}
}
}
+ if ($this->config->suspended_attribute && $this->config->sync_suspended) {
+ $updatekeys[] = 'suspended';
+ }
unset($all_keys); unset($key);
} else {
// get_userinfo_asobj() might have replaced $user->username with the value
// from the LDAP server (which can be mixed-case). Make sure it's lowercase
$user->username = trim(core_text::strtolower($user->username));
+ // It isn't possible to just rely on the configured suspension attribute since
+ // things like active directory use bit masks, other things using LDAP might
+ // do different stuff as well.
+ $user->suspended = $this->is_user_suspended($user);
if (empty($user->lang)) {
$user->lang = $CFG->lang;
}
if (!empty($updatekeys)) {
$newuser = new stdClass();
$newuser->id = $userid;
+ $newuser->suspended = $this->is_user_suspended((object) $newinfo);
foreach ($updatekeys as $key) {
if (isset($newinfo[$key])) {
}
}
$moodleattributes['username'] = core_text::strtolower(trim($this->config->user_attribute));
+ $moodleattributes['suspended'] = core_text::strtolower(trim($this->config->suspended_attribute));
return $moodleattributes;
}
if (!isset($config->user_attribute)) {
$config->user_attribute = '';
}
+ if (!isset($config->suspended_attribute)) {
+ $config->suspended_attribute = '';
+ }
+ if (!isset($config->sync_suspended)) {
+ $config->sync_suspended = false;
+ }
if (!isset($config->search_sub)) {
$config->search_sub = '';
}
set_config('contexts', $config->contexts, $this->pluginconfig);
set_config('user_type', core_text::strtolower(trim($config->user_type)), $this->pluginconfig);
set_config('user_attribute', core_text::strtolower(trim($config->user_attribute)), $this->pluginconfig);
+ set_config('suspended_attribute', core_text::strtolower(trim($config->suspended_attribute)), $this->pluginconfig);
+ set_config('sync_suspended', $config->sync_suspended, $this->pluginconfig);
set_config('search_sub', $config->search_sub, $this->pluginconfig);
set_config('opt_deref', $config->opt_deref, $this->pluginconfig);
set_config('preventpassindb', $config->preventpassindb, $this->pluginconfig);
return false;
}
+ /**
+ * Check if a user is suspended. This function is intended to be used after calling
+ * get_userinfo_asobj. This is needed because LDAP doesn't have a notion of disabled
+ * users, however things like MS Active Directory support it and expose information
+ * through a field.
+ *
+ * @param object $user the user object returned by get_userinfo_asobj
+ * @return boolean
+ */
+ protected function is_user_suspended($user) {
+ if (!$this->config->suspended_attribute || !isset($user->suspended)) {
+ return false;
+ }
+ if ($this->config->suspended_attribute == 'useraccountcontrol' && $this->config->user_type == 'ad') {
+ return (bool)($user->suspended & AUTH_AD_ACCOUNTDISABLE);
+ }
+
+ return (bool)$user->suspended;
+ }
+
} // End of the class
if (!isset($config->user_attribute)) {
$config->user_attribute = '';
}
+if (!isset($config->suspended_attribute)) {
+ $config->suspended_attribute = '';
+}
+if (!isset($config->sync_suspended)) {
+ $config->sync_suspended = '';
+}
if (!isset($config->search_sub)) {
$config->search_sub = '';
}
<?php print_string('auth_ldap_user_attribute', 'auth_ldap') ?>
</td>
</tr>
+<tr valign="top" class="required">
+ <td align="right">
+ <label for="suspended_attribute"><?php print_string('auth_ldap_suspended_attribute_key', 'auth_ldap') ?></label>
+ </td>
+ <td>
+ <input name="suspended_attribute" id="suspended_attribute" type="text" size="30" value="<?php echo $config->suspended_attribute?>" />
+ <?php if (isset($err['suspended_attribute'])) { echo $OUTPUT->error_text($err['suspended_attribute']); } ?>
+ </td>
+ <td>
+ <?php print_string('auth_ldap_suspended_attribute', 'auth_ldap') ?>
+ </td>
+</tr>
<tr valign="top" class="required">
<td align="right">
<label for="memberattribute"><?php print_string('auth_ldap_memberattribute_key', 'auth_ldap') ?></label>
<?php print_string('auth_remove_user', 'auth') ?>
</td>
</tr>
+<tr valign="top">
+ <td align="right">
+ <label for="menusyncs_uspended"><?php print_string('auth_sync_suspended_key', 'auth') ?></label>
+ </td>
+ <td>
+ <?php echo html_writer::select($yesno, 'sync_suspended', $config->sync_suspended, false); ?>
+ </td>
+ <td>
+ <?php print_string('auth_sync_suspended', 'auth'); ?>
+ </td>
+</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ntlmsso', 'auth_ldap') ?></h4>
$string['auth_ldap_update_userinfo'] = 'Update user information (firstname, lastname, address..) from LDAP to Moodle. Specify "Data mapping" settings as you need.';
$string['auth_ldap_user_attribute'] = 'Optional: Overrides the attribute used to name/search users. Usually \'cn\'.';
$string['auth_ldap_user_attribute_key'] = 'User attribute';
+$string['auth_ldap_suspended_attribute'] = 'Optional: When provided this attribute will be used to enable/suspend the locally created user account.';
+$string['auth_ldap_suspended_attribute_key'] = 'Suspended attribute';
$string['auth_ldap_user_exists'] = 'LDAP username already exists.';
$string['auth_ldap_user_settings'] = 'User lookup settings';
$string['auth_ldap_user_type'] = 'Select how users are stored in LDAP. This setting also specifies how login expiration, grace logins and user creation will work.';
$string['auth_remove_suspend'] = 'Suspend internal';
$string['auth_remove_user'] = 'Specify what to do with internal user account during mass synchronization when user was removed from external source. Only suspended users are automatically revived if they reappear in ext source.';
$string['auth_remove_user_key'] = 'Removed ext user';
+$string['auth_sync_suspended'] = 'When enabled, the suspended attribute will be used to update the local user account\'s suspension status.';
+$string['auth_sync_suspended_key'] = 'Synchronize local user suspension status';
$string['auth_sync_script'] = 'User account syncronisation';
$string['auth_updatelocal'] = 'Update local';
$string['auth_updatelocal_expl'] = '<p><b>Update local:</b> If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.</p>';
