/**
* Verifies that the user exists in the LDAP directory.
*/
public function load($ids = array(), $conditions = array())
{
$users = parent::load($ids, $conditions);
// Validate users against LDAP directory.
foreach ($users as $uid => $drupal_user) {
// Do not validate user/1, anonymous users, or blocked users.
if ($uid == 1 || $uid == 0 || $drupal_user->status == 0) {
continue;
}
// Try to load the user from LDAP.
$ldap_user = SimpleLdapUser::singleton($drupal_user->name);
// Check to see if the user should be kept.
$result = array_filter(module_invoke_all('simple_ldap_user_should_delete_user', $drupal_user, $ldap_user));
foreach ($result as $res) {
if ($res === TRUE) {
$this->delete_single($drupal_user);
$users[$uid] = NULL;
continue;
}
}
if (!$ldap_user->exists) {
// Block the user if it does not exist in LDAP.
$this->blockUser($drupal_user);
}
// Active Directory uses a bitmask to specify certain flags on an account,
// including whether it is enabled. http://support.microsoft.com/kb/305144
if ($ldap_user->server->type == 'Active Directory') {
if (isset($ldap_user->useraccountcontrol[0]) && (int) $ldap_user->useraccountcontrol[0] & 2) {
$this->blockUser($drupal_user);
}
}
}
return $users;
}
/**
* Synchronizes a Drupal user to LDAP.
*
* This hook is called when simple_ldap_user needs to synchronize Drupal user
* data to LDAP.
*
* This example sets the LDAP employeeType attribute to "full-time"
*
* @param StdClass $user
* The full Drupal user object that is being synchronized.
*/
function hook_sync_user_to_ldap($user)
{
$ldap_user = SimpleLdapUser::singleton($user->name);
$ldap_user->employeeType = 'full-time';
$ldap_user->save();
}
/**
* Constructor.
*
* @param string $name
* The Drupal username.
*/
public function __construct($name)
{
$parameters = array('binddn' => variable_get('simple_ldap_sso_binddn'), 'bindpw' => variable_get('simple_ldap_sso_bindpw'), 'readonly' => FALSE);
// If this site is in RO mode, use a separate server connection with the
// above RW credentials.
$this->server = variable_get('simple_ldap_readonly') ? new SimpleLdapServer($parameters) : SimpleLdapServer::singleton();
// Get the LDAP configuration.
$ldap_user = SimpleLdapUser::singleton($name);
$this->dn = $ldap_user->dn;
}
/**
* Remove an LDAP user from the LDAP group.
*/
public function deleteUser($user)
{
// Make sure the user is a SimpleLdapUser object.
if (is_string($user)) {
$user = SimpleLdapUser::singleton($user);
}
// Get the module configuration.
$user_attribute_name = simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
$attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');
// Determine the member attribute format.
if ($attribute_member_format == 'dn') {
$member = $user->dn;
} else {
$member = $user->{$user_attribute_name}[0];
}
// Remove the user from this group.
if (is_array($this->attributes[$attribute_member])) {
$key = array_search($member, $this->attributes[$attribute_member]);
if ($key !== FALSE) {
unset($this->attributes[$attribute_member][$key]);
if (isset($this->attributes[$attribute_member]['count'])) {
unset($this->attributes[$attribute_member]['count']);
}
$this->attributes[$attribute_member] = array_values($this->attributes[$attribute_member]);
$this->attributes[$attribute_member]['count'] = count($this->attributes[$attribute_member]);
$this->dirty = TRUE;
}
}
}
/**
* Clear the cache for the given username.
*
* @param string $name
* If specified, clear the cache entry for the given user. If not
* specified, all cache entries are cleared.
*/
public static function reset($name = NULL)
{
if ($name === NULL) {
self::$users = array();
} else {
unset(self::$users[$name]);
}
}