edit, $ldap_user = NULL, $save = TRUE) { //dpm("provisionDrupalAccount"); dpm($ldap_user); $watchdog_tokens = array(); /** * @todo * -- add error catching for conflicts, conflicts should be checked before calling this function. * */ if (!$account) { $account = new stdClass(); } $account->is_new = TRUE; if (!$ldap_user && !isset($user_edit['name'])) { return FALSE; } if (!$ldap_user) { $watchdog_tokens['%username'] = $user_edit['name']; if ($this->drupalAcctProvisionServer) { $ldap_user = ldap_servers_get_user_ldap_data($user_edit['name'], $this->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal'); } if (!$ldap_user) { if ($this->detailedWatchdog) { watchdog('ldap_user', '%username : failed to find associated ldap entry for username in provision.', $watchdog_tokens, WATCHDOG_DEBUG); } return FALSE; } } // dpm('ldap_user 675');dpm($ldap_user); if (!isset($user_edit['name']) && isset($account->name)) { $user_edit['name'] = $account->name; $watchdog_tokens['%username'] = $user_edit['name']; } if ($this->drupalAcctProvisionServer) { // dpm("this->drupalAcctProvisionServer=" . $this->drupalAcctProvisionServer); $ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, 'enabled', TRUE); // $ldap_user['sid'] $params = array('account' => $account, 'user_edit' => $user_edit, 'prov_event' => LDAP_USER_EVENT_CREATE_DRUPAL_USER, 'module' => 'ldap_user', 'function' => 'provisionDrupalAccount', 'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER); drupal_alter('ldap_entry', $ldap_user, $params); // look for existing drupal account with same puid. if so update username and attempt to synch in current context $puid = $ldap_server->userPuidFromLdapEntry($ldap_user['attr']); $account2 = $puid ? $ldap_server->userUserEntityFromPuid($puid) : FALSE; if ($account2) { // synch drupal account, since drupal account exists // 1. correct username and authmap $this->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER)); $account = user_save($account2, $user_edit, 'ldap_user'); user_set_authmaps($account, array("authname_ldap_user" => $user_edit['name'])); // 2. attempt synch if appropriate for current context if ($account) { $account = $this->synchToDrupalAccount($account, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user, TRUE); } return $account; } else { // create drupal account $this->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_CREATE_DRUPAL_USER)); if ($save) { $account = user_save(NULL, $user_edit, 'ldap_user'); if (!$account) { drupal_set_message(t('User account creation failed because of system problems.'), 'error'); } else { user_set_authmaps($account, array('authname_ldap_user' => $user_edit['name'])); } return $account; } return TRUE; } } }
/** * given a drupal account, query ldap and get all user fields and save user account * (note: parameters are in odd order to match synchDrupalAccount handle) * * @param array $account drupal account object or null * @param array $user_edit drupal edit array in form user_save($account, $user_edit) would take. * @param array $ldap_user as user's ldap entry. passed to avoid requerying ldap in cases where already present * @param boolean $save indicating if drupal user should be saved. generally depends on where function is called from and if the * * @return result of user_save() function is $save is true, otherwise return TRUE on success or FALSE on any problem * $user_edit data returned by reference * */ public function provisionDrupalAccount($account = FALSE, &$user_edit, $ldap_user = NULL, $save = TRUE) { $watchdog_tokens = array(); /** * @todo * -- add error catching for conflicts, conflicts should be checked before calling this function. * */ if (!$account) { $account = new stdClass(); } $account->is_new = TRUE; if (!$ldap_user && !isset($user_edit['name'])) { return FALSE; } if (!$ldap_user) { $watchdog_tokens['%username'] = $user_edit['name']; if ($this->drupalAcctProvisionServer) { $ldap_user = ldap_servers_get_user_ldap_data($user_edit['name'], $this->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal'); } if (!$ldap_user) { if ($this->detailedWatchdog) { watchdog('ldap_user', '%username : failed to find associated ldap entry for username in provision.', $watchdog_tokens, WATCHDOG_DEBUG); } return FALSE; } } // dpm('ldap_user 675');dpm($ldap_user); if (!isset($user_edit['name']) && isset($account->name)) { $user_edit['name'] = $account->name; $watchdog_tokens['%username'] = $user_edit['name']; } //When using the multi-domain last authentication option //$ldap_server breaks beacause $this->drupalAcctProvisionServer is set on LDAP_USER_AUTH_SERVER_SID //So we need to check it's not the case before using ldap_servers_get_servers if ($this->drupalAcctProvisionServer && $this->drupalAcctProvisionServer != LDAP_USER_AUTH_SERVER_SID) { $ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, 'enabled', TRUE); // $ldap_user['sid'] $params = array('account' => $account, 'user_edit' => $user_edit, 'prov_event' => LDAP_USER_EVENT_CREATE_DRUPAL_USER, 'module' => 'ldap_user', 'function' => 'provisionDrupalAccount', 'direction' => LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER); drupal_alter('ldap_entry', $ldap_user, $params); // look for existing drupal account with same puid. if so update username and attempt to synch in current context $puid = $ldap_server->userPuidFromLdapEntry($ldap_user['attr']); $account2 = $puid ? $ldap_server->userUserEntityFromPuid($puid) : FALSE; if ($account2) { // synch drupal account, since drupal account exists // 1. correct username and authmap $this->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER)); $account = user_save($account2, $user_edit, 'ldap_user'); user_set_authmaps($account, array("authname_ldap_user" => $user_edit['name'])); // 2. attempt synch if appropriate for current context if ($account) { $account = $this->synchToDrupalAccount($account, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user, TRUE); } return $account; } else { // create drupal account $this->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_CREATE_DRUPAL_USER)); if ($save) { $watchdog_tokens = array('%drupal_username' => $user_edit['name']); if (empty($user_edit['name'])) { drupal_set_message(t('User account creation failed because of invalid, empty derived Drupal username.'), 'error'); watchdog('ldap_user', 'Failed to create Drupal account %drupal_username because drupal username could not be derived.', $watchdog_tokens, WATCHDOG_ERROR); return FALSE; } if (!isset($user_edit['mail']) || !$user_edit['mail']) { drupal_set_message(t('User account creation failed because of invalid, empty derived email address.'), 'error'); watchdog('ldap_user', 'Failed to create Drupal account %drupal_username because email address could not be derived by LDAP User module', $watchdog_tokens, WATCHDOG_ERROR); return FALSE; } if ($account_with_same_email = user_load_by_mail($user_edit['mail'])) { $watchdog_tokens['%email'] = $user_edit['mail']; $watchdog_tokens['%duplicate_name'] = $account_with_same_email->name; watchdog('ldap_user', 'LDAP user %drupal_username has email address (%email) conflict with a drupal user %duplicate_name', $watchdog_tokens, WATCHDOG_ERROR); drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error'); return FALSE; } $account = user_save(NULL, $user_edit, 'ldap_user'); if (!$account) { drupal_set_message(t('User account creation failed because of system problems.'), 'error'); } else { user_set_authmaps($account, array('authname_ldap_user' => $account->name)); ldap_user_ldap_provision_semaphore('drupal_created', 'set', $account->name); } return $account; } return TRUE; } } }