Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
| drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc | ||
|---|---|---|
| 2 | 2 |
|
| 3 | 3 |
/** |
| 4 | 4 |
* @file |
| 5 |
* ldap_authentication helper functions
|
|
| 5 |
* Ldap_authentication helper functions.
|
|
| 6 | 6 |
*/ |
| 7 | 7 |
|
| 8 | 8 |
/** |
| 9 |
* helper function for ldap_authn_form_user_login_block_alter and ldap_authn_form_user_login_alter
|
|
| 10 |
*
|
|
| 11 |
* @todo if form is being generated on non https and is set in preferences, set warning and end form development
|
|
| 12 |
*/
|
|
| 9 |
* Helper function for ldap_authn_form_user_login_block_alter and ldap_authn_form_user_login_alter.
|
|
| 10 |
* |
|
| 11 |
* @todo if form is being generated on non https and is set in preferences, set warning and end form development |
|
| 12 |
*/ |
|
| 13 | 13 |
function _ldap_authentication_login_form_alter(&$form, &$form_state, $form_id) {
|
| 14 | 14 |
|
| 15 | 15 |
if (!$auth_conf = ldap_authentication_get_valid_conf()) {
|
| ... | ... | |
| 42 | 42 |
|
| 43 | 43 |
if ($form_id == 'user_login_block') {
|
| 44 | 44 |
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
|
| 45 |
$vars = array(
|
|
| 45 |
$vars = [
|
|
| 46 | 46 |
'show_reset_pwd' => ldap_authentication_show_reset_pwd(), |
| 47 | 47 |
'auth_conf' => $auth_conf, |
| 48 |
);
|
|
| 48 |
];
|
|
| 49 | 49 |
|
| 50 | 50 |
$form['links']['#markup'] = theme('ldap_authentication_user_login_block_links', $vars);
|
| 51 | 51 |
} |
| 52 | 52 |
|
| 53 |
// Add help information for entering in username/password |
|
| 53 |
// Add help information for entering in username/password.
|
|
| 54 | 54 |
$auth_conf = ldap_authentication_get_valid_conf(); |
| 55 | 55 |
if ($auth_conf) {
|
| 56 | 56 |
if (isset($auth_conf->loginUIUsernameTxt)) {
|
| ... | ... | |
| 65 | 65 |
} |
| 66 | 66 |
} |
| 67 | 67 |
|
| 68 |
|
|
| 69 |
|
|
| 70 | 68 |
/** |
| 71 |
* alter user editing form (profile form) based on ldap authentication configuration |
|
| 72 |
* |
|
| 73 |
* @param array $form array from user profile |
|
| 74 |
* @param array $form_state from user profile |
|
| 75 |
* |
|
| 76 |
* @return NULL (alters $form by reference) |
|
| 77 |
*/ |
|
| 69 |
* Alter user editing form (profile form) based on ldap authentication configuration. |
|
| 70 |
* |
|
| 71 |
* @param array $form |
|
| 72 |
* array from user profile. |
|
| 73 |
* @param array $form_state |
|
| 74 |
* from user profile. |
|
| 75 |
* |
|
| 76 |
* @return NULL (alters $form by reference) |
|
| 77 |
*/ |
|
| 78 | 78 |
function _ldap_authentication_form_user_profile_form_alter(&$form, $form_state) {
|
| 79 |
// keep in mind admin may be editing another users profile form. don't assume current global $user
|
|
| 79 |
// Keep in mind admin may be editing another users profile form. don't assume current global $user.
|
|
| 80 | 80 |
$auth_conf = ldap_authentication_get_valid_conf(); |
| 81 | 81 |
if ($auth_conf && ldap_authentication_ldap_authenticated($form['#user'])) {
|
| 82 | 82 |
if ($auth_conf->emailOption == LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE) {
|
| ... | ... | |
| 87 | 87 |
$form['account']['mail']['#description'] = t('This email address is automatically set and may not be changed.');
|
| 88 | 88 |
} |
| 89 | 89 |
elseif ($auth_conf->emailOption == LDAP_AUTHENTICATION_EMAIL_FIELD_ALLOW) {
|
| 90 |
// email field is functional
|
|
| 90 |
// Email field is functional.
|
|
| 91 | 91 |
} |
| 92 | 92 |
|
| 93 | 93 |
if (!ldap_authentication_show_reset_pwd($form['#user'])) {
|
| 94 | 94 |
/** If passwordOption = LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE then don't show the password fields, |
| 95 |
otherwise show the fields but in a disabled state. |
|
| 95 |
* otherwise show the fields but in a disabled state.
|
|
| 96 | 96 |
*/ |
| 97 |
switch ($auth_conf->passwordOption) {
|
|
| 98 |
|
|
| 99 |
case LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE:
|
|
| 100 |
$form['account']['current_pass']['#access'] = FALSE;
|
|
| 101 |
$form['account']['pass']['#access'] = FALSE;
|
|
| 102 |
break;
|
|
| 103 |
|
|
| 104 |
case LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW:
|
|
| 105 |
// Show in a disabled state since ldap_authentication_show_reset_pwd() has returned FALSE
|
|
| 106 |
$form['account']['current_pass']['#disabled'] = TRUE;
|
|
| 107 |
if ($auth_conf->ldapUserHelpLinkUrl) {
|
|
| 108 |
$form['account']['current_pass']['#description'] = l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl);
|
|
| 109 |
}
|
|
| 110 |
else {
|
|
| 111 |
$form['account']['current_pass']['#description'] = t('The password cannot be changed using this website');
|
|
| 112 |
}
|
|
| 113 |
$form['account']['pass']['#disabled'] = TRUE;
|
|
| 114 |
break;
|
|
| 97 |
switch ($auth_conf->passwordOption) {
|
|
| 98 |
|
|
| 99 |
case LDAP_AUTHENTICATION_PASSWORD_FIELD_HIDE: |
|
| 100 |
$form['account']['current_pass']['#access'] = FALSE; |
|
| 101 |
$form['account']['pass']['#access'] = FALSE; |
|
| 102 |
break; |
|
| 103 |
|
|
| 104 |
case LDAP_AUTHENTICATION_PASSWORD_FIELD_SHOW: |
|
| 105 |
// Show in a disabled state since ldap_authentication_show_reset_pwd() has returned FALSE.
|
|
| 106 |
$form['account']['current_pass']['#disabled'] = TRUE; |
|
| 107 |
if ($auth_conf->ldapUserHelpLinkUrl) {
|
|
| 108 |
$form['account']['current_pass']['#description'] = l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl); |
|
| 109 |
} |
|
| 110 |
else {
|
|
| 111 |
$form['account']['current_pass']['#description'] = t('The password cannot be changed using this website');
|
|
| 112 |
} |
|
| 113 |
$form['account']['pass']['#disabled'] = TRUE; |
|
| 114 |
break; |
|
| 115 | 115 |
} |
| 116 | 116 |
} |
| 117 | 117 |
} |
| ... | ... | |
| 122 | 122 |
* $auth_conf. |
| 123 | 123 |
* |
| 124 | 124 |
* @param array $ldap_user |
| 125 |
* LDAP user entry |
|
| 125 |
* LDAP user entry.
|
|
| 126 | 126 |
* @param LdapAuthenticationConf $auth_conf |
| 127 | 127 |
* LDAP authentication configuration class. |
| 128 | 128 |
*/ |
| 129 | 129 |
function _ldap_authentication_replace_user_email(&$ldap_user, $auth_conf, $tokens) {
|
| 130 |
// fallback template in case one was not specified.
|
|
| 130 |
// Fallback template in case one was not specified.
|
|
| 131 | 131 |
$template = '@username@localhost'; |
| 132 | 132 |
if (!empty($auth_conf->emailTemplate)) {
|
| 133 | 133 |
$template = $auth_conf->emailTemplate; |
| ... | ... | |
| 136 | 136 |
} |
| 137 | 137 |
|
| 138 | 138 |
/** |
| 139 |
* user form validation will take care of username, pwd fields |
|
| 140 |
* this function validates ldap authentication specific |
|
| 141 |
* |
|
| 142 |
* @param array $form_state array from user logon form |
|
| 143 |
* @return null, but success or failure is indicated by: |
|
| 144 |
* -- form_set_error() to invalidate authentication process |
|
| 145 |
* -- setting $form_state['uid'] to indicate successful authentication |
|
| 146 |
*/ |
|
| 139 |
* User form validation will take care of username, pwd fields |
|
| 140 |
* this function validates ldap authentication specific. |
|
| 141 |
* |
|
| 142 |
* @param array $form_state |
|
| 143 |
* array from user logon form. |
|
| 144 |
* |
|
| 145 |
* @return null, but success or failure is indicated by: |
|
| 146 |
* -- form_set_error() to invalidate authentication process |
|
| 147 |
* -- setting $form_state['uid'] to indicate successful authentication |
|
| 148 |
*/ |
|
| 147 | 149 |
function _ldap_authentication_user_login_authenticate_validate(&$form_state, $return_user) {
|
| 148 | 150 |
|
| 149 |
// Check if Flood control was triggered; if so, don't authenticate |
|
| 151 |
// Check if Flood control was triggered; if so, don't authenticate.
|
|
| 150 | 152 |
if (isset($form_state['flood_control_triggered'])) {
|
| 151 | 153 |
return; |
| 152 | 154 |
} |
| 153 | 155 |
|
| 154 | 156 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
|
| 155 | 157 |
|
| 156 |
// Default to name |
|
| 158 |
// Default to name.
|
|
| 157 | 159 |
$entered_name = $form_state['values']['name']; |
| 158 | 160 |
$authname_drupal_property = $form_field_name = 'name'; |
| 159 | 161 |
|
| 160 |
// Email registration module populates name even though user entered email |
|
| 162 |
// Email registration module populates name even though user entered email.
|
|
| 161 | 163 |
if (!empty($form_state['values']['email'])) {
|
| 162 | 164 |
$entered_name = $form_state['values']['email']; |
| 163 | 165 |
$authname_drupal_property = 'mail'; |
| 164 | 166 |
$form_field_name = 'email'; |
| 165 | 167 |
} |
| 166 | 168 |
|
| 167 |
// $authname is the name the user is authenticated with from the logon form // patch 1599632 |
|
| 169 |
// $authname is the name the user is authenticated with from the logon form // patch 1599632.
|
|
| 168 | 170 |
$authname = $entered_name; |
| 169 | 171 |
|
| 170 |
if (empty($form_state['values']['pass']) || empty ($form_state['values'][$form_field_name])) {
|
|
| 172 |
if (empty($form_state['values']['pass']) || empty($form_state['values'][$form_field_name])) {
|
|
| 171 | 173 |
return FALSE; |
| 172 | 174 |
} |
| 173 | 175 |
/* |
| ... | ... | |
| 179 | 181 |
*/ |
| 180 | 182 |
$sso_login = (isset($form_state['sso_login']) && $form_state['sso_login']) ? TRUE : FALSE; |
| 181 | 183 |
|
| 182 |
$watchdog_tokens = array('%username' => $authname, '%authname' => $authname); // $watchdog_tokens = array('%username' => $name); // patch 1599632
|
|
| 184 |
// Patch 1599632. |
|
| 185 |
$watchdog_tokens = ['%username' => $authname, '%authname' => $authname]; |
|
| 183 | 186 |
if ($detailed_watchdog_log) {
|
| 184 | 187 |
watchdog('ldap_authentication', '%username : Beginning authentification....', $watchdog_tokens, WATCHDOG_DEBUG);
|
| 185 | 188 |
} |
| 186 | 189 |
|
| 187 | 190 |
if (!$auth_conf = ldap_authentication_get_valid_conf()) {
|
| 188 |
watchdog('ldap_authentication', 'Failed to get valid ldap authentication configuration.', array(), WATCHDOG_ERROR);
|
|
| 189 |
form_set_error('name', 'Server Error: Failed to get valid ldap authentication configuration.' . $error);
|
|
| 191 |
watchdog('ldap_authentication', 'Failed to get valid ldap authentication configuration.', [], WATCHDOG_ERROR);
|
|
| 192 |
form_set_error('name', 'Server Error: Failed to get valid ldap authentication configuration.');
|
|
| 190 | 193 |
return; |
| 191 | 194 |
} |
| 192 | 195 |
|
| 193 |
/** |
|
| 196 |
/**
|
|
| 194 | 197 |
* I. Test for previous module authentication success. |
| 195 | 198 |
* |
| 196 | 199 |
* if already succeeded at authentication, $form_state['uid'] will be set by other authentication module. |
| ... | ... | |
| 200 | 203 |
if (isset($form_state['uid']) && is_numeric($form_state['uid'])) {
|
| 201 | 204 |
if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_MIXED || $form_state['uid'] == 1) {
|
| 202 | 205 |
if ($detailed_watchdog_log) {
|
| 203 |
watchdog('ldap_authentication', '%username : Previously authenticated in mixed mode or uid=1', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 206 |
watchdog('ldap_authentication', '%username : Previously authenticated in mixed mode or uid=1', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
| 204 | 207 |
} |
| 205 |
return; // already passed a previous module's authentication validation |
|
| 208 |
// Already passed a previous module's authentication validation. |
|
| 209 |
return; |
|
| 206 | 210 |
} |
| 207 | 211 |
elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
|
| 208 | 212 |
if ($detailed_watchdog_log) {
|
| 209 | 213 |
watchdog('ldap_authentication', '%username : Previously authenticated in exclusive mode or uid is not 1. Clear uid
|
| 210 | 214 |
in form_state and attempt ldap authentication.', $watchdog_tokens, WATCHDOG_DEBUG); |
| 211 | 215 |
} |
| 212 |
$form_state['uid'] = NULL; // passed previous authentication, but only ldap should be used so override |
|
| 216 |
// Passed previous authentication, but only ldap should be used so override. |
|
| 217 |
$form_state['uid'] = NULL; |
|
| 213 | 218 |
} |
| 214 | 219 |
} |
| 215 | 220 |
|
| 216 |
/** |
|
| 217 |
* II. Exit if no authentication servers. |
|
| 218 |
*/ |
|
| 221 |
/**
|
|
| 222 |
* II. Exit if no authentication servers.
|
|
| 223 |
*/
|
|
| 219 | 224 |
if (!$auth_conf->hasEnabledAuthenticationServers()) {
|
| 220 |
watchdog('ldap_authentication', 'No LDAP servers configured.', array(), WATCHDOG_ERROR);
|
|
| 225 |
watchdog('ldap_authentication', 'No LDAP servers configured.', [], WATCHDOG_ERROR);
|
|
| 221 | 226 |
form_set_error('name', 'Server Error: No LDAP servers configured.');
|
| 222 | 227 |
return; |
| 223 | 228 |
} |
| ... | ... | |
| 229 | 234 |
list($drupal_account, $drupal_account_is_authmapped) = ldap_authentication_corresponding_drupal_user($authname, $auth_conf, $watchdog_tokens); |
| 230 | 235 |
$drupal_account_exists = is_object($drupal_account); |
| 231 | 236 |
if ($drupal_account_exists && $drupal_account->uid == 1) {
|
| 232 |
return; // user 1 is not allowed to ldap authenticate |
|
| 237 |
// User 1 is not allowed to ldap authenticate. |
|
| 238 |
return; |
|
| 233 | 239 |
} |
| 234 | 240 |
|
| 235 | 241 |
/** |
| ... | ... | |
| 243 | 249 |
return; |
| 244 | 250 |
} |
| 245 | 251 |
|
| 246 |
/* |
|
| 252 |
/**
|
|
| 247 | 253 |
* IV.a Workaround for the provisioning server not always getting saved in |
| 248 | 254 |
* the user object. So we save it in a session variable as a backup. |
| 249 | 255 |
*/ |
| ... | ... | |
| 268 | 274 |
$watchdog_tokens['%drupal_accountname'] = $drupal_accountname; |
| 269 | 275 |
|
| 270 | 276 |
// @todo maybe we can add more tokens? |
| 271 |
$email_template_tokens = array(
|
|
| 277 |
$email_template_tokens = [
|
|
| 272 | 278 |
'@username' => $drupal_accountname, |
| 273 |
);
|
|
| 279 |
];
|
|
| 274 | 280 |
|
| 275 | 281 |
$email_template_used = FALSE; |
| 276 | 282 |
|
| ... | ... | |
| 283 | 289 |
if (!empty($ldap_user['mail'])) {
|
| 284 | 290 |
break; |
| 285 | 291 |
} |
| 286 |
// deliberate fallthrough
|
|
| 292 |
// Deliberate fallthrough.
|
|
| 287 | 293 |
case LDAP_AUTHENTICATION_EMAIL_TEMPLATE_ALWAYS: |
| 288 | 294 |
_ldap_authentication_replace_user_email($ldap_user, $auth_conf, $email_template_tokens); |
| 289 | 295 |
if ($detailed_watchdog_log) {
|
| ... | ... | |
| 304 | 310 |
* |
| 305 | 311 |
*/ |
| 306 | 312 |
|
| 307 |
|
|
| 308 | 313 |
/** |
| 309 | 314 |
* VI.A: Drupal account doesn't exist with $authname used to logon, |
| 310 | 315 |
* but puid exists in another Drupal account; this means username has changed |
| ... | ... | |
| 318 | 323 |
if ($drupal_account) {
|
| 319 | 324 |
$drupal_account_exists = TRUE; |
| 320 | 325 |
if ($drupal_accountname == $authname) {
|
| 321 |
$user_edit = array($authname_drupal_property => $drupal_accountname);
|
|
| 326 |
$user_edit = [$authname_drupal_property => $drupal_accountname];
|
|
| 322 | 327 |
} |
| 323 | 328 |
else {
|
| 324 |
$user_edit = array('name' => $drupal_accountname);
|
|
| 329 |
$user_edit = ['name' => $drupal_accountname];
|
|
| 325 | 330 |
} |
| 326 | 331 |
$drupal_account = user_save($drupal_account, $user_edit, 'ldap_user'); |
| 327 |
user_set_authmaps($drupal_account, array("authname_ldap_user" => $authname));
|
|
| 332 |
user_set_authmaps($drupal_account, ["authname_ldap_user" => $authname]);
|
|
| 328 | 333 |
$drupal_account_is_authmapped = TRUE; |
| 329 | 334 |
} |
| 330 | 335 |
} |
| ... | ... | |
| 332 | 337 |
|
| 333 | 338 |
/** |
| 334 | 339 |
* VI.B: existing Drupal account but not authmapped to ldap modules, |
| 335 |
* ldap authmap or disallow |
|
| 336 |
* |
|
| 340 |
* ldap authmap or disallow. |
|
| 337 | 341 |
*/ |
| 338 |
|
|
| 339 |
if ($drupal_account_exists && !$drupal_account_is_authmapped) { // account already exists
|
|
| 342 |
// Account already exists. |
|
| 343 |
if ($drupal_account_exists && !$drupal_account_is_authmapped) {
|
|
| 340 | 344 |
if ($auth_conf->ldapUser->loginConflictResolve == LDAP_USER_CONFLICT_LOG) {
|
| 341 | 345 |
if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
|
| 342 | 346 |
$watchdog_tokens['%conflict_name'] = $account_with_same_email->name; |
| ... | ... | |
| 345 | 349 |
drupal_set_message(t('Another user already exists in the system with the same login name. You should contact the system administrator in order to solve this conflict.'), 'error');
|
| 346 | 350 |
return; |
| 347 | 351 |
} |
| 348 |
else { // LDAP_authen.AC.disallow.ldap.drupal
|
|
| 349 |
// add ldap_authentication authmap to user. account name is fine here, though cn could be used |
|
| 350 |
user_set_authmaps($drupal_account, array('authname_ldap_user' => $authname));
|
|
| 352 |
// LDAP_authen.AC.disallow.ldap.drupal. |
|
| 353 |
else {
|
|
| 354 |
// Add ldap_authentication authmap to user. account name is fine here, though cn could be used. |
|
| 355 |
user_set_authmaps($drupal_account, ['authname_ldap_user' => $authname]); |
|
| 351 | 356 |
$drupal_account_is_authmapped = TRUE; |
| 352 | 357 |
if ($detailed_watchdog_log) {
|
| 353 | 358 |
watchdog('ldap_authentication', 'set authmap for %username authname_ldap_user', $watchdog_tokens, WATCHDOG_DEBUG);
|
| ... | ... | |
| 356 | 361 |
} |
| 357 | 362 |
|
| 358 | 363 |
/** |
| 359 |
* VI.C: existing Drupal account with incorrect email. fix email if appropriate
|
|
| 360 |
* |
|
| 364 |
* VI.C: existing Drupal account with incorrect email. |
|
| 365 |
* Fix email if appropriate.
|
|
| 361 | 366 |
*/ |
| 362 | 367 |
if ((!($auth_conf->templateUsageNeverUpdate && $email_template_used)) && |
| 363 | 368 |
$drupal_account_exists && |
| ... | ... | |
| 366 | 371 |
$auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY || |
| 367 | 372 |
$auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE |
| 368 | 373 |
)) {
|
| 369 |
$user_edit = array('mail' => $ldap_user['mail']);
|
|
| 374 |
$user_edit = ['mail' => $ldap_user['mail']];
|
|
| 370 | 375 |
|
| 371 | 376 |
$watchdog_tokens['%username'] = $drupal_account->name; |
| 372 | 377 |
if (!$updated_account = user_save($drupal_account, $user_edit)) {
|
| 373 | 378 |
watchdog('ldap_authentication', 'Failed to make changes to user %username updated %changed.', $watchdog_tokens, WATCHDOG_ERROR);
|
| 374 | 379 |
} |
| 375 |
elseif ($auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ) {
|
|
| 380 |
elseif ($auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY) {
|
|
| 376 | 381 |
if (isset($user_edit['mail'])) {
|
| 377 | 382 |
$watchdog_tokens['%mail'] = $user_edit['mail']; |
| 378 | 383 |
drupal_set_message(t('Your e-mail has been updated to match your current account (%mail).', $watchdog_tokens), 'status');
|
| ... | ... | |
| 386 | 391 |
|
| 387 | 392 |
/** |
| 388 | 393 |
* VI.C: no existing Drupal account. consider provisioning Drupal account. |
| 389 |
* |
|
| 390 | 394 |
*/ |
| 391 | 395 |
if (!$drupal_account_exists) {
|
| 392 | 396 |
|
| ... | ... | |
| 394 | 398 |
if (($auth_conf->ldapUser->acctCreation == LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED) && ($account_with_same_email = user_load_by_mail($ldap_user['mail']))) {
|
| 395 | 399 |
$error = TRUE; |
| 396 | 400 |
/** |
| 397 |
* username does not exist but email does. Since user_external_login_register does not deal with |
|
| 398 |
* mail attribute and the email conflict error needs to be caught beforehand, need to throw error here |
|
| 401 |
* username does not exist but email does. |
|
| 402 |
* Since user_external_login_register does not deal with mail attribute |
|
| 403 |
* and the email conflict error needs to be caught beforehand, need to |
|
| 404 |
* throw error here. |
|
| 399 | 405 |
*/ |
| 400 | 406 |
if ($auth_conf->templateUsageResolveConflict && (!$email_template_used)) {
|
| 401 | 407 |
if ($detailed_watchdog_log) {
|
| ... | ... | |
| 403 | 409 |
} |
| 404 | 410 |
_ldap_authentication_replace_user_email($ldap_user, $auth_conf, $email_template_tokens); |
| 405 | 411 |
$email_template_used = TRUE; |
| 406 |
// recheck with the template email to make sure it doesn't also exist.
|
|
| 412 |
// Recheck with the template email to make sure it doesn't also exist.
|
|
| 407 | 413 |
if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
|
| 408 | 414 |
$error = TRUE; |
| 409 | 415 |
} |
| ... | ... | |
| 417 | 423 |
} |
| 418 | 424 |
} |
| 419 | 425 |
|
| 420 |
// VI.C.2 Do not provision Drupal account if provisioning disabled |
|
| 426 |
// VI.C.2 Do not provision Drupal account if provisioning disabled.
|
|
| 421 | 427 |
if (!$auth_conf->ldapUser->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE)) {
|
| 422 | 428 |
watchdog('ldap_user', 'Drupal account for authname=%authname account name=%account_name_attr does not exist and provisioning of Drupal accounts on authentication is not enabled', $watchdog_tokens, WATCHDOG_INFO);
|
| 423 | 429 |
return; |
| 424 | 430 |
} |
| 425 | 431 |
|
| 426 |
// VI.C.3 Provision Drupal account |
|
| 427 | 432 |
/** |
| 428 |
* |
|
| 429 |
* new ldap_authentication provisioned account could let user_external_login_register create the account and set authmaps, but would need |
|
| 430 |
* to add mail and any other user->data data in hook_user_presave which would mean requerying ldap |
|
| 431 |
* or having a global variable. At this point the account does not exist, so there is no |
|
| 433 |
* VI.C.3 Provision Drupal account. |
|
| 434 |
* New ldap_authentication provisioned account could |
|
| 435 |
* letuser_external_login_register create the account and set authmaps, but |
|
| 436 |
* would need to add mail and any other user->data data in |
|
| 437 |
* hook_user_presave which would mean requerying ldap or having a global |
|
| 438 |
* variable. At this point the account does not exist, so there is no |
|
| 432 | 439 |
* reason not to create it here. |
| 433 | 440 |
* |
| 434 |
* @todo create patch for core user module's user_external_login_register to deal with new external accounts |
|
| 435 |
* a little tweak to add user->data and mail etc as parameters would make it more useful |
|
| 436 |
* for external authentication modules |
|
| 441 |
* @todo create patch for core user module's user_external_login_register |
|
| 442 |
* to deal with new external accounts a little tweak to add user->data and |
|
| 443 |
* mail etc as parameters would make it more useful for external |
|
| 444 |
* authentication modules. |
|
| 437 | 445 |
*/ |
| 438 |
|
|
| 439 |
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
|
|
| 440 |
if ($auth_conf->ldapUser->acctCreation == LDAP_USER_ACCT_CREATION_USER_SETTINGS_FOR_LDAP && |
|
| 446 |
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
|
|
| 447 |
if ($auth_conf->ldapUser->acctCreation == LDAP_USER_ACCT_CREATION_USER_SETTINGS_FOR_LDAP && |
|
| 441 | 448 |
$user_register == USER_REGISTER_ADMINISTRATORS_ONLY) {
|
| 442 |
watchdog('ldap_user', 'Failed to create account for %drupal_accountname. Administrative user must create user.',
|
|
| 443 |
$watchdog_tokens, WATCHDOG_ERROR);
|
|
| 444 |
form_set_error('name', t('Server Error: Attempt to create account for %drupal_accountname failed. Administrative user must create user.',
|
|
| 445 |
$watchdog_tokens));
|
|
| 446 |
return;
|
|
| 449 |
watchdog('ldap_user', 'Failed to create account for %drupal_accountname. Administrative user must create user.',
|
|
| 450 |
$watchdog_tokens, WATCHDOG_ERROR); |
|
| 451 |
form_set_error('name', t('Server Error: Attempt to create account for %drupal_accountname failed. Administrative user must create user.',
|
|
| 452 |
$watchdog_tokens)); |
|
| 453 |
return; |
|
| 447 | 454 |
} |
| 448 | 455 |
|
| 449 | 456 |
if ($auth_conf->ldapUser->acctCreation == LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP && |
| 450 | 457 |
variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) {
|
| 451 |
$user_edit = array('name' => $drupal_accountname, 'status' => 0); // if admin approval required, set status to 0.
|
|
| 458 |
// If admin approval required, set status to 0. |
|
| 459 |
$user_edit = ['name' => $drupal_accountname, 'status' => 0]; |
|
| 452 | 460 |
} |
| 453 | 461 |
else {
|
| 454 |
$user_edit = array('name' => $drupal_accountname, 'status' => 1);
|
|
| 462 |
$user_edit = ['name' => $drupal_accountname, 'status' => 1];
|
|
| 455 | 463 |
} |
| 456 | 464 |
|
| 457 | 465 |
// If the email template was used, we want to pass in the email that was |
| ... | ... | |
| 461 | 469 |
} |
| 462 | 470 |
|
| 463 | 471 |
// don't pass in ldap user to provisionDrupalAccount, because want to requery with correct attributes needed |
| 464 |
// this may be a case where efficiency dictates querying for all attributes |
|
| 472 |
// this may be a case where efficiency dictates querying for all attributes.
|
|
| 465 | 473 |
$drupal_account = $auth_conf->ldapUser->provisionDrupalAccount(NULL, $user_edit, $ldap_user, TRUE); |
| 466 | 474 |
|
| 467 | 475 |
if ($drupal_account === FALSE) {
|
| ... | ... | |
| 470 | 478 |
return; |
| 471 | 479 |
} |
| 472 | 480 |
else {
|
| 473 |
user_set_authmaps($drupal_account, array('authname_ldap_user' => $authname));
|
|
| 481 |
user_set_authmaps($drupal_account, ['authname_ldap_user' => $authname]);
|
|
| 474 | 482 |
// Using Rules allows emails to be fired and many other possible reactions |
| 475 | 483 |
// to the creation of a user. |
| 476 | 484 |
if (module_exists('rules')) {
|
| ... | ... | |
| 489 | 497 |
*/ |
| 490 | 498 |
|
| 491 | 499 |
$form_state['uid'] = $drupal_account->uid; |
| 492 |
// $fake_form_state = array('uid' => $drupal_account->uid);
|
|
| 493 |
// user_login_submit(array(), $fake_form_state); |
|
| 494 |
// global $user; |
|
| 495 |
// $form_state['uid'] = $user->uid; |
|
| 496 |
|
|
| 497 |
|
|
| 498 |
// the uid is returned so that special login modules, namely ldap sso, can manually call this function. |
|
| 499 | 500 |
return ($return_user) ? $drupal_account : NULL; |
| 500 | 501 |
} |
| 501 | 502 |
|
| 502 | 503 |
/** |
| 503 |
* given authname, determine if corresponding drupal account exists and is authmapped
|
|
| 504 |
* Given authname, determine if corresponding drupal account exists and is authmapped.
|
|
| 504 | 505 |
*/ |
| 505 | 506 |
function ldap_authentication_corresponding_drupal_user($authname, $auth_conf, &$watchdog_tokens) {
|
| 506 | 507 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
|
| 507 | 508 |
if (!($drupal_account = user_load_by_name($authname)) && !($drupal_account = user_load_by_mail($authname))) {
|
| 508 |
$uid = db_query("SELECT uid FROM {authmap} WHERE authname = :authname AND module = 'ldap_user'", array(':authname' => $authname))->fetchColumn();
|
|
| 509 |
$uid = db_query("SELECT uid FROM {authmap} WHERE authname = :authname AND module = 'ldap_user'", [':authname' => $authname])->fetchColumn();
|
|
| 509 | 510 |
$drupal_account = $uid ? user_load($uid) : FALSE; |
| 510 | 511 |
} |
| 511 | 512 |
|
| 512 | 513 |
if (is_object($drupal_account)) {
|
| 513 |
$authmaps = user_get_authmaps($authname); // $authmaps = user_get_authmaps($name); // patch 1599632 |
|
| 514 |
// Patch 1599632. |
|
| 515 |
$authmaps = user_get_authmaps($authname); |
|
| 514 | 516 |
$drupal_account_is_authmapped = isset($authmaps['ldap_user']); |
| 515 | 517 |
$user_data = $drupal_account->data; |
| 516 | 518 |
if ($drupal_account->uid == 1 && $detailed_watchdog_log) {
|
| ... | ... | |
| 520 | 522 |
watchdog('ldap_authentication', '%username : Drupal User Account found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
|
| 521 | 523 |
} |
| 522 | 524 |
} |
| 523 |
else { // account does not exist
|
|
| 525 |
// Account does not exist. |
|
| 526 |
else {
|
|
| 524 | 527 |
$drupal_account_is_authmapped = FALSE; |
| 525 | 528 |
if ($auth_conf->ldapUser->createLDAPAccounts == FALSE) {
|
| 526 | 529 |
if ($detailed_watchdog_log) {
|
| ... | ... | |
| 531 | 534 |
watchdog('ldap_authentication', '%username : Existing Drupal User Account not found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
|
| 532 | 535 |
} |
| 533 | 536 |
} |
| 534 |
return array($drupal_account, $drupal_account_is_authmapped);
|
|
| 537 |
return [$drupal_account, $drupal_account_is_authmapped];
|
|
| 535 | 538 |
} |
| 536 | 539 |
|
| 540 |
/** |
|
| 541 |
* |
|
| 542 |
*/ |
|
| 537 | 543 |
function ldap_authentication_test_credentials($auth_conf, $sso_login, $authname, $password, &$watchdog_tokens) {
|
| 538 | 544 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
|
| 539 | 545 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC; |
| ... | ... | |
| 546 | 552 |
watchdog('ldap_authentication', '%username : Trying server %sid where bind_method = %bind_method', $watchdog_tokens, WATCHDOG_DEBUG);
|
| 547 | 553 |
} |
| 548 | 554 |
|
| 549 |
// #1 CONNECT TO SERVER |
|
| 555 |
// #1 CONNECT TO SERVER.
|
|
| 550 | 556 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC; |
| 551 | 557 |
$result = $ldap_server->connect(); |
| 552 | 558 |
if ($result != LDAP_SUCCESS) {
|
| ... | ... | |
| 556 | 562 |
watchdog('ldap_authentication', '%username : Failed connecting to %sid. Error: %err_msg', $watchdog_tokens, WATCHDOG_DEBUG);
|
| 557 | 563 |
} |
| 558 | 564 |
$watchdog_tokens['%err_msg'] = NULL; |
| 559 |
continue; // next server, please |
|
| 565 |
// Next server, please. |
|
| 566 |
continue; |
|
| 560 | 567 |
} |
| 561 | 568 |
elseif ($detailed_watchdog_log) {
|
| 562 | 569 |
watchdog('ldap_authentication', '%username : Success at connecting to %sid', $watchdog_tokens, WATCHDOG_DEBUG);
|
| ... | ... | |
| 574 | 581 |
watchdog('ldap_authentication', 'Trying to use SSO with LDAP_SERVERS_BIND_METHOD_USER bind method.', $watchdog_tokens, WATCHDOG_ERROR);
|
| 575 | 582 |
} |
| 576 | 583 |
elseif ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_USER && $sso_login == FALSE) {
|
| 577 |
// with sso enabled this method of binding isn't valid
|
|
| 584 |
// With sso enabled this method of binding isn't valid.
|
|
| 578 | 585 |
foreach ($ldap_server->basedn as $basedn) {
|
| 579 |
$search = array('%basedn', '%username');
|
|
| 586 |
$search = ['%basedn', '%username'];
|
|
| 580 | 587 |
$transformname = $ldap_server->userUsernameToLdapNameTransform($authname, $watchdog_tokens); |
| 581 |
$replace = array($basedn, $transformname);
|
|
| 588 |
$replace = [$basedn, $transformname];
|
|
| 582 | 589 |
$userdn = str_replace($search, $replace, $ldap_server->user_dn_expression); |
| 583 | 590 |
$bind_success = ($ldap_server->bind($userdn, $password, FALSE) == LDAP_SUCCESS); |
| 584 | 591 |
if ($bind_success) {
|
| ... | ... | |
| 597 | 604 |
$watchdog_tokens['%err_text'] = NULL; |
| 598 | 605 |
} |
| 599 | 606 |
$authentication_result = ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_USER) ? LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS : LDAP_AUTHENTICATION_RESULT_FAIL_BIND; |
| 600 |
continue; // if bind fails, onto next server |
|
| 607 |
// If bind fails, onto next server. |
|
| 608 |
continue; |
|
| 601 | 609 |
} |
| 602 | 610 |
|
| 603 |
// #3 DOES USER EXIST IN SERVER'S LDAP |
|
| 611 |
// #3 DOES USER EXIST IN SERVER'S LDAP.
|
|
| 604 | 612 |
if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
|
| 605 | 613 |
$ldap_user = $ldap_server->userUserNameToExistingLdapEntry($authname); |
| 606 | 614 |
} |
| ... | ... | |
| 628 | 636 |
break; |
| 629 | 637 |
} |
| 630 | 638 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_FIND; |
| 631 |
continue; // next server, please |
|
| 639 |
// Next server, please. |
|
| 640 |
continue; |
|
| 632 | 641 |
} |
| 633 | 642 |
|
| 634 | 643 |
$watchdog_tokens['%dn'] = $ldap_user['dn']; |
| 635 | 644 |
$watchdog_tokens['%mail'] = $ldap_user['mail']; |
| 636 | 645 |
|
| 637 | 646 |
/** |
| 638 |
* #4 CHECK ALLOWED AND EXCLUDED LIST AND PHP FOR ALLOWED USERS |
|
| 639 |
*/ |
|
| 640 |
|
|
| 647 |
* #4 CHECK ALLOWED AND EXCLUDED LIST AND PHP FOR ALLOWED USERS |
|
| 648 |
*/ |
|
| 641 | 649 |
if (!$auth_conf->allowUser($authname, $ldap_user)) {
|
| 642 | 650 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED; |
| 643 |
break; // regardless of how many servers, disallowed user fails |
|
| 651 |
// Regardless of how many servers, disallowed user fails. |
|
| 652 |
break; |
|
| 644 | 653 |
} |
| 645 | 654 |
|
| 646 | 655 |
/** |
| 647 |
* #5 TEST PASSWORD |
|
| 648 |
*/ |
|
| 656 |
* #5 TEST PASSWORD
|
|
| 657 |
*/
|
|
| 649 | 658 |
$credentials_pass = FALSE; |
| 650 | 659 |
if ($sso_login) {
|
| 651 | 660 |
/** If we have $sso_login passed in as true from the fake form state in |
| ... | ... | |
| 658 | 667 |
* what is contained in the global $_SERVER array populated by the web |
| 659 | 668 |
* server authentication. |
| 660 | 669 |
*/ |
| 661 |
$credentials_pass = (boolean)($ldap_user); |
|
| 670 |
$credentials_pass = (boolean) ($ldap_user);
|
|
| 662 | 671 |
} |
| 663 | 672 |
elseif ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_USER) {
|
| 664 |
/**
|
|
| 673 |
/** |
|
| 665 | 674 |
* With user bind method, the only way we can reach this part of the |
| 666 | 675 |
* code is when the pw has already been checked and $ldap_user could be |
| 667 | 676 |
* loaded, so we're good to go. |
| 668 | 677 |
*/ |
| 669 |
$credentials_pass = true;
|
|
| 678 |
$credentials_pass = TRUE;
|
|
| 670 | 679 |
} |
| 671 | 680 |
else {
|
| 672 | 681 |
$credentials_pass = ($ldap_server->bind($ldap_user['dn'], $password, FALSE) == LDAP_SUCCESS); |
| ... | ... | |
| 678 | 687 |
$watchdog_tokens['%err_text'] = NULL; |
| 679 | 688 |
} |
| 680 | 689 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS; |
| 681 |
continue; // next server, please |
|
| 690 |
// Next server, please. |
|
| 691 |
continue; |
|
| 682 | 692 |
} |
| 683 | 693 |
else {
|
| 684 | 694 |
$authentication_result = LDAP_AUTHENTICATION_RESULT_SUCCESS; |
| 685 | 695 |
if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
|
| 686 |
$ldap_user = $ldap_server->userUserNameToExistingLdapEntry($authname); // after successful bind, lookup user again to get private attributes |
|
| 696 |
// After successful bind, lookup user again to get private attributes. |
|
| 697 |
$ldap_user = $ldap_server->userUserNameToExistingLdapEntry($authname); |
|
| 687 | 698 |
$watchdog_tokens['%mail'] = $ldap_user['mail']; |
| 688 | 699 |
} |
| 689 | 700 |
if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT || |
| 690 | 701 |
$ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
|
| 691 |
$ldap_server->disconnect();
|
|
| 702 |
$ldap_server->disconnect(); |
|
| 692 | 703 |
} |
| 693 | 704 |
// Update ldapUser with the sid of the server that the user authenticated |
| 694 | 705 |
// on if that option was enabled in the LDAP user configuration. |
| 695 | 706 |
if ($auth_conf->ldapUser->drupalAcctProvisionServer == LDAP_USER_AUTH_SERVER_SID) {
|
| 696 | 707 |
$auth_conf->ldapUser->drupalAcctProvisionServer = $ldap_server->sid; |
| 697 | 708 |
} |
| 698 |
break; //success |
|
| 709 |
// Success. |
|
| 710 |
break; |
|
| 699 | 711 |
} |
| 700 |
|
|
| 701 |
} // end loop through servers |
|
| 702 |
|
|
| 712 |
} |
|
| 713 |
// End loop through servers. |
|
| 703 | 714 |
$watchdog_tokens['%result'] = $result; |
| 704 | 715 |
$watchdog_tokens['%auth_result'] = $authentication_result; |
| 705 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result) ;
|
|
| 716 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result); |
|
| 706 | 717 |
if ($detailed_watchdog_log) {
|
| 707 | 718 |
watchdog('ldap_authentication', '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG);
|
| 708 | 719 |
} |
| 709 | 720 |
|
| 710 |
return array($authentication_result, $ldap_user, $ldap_server);
|
|
| 721 |
return [$authentication_result, $ldap_user, $ldap_server];
|
|
| 711 | 722 |
} |
| 712 | 723 |
|
| 724 |
/** |
|
| 725 |
* |
|
| 726 |
*/ |
|
| 713 | 727 |
function ldap_authentication_fail_response($authentication_result, $auth_conf, $detailed_watchdog_log, &$watchdog_tokens) {
|
| 714 | 728 |
$watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result); |
| 715 |
// fail scenario 1. ldap auth exclusive and failed throw error so no other authentication methods are allowed
|
|
| 729 |
// Fail scenario 1. ldap auth exclusive and failed throw error so no other authentication methods are allowed.
|
|
| 716 | 730 |
if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
|
| 717 | 731 |
if ($detailed_watchdog_log) {
|
| 718 | 732 |
watchdog('ldap_authentication', '%username : setting error because failed at ldap and
|
| ... | ... | |
| 722 | 736 |
form_set_error('name', $watchdog_tokens['%err_text']);
|
| 723 | 737 |
} |
| 724 | 738 |
else {
|
| 725 |
// fail scenario 2. simply fails ldap. return false, but don't throw form error
|
|
| 726 |
// don't show user message, may be using other authentication after this that may succeed. |
|
| 739 |
// Fail scenario 2. simply fails ldap. return false, but don't throw form error
|
|
| 740 |
// don't show user message, may be using other authentication after this that may succeed.
|
|
| 727 | 741 |
if ($detailed_watchdog_log) {
|
| 728 | 742 |
watchdog('ldap_authentication',
|
| 729 | 743 |
'%username : Failed ldap authentication. |
| ... | ... | |
| 737 | 751 |
} |
| 738 | 752 |
|
| 739 | 753 |
/** |
| 740 |
* get human readable authentication error string |
|
| 754 |
* Get human readable authentication error string. |
|
| 755 |
* |
|
| 756 |
* @param int $error |
|
| 757 |
* as LDAP_AUTHENTICATION_RESULT_* constant defined in |
|
| 758 |
* ldap_authentication.module. |
|
| 741 | 759 |
* |
| 742 |
* @param int $error as LDAP_AUTHENTICATION_RESULT_* constant defined in ldap_authentication.module |
|
| 743 | 760 |
* @return string human readable error text |
| 744 | 761 |
*/ |
| 745 | 762 |
function _ldap_authentication_err_text($error) {
|
| ... | ... | |
| 747 | 764 |
$msg = t('unknown error: ' . $error);
|
| 748 | 765 |
switch ($error) {
|
| 749 | 766 |
case LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT: |
| 750 |
$msg = t('Failed to connect to ldap server');
|
|
| 751 |
break; |
|
| 767 |
$msg = t('Failed to connect to ldap server');
|
|
| 768 |
break;
|
|
| 752 | 769 |
|
| 753 | 770 |
case LDAP_AUTHENTICATION_RESULT_FAIL_BIND: |
| 754 |
$msg = t('Failed to bind to ldap server');
|
|
| 755 |
break; |
|
| 771 |
$msg = t('Failed to bind to ldap server');
|
|
| 772 |
break;
|
|
| 756 | 773 |
|
| 757 | 774 |
case LDAP_AUTHENTICATION_RESULT_FAIL_FIND: |
| 758 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 759 |
break; |
|
| 775 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 776 |
break;
|
|
| 760 | 777 |
|
| 761 | 778 |
case LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED: |
| 762 |
$msg = t('User disallowed');
|
|
| 763 |
break; |
|
| 779 |
$msg = t('User disallowed');
|
|
| 780 |
break;
|
|
| 764 | 781 |
|
| 765 | 782 |
case LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS: |
| 766 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 767 |
break; |
|
| 783 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 784 |
break;
|
|
| 768 | 785 |
|
| 769 | 786 |
case LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC: |
| 770 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 771 |
break; |
|
| 787 |
$msg = t('Sorry, unrecognized username or password.');
|
|
| 788 |
break;
|
|
| 772 | 789 |
|
| 773 | 790 |
case LDAP_AUTHENTICATION_RESULT_FAIL_SERVER: |
| 774 |
$msg = t('Authentication Server or Configuration Error.');
|
|
| 775 |
break; |
|
| 791 |
$msg = t('Authentication Server or Configuration Error.');
|
|
| 792 |
break;
|
|
| 776 | 793 |
|
| 777 | 794 |
} |
| 778 | 795 |
|
Formats disponibles : Unified diff
Weekly update of contrib modules