Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

auth/ldap: Better warnings and handling of updaging multi-source LDAP…

… fields

 + Raise a warning if the auth_ldap_get_entries for one user record
   returns more than one record (!?)
 + Resolved some subtle bugs when updating a remote LDAP repo from user
   updates. The logic is now simpler too.
 + Simplified the code that compares old/new values
  • Loading branch information...
commit e7cfc5325f363d8b1405f954c18c75edc6146c20 1 parent f5d2ef9
martinlanghoff authored
Showing with 30 additions and 12 deletions.
  1. +30 −12 auth/ldap/lib.php
View
42 auth/ldap/lib.php
@@ -826,10 +826,19 @@ function auth_user_update($olduser, $newuser) {
if ($user_info_result){
$user_entry = auth_ldap_get_entries($ldapconnection, $user_info_result);
+ if (count($user_entry)) {
+ trigger_error("ldap: Strange! More than one user record found in ldap. Only using the first one.");
+ }
+ $user_entry = $user_entry[0];
+
//error_log(var_export($user_entry) . 'fpp' );
foreach ($attrmap as $key=>$ldapkeys){
- if (!empty($pcfg->{'field_updateremote_'. $key})) {
+
+ // only process if the moodle field ($key) has changed and we
+ // are set to update LDAP with it
+ if ($olduser->$key !== $newuser->$key &&
+ !empty($pcfg->{'field_updateremote_'. $key})) {
// for ldap values that could be in more than one
// ldap key, we will do our best to match
@@ -844,26 +853,35 @@ function auth_user_update($olduser, $newuser) {
}
foreach ($ldapkeys as $ldapkey) {
+ $ldapkey = strtolower($ldapkey);
+ $ldapvalue = $user_entry[$ldapkey][0];
if (!$ambiguous) {
// skip update if the values already match
- if( !($newuser->$key === $user_entry[0][strtolower($ldapkey)][0]) ){
+ if( !($newuser->$key === $ldapvalue) ){
ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key));
} else {
error_log("Skip updating field $key for entry $user_dn: it seems to be already same on LDAP. " .
" old moodle value: '" . $olduser->$key .
"' new value '" . $newuser->$key .
- "' current value in ldap entry " . $user_entry[0][strtolower($ldapkey)][0]);
+ "' current value in ldap entry " . $ldapvalue);
}
} else { // ambiguous
- // check the old values match
- //error_log("keys $key $ldapkey");
- //error_log("olduser " . $olduser->$key);
- //error_log("ldapuser " . $user_entry[0][strtolower($ldapkey)][0]);
- if ( !empty($olduser->$key)
- && !empty($user_entry[0][strtolower($ldapkey)][0])
- && $olduser->$key === $user_entry[0][strtolower($ldapkey)][0] ) {
- // we found which value to update!
- error_log("Matched: ". $olduser->$key . " === " . $user_entry[0][strtolower($ldapkey)][0]);
+ // value empty before in Moodle (and LDAP) - use 1st ldap candidate field
+ // no need to guess
+ if (empty($olduser->$key)) { // value empty before - use 1st ldap candidate
+ if(ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key))){
+ $changed=true;
+ last;
+ } else {
+ error ('Error updating LDAP record. Error code: '
+ . ldap_errno($ldapconnection) . '; Error string : '
+ . ldap_err2str(ldap_errno($ldapconnection)));
+ }
+ }
+
+ // we found which ldap key to update!
+ if ( !empty($ldapvalue) && $olduser->$key === $ldapvalue ) {
+ // error_log("Matched: ". $olduser->$key . " === " . $ldapvalue);
if(ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key))){
$changed=true;
last;
Please sign in to comment.
Something went wrong with that request. Please try again.