Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
  • Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
  • PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
/enrol/ldap/ -> lib.php (source)

Differences Between: [Versions 310 and 311] [Versions 38 and 311] [Versions 39 and 311]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * LDAP enrolment plugin implementation.
  19   *
  20   * This plugin synchronises enrolment and roles with a LDAP server.
  21   *
  22   * @package    enrol_ldap
  23   * @author     Iñaki Arenaza - based on code by Martin Dougiamas, Martin Langhoff and others
  24   * @copyright  1999 onwards Martin Dougiamas {@link http://moodle.com}
  25   * @copyright  2010 Iñaki Arenaza <iarenaza@eps.mondragon.edu>
  26   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  27   */
  28  
  29  defined('MOODLE_INTERNAL') || die();
  30  
  31  class enrol_ldap_plugin extends enrol_plugin {
  32      protected $enrol_localcoursefield = 'idnumber';
  33      protected $enroltype = 'enrol_ldap';
  34      protected $errorlogtag = '[ENROL LDAP] ';
  35  
  36      /**
  37       * The object class to use when finding users.
  38       *
  39       * @var string $userobjectclass
  40       */
  41      protected $userobjectclass;
  42  
  43      /**
  44       * Constructor for the plugin. In addition to calling the parent
  45       * constructor, we define and 'fix' some settings depending on the
  46       * real settings the admin defined.
  47       */
  48      public function __construct() {
  49          global $CFG;
  50          require_once($CFG->libdir.'/ldaplib.php');
  51  
  52          // Do our own stuff to fix the config (it's easier to do it
  53          // here than using the admin settings infrastructure). We
  54          // don't call $this->set_config() for any of the 'fixups'
  55          // (except the objectclass, as it's critical) because the user
  56          // didn't specify any values and relied on the default values
  57          // defined for the user type she chose.
  58          $this->load_config();
  59  
  60          // Make sure we get sane defaults for critical values.
  61          $this->config->ldapencoding = $this->get_config('ldapencoding', 'utf-8');
  62          $this->config->user_type = $this->get_config('user_type', 'default');
  63  
  64          $ldap_usertypes = ldap_supported_usertypes();
  65          $this->config->user_type_name = $ldap_usertypes[$this->config->user_type];
  66          unset($ldap_usertypes);
  67  
  68          $default = ldap_getdefaults();
  69  
  70          // The objectclass in the defaults is for a user.
  71          // This will be required later, but enrol_ldap uses 'objectclass' for its group objectclass.
  72          // Save the normalised user objectclass for later.
  73          $this->userobjectclass = ldap_normalise_objectclass($default['objectclass'][$this->get_config('user_type')]);
  74  
  75          // Remove the objectclass default, as the values specified there are for users, and we are dealing with groups here.
  76          unset($default['objectclass']);
  77  
  78          // Use defaults if values not given. Dont use this->get_config()
  79          // here to be able to check for 0 and false values too.
  80          foreach ($default as $key => $value) {
  81              // Watch out - 0, false are correct values too, so we can't use $this->get_config()
  82              if (!isset($this->config->{$key}) or $this->config->{$key} == '') {
  83                  $this->config->{$key} = $value[$this->config->user_type];
  84              }
  85          }
  86  
  87          // Normalise the objectclass used for groups.
  88          if (empty($this->config->objectclass)) {
  89              // No objectclass set yet - set a default class.
  90              $this->config->objectclass = ldap_normalise_objectclass(null, '*');
  91              $this->set_config('objectclass', $this->config->objectclass);
  92          } else {
  93              $objectclass = ldap_normalise_objectclass($this->config->objectclass);
  94              if ($objectclass !== $this->config->objectclass) {
  95                  // The objectclass was changed during normalisation.
  96                  // Save it in config, and update the local copy of config.
  97                  $this->set_config('objectclass', $objectclass);
  98                  $this->config->objectclass = $objectclass;
  99              }
 100          }
 101      }
 102  
 103      /**
 104       * Is it possible to delete enrol instance via standard UI?
 105       *
 106       * @param object $instance
 107       * @return bool
 108       */
 109      public function can_delete_instance($instance) {
 110          $context = context_course::instance($instance->courseid);
 111          if (!has_capability('enrol/ldap:manage', $context)) {
 112              return false;
 113          }
 114  
 115          if (!enrol_is_enabled('ldap')) {
 116              return true;
 117          }
 118  
 119          if (!$this->get_config('ldap_host') or !$this->get_config('objectclass') or !$this->get_config('course_idnumber')) {
 120              return true;
 121          }
 122  
 123          // TODO: connect to external system and make sure no users are to be enrolled in this course
 124          return false;
 125      }
 126  
 127      /**
 128       * Is it possible to hide/show enrol instance via standard UI?
 129       *
 130       * @param stdClass $instance
 131       * @return bool
 132       */
 133      public function can_hide_show_instance($instance) {
 134          $context = context_course::instance($instance->courseid);
 135          return has_capability('enrol/ldap:manage', $context);
 136      }
 137  
 138      /**
 139       * Forces synchronisation of user enrolments with LDAP server.
 140       * It creates courses if the plugin is configured to do so.
 141       *
 142       * @param object $user user record
 143       * @return void
 144       */
 145      public function sync_user_enrolments($user) {
 146          global $DB;
 147  
 148          // Do not try to print anything to the output because this method is called during interactive login.
 149          if (PHPUNIT_TEST) {
 150              $trace = new null_progress_trace();
 151          } else {
 152              $trace = new error_log_progress_trace($this->errorlogtag);
 153          }
 154  
 155          if (!$this->ldap_connect($trace)) {
 156              $trace->finished();
 157              return;
 158          }
 159  
 160          if (!is_object($user) or !property_exists($user, 'id')) {
 161              throw new coding_exception('Invalid $user parameter in sync_user_enrolments()');
 162          }
 163  
 164          if (!property_exists($user, 'idnumber')) {
 165              debugging('Invalid $user parameter in sync_user_enrolments(), missing idnumber');
 166              $user = $DB->get_record('user', array('id'=>$user->id));
 167          }
 168  
 169          // We may need a lot of memory here
 170          core_php_time_limit::raise();
 171          raise_memory_limit(MEMORY_HUGE);
 172  
 173          // Get enrolments for each type of role.
 174          $roles = get_all_roles();
 175          $enrolments = array();
 176          foreach($roles as $role) {
 177              // Get external enrolments according to LDAP server
 178              $enrolments[$role->id]['ext'] = $this->find_ext_enrolments($user->idnumber, $role);
 179  
 180              // Get the list of current user enrolments that come from LDAP
 181              $sql= "SELECT e.courseid, ue.status, e.id as enrolid, c.shortname
 182                       FROM {user} u
 183                       JOIN {role_assignments} ra ON (ra.userid = u.id AND ra.component = 'enrol_ldap' AND ra.roleid = :roleid)
 184                       JOIN {user_enrolments} ue ON (ue.userid = u.id AND ue.enrolid = ra.itemid)
 185                       JOIN {enrol} e ON (e.id = ue.enrolid)
 186                       JOIN {course} c ON (c.id = e.courseid)
 187                      WHERE u.deleted = 0 AND u.id = :userid";
 188              $params = array ('roleid'=>$role->id, 'userid'=>$user->id);
 189              $enrolments[$role->id]['current'] = $DB->get_records_sql($sql, $params);
 190          }
 191  
 192          $ignorehidden = $this->get_config('ignorehiddencourses');
 193          $courseidnumber = $this->get_config('course_idnumber');
 194          foreach($roles as $role) {
 195              foreach ($enrolments[$role->id]['ext'] as $enrol) {
 196                  $course_ext_id = $enrol[$courseidnumber][0];
 197                  if (empty($course_ext_id)) {
 198                      $trace->output(get_string('extcourseidinvalid', 'enrol_ldap'));
 199                      continue; // Next; skip this one!
 200                  }
 201  
 202                  // Create the course if required
 203                  $course = $DB->get_record('course', array($this->enrol_localcoursefield=>$course_ext_id));
 204                  if (empty($course)) { // Course doesn't exist
 205                      if ($this->get_config('autocreate')) { // Autocreate
 206                          $trace->output(get_string('createcourseextid', 'enrol_ldap', array('courseextid'=>$course_ext_id)));
 207                          if (!$newcourseid = $this->create_course($enrol, $trace)) {
 208                              continue;
 209                          }
 210                          $course = $DB->get_record('course', array('id'=>$newcourseid));
 211                      } else {
 212                          $trace->output(get_string('createnotcourseextid', 'enrol_ldap', array('courseextid'=>$course_ext_id)));
 213                          continue; // Next; skip this one!
 214                      }
 215                  }
 216  
 217                  // Deal with enrolment in the moodle db
 218                  // Add necessary enrol instance if not present yet;
 219                  $sql = "SELECT c.id, c.visible, e.id as enrolid
 220                            FROM {course} c
 221                            JOIN {enrol} e ON (e.courseid = c.id AND e.enrol = 'ldap')
 222                           WHERE c.id = :courseid";
 223                  $params = array('courseid'=>$course->id);
 224                  if (!($course_instance = $DB->get_record_sql($sql, $params, IGNORE_MULTIPLE))) {
 225                      $course_instance = new stdClass();
 226                      $course_instance->id = $course->id;
 227                      $course_instance->visible = $course->visible;
 228                      $course_instance->enrolid = $this->add_instance($course_instance);
 229                  }
 230  
 231                  if (!$instance = $DB->get_record('enrol', array('id'=>$course_instance->enrolid))) {
 232                      continue; // Weird; skip this one.
 233                  }
 234  
 235                  if ($ignorehidden && !$course_instance->visible) {
 236                      continue;
 237                  }
 238  
 239                  if (empty($enrolments[$role->id]['current'][$course->id])) {
 240                      // Enrol the user in the given course, with that role.
 241                      $this->enrol_user($instance, $user->id, $role->id);
 242                      // Make sure we set the enrolment status to active. If the user wasn't
 243                      // previously enrolled to the course, enrol_user() sets it. But if we
 244                      // configured the plugin to suspend the user enrolments _AND_ remove
 245                      // the role assignments on external unenrol, then enrol_user() doesn't
 246                      // set it back to active on external re-enrolment. So set it
 247                      // unconditionnally to cover both cases.
 248                      $DB->set_field('user_enrolments', 'status', ENROL_USER_ACTIVE, array('enrolid'=>$instance->id, 'userid'=>$user->id));
 249                      $trace->output(get_string('enroluser', 'enrol_ldap',
 250                          array('user_username'=> $user->username,
 251                                'course_shortname'=>$course->shortname,
 252                                'course_id'=>$course->id)));
 253                  } else {
 254                      if ($enrolments[$role->id]['current'][$course->id]->status == ENROL_USER_SUSPENDED) {
 255                          // Reenable enrolment that was previously disabled. Enrolment refreshed
 256                          $DB->set_field('user_enrolments', 'status', ENROL_USER_ACTIVE, array('enrolid'=>$instance->id, 'userid'=>$user->id));
 257                          $trace->output(get_string('enroluserenable', 'enrol_ldap',
 258                              array('user_username'=> $user->username,
 259                                    'course_shortname'=>$course->shortname,
 260                                    'course_id'=>$course->id)));
 261                      }
 262                  }
 263  
 264                  // Remove this course from the current courses, to be able to detect
 265                  // which current courses should be unenroled from when we finish processing
 266                  // external enrolments.
 267                  unset($enrolments[$role->id]['current'][$course->id]);
 268              }
 269  
 270              // Deal with unenrolments.
 271              $transaction = $DB->start_delegated_transaction();
 272              foreach ($enrolments[$role->id]['current'] as $course) {
 273                  $context = context_course::instance($course->courseid);
 274                  $instance = $DB->get_record('enrol', array('id'=>$course->enrolid));
 275                  switch ($this->get_config('unenrolaction')) {
 276                      case ENROL_EXT_REMOVED_UNENROL:
 277                          $this->unenrol_user($instance, $user->id);
 278                          $trace->output(get_string('extremovedunenrol', 'enrol_ldap',
 279                              array('user_username'=> $user->username,
 280                                    'course_shortname'=>$course->shortname,
 281                                    'course_id'=>$course->courseid)));
 282                          break;
 283                      case ENROL_EXT_REMOVED_KEEP:
 284                          // Keep - only adding enrolments
 285                          break;
 286                      case ENROL_EXT_REMOVED_SUSPEND:
 287                          if ($course->status != ENROL_USER_SUSPENDED) {
 288                              $DB->set_field('user_enrolments', 'status', ENROL_USER_SUSPENDED, array('enrolid'=>$instance->id, 'userid'=>$user->id));
 289                              $trace->output(get_string('extremovedsuspend', 'enrol_ldap',
 290                                  array('user_username'=> $user->username,
 291                                        'course_shortname'=>$course->shortname,
 292                                        'course_id'=>$course->courseid)));
 293                          }
 294                          break;
 295                      case ENROL_EXT_REMOVED_SUSPENDNOROLES:
 296                          if ($course->status != ENROL_USER_SUSPENDED) {
 297                              $DB->set_field('user_enrolments', 'status', ENROL_USER_SUSPENDED, array('enrolid'=>$instance->id, 'userid'=>$user->id));
 298                          }
 299                          role_unassign_all(array('contextid'=>$context->id, 'userid'=>$user->id, 'component'=>'enrol_ldap', 'itemid'=>$instance->id));
 300                          $trace->output(get_string('extremovedsuspendnoroles', 'enrol_ldap',
 301                              array('user_username'=> $user->username,
 302                                    'course_shortname'=>$course->shortname,
 303                                    'course_id'=>$course->courseid)));
 304                          break;
 305                  }
 306              }
 307              $transaction->allow_commit();
 308          }
 309  
 310          $this->ldap_close();
 311  
 312          $trace->finished();
 313      }
 314  
 315      /**
 316       * Forces synchronisation of all enrolments with LDAP server.
 317       * It creates courses if the plugin is configured to do so.
 318       *
 319       * @param progress_trace $trace
 320       * @param int|null $onecourse limit sync to one course->id, null if all courses
 321       * @return void
 322       */
 323      public function sync_enrolments(progress_trace $trace, $onecourse = null) {
 324          global $CFG, $DB;
 325  
 326          if (!$this->ldap_connect($trace)) {
 327              $trace->finished();
 328              return;
 329          }
 330  
 331          $ldap_pagedresults = ldap_paged_results_supported($this->get_config('ldap_version'), $this->ldapconnection);
 332  
 333          // we may need a lot of memory here
 334          core_php_time_limit::raise();
 335          raise_memory_limit(MEMORY_HUGE);
 336  
 337          $oneidnumber = null;
 338          if ($onecourse) {
 339              if (!$course = $DB->get_record('course', array('id'=>$onecourse), 'id,'.$this->enrol_localcoursefield)) {
 340                  // Course does not exist, nothing to do.
 341                  $trace->output("Requested course $onecourse does not exist, no sync performed.");
 342                  $trace->finished();
 343                  return;
 344              }
 345              if (empty($course->{$this->enrol_localcoursefield})) {
 346                  $trace->output("Requested course $onecourse does not have {$this->enrol_localcoursefield}, no sync performed.");
 347                  $trace->finished();
 348                  return;
 349              }
 350              $oneidnumber = ldap_filter_addslashes(core_text::convert($course->idnumber, 'utf-8', $this->get_config('ldapencoding')));
 351          }
 352  
 353          // Get enrolments for each type of role.
 354          $roles = get_all_roles();
 355          $enrolments = array();
 356          foreach($roles as $role) {
 357              // Get all contexts
 358              $ldap_contexts = explode(';', $this->config->{'contexts_role'.$role->id});
 359  
 360              // Get all the fields we will want for the potential course creation
 361              // as they are light. Don't get membership -- potentially a lot of data.
 362              $ldap_fields_wanted = array('dn', $this->config->course_idnumber);
 363              if (!empty($this->config->course_fullname)) {
 364                  array_push($ldap_fields_wanted, $this->config->course_fullname);
 365              }
 366              if (!empty($this->config->course_shortname)) {
 367                  array_push($ldap_fields_wanted, $this->config->course_shortname);
 368              }
 369              if (!empty($this->config->course_summary)) {
 370                  array_push($ldap_fields_wanted, $this->config->course_summary);
 371              }
 372              array_push($ldap_fields_wanted, $this->config->{'memberattribute_role'.$role->id});
 373  
 374              // Define the search pattern
 375              $ldap_search_pattern = $this->config->objectclass;
 376  
 377              if ($oneidnumber !== null) {
 378                  $ldap_search_pattern = "(&$ldap_search_pattern({$this->config->course_idnumber}=$oneidnumber))";
 379              }
 380  
 381              $ldap_cookie = '';
 382              $servercontrols = array();
 383              foreach ($ldap_contexts as $ldap_context) {
 384                  $ldap_context = trim($ldap_context);
 385                  if (empty($ldap_context)) {
 386                      continue; // Next;
 387                  }
 388  
 389                  $flat_records = array();
 390                  do {
 391                      if ($ldap_pagedresults) {
 392                          $servercontrols = array(array(
 393                              'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array(
 394                                  'size' => $this->config->pagesize, 'cookie' => $ldap_cookie)));
 395                      }
 396  
 397                      if ($this->config->course_search_sub) {
 398                          // Use ldap_search to find first user from subtree
 399                          $ldap_result = @ldap_search($this->ldapconnection, $ldap_context,
 400                              $ldap_search_pattern, $ldap_fields_wanted,
 401                              0, -1, -1, LDAP_DEREF_NEVER, $servercontrols);
 402                      } else {
 403                          // Search only in this context
 404                          $ldap_result = @ldap_list($this->ldapconnection, $ldap_context,
 405                              $ldap_search_pattern, $ldap_fields_wanted,
 406                              0, -1, -1, LDAP_DEREF_NEVER, $servercontrols);
 407                      }
 408                      if (!$ldap_result) {
 409                          continue; // Next
 410                      }
 411  
 412                      if ($ldap_pagedresults) {
 413                          // Get next server cookie to know if we'll need to continue searching.
 414                          $ldap_cookie = '';
 415                          // Get next cookie from controls.
 416                          ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn,
 417                              $errmsg, $referrals, $controls);
 418                          if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
 419                              $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
 420                          }
 421                      }
 422  
 423                      // Check and push results
 424                      $records = ldap_get_entries($this->ldapconnection, $ldap_result);
 425  
 426                      // LDAP libraries return an odd array, really. fix it:
 427                      for ($c = 0; $c < $records['count']; $c++) {
 428                          array_push($flat_records, $records[$c]);
 429                      }
 430                      // Free some mem
 431                      unset($records);
 432                  } while ($ldap_pagedresults && !empty($ldap_cookie));
 433  
 434                  // If LDAP paged results were used, the current connection must be completely
 435                  // closed and a new one created, to work without paged results from here on.
 436                  if ($ldap_pagedresults) {
 437                      $this->ldap_close();
 438                      $this->ldap_connect($trace);
 439                  }
 440  
 441                  if (count($flat_records)) {
 442                      $ignorehidden = $this->get_config('ignorehiddencourses');
 443                      foreach($flat_records as $course) {
 444                          $course = array_change_key_case($course, CASE_LOWER);
 445                          $idnumber = $course[$this->config->course_idnumber][0];
 446                          $trace->output(get_string('synccourserole', 'enrol_ldap', array('idnumber'=>$idnumber, 'role_shortname'=>$role->shortname)));
 447  
 448                          // Does the course exist in moodle already?
 449                          $course_obj = $DB->get_record('course', array($this->enrol_localcoursefield=>$idnumber));
 450                          if (empty($course_obj)) { // Course doesn't exist
 451                              if ($this->get_config('autocreate')) { // Autocreate
 452                                  $trace->output(get_string('createcourseextid', 'enrol_ldap', array('courseextid'=>$idnumber)));
 453                                  if (!$newcourseid = $this->create_course($course, $trace)) {
 454                                      continue;
 455                                  }
 456                                  $course_obj = $DB->get_record('course', array('id'=>$newcourseid));
 457                              } else {
 458                                  $trace->output(get_string('createnotcourseextid', 'enrol_ldap', array('courseextid'=>$idnumber)));
 459                                  continue; // Next; skip this one!
 460                              }
 461                          } else {  // Check if course needs update & update as needed.
 462                              $this->update_course($course_obj, $course, $trace);
 463                          }
 464  
 465                          // Enrol & unenrol
 466  
 467                          // Pull the ldap membership into a nice array
 468                          // this is an odd array -- mix of hash and array --
 469                          $ldapmembers = array();
 470  
 471                          if (property_exists($this->config, 'memberattribute_role'.$role->id)
 472                              && !empty($this->config->{'memberattribute_role'.$role->id})
 473                              && !empty($course[$this->config->{'memberattribute_role'.$role->id}])) { // May have no membership!
 474  
 475                              $ldapmembers = $course[$this->config->{'memberattribute_role'.$role->id}];
 476                              unset($ldapmembers['count']); // Remove oddity ;)
 477  
 478                              // If we have enabled nested groups, we need to expand
 479                              // the groups to get the real user list. We need to do
 480                              // this before dealing with 'memberattribute_isdn'.
 481                              if ($this->config->nested_groups) {
 482                                  $users = array();
 483                                  foreach ($ldapmembers as $ldapmember) {
 484                                      $grpusers = $this->ldap_explode_group($ldapmember,
 485                                                                            $this->config->{'memberattribute_role'.$role->id});
 486  
 487                                      $users = array_merge($users, $grpusers);
 488                                  }
 489                                  $ldapmembers = array_unique($users); // There might be duplicates.
 490                              }
 491  
 492                              // Deal with the case where the member attribute holds distinguished names,
 493                              // but only if the user attribute is not a distinguished name itself.
 494                              if ($this->config->memberattribute_isdn
 495                                  && ($this->config->idnumber_attribute !== 'dn')
 496                                  && ($this->config->idnumber_attribute !== 'distinguishedname')) {
 497                                  // We need to retrieve the idnumber for all the users in $ldapmembers,
 498                                  // as the idnumber does not match their dn and we get dn's from membership.
 499                                  $memberidnumbers = array();
 500                                  foreach ($ldapmembers as $ldapmember) {
 501                                      $result = ldap_read($this->ldapconnection, $ldapmember, $this->userobjectclass,
 502                                                          array($this->config->idnumber_attribute));
 503                                      $entry = ldap_first_entry($this->ldapconnection, $result);
 504                                      $values = ldap_get_values($this->ldapconnection, $entry, $this->config->idnumber_attribute);
 505                                      array_push($memberidnumbers, $values[0]);
 506                                  }
 507  
 508                                  $ldapmembers = $memberidnumbers;
 509                              }
 510                          }
 511  
 512                          // Prune old ldap enrolments
 513                          // hopefully they'll fit in the max buffer size for the RDBMS
 514                          $sql= "SELECT u.id as userid, u.username, ue.status,
 515                                        ra.contextid, ra.itemid as instanceid
 516                                   FROM {user} u
 517                                   JOIN {role_assignments} ra ON (ra.userid = u.id AND ra.component = 'enrol_ldap' AND ra.roleid = :roleid)
 518                                   JOIN {user_enrolments} ue ON (ue.userid = u.id AND ue.enrolid = ra.itemid)
 519                                   JOIN {enrol} e ON (e.id = ue.enrolid)
 520                                  WHERE u.deleted = 0 AND e.courseid = :courseid ";
 521                          $params = array('roleid'=>$role->id, 'courseid'=>$course_obj->id);
 522                          $context = context_course::instance($course_obj->id);
 523                          if (!empty($ldapmembers)) {
 524                              list($ldapml, $params2) = $DB->get_in_or_equal($ldapmembers, SQL_PARAMS_NAMED, 'm', false);
 525                              $sql .= "AND u.idnumber $ldapml";
 526                              $params = array_merge($params, $params2);
 527                              unset($params2);
 528                          } else {
 529                              $shortname = format_string($course_obj->shortname, true, array('context' => $context));
 530                              $trace->output(get_string('emptyenrolment', 'enrol_ldap',
 531                                           array('role_shortname'=> $role->shortname,
 532                                                 'course_shortname' => $shortname)));
 533                          }
 534                          $todelete = $DB->get_records_sql($sql, $params);
 535  
 536                          if (!empty($todelete)) {
 537                              $transaction = $DB->start_delegated_transaction();
 538                              foreach ($todelete as $row) {
 539                                  $instance = $DB->get_record('enrol', array('id'=>$row->instanceid));
 540                                  switch ($this->get_config('unenrolaction')) {
 541                                  case ENROL_EXT_REMOVED_UNENROL:
 542                                      $this->unenrol_user($instance, $row->userid);
 543                                      $trace->output(get_string('extremovedunenrol', 'enrol_ldap',
 544                                          array('user_username'=> $row->username,
 545                                                'course_shortname'=>$course_obj->shortname,
 546                                                'course_id'=>$course_obj->id)));
 547                                      break;
 548                                  case ENROL_EXT_REMOVED_KEEP:
 549                                      // Keep - only adding enrolments
 550                                      break;
 551                                  case ENROL_EXT_REMOVED_SUSPEND:
 552                                      if ($row->status != ENROL_USER_SUSPENDED) {
 553                                          $DB->set_field('user_enrolments', 'status', ENROL_USER_SUSPENDED, array('enrolid'=>$instance->id, 'userid'=>$row->userid));
 554                                          $trace->output(get_string('extremovedsuspend', 'enrol_ldap',
 555                                              array('user_username'=> $row->username,
 556                                                    'course_shortname'=>$course_obj->shortname,
 557                                                    'course_id'=>$course_obj->id)));
 558                                      }
 559                                      break;
 560                                  case ENROL_EXT_REMOVED_SUSPENDNOROLES:
 561                                      if ($row->status != ENROL_USER_SUSPENDED) {
 562                                          $DB->set_field('user_enrolments', 'status', ENROL_USER_SUSPENDED, array('enrolid'=>$instance->id, 'userid'=>$row->userid));
 563                                      }
 564                                      role_unassign_all(array('contextid'=>$row->contextid, 'userid'=>$row->userid, 'component'=>'enrol_ldap', 'itemid'=>$instance->id));
 565                                      $trace->output(get_string('extremovedsuspendnoroles', 'enrol_ldap',
 566                                          array('user_username'=> $row->username,
 567                                                'course_shortname'=>$course_obj->shortname,
 568                                                'course_id'=>$course_obj->id)));
 569                                      break;
 570                                  }
 571                              }
 572                              $transaction->allow_commit();
 573                          }
 574  
 575                          // Insert current enrolments
 576                          // bad we can't do INSERT IGNORE with postgres...
 577  
 578                          // Add necessary enrol instance if not present yet;
 579                          $sql = "SELECT c.id, c.visible, e.id as enrolid
 580                                    FROM {course} c
 581                                    JOIN {enrol} e ON (e.courseid = c.id AND e.enrol = 'ldap')
 582                                   WHERE c.id = :courseid";
 583                          $params = array('courseid'=>$course_obj->id);
 584                          if (!($course_instance = $DB->get_record_sql($sql, $params, IGNORE_MULTIPLE))) {
 585                              $course_instance = new stdClass();
 586                              $course_instance->id = $course_obj->id;
 587                              $course_instance->visible = $course_obj->visible;
 588                              $course_instance->enrolid = $this->add_instance($course_instance);
 589                          }
 590  
 591                          if (!$instance = $DB->get_record('enrol', array('id'=>$course_instance->enrolid))) {
 592                              continue; // Weird; skip this one.
 593                          }
 594  
 595                          if ($ignorehidden && !$course_instance->visible) {
 596                              continue;
 597                          }
 598  
 599                          $transaction = $DB->start_delegated_transaction();
 600                          foreach ($ldapmembers as $ldapmember) {
 601                              $sql = 'SELECT id,username,1 FROM {user} WHERE idnumber = ? AND deleted = 0';
 602                              $member = $DB->get_record_sql($sql, array($ldapmember));
 603                              if(empty($member) || empty($member->id)){
 604                                  $trace->output(get_string('couldnotfinduser', 'enrol_ldap', $ldapmember));
 605                                  continue;
 606                              }
 607  
 608                              $sql= "SELECT ue.status
 609                                       FROM {user_enrolments} ue
 610                                       JOIN {enrol} e ON (e.id = ue.enrolid AND e.enrol = 'ldap')
 611                                      WHERE e.courseid = :courseid AND ue.userid = :userid";
 612                              $params = array('courseid'=>$course_obj->id, 'userid'=>$member->id);
 613                              $userenrolment = $DB->get_record_sql($sql, $params, IGNORE_MULTIPLE);
 614  
 615                              if (empty($userenrolment)) {
 616                                  $this->enrol_user($instance, $member->id, $role->id);
 617                                  // Make sure we set the enrolment status to active. If the user wasn't
 618                                  // previously enrolled to the course, enrol_user() sets it. But if we
 619                                  // configured the plugin to suspend the user enrolments _AND_ remove
 620                                  // the role assignments on external unenrol, then enrol_user() doesn't
 621                                  // set it back to active on external re-enrolment. So set it
 622                                  // unconditionally to cover both cases.
 623                                  $DB->set_field('user_enrolments', 'status', ENROL_USER_ACTIVE, array('enrolid'=>$instance->id, 'userid'=>$member->id));
 624                                  $trace->output(get_string('enroluser', 'enrol_ldap',
 625                                      array('user_username'=> $member->username,
 626                                            'course_shortname'=>$course_obj->shortname,
 627                                            'course_id'=>$course_obj->id)));
 628  
 629                              } else {
 630                                  if (!$DB->record_exists('role_assignments', array('roleid'=>$role->id, 'userid'=>$member->id, 'contextid'=>$context->id, 'component'=>'enrol_ldap', 'itemid'=>$instance->id))) {
 631                                      // This happens when reviving users or when user has multiple roles in one course.
 632                                      $context = context_course::instance($course_obj->id);
 633                                      role_assign($role->id, $member->id, $context->id, 'enrol_ldap', $instance->id);
 634                                      $trace->output("Assign role to user '$member->username' in course '$course_obj->shortname ($course_obj->id)'");
 635                                  }
 636                                  if ($userenrolment->status == ENROL_USER_SUSPENDED) {
 637                                      // Reenable enrolment that was previously disabled. Enrolment refreshed
 638                                      $DB->set_field('user_enrolments', 'status', ENROL_USER_ACTIVE, array('enrolid'=>$instance->id, 'userid'=>$member->id));
 639                                      $trace->output(get_string('enroluserenable', 'enrol_ldap',
 640                                          array('user_username'=> $member->username,
 641                                                'course_shortname'=>$course_obj->shortname,
 642                                                'course_id'=>$course_obj->id)));
 643                                  }
 644                              }
 645                          }
 646                          $transaction->allow_commit();
 647                      }
 648                  }
 649              }
 650          }
 651          @$this->ldap_close();
 652          $trace->finished();
 653      }
 654  
 655      /**
 656       * Connect to the LDAP server, using the plugin configured
 657       * settings. It's actually a wrapper around ldap_connect_moodle()
 658       *
 659       * @param progress_trace $trace
 660       * @return bool success
 661       */
 662      protected function ldap_connect(progress_trace $trace = null) {
 663          global $CFG;
 664          require_once($CFG->libdir.'/ldaplib.php');
 665  
 666          if (isset($this->ldapconnection)) {
 667              return true;
 668          }
 669  
 670          if ($ldapconnection = ldap_connect_moodle($this->get_config('host_url'), $this->get_config('ldap_version'),
 671                                                    $this->get_config('user_type'), $this->get_config('bind_dn'),
 672                                                    $this->get_config('bind_pw'), $this->get_config('opt_deref'),
 673                                                    $debuginfo, $this->get_config('start_tls'))) {
 674              $this->ldapconnection = $ldapconnection;
 675              return true;
 676          }
 677  
 678          if ($trace) {
 679              $trace->output($debuginfo);
 680          } else {
 681              error_log($this->errorlogtag.$debuginfo);
 682          }
 683  
 684          return false;
 685      }
 686  
 687      /**
 688       * Disconnects from a LDAP server
 689       *
 690       */
 691      protected function ldap_close() {
 692          if (isset($this->ldapconnection)) {
 693              @ldap_close($this->ldapconnection);
 694              $this->ldapconnection = null;
 695          }
 696          return;
 697      }
 698  
 699      /**
 700       * Return multidimensional array with details of user courses (at
 701       * least dn and idnumber).
 702       *
 703       * @param string $memberuid user idnumber (without magic quotes).
 704       * @param object role is a record from the mdl_role table.
 705       * @return array
 706       */
 707      protected function find_ext_enrolments($memberuid, $role) {
 708          global $CFG;
 709          require_once($CFG->libdir.'/ldaplib.php');
 710  
 711          if (empty($memberuid)) {
 712              // No "idnumber" stored for this user, so no LDAP enrolments
 713              return array();
 714          }
 715  
 716          $ldap_contexts = trim($this->get_config('contexts_role'.$role->id));
 717          if (empty($ldap_contexts)) {
 718              // No role contexts, so no LDAP enrolments
 719              return array();
 720          }
 721  
 722          $extmemberuid = core_text::convert($memberuid, 'utf-8', $this->get_config('ldapencoding'));
 723  
 724          if($this->get_config('memberattribute_isdn')) {
 725              if (!($extmemberuid = $this->ldap_find_userdn($extmemberuid))) {
 726                  return array();
 727              }
 728          }
 729  
 730          $ldap_search_pattern = '';
 731          if($this->get_config('nested_groups')) {
 732              $usergroups = $this->ldap_find_user_groups($extmemberuid);
 733              if(count($usergroups) > 0) {
 734                  foreach ($usergroups as $group) {
 735                      $group = ldap_filter_addslashes($group);
 736                      $ldap_search_pattern .= '('.$this->get_config('memberattribute_role'.$role->id).'='.$group.')';
 737                  }
 738              }
 739          }
 740  
 741          // Default return value
 742          $courses = array();
 743  
 744          // Get all the fields we will want for the potential course creation
 745          // as they are light. don't get membership -- potentially a lot of data.
 746          $ldap_fields_wanted = array('dn', $this->get_config('course_idnumber'));
 747          $fullname  = $this->get_config('course_fullname');
 748          $shortname = $this->get_config('course_shortname');
 749          $summary   = $this->get_config('course_summary');
 750          if (isset($fullname)) {
 751              array_push($ldap_fields_wanted, $fullname);
 752          }
 753          if (isset($shortname)) {
 754              array_push($ldap_fields_wanted, $shortname);
 755          }
 756          if (isset($summary)) {
 757              array_push($ldap_fields_wanted, $summary);
 758          }
 759  
 760          // Define the search pattern
 761          if (empty($ldap_search_pattern)) {
 762              $ldap_search_pattern = '('.$this->get_config('memberattribute_role'.$role->id).'='.ldap_filter_addslashes($extmemberuid).')';
 763          } else {
 764              $ldap_search_pattern = '(|' . $ldap_search_pattern .
 765                                         '('.$this->get_config('memberattribute_role'.$role->id).'='.ldap_filter_addslashes($extmemberuid).')' .
 766                                     ')';
 767          }
 768          $ldap_search_pattern='(&'.$this->get_config('objectclass').$ldap_search_pattern.')';
 769  
 770          // Get all contexts and look for first matching user
 771          $ldap_contexts = explode(';', $ldap_contexts);
 772          $ldap_pagedresults = ldap_paged_results_supported($this->get_config('ldap_version'), $this->ldapconnection);
 773          foreach ($ldap_contexts as $context) {
 774              $context = trim($context);
 775              if (empty($context)) {
 776                  continue;
 777              }
 778  
 779              $ldap_cookie = '';
 780              $servercontrols = array();
 781              $flat_records = array();
 782              do {
 783                  if ($ldap_pagedresults) {
 784                      $servercontrols = array(array(
 785                          'oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => array(
 786                              'size' => $this->config->pagesize, 'cookie' => $ldap_cookie)));
 787                  }
 788  
 789                  if ($this->get_config('course_search_sub')) {
 790                      // Use ldap_search to find first user from subtree
 791                      $ldap_result = @ldap_search($this->ldapconnection, $context,
 792                          $ldap_search_pattern, $ldap_fields_wanted,
 793                          0, -1, -1, LDAP_DEREF_NEVER, $servercontrols);
 794                  } else {
 795                      // Search only in this context
 796                      $ldap_result = @ldap_list($this->ldapconnection, $context,
 797                          $ldap_search_pattern, $ldap_fields_wanted,
 798                          0, -1, -1, LDAP_DEREF_NEVER, $servercontrols);
 799                  }
 800  
 801                  if (!$ldap_result) {
 802                      continue;
 803                  }
 804  
 805                  if ($ldap_pagedresults) {
 806                      // Get next server cookie to know if we'll need to continue searching.
 807                      $ldap_cookie = '';
 808                      // Get next cookie from controls.
 809                      ldap_parse_result($this->ldapconnection, $ldap_result, $errcode, $matcheddn,
 810                          $errmsg, $referrals, $controls);
 811                      if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
 812                          $ldap_cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
 813                      }
 814                  }
 815  
 816                  // Check and push results. ldap_get_entries() already
 817                  // lowercases the attribute index, so there's no need to
 818                  // use array_change_key_case() later.
 819                  $records = ldap_get_entries($this->ldapconnection, $ldap_result);
 820  
 821                  // LDAP libraries return an odd array, really. Fix it.
 822                  for ($c = 0; $c < $records['count']; $c++) {
 823                      array_push($flat_records, $records[$c]);
 824                  }
 825                  // Free some mem
 826                  unset($records);
 827              } while ($ldap_pagedresults && !empty($ldap_cookie));
 828  
 829              // If LDAP paged results were used, the current connection must be completely
 830              // closed and a new one created, to work without paged results from here on.
 831              if ($ldap_pagedresults) {
 832                  $this->ldap_close();
 833                  $this->ldap_connect();
 834              }
 835  
 836              if (count($flat_records)) {
 837                  $courses = array_merge($courses, $flat_records);
 838              }
 839          }
 840  
 841          return $courses;
 842      }
 843  
 844      /**
 845       * Search specified contexts for the specified userid and return the
 846       * user dn like: cn=username,ou=suborg,o=org. It's actually a wrapper
 847       * around ldap_find_userdn().
 848       *
 849       * @param string $userid the userid to search for (in external LDAP encoding, no magic quotes).
 850       * @return mixed the user dn or false
 851       */
 852      protected function ldap_find_userdn($userid) {
 853          global $CFG;
 854          require_once($CFG->libdir.'/ldaplib.php');
 855  
 856          $ldap_contexts = explode(';', $this->get_config('user_contexts'));
 857  
 858          return ldap_find_userdn($this->ldapconnection, $userid, $ldap_contexts,
 859                                  $this->userobjectclass,
 860                                  $this->get_config('idnumber_attribute'), $this->get_config('user_search_sub'));
 861      }
 862  
 863      /**
 864       * Find the groups a given distinguished name belongs to, both directly
 865       * and indirectly via nested groups membership.
 866       *
 867       * @param string $memberdn distinguished name to search
 868       * @return array with member groups' distinguished names (can be emtpy)
 869       */
 870      protected function ldap_find_user_groups($memberdn) {
 871          $groups = array();
 872  
 873          $this->ldap_find_user_groups_recursively($memberdn, $groups);
 874          return $groups;
 875      }
 876  
 877      /**
 878       * Recursively process the groups the given member distinguished name
 879       * belongs to, adding them to the already processed groups array.
 880       *
 881       * @param string $memberdn distinguished name to search
 882       * @param array reference &$membergroups array with already found
 883       *                        groups, where we'll put the newly found
 884       *                        groups.
 885       */
 886      protected function ldap_find_user_groups_recursively($memberdn, &$membergroups) {
 887          $result = @ldap_read($this->ldapconnection, $memberdn, '(objectClass=*)', array($this->get_config('group_memberofattribute')));
 888          if (!$result) {
 889              return;
 890          }
 891  
 892          if ($entry = ldap_first_entry($this->ldapconnection, $result)) {
 893              do {
 894                  $attributes = ldap_get_attributes($this->ldapconnection, $entry);
 895                  for ($j = 0; $j < $attributes['count']; $j++) {
 896                      $groups = ldap_get_values_len($this->ldapconnection, $entry, $attributes[$j]);
 897                      foreach ($groups as $key => $group) {
 898                          if ($key === 'count') {  // Skip the entries count
 899                              continue;
 900                          }
 901                          if(!in_array($group, $membergroups)) {
 902                              // Only push and recurse if we haven't 'seen' this group before
 903                              // to prevent loops (MS Active Directory allows them!!).
 904                              array_push($membergroups, $group);
 905                              $this->ldap_find_user_groups_recursively($group, $membergroups);
 906                          }
 907                      }
 908                  }
 909              }
 910              while ($entry = ldap_next_entry($this->ldapconnection, $entry));
 911          }
 912      }
 913  
 914      /**
 915       * Given a group name (either a RDN or a DN), get the list of users
 916       * belonging to that group. If the group has nested groups, expand all
 917       * the intermediate groups and return the full list of users that
 918       * directly or indirectly belong to the group.
 919       *
 920       * @param string $group the group name to search
 921       * @param string $memberattibute the attribute that holds the members of the group
 922       * @return array the list of users belonging to the group. If $group
 923       *         is not actually a group, returns array($group).
 924       */
 925      protected function ldap_explode_group($group, $memberattribute) {
 926          switch ($this->get_config('user_type')) {
 927              case 'ad':
 928                  // $group is already the distinguished name to search.
 929                  $dn = $group;
 930  
 931                  $result = ldap_read($this->ldapconnection, $dn, '(objectClass=*)', array('objectClass'));
 932                  $entry = ldap_first_entry($this->ldapconnection, $result);
 933                  $objectclass = ldap_get_values($this->ldapconnection, $entry, 'objectClass');
 934  
 935                  if (!in_array('group', $objectclass)) {
 936                      // Not a group, so return immediately.
 937                      return array($group);
 938                  }
 939  
 940                  $result = ldap_read($this->ldapconnection, $dn, '(objectClass=*)', array($memberattribute));
 941                  $entry = ldap_first_entry($this->ldapconnection, $result);
 942                  $members = @ldap_get_values($this->ldapconnection, $entry, $memberattribute); // Can be empty and throws a warning
 943                  if ($members['count'] == 0) {
 944                      // There are no members in this group, return nothing.
 945                      return array();
 946                  }
 947                  unset($members['count']);
 948  
 949                  $users = array();
 950                  foreach ($members as $member) {
 951                      $group_members = $this->ldap_explode_group($member, $memberattribute);
 952                      $users = array_merge($users, $group_members);
 953                  }
 954  
 955                  return ($users);
 956                  break;
 957              default:
 958                  error_log($this->errorlogtag.get_string('explodegroupusertypenotsupported', 'enrol_ldap',
 959                                                          $this->get_config('user_type_name')));
 960  
 961                  return array($group);
 962          }
 963      }
 964  
 965      /**
 966       * Will create the moodle course from the template
 967       * course_ext is an array as obtained from ldap -- flattened somewhat
 968       *
 969       * @param array $course_ext
 970       * @param progress_trace $trace
 971       * @return mixed false on error, id for the newly created course otherwise.
 972       */
 973      function create_course($course_ext, progress_trace $trace) {
 974          global $CFG, $DB;
 975  
 976          require_once("$CFG->dirroot/course/lib.php");
 977  
 978          // Override defaults with template course
 979          $template = false;
 980          if ($this->get_config('template')) {
 981              if ($template = $DB->get_record('course', array('shortname'=>$this->get_config('template')))) {
 982                  $template = fullclone(course_get_format($template)->get_course());
 983                  unset($template->id); // So we are clear to reinsert the record
 984                  unset($template->fullname);
 985                  unset($template->shortname);
 986                  unset($template->idnumber);
 987              }
 988          }
 989          if (!$template) {
 990              $courseconfig = get_config('moodlecourse');
 991              $template = new stdClass();
 992              $template->summary        = '';
 993              $template->summaryformat  = FORMAT_HTML;
 994              $template->format         = $courseconfig->format;
 995              $template->newsitems      = $courseconfig->newsitems;
 996              $template->showgrades     = $courseconfig->showgrades;
 997              $template->showreports    = $courseconfig->showreports;
 998              $template->maxbytes       = $courseconfig->maxbytes;
 999              $template->groupmode      = $courseconfig->groupmode;
1000              $template->groupmodeforce = $courseconfig->groupmodeforce;
1001              $template->visible        = $courseconfig->visible;
1002              $template->lang           = $courseconfig->lang;
1003              $template->enablecompletion = $courseconfig->enablecompletion;
1004          }
1005          $course = $template;
1006  
1007          $course->category = $this->get_config('category');
1008          if (!$DB->record_exists('course_categories', array('id'=>$this->get_config('category')))) {
1009              $categories = $DB->get_records('course_categories', array(), 'sortorder', 'id', 0, 1);
1010              $first = reset($categories);
1011              $course->category = $first->id;
1012          }
1013  
1014          // Override with required ext data
1015          $course->idnumber  = $course_ext[$this->get_config('course_idnumber')][0];
1016          $course->fullname  = $course_ext[$this->get_config('course_fullname')][0];
1017          $course->shortname = $course_ext[$this->get_config('course_shortname')][0];
1018          if (empty($course->idnumber) || empty($course->fullname) || empty($course->shortname)) {
1019              // We are in trouble!
1020              $trace->output(get_string('cannotcreatecourse', 'enrol_ldap').' '.var_export($course, true));
1021              return false;
1022          }
1023  
1024          $summary = $this->get_config('course_summary');
1025          if (!isset($summary) || empty($course_ext[$summary][0])) {
1026              $course->summary = '';
1027          } else {
1028              $course->summary = $course_ext[$this->get_config('course_summary')][0];
1029          }
1030  
1031          // Check if the shortname already exists if it does - skip course creation.
1032          if ($DB->record_exists('course', array('shortname' => $course->shortname))) {
1033              $trace->output(get_string('duplicateshortname', 'enrol_ldap', $course));
1034              return false;
1035          }
1036  
1037          $newcourse = create_course($course);
1038          return $newcourse->id;
1039      }
1040  
1041      /**
1042       * Will update a moodle course with new values from LDAP
1043       * A field will be updated only if it is marked to be updated
1044       * on sync in plugin settings
1045       *
1046       * @param object $course
1047       * @param array $externalcourse
1048       * @param progress_trace $trace
1049       * @return bool
1050       */
1051      protected function update_course($course, $externalcourse, progress_trace $trace) {
1052          global $CFG, $DB;
1053  
1054          $coursefields = array ('shortname', 'fullname', 'summary');
1055          static $shouldupdate;
1056  
1057          // Initialize $shouldupdate variable. Set to true if one or more fields are marked for update.
1058          if (!isset($shouldupdate)) {
1059              $shouldupdate = false;
1060              foreach ($coursefields as $field) {
1061                  $shouldupdate = $shouldupdate || $this->get_config('course_'.$field.'_updateonsync');
1062              }
1063          }
1064  
1065          // If we should not update return immediately.
1066          if (!$shouldupdate) {
1067              return false;
1068          }
1069  
1070          require_once("$CFG->dirroot/course/lib.php");
1071          $courseupdated = false;
1072          $updatedcourse = new stdClass();
1073          $updatedcourse->id = $course->id;
1074  
1075          // Update course fields if necessary.
1076          foreach ($coursefields as $field) {
1077              // If field is marked to be updated on sync && field data was changed update it.
1078              if ($this->get_config('course_'.$field.'_updateonsync')
1079                      && isset($externalcourse[$this->get_config('course_'.$field)][0])
1080                      && $course->{$field} != $externalcourse[$this->get_config('course_'.$field)][0]) {
1081                  $updatedcourse->{$field} = $externalcourse[$this->get_config('course_'.$field)][0];
1082                  $courseupdated = true;
1083              }
1084          }
1085  
1086          if (!$courseupdated) {
1087              $trace->output(get_string('courseupdateskipped', 'enrol_ldap', $course));
1088              return false;
1089          }
1090  
1091          // Do not allow empty fullname or shortname.
1092          if ((isset($updatedcourse->fullname) && empty($updatedcourse->fullname))
1093                  || (isset($updatedcourse->shortname) && empty($updatedcourse->shortname))) {
1094              // We are in trouble!
1095              $trace->output(get_string('cannotupdatecourse', 'enrol_ldap', $course));
1096              return false;
1097          }
1098  
1099          // Check if the shortname already exists if it does - skip course updating.
1100          if (isset($updatedcourse->shortname)
1101                  && $DB->record_exists('course', array('shortname' => $updatedcourse->shortname))) {
1102              $trace->output(get_string('cannotupdatecourse_duplicateshortname', 'enrol_ldap', $course));
1103              return false;
1104          }
1105  
1106          // Finally - update course in DB.
1107          update_course($updatedcourse);
1108          $trace->output(get_string('courseupdated', 'enrol_ldap', $course));
1109  
1110          return true;
1111      }
1112  
1113      /**
1114       * Automatic enrol sync executed during restore.
1115       * Useful for automatic sync by course->idnumber or course category.
1116       * @param stdClass $course course record
1117       */
1118      public function restore_sync_course($course) {
1119          // TODO: this can not work because restore always nukes the course->idnumber, do not ask me why (MDL-37312)
1120          // NOTE: for now restore does not do any real logging yet, let's do the same here...
1121          $trace = new error_log_progress_trace();
1122          $this->sync_enrolments($trace, $course->id);
1123      }
1124  
1125      /**
1126       * Restore instance and map settings.
1127       *
1128       * @param restore_enrolments_structure_step $step
1129       * @param stdClass $data
1130       * @param stdClass $course
1131       * @param int $oldid
1132       */
1133      public function restore_instance(restore_enrolments_structure_step $step, stdClass $data, $course, $oldid) {
1134          global $DB;
1135          // There is only 1 ldap enrol instance per course.
1136          if ($instances = $DB->get_records('enrol', array('courseid'=>$data->courseid, 'enrol'=>'ldap'), 'id')) {
1137              $instance = reset($instances);
1138              $instanceid = $instance->id;
1139          } else {
1140              $instanceid = $this->add_instance($course, (array)$data);
1141          }
1142          $step->set_mapping('enrol', $oldid, $instanceid);
1143      }
1144  
1145      /**
1146       * Restore user enrolment.
1147       *
1148       * @param restore_enrolments_structure_step $step
1149       * @param stdClass $data
1150       * @param stdClass $instance
1151       * @param int $oldinstancestatus
1152       * @param int $userid
1153       */
1154      public function restore_user_enrolment(restore_enrolments_structure_step $step, $data, $instance, $userid, $oldinstancestatus) {
1155          global $DB;
1156  
1157          if ($this->get_config('unenrolaction') == ENROL_EXT_REMOVED_UNENROL) {
1158              // Enrolments were already synchronised in restore_instance(), we do not want any suspended leftovers.
1159  
1160          } else if ($this->get_config('unenrolaction') == ENROL_EXT_REMOVED_KEEP) {
1161              if (!$DB->record_exists('user_enrolments', array('enrolid'=>$instance->id, 'userid'=>$userid))) {
1162                  $this->enrol_user($instance, $userid, null, 0, 0, $data->status);
1163              }
1164  
1165          } else {
1166              if (!$DB->record_exists('user_enrolments', array('enrolid'=>$instance->id, 'userid'=>$userid))) {
1167                  $this->enrol_user($instance, $userid, null, 0, 0, ENROL_USER_SUSPENDED);
1168              }
1169          }
1170      }
1171  
1172      /**
1173       * Restore role assignment.
1174       *
1175       * @param stdClass $instance
1176       * @param int $roleid
1177       * @param int $userid
1178       * @param int $contextid
1179       */
1180      public function restore_role_assignment($instance, $roleid, $userid, $contextid) {
1181          global $DB;
1182  
1183          if ($this->get_config('unenrolaction') == ENROL_EXT_REMOVED_UNENROL or $this->get_config('unenrolaction') == ENROL_EXT_REMOVED_SUSPENDNOROLES) {
1184              // Skip any roles restore, they should be already synced automatically.
1185              return;
1186          }
1187  
1188          // Just restore every role.
1189          if ($DB->record_exists('user_enrolments', array('enrolid'=>$instance->id, 'userid'=>$userid))) {
1190              role_assign($roleid, $userid, $contextid, 'enrol_'.$instance->enrol, $instance->id);
1191          }
1192      }
1193  }