Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_servers/LdapServerAdmin.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* LDAP Server Admin Class |
|
6 |
* |
|
7 |
* |
|
5 |
* LDAP Server Admin Class. |
|
8 | 6 |
*/ |
9 | 7 |
|
10 | 8 |
module_load_include('php', 'ldap_servers', 'LdapServer.class'); |
11 |
|
|
9 |
/** |
|
10 |
* |
|
11 |
*/ |
|
12 | 12 |
class LdapServerAdmin extends LdapServer { |
13 | 13 |
|
14 | 14 |
public $bindpw_new = FALSE; |
15 | 15 |
public $bindpw_clear = FALSE; |
16 | 16 |
|
17 | 17 |
/** |
18 |
* @param $type = 'all', 'enabled' |
|
18 |
* @param $type |
|
19 |
* = 'all', 'enabled' |
|
19 | 20 |
*/ |
20 | 21 |
public static function getLdapServerObjects($sid = NULL, $type = NULL, $class = 'LdapServer', $reset = FALSE) { |
21 |
$servers = array();
|
|
22 |
$servers = [];
|
|
22 | 23 |
if (module_exists('ctools')) { |
23 | 24 |
ctools_include('export'); |
24 | 25 |
if ($reset) { |
... | ... | |
34 | 35 |
} |
35 | 36 |
catch (Exception $e) { |
36 | 37 |
drupal_set_message(t('server index query failed. Message = %message, query= %query', |
37 |
array('%message' => $e->getMessage(), '%query' => $e->query_string)), 'error');
|
|
38 |
return array();
|
|
38 |
['%message' => $e->getMessage(), '%query' => $e->query_string]), 'error');
|
|
39 |
return [];
|
|
39 | 40 |
} |
40 | 41 |
} |
41 | 42 |
foreach ($select as $result) { |
... | ... | |
45 | 46 |
|
46 | 47 |
} |
47 | 48 |
|
48 |
function __construct($sid) { |
|
49 |
/** |
|
50 |
* |
|
51 |
*/ |
|
52 |
public function __construct($sid) { |
|
49 | 53 |
parent::__construct($sid); |
50 | 54 |
} |
51 | 55 |
|
56 |
/** |
|
57 |
* |
|
58 |
*/ |
|
52 | 59 |
protected function populateFromDrupalForm($op, $values) { |
53 | 60 |
$this->inDatabase = ($op == 'edit'); |
54 | 61 |
$this->sid = trim($values['sid']); |
... | ... | |
92 | 99 |
$this->groupTestGroupDn = trim($values['grp_test_grp_dn']); |
93 | 100 |
$this->groupTestGroupDnWriteable = trim($values['grp_test_grp_dn_writeable']); |
94 | 101 |
|
95 |
|
|
96 | 102 |
$this->searchPagination = ($values['search_pagination']) ? 1 : 0; |
97 | 103 |
$this->searchPageSize = trim($values['search_page_size']); |
98 | 104 |
|
99 | 105 |
} |
100 | 106 |
|
101 | 107 |
/** |
102 |
* @param string enum $op 'add', 'update' |
|
108 |
* @param string enum $op |
|
109 |
* 'add', 'update'. |
|
103 | 110 |
*/ |
104 |
|
|
105 | 111 |
public function save($op) { |
106 | 112 |
|
107 | 113 |
$values = new stdClass(); |
... | ... | |
120 | 126 |
$values->bindpw = NULL; |
121 | 127 |
} |
122 | 128 |
|
123 |
$values->tls = (int)$this->tls; |
|
124 |
$values->followrefs = (int)$this->followrefs; |
|
129 |
$values->tls = (int) $this->tls;
|
|
130 |
$values->followrefs = (int) $this->followrefs;
|
|
125 | 131 |
|
126 | 132 |
if (module_exists('ctools')) { |
127 | 133 |
ctools_include('export'); |
128 |
// Populate our object with ctool's properties |
|
134 |
// Populate our object with ctool's properties.
|
|
129 | 135 |
$object = ctools_export_crud_new('ldap_servers'); |
130 | 136 |
|
131 | 137 |
foreach ($object as $property => $value) { |
... | ... | |
138 | 144 |
try { |
139 | 145 |
$values->export_type = NULL; |
140 | 146 |
$result = ctools_export_crud_save('ldap_servers', $values); |
141 |
} catch (Exception $e) { |
|
147 |
} |
|
148 |
catch (Exception $e) { |
|
142 | 149 |
$values->export_type = EXPORT_IN_DATABASE; |
143 | 150 |
$result = ctools_export_crud_save('ldap_servers', $values); |
144 | 151 |
} |
145 |
|
|
146 |
ctools_export_load_object_reset('ldap_servers'); // ctools_export_crud_save doesn't invalidate cache |
|
152 |
|
|
153 |
// ctools_export_crud_save doesn't invalidate cache. |
|
154 |
ctools_export_load_object_reset('ldap_servers'); |
|
147 | 155 |
|
148 | 156 |
} |
149 |
else { // directly via db |
|
157 |
// Directly via db. |
|
158 |
else { |
|
150 | 159 |
unset($values->numeric_sid); |
151 | 160 |
if ($op == 'add') { |
152 | 161 |
$result = drupal_write_record('ldap_servers', $values); |
... | ... | |
166 | 175 |
} |
167 | 176 |
} |
168 | 177 |
|
178 |
/** |
|
179 |
* |
|
180 |
*/ |
|
169 | 181 |
public function delete($sid) { |
170 | 182 |
if ($sid == $this->sid) { |
171 | 183 |
$result = db_delete('ldap_servers')->condition('sid', $sid)->execute(); |
172 | 184 |
if (module_exists('ctools')) { |
173 | 185 |
ctools_include('export'); |
174 |
ctools_export_load_object_reset('ldap_servers'); // invalidate cache |
|
186 |
// Invalidate cache. |
|
187 |
ctools_export_load_object_reset('ldap_servers'); |
|
175 | 188 |
} |
176 | 189 |
$this->inDatabase = FALSE; |
177 | 190 |
return $result; |
... | ... | |
180 | 193 |
return FALSE; |
181 | 194 |
} |
182 | 195 |
} |
196 |
|
|
197 |
/** |
|
198 |
* |
|
199 |
*/ |
|
183 | 200 |
public function getLdapServerActions() { |
184 |
$switch = ($this->status ) ? 'disable' : 'enable';
|
|
185 |
$actions = array();
|
|
201 |
$switch = ($this->status) ? 'disable' : 'enable'; |
|
202 |
$actions = [];
|
|
186 | 203 |
$actions[] = l(t('edit'), LDAP_SERVERS_MENU_BASE_PATH . '/servers/edit/' . $this->sid); |
187 | 204 |
if (property_exists($this, 'type')) { |
188 | 205 |
if ($this->type == 'Overridden') { |
189 |
$actions[] = l(t('revert'), LDAP_SERVERS_MENU_BASE_PATH . '/servers/delete/' . $this->sid);
|
|
206 |
$actions[] = l(t('revert'), LDAP_SERVERS_MENU_BASE_PATH . '/servers/delete/' . $this->sid); |
|
190 | 207 |
} |
191 | 208 |
if ($this->type == 'Normal') { |
192 |
$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/servers/delete/' . $this->sid);
|
|
209 |
$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/servers/delete/' . $this->sid); |
|
193 | 210 |
} |
194 | 211 |
} |
195 | 212 |
else { |
196 |
$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/servers/delete/' . $this->sid);
|
|
213 |
$actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/servers/delete/' . $this->sid); |
|
197 | 214 |
} |
198 | 215 |
$actions[] = l(t('test'), LDAP_SERVERS_MENU_BASE_PATH . '/servers/test/' . $this->sid); |
199 | 216 |
$actions[] = l($switch, LDAP_SERVERS_MENU_BASE_PATH . '/servers/' . $switch . '/' . $this->sid); |
200 | 217 |
return $actions; |
201 | 218 |
} |
202 | 219 |
|
220 |
/** |
|
221 |
* |
|
222 |
*/ |
|
203 | 223 |
public function drupalForm($op) { |
204 | 224 |
|
205 |
$form['server'] = array(
|
|
206 |
'#type' => 'fieldset', |
|
207 |
'#title' => t('Connection settings'), |
|
208 |
'#collapsible' => TRUE, |
|
209 |
'#collapsed' => TRUE, |
|
210 |
);
|
|
211 |
|
|
212 |
$form['bind_method'] = array(
|
|
213 |
'#type' => 'fieldset', |
|
214 |
'#title' => t('Binding Method'), |
|
215 |
'#description' => t('How the Drupal system is authenticated by the LDAP server.'), |
|
216 |
'#collapsible' => TRUE, |
|
217 |
'#collapsed' => TRUE, |
|
218 |
);
|
|
219 |
|
|
220 |
$form['users'] = array(
|
|
221 |
'#type' => 'fieldset', |
|
222 |
'#title' => t('LDAP User to Drupal User Relationship'), |
|
223 |
'#description' => t('How are LDAP user entries found based on Drupal username or email? And vice-versa? |
|
225 |
$form['server'] = [
|
|
226 |
'#type' => 'fieldset',
|
|
227 |
'#title' => t('Connection settings'),
|
|
228 |
'#collapsible' => TRUE,
|
|
229 |
'#collapsed' => TRUE,
|
|
230 |
];
|
|
231 |
|
|
232 |
$form['bind_method'] = [
|
|
233 |
'#type' => 'fieldset',
|
|
234 |
'#title' => t('Binding Method'),
|
|
235 |
'#description' => t('How the Drupal system is authenticated by the LDAP server.'),
|
|
236 |
'#collapsible' => TRUE,
|
|
237 |
'#collapsed' => TRUE,
|
|
238 |
];
|
|
239 |
|
|
240 |
$form['users'] = [
|
|
241 |
'#type' => 'fieldset',
|
|
242 |
'#title' => t('LDAP User to Drupal User Relationship'),
|
|
243 |
'#description' => t('How are LDAP user entries found based on Drupal username or email? And vice-versa?
|
|
224 | 244 |
Needed for LDAP Authentication and Authorization functionality.'), |
225 |
'#collapsible' => TRUE, |
|
226 |
'#collapsed' => TRUE, |
|
227 |
);
|
|
228 |
|
|
229 |
$form['groups'] = array(
|
|
230 |
'#type' => 'fieldset', |
|
231 |
'#title' => t('LDAP Group Configuration'), |
|
232 |
'#description' => t('How are groups defined on your LDAP server? This varies slightly from one LDAP implementation to another |
|
245 |
'#collapsible' => TRUE,
|
|
246 |
'#collapsed' => TRUE,
|
|
247 |
];
|
|
248 |
|
|
249 |
$form['groups'] = [
|
|
250 |
'#type' => 'fieldset',
|
|
251 |
'#title' => t('LDAP Group Configuration'),
|
|
252 |
'#description' => t('How are groups defined on your LDAP server? This varies slightly from one LDAP implementation to another
|
|
233 | 253 |
such as Active Directory, Novell, OpenLDAP, etc. Check everything that is true and enter all the values you know.'), |
234 |
'#collapsible' => TRUE, |
|
235 |
'#collapsed' => TRUE, |
|
236 |
);
|
|
237 |
|
|
238 |
$supports = (ldap_servers_php_supports_pagination()) ? t('support pagination!') : t('NOT support pagination.'); |
|
239 |
$form['pagination'] = array(
|
|
240 |
'#type' => 'fieldset', |
|
241 |
'#title' => t('LDAP Pagination'), |
|
242 |
'#description' => t('In PHP 5.4, pagination is supported in ldap queries. |
|
254 |
'#collapsible' => TRUE,
|
|
255 |
'#collapsed' => TRUE,
|
|
256 |
];
|
|
257 |
|
|
258 |
$supports = (ldap_servers_php_supports_pagination()) ? t('support pagination!') : t('NOT support pagination.');
|
|
259 |
$form['pagination'] = [
|
|
260 |
'#type' => 'fieldset',
|
|
261 |
'#title' => t('LDAP Pagination'),
|
|
262 |
'#description' => t('In PHP 5.4, pagination is supported in ldap queries.
|
|
243 | 263 |
A patch to earlier versions of PHP also supports this.') |
244 | 264 |
. ' <strong>' . t('This PHP installation appears to') . ' ' . $supports . '</strong> ' |
245 | 265 |
. '<p>' . t('The advantage to pagination support is that if an ldap server is setup to return only |
... | ... | |
249 | 269 |
Pagination is most useful when large queries for batch creating or |
250 | 270 |
synching accounts are used. If you are not using this server for such |
251 | 271 |
tasks, its recommended to leave pagination disabled.') . '</p>', |
252 |
'#collapsible' => TRUE, |
|
253 |
'#collapsed' => !ldap_servers_php_supports_pagination(), |
|
254 |
); |
|
255 |
|
|
272 |
'#collapsible' => TRUE, |
|
273 |
'#collapsed' => !ldap_servers_php_supports_pagination(), |
|
274 |
]; |
|
256 | 275 |
|
257 |
$field_to_prop_maps = $this->field_to_properties_map(); |
|
258 |
foreach ($this->fields() as $field_id => $field) { |
|
259 |
if (isset($field['form'])) { |
|
276 |
$field_to_prop_maps = $this->field_to_properties_map();
|
|
277 |
foreach ($this->fields() as $field_id => $field) {
|
|
278 |
if (isset($field['form'])) {
|
|
260 | 279 |
|
261 |
if (!isset($field['form']['required']) && isset($field['schema']['not null']) && $field['form']['#type'] != 'checkbox') { |
|
262 |
$field['form']['#required'] = (boolean)$field['schema']['not null']; |
|
263 |
} |
|
264 |
if (isset($field['schema']['length']) && !isset($field['form']['#maxlength'])) { |
|
265 |
$field['form']['#maxlength'] = $field['schema']['length']; |
|
266 |
} |
|
267 |
if (isset($field_to_prop_maps[$field_id])) { |
|
268 |
$field['form']['#default_value'] = $this->{$field_to_prop_maps[$field_id]}; |
|
269 |
} |
|
270 |
$fieldset = @$field['form']['fieldset']; |
|
271 |
if ($fieldset) { |
|
272 |
unset($field['form']['fieldset']); |
|
273 |
$form[$fieldset][$field_id] = $field['form']; |
|
274 |
} |
|
275 |
else { |
|
276 |
$form[$field_id] = $field['form']; |
|
280 |
if (!isset($field['form']['required']) && isset($field['schema']['not null']) && $field['form']['#type'] != 'checkbox') { |
|
281 |
$field['form']['#required'] = (boolean) $field['schema']['not null']; |
|
282 |
} |
|
283 |
if (isset($field['schema']['length']) && !isset($field['form']['#maxlength'])) { |
|
284 |
$field['form']['#maxlength'] = $field['schema']['length']; |
|
285 |
} |
|
286 |
if (isset($field_to_prop_maps[$field_id])) { |
|
287 |
$field['form']['#default_value'] = $this->{$field_to_prop_maps[$field_id]}; |
|
288 |
} |
|
289 |
$fieldset = @$field['form']['fieldset']; |
|
290 |
if ($fieldset) { |
|
291 |
unset($field['form']['fieldset']); |
|
292 |
$form[$fieldset][$field_id] = $field['form']; |
|
293 |
} |
|
294 |
else { |
|
295 |
$form[$field_id] = $field['form']; |
|
296 |
} |
|
277 | 297 |
} |
278 | 298 |
} |
279 |
} |
|
280 | 299 |
|
281 |
$form['server']['sid']['#disabled'] = ($op == 'edit'); |
|
300 |
$form['server']['sid']['#disabled'] = ($op == 'edit');
|
|
282 | 301 |
|
283 |
if (!function_exists('ldap_set_rebind_proc')) { |
|
284 |
$form['server']['followrefs']['#disabled'] = TRUE; |
|
285 |
$form['server']['followrefs']['#description'] = t('This functionality is disabled because the function ldap_set_rebind_proc can not be found on this server. Perhaps your version of php does not have this function. See php.net/manual/en/function.ldap-set-rebind-proc.php') . $form['server']['followrefs']['#description']; |
|
286 |
} |
|
302 |
if (!function_exists('ldap_set_rebind_proc')) {
|
|
303 |
$form['server']['followrefs']['#disabled'] = TRUE;
|
|
304 |
$form['server']['followrefs']['#description'] = t('This functionality is disabled because the function ldap_set_rebind_proc can not be found on this server. Perhaps your version of php does not have this function. See php.net/manual/en/function.ldap-set-rebind-proc.php') . $form['server']['followrefs']['#description'];
|
|
305 |
}
|
|
287 | 306 |
|
288 |
$form['server']['tls']['#required'] = FALSE; |
|
289 |
$form['server']['followrefs']['#required'] = FALSE; |
|
290 |
$form['bind_method']['bind_method']['#default_value'] = ($this->bind_method) ? $this->bind_method : LDAP_SERVERS_BIND_METHOD_DEFAULT; |
|
291 |
$form['users']['basedn']['#default_value'] = $this->arrayToLines($this->basedn); |
|
307 |
$form['server']['tls']['#required'] = FALSE;
|
|
308 |
$form['server']['followrefs']['#required'] = FALSE;
|
|
309 |
$form['bind_method']['bind_method']['#default_value'] = ($this->bind_method) ? $this->bind_method : LDAP_SERVERS_BIND_METHOD_DEFAULT;
|
|
310 |
$form['users']['basedn']['#default_value'] = $this->arrayToLines($this->basedn);
|
|
292 | 311 |
|
293 |
if ($this->bindpw) { |
|
294 |
$pwd_directions = t('You currently have a password stored in the database. |
|
312 |
if ($this->bindpw) {
|
|
313 |
$pwd_directions = t('You currently have a password stored in the database.
|
|
295 | 314 |
Leave password field empty to leave password unchanged. Enter a new password |
296 | 315 |
to replace the current password. Check the checkbox below to simply |
297 | 316 |
remove it from the database.'); |
298 |
$pwd_class = 'ldap-pwd-present'; |
|
299 |
} |
|
300 |
else { |
|
301 |
$pwd_directions = t('No password is currently stored in the database. |
|
302 |
If you are using a service account, enter one.'); |
|
303 |
if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT) { |
|
304 |
$pwd_class = 'ldap-pwd-abscent'; |
|
317 |
$pwd_class = 'ldap-pwd-present'; |
|
305 | 318 |
} |
306 | 319 |
else { |
307 |
$pwd_class = 'ldap-pwd-not-applicable'; |
|
320 |
$pwd_directions = t('No password is currently stored in the database. |
|
321 |
If you are using a service account, enter one.'); |
|
322 |
if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT) { |
|
323 |
$pwd_class = 'ldap-pwd-abscent'; |
|
324 |
} |
|
325 |
else { |
|
326 |
$pwd_class = 'ldap-pwd-not-applicable'; |
|
327 |
} |
|
308 | 328 |
} |
309 |
} |
|
310 | 329 |
|
311 |
$action = ($op == 'add') ? 'Add' : 'Update'; |
|
312 |
$form['submit'] = array(
|
|
313 |
'#type' => 'submit', |
|
314 |
'#value' => $action, |
|
315 |
'#weight' => 100, |
|
316 |
);
|
|
330 |
$action = ($op == 'add') ? 'Add' : 'Update';
|
|
331 |
$form['submit'] = [
|
|
332 |
'#type' => 'submit',
|
|
333 |
'#value' => $action,
|
|
334 |
'#weight' => 100,
|
|
335 |
];
|
|
317 | 336 |
|
318 |
return $form; |
|
337 |
return $form;
|
|
319 | 338 |
|
320 | 339 |
} |
321 | 340 |
|
322 |
|
|
323 |
public function drupalFormValidate($op, $values) { |
|
324 |
$errors = array(); |
|
341 |
/** |
|
342 |
* |
|
343 |
*/ |
|
344 |
public function drupalFormValidate($op, $values) { |
|
345 |
$errors = []; |
|
325 | 346 |
|
326 | 347 |
if ($op == 'delete') { |
327 | 348 |
if (!$this->sid) { |
... | ... | |
332 | 353 |
$errors['status'] = join("<br/>", array_values($warnings)); |
333 | 354 |
} |
334 | 355 |
|
335 |
|
|
336 | 356 |
} |
337 | 357 |
else { |
338 | 358 |
$this->populateFromDrupalForm($op, $values); |
... | ... | |
341 | 361 |
return $errors; |
342 | 362 |
} |
343 | 363 |
|
364 |
/** |
|
365 |
* |
|
366 |
*/ |
|
344 | 367 |
protected function validate($op) { |
345 |
$errors = array();
|
|
368 |
$errors = [];
|
|
346 | 369 |
if ($op == 'add') { |
347 | 370 |
$ldap_servers = $this->getLdapServerObjects(NULL, 'all'); |
348 | 371 |
if (count($ldap_servers)) { |
349 | 372 |
foreach ($ldap_servers as $sid => $ldap_server) { |
350 | 373 |
if ($this->name == $ldap_server->name) { |
351 |
$errors['name'] = t('An LDAP server configuration with the name %name already exists.', array('%name' => $this->name));
|
|
374 |
$errors['name'] = t('An LDAP server configuration with the name %name already exists.', ['%name' => $this->name]);
|
|
352 | 375 |
} |
353 | 376 |
elseif ($this->sid == $ldap_server->sid) { |
354 |
$errors['sid'] = t('An LDAP server configuration with the id %sid already exists.', array('%sid' => $this->sid));
|
|
377 |
$errors['sid'] = t('An LDAP server configuration with the id %sid already exists.', ['%sid' => $this->sid]);
|
|
355 | 378 |
} |
356 | 379 |
} |
357 | 380 |
} |
358 | 381 |
} |
359 | 382 |
|
360 |
if ($this->status == 0) { // check that no modules use this server |
|
383 |
// Check that no modules use this server. |
|
384 |
if ($this->status == 0) { |
|
361 | 385 |
$warnings = module_invoke_all('ldap_server_in_use', $this->sid, $this->name); |
362 | 386 |
if (count($warnings)) { |
363 | 387 |
$errors['status'] = join("<br/>", array_values($warnings)); |
364 | 388 |
} |
365 | 389 |
} |
366 | 390 |
|
367 |
|
|
368 | 391 |
if (!is_numeric($this->port)) { |
369 | 392 |
$errors['port'] = t('The TCP/IP port must be an integer.'); |
370 | 393 |
} |
... | ... | |
391 | 414 |
return $errors; |
392 | 415 |
} |
393 | 416 |
|
394 |
public function drupalFormWarnings($op, $values, $has_errors = NULL) { |
|
395 |
$errors = array(); |
|
417 |
/** |
|
418 |
* |
|
419 |
*/ |
|
420 |
public function drupalFormWarnings($op, $values, $has_errors = NULL) { |
|
421 |
$errors = []; |
|
396 | 422 |
|
397 | 423 |
if ($op == 'delete') { |
398 | 424 |
if (!$this->sid) { |
... | ... | |
406 | 432 |
return $warnings; |
407 | 433 |
} |
408 | 434 |
|
435 |
/** |
|
436 |
* |
|
437 |
*/ |
|
438 |
protected function warnings($op, $has_errors = NULL) { |
|
409 | 439 |
|
410 |
protected function warnings($op, $has_errors = NULL) { |
|
411 |
|
|
412 |
$warnings = array(); |
|
440 |
$warnings = []; |
|
413 | 441 |
if ($this->ldap_type) { |
414 | 442 |
$defaults = ldap_servers_ldaps_option_array(); |
415 | 443 |
if (isset($defaults['user']['user_attr']) && ($this->user_attr != $defaults['user']['user_attr'])) { |
416 |
$tokens = array('%name' => $defaults['name'], '%default' => $defaults['user']['user_attr'], '%user_attr' => $this->user_attr);
|
|
444 |
$tokens = ['%name' => $defaults['name'], '%default' => $defaults['user']['user_attr'], '%user_attr' => $this->user_attr];
|
|
417 | 445 |
$warnings['user_attr'] = t('The standard UserName attribute in %name is %default. You have %user_attr. This may be correct |
418 | 446 |
for your particular LDAP.', $tokens); |
419 | 447 |
} |
420 | 448 |
|
421 | 449 |
if (isset($defaults['user']['mail_attr']) && $this->mail_attr && ($this->mail_attr != $defaults['user']['mail_attr'])) { |
422 |
$tokens = array('%name' => $defaults['name'], '%default' => $defaults['user']['mail_attr'], '%mail_attr' => $this->mail_attr);
|
|
450 |
$tokens = ['%name' => $defaults['name'], '%default' => $defaults['user']['mail_attr'], '%mail_attr' => $this->mail_attr];
|
|
423 | 451 |
$warnings['mail_attr'] = t('The standard mail attribute in %name is %default. You have %mail_attr. This may be correct |
424 | 452 |
for your particular LDAP.', $tokens); |
425 | 453 |
} |
426 | 454 |
} |
427 |
// if (!$this->status && $has_errors != TRUE) { |
|
428 |
// $warnings['status'] = t('This server configuration is currently disabled.'); |
|
429 |
// } |
|
430 |
|
|
431 | 455 |
if (!$this->mail_attr && !$this->mail_template) { |
432 | 456 |
$warnings['mail_attr'] = t('Mail attribute or Mail Template should be used for most user account functionality.'); |
433 | 457 |
} |
434 | 458 |
|
435 |
// commented out validation because too many false positives present usability errors. |
|
436 |
// if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT) { // Only for service account |
|
437 |
// $result = ldap_baddn($this->binddn, t('Service Account DN')); |
|
438 |
// if ($result['boolean'] == FALSE) { |
|
439 |
// $warnings['binddn'] = $result['text']; |
|
440 |
// } |
|
441 |
// } |
|
442 |
|
|
443 |
// foreach ($this->basedn as $basedn) { |
|
444 |
// $result = ldap_baddn($basedn, t('User Base DN')); |
|
445 |
// if ($result['boolean'] == FALSE) { |
|
446 |
// $warnings['basedn'] = $result['text']; |
|
447 |
// } |
|
448 |
// } |
|
449 |
|
|
450 |
// $result = ldap_badattr($this->user_attr, t('User attribute')); |
|
451 |
// if ($result['boolean'] == FALSE) { |
|
452 |
// $warnings['user_attr'] = $result['text']; |
|
453 |
// } |
|
454 |
|
|
455 |
// if ($this->mail_attr) { |
|
456 |
// $result = ldap_badattr($this->mail_attr, t('Mail attribute')); |
|
457 |
// if ($result['boolean'] == FALSE) { |
|
458 |
// $warnings['mail_attr'] = $result['text']; |
|
459 |
// } |
|
460 |
// } |
|
461 |
|
|
462 |
// $result = ldap_badattr($this->unique_persistent_attr, t('Unique Persistent Attribute')); |
|
463 |
// if ($result['boolean'] == FALSE) { |
|
464 |
// $warnings['unique_persistent_attr'] = $result['text']; |
|
465 |
// } |
|
466 |
|
|
467 | 459 |
return $warnings; |
468 | 460 |
} |
469 | 461 |
|
470 |
public function drupalFormSubmit($op, $values) { |
|
462 |
/** |
|
463 |
* |
|
464 |
*/ |
|
465 |
public function drupalFormSubmit($op, $values) { |
|
471 | 466 |
|
472 |
$this->populateFromDrupalForm($op, $values); |
|
467 |
$this->populateFromDrupalForm($op, $values);
|
|
473 | 468 |
|
474 |
if ($values['clear_bindpw']) { |
|
475 |
$this->bindpw_clear = TRUE; |
|
476 |
} |
|
469 |
if ($values['clear_bindpw']) {
|
|
470 |
$this->bindpw_clear = TRUE;
|
|
471 |
}
|
|
477 | 472 |
|
478 |
if ($op == 'delete') { |
|
479 |
$this->delete($this); |
|
480 |
} |
|
481 |
else { // add or edit |
|
482 |
try { |
|
483 |
$save_result = $this->save($op); |
|
473 |
if ($op == 'delete') { |
|
474 |
$this->delete($this); |
|
484 | 475 |
} |
485 |
catch (Exception $e) { |
|
486 |
$this->setError('Save Error', |
|
476 |
// Add or edit. |
|
477 |
else { |
|
478 |
try { |
|
479 |
$save_result = $this->save($op); |
|
480 |
} |
|
481 |
catch (Exception $e) { |
|
482 |
$this->setError('Save Error', |
|
487 | 483 |
t('Failed to save object. Your form data was not saved.')); |
484 |
} |
|
488 | 485 |
} |
489 | 486 |
} |
490 |
} |
|
491 |
|
|
492 |
|
|
493 | 487 |
|
488 |
/** |
|
489 |
* |
|
490 |
*/ |
|
494 | 491 |
protected function arrayToLines($array) { |
495 | 492 |
$lines = ""; |
496 | 493 |
if (is_array($array)) { |
... | ... | |
502 | 499 |
return $lines; |
503 | 500 |
} |
504 | 501 |
|
502 |
/** |
|
503 |
* |
|
504 |
*/ |
|
505 | 505 |
protected function linesToArray($lines) { |
506 | 506 |
$lines = trim($lines); |
507 | 507 |
|
... | ... | |
512 | 512 |
} |
513 | 513 |
} |
514 | 514 |
else { |
515 |
$array = array();
|
|
515 |
$array = [];
|
|
516 | 516 |
} |
517 | 517 |
return $array; |
518 | 518 |
} |
519 | 519 |
|
520 |
|
|
520 |
/** |
|
521 |
* |
|
522 |
*/ |
|
521 | 523 |
public static function fields() { |
522 | 524 |
|
523 |
/**
|
|
525 |
/** |
|
524 | 526 |
* consumer_type is tag (unique alphanumeric id) of consuming authorization such as |
525 | 527 |
* drupal_roles, og_groups, civicrm_memberships |
526 | 528 |
*/ |
527 |
$fields = array(
|
|
529 |
$fields = [
|
|
528 | 530 |
|
529 |
'sid' => array(
|
|
530 |
'form' => array(
|
|
531 |
'sid' => [
|
|
532 |
'form' => [
|
|
531 | 533 |
'fieldset' => 'server', |
532 | 534 |
'#type' => 'textfield', |
533 | 535 |
'#size' => 20, |
534 | 536 |
'#title' => t('Machine name for this server configuration.'), |
535 | 537 |
'#description' => t('May only contain alphanumeric characters (a-z, A-Z, 0-9, and _)'), |
536 | 538 |
'#required' => TRUE, |
537 |
),
|
|
538 |
'schema' => array(
|
|
539 |
],
|
|
540 |
'schema' => [
|
|
539 | 541 |
'type' => 'varchar', |
540 | 542 |
'length' => 20, |
541 | 543 |
'not null' => TRUE, |
542 |
)
|
|
543 |
),
|
|
544 |
],
|
|
545 |
],
|
|
544 | 546 |
|
545 |
'numeric_sid' => array(
|
|
546 |
'schema' => array(
|
|
547 |
'numeric_sid' => [
|
|
548 |
'schema' => [
|
|
547 | 549 |
'type' => 'serial', |
548 | 550 |
'unsigned' => TRUE, |
549 | 551 |
'not null' => TRUE, |
550 | 552 |
'description' => 'Primary ID field for the table. Only used internally.', |
551 | 553 |
'no export' => TRUE, |
552 |
),
|
|
553 |
),
|
|
554 |
],
|
|
555 |
],
|
|
554 | 556 |
|
555 |
'name' => array(
|
|
556 |
'form' => array(
|
|
557 |
'name' => [
|
|
558 |
'form' => [
|
|
557 | 559 |
'fieldset' => 'server', |
558 | 560 |
'#type' => 'textfield', |
559 | 561 |
'#size' => 50, |
560 | 562 |
'#title' => 'Name', |
561 | 563 |
'#description' => t('Choose a <em><strong>unique</strong></em> name for this server configuration.'), |
562 |
),
|
|
563 |
'schema' => array(
|
|
564 |
],
|
|
565 |
'schema' => [
|
|
564 | 566 |
'type' => 'varchar', |
565 | 567 |
'length' => 255, |
566 | 568 |
'not null' => FALSE, |
567 |
),
|
|
568 |
),
|
|
569 |
],
|
|
570 |
],
|
|
569 | 571 |
|
570 |
'status' => array(
|
|
571 |
'form' => array(
|
|
572 |
'status' => [
|
|
573 |
'form' => [
|
|
572 | 574 |
'fieldset' => 'server', |
573 | 575 |
'#type' => 'checkbox', |
574 | 576 |
'#title' => t('Enabled'), |
575 | 577 |
'#description' => t('Disable in order to keep configuration without having it active.'), |
576 | 578 |
'#required' => FALSE, |
577 |
),
|
|
578 |
'schema' => array(
|
|
579 |
],
|
|
580 |
'schema' => [
|
|
579 | 581 |
'type' => 'int', |
580 | 582 |
'size' => 'tiny', |
581 | 583 |
'not null' => FALSE, |
582 | 584 |
'default' => 0, |
583 |
),
|
|
584 |
),
|
|
585 |
],
|
|
586 |
],
|
|
585 | 587 |
|
586 |
'ldap_type' => array(
|
|
587 |
'form' => array(
|
|
588 |
'ldap_type' => [
|
|
589 |
'form' => [
|
|
588 | 590 |
'fieldset' => 'server', |
589 | 591 |
'#type' => 'select', |
590 | 592 |
'#options' => ldap_servers_ldaps_option_array(), |
591 | 593 |
'#title' => t('LDAP Server Type'), |
592 | 594 |
'#description' => t('This field is informative. It\'s purpose is to assist with default values and give validation warnings.'), |
593 |
),
|
|
594 |
'schema' => array(
|
|
595 |
],
|
|
596 |
'schema' => [
|
|
595 | 597 |
'type' => 'varchar', |
596 | 598 |
'length' => 20, |
597 | 599 |
'not null' => FALSE, |
598 |
),
|
|
599 |
),
|
|
600 |
],
|
|
601 |
],
|
|
600 | 602 |
|
601 |
'address' => array(
|
|
602 |
'form' => array(
|
|
603 |
'address' => [
|
|
604 |
'form' => [
|
|
603 | 605 |
'fieldset' => 'server', |
604 | 606 |
'#type' => 'textfield', |
605 | 607 |
'#title' => t('LDAP server'), |
606 | 608 |
'#description' => t('The domain name or IP address of your LDAP Server such as "ad.unm.edu". For SSL |
607 | 609 |
use the form ldaps://DOMAIN such as "ldaps://ad.unm.edu"'), |
608 | 610 |
'#size' => 50, |
609 |
),
|
|
610 |
'schema' => array(
|
|
611 |
],
|
|
612 |
'schema' => [
|
|
611 | 613 |
'type' => 'varchar', |
612 | 614 |
'length' => 255, |
613 | 615 |
'not null' => FALSE, |
614 |
),
|
|
615 |
),
|
|
616 |
],
|
|
617 |
],
|
|
616 | 618 |
|
617 |
'port' => array(
|
|
618 |
'form' => array(
|
|
619 |
'port' => [
|
|
620 |
'form' => [
|
|
619 | 621 |
'fieldset' => 'server', |
620 | 622 |
'#type' => 'textfield', |
621 | 623 |
'#title' => t('LDAP port'), |
622 | 624 |
'#size' => 5, |
623 | 625 |
'#description' => t('The TCP/IP port on the above server which accepts LDAP connections. Must be an integer.'), |
624 |
),
|
|
625 |
'schema' => array(
|
|
626 |
],
|
|
627 |
'schema' => [
|
|
626 | 628 |
'type' => 'int', |
627 | 629 |
'not null' => FALSE, |
628 | 630 |
'default' => 389, |
629 |
),
|
|
630 |
),
|
|
631 |
],
|
|
632 |
],
|
|
631 | 633 |
|
632 |
'tls' => array(
|
|
633 |
'form' => array(
|
|
634 |
'tls' => [
|
|
635 |
'form' => [
|
|
634 | 636 |
'fieldset' => 'server', |
635 | 637 |
'#type' => 'checkbox', |
636 | 638 |
'#title' => t('Use Start-TLS'), |
637 | 639 |
'#description' => t('Secure the connection between the Drupal and the LDAP servers using TLS.<br /><em>Note: To use START-TLS, you must set the LDAP Port to 389.</em>'), |
638 |
),
|
|
639 |
'schema' => array(
|
|
640 |
],
|
|
641 |
'schema' => [
|
|
640 | 642 |
'type' => 'int', |
641 | 643 |
'size' => 'tiny', |
642 | 644 |
'not null' => FALSE, |
643 | 645 |
'default' => 0, |
644 |
),
|
|
645 |
),
|
|
646 |
|
|
647 |
'followrefs' => array(
|
|
648 |
'form' => array(
|
|
649 |
'fieldset' => 'server',
|
|
650 |
'#type' => 'checkbox',
|
|
651 |
'#title' => t('Follow LDAP Referrals'),
|
|
652 |
'#description' => t('Makes the LDAP client follow referrals (in the responses from the LDAP server) to other LDAP servers. This requires that the Bind Settings you give, is ALSO valid on these other servers.'),
|
|
653 |
),
|
|
654 |
'schema' => array(
|
|
655 |
'type' => 'int',
|
|
656 |
'size' => 'tiny',
|
|
657 |
'not null' => FALSE,
|
|
658 |
'default' => 0,
|
|
659 |
),
|
|
660 |
),
|
|
661 |
|
|
662 |
'bind_method' => array(
|
|
663 |
'form' => array(
|
|
646 |
],
|
|
647 |
],
|
|
648 |
|
|
649 |
'followrefs' => [
|
|
650 |
'form' => [
|
|
651 |
'fieldset' => 'server', |
|
652 |
'#type' => 'checkbox', |
|
653 |
'#title' => t('Follow LDAP Referrals'), |
|
654 |
'#description' => t('Makes the LDAP client follow referrals (in the responses from the LDAP server) to other LDAP servers. This requires that the Bind Settings you give, is ALSO valid on these other servers.'), |
|
655 |
],
|
|
656 |
'schema' => [
|
|
657 |
'type' => 'int', |
|
658 |
'size' => 'tiny', |
|
659 |
'not null' => FALSE, |
|
660 |
'default' => 0, |
|
661 |
],
|
|
662 |
],
|
|
663 |
|
|
664 |
'bind_method' => [
|
|
665 |
'form' => [
|
|
664 | 666 |
'fieldset' => 'bind_method', |
665 | 667 |
'#type' => 'radios', |
666 | 668 |
'#title' => t('Binding Method for Searches (such as finding user object or their group memberships)'), |
667 |
'#options' => array(
|
|
669 |
'#options' => [
|
|
668 | 670 |
LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT => t('Service Account Bind: Use credentials in the |
669 | 671 |
<strong>Service Account</strong> field to bind to LDAP. <em>This option is usually a best practice.</em>'), |
670 | 672 |
|
... | ... | |
683 | 685 |
|
684 | 686 |
LDAP_SERVERS_BIND_METHOD_ANON => t('Anonymous Bind: Use no credentials to bind to LDAP server.<br/> |
685 | 687 |
<em>This option will not work on most LDAPS connections.</em>'), |
686 |
),
|
|
687 |
),
|
|
688 |
'schema' => array(
|
|
688 |
],
|
|
689 |
],
|
|
690 |
'schema' => [
|
|
689 | 691 |
'type' => 'int', |
690 | 692 |
'size' => 'small', |
691 | 693 |
'not null' => FALSE, |
692 | 694 |
'default' => 0, |
693 | 695 |
'boolean' => FALSE, |
694 |
),
|
|
695 |
),
|
|
696 |
|
|
697 |
'binding_service_acct' => array(
|
|
698 |
'form' => array(
|
|
699 |
'fieldset' => 'bind_method', |
|
700 |
'#type' => 'markup', |
|
701 |
'#markup' => t('<label>Service Account</label> Some LDAP configurations |
|
696 |
],
|
|
697 |
],
|
|
698 |
|
|
699 |
'binding_service_acct' => [
|
|
700 |
'form' => [
|
|
701 |
'fieldset' => 'bind_method',
|
|
702 |
'#type' => 'markup',
|
|
703 |
'#markup' => t('<label>Service Account</label> Some LDAP configurations
|
|
702 | 704 |
prohibit or restrict the results of anonymous searches. These LDAPs require a DN//password pair |
703 | 705 |
for binding. For security reasons, this pair should belong to an |
704 | 706 |
LDAP account with stripped down permissions. |
705 | 707 |
This is also required for provisioning LDAP accounts and groups!'), |
706 |
), |
|
707 |
), |
|
708 |
|
|
708 |
], |
|
709 |
], |
|
709 | 710 |
|
710 |
'binddn' => array(
|
|
711 |
'form' => array(
|
|
711 |
'binddn' => [
|
|
712 |
'form' => [
|
|
712 | 713 |
'fieldset' => 'bind_method', |
713 | 714 |
'#type' => 'textfield', |
714 | 715 |
'#title' => t('DN for non-anonymous search'), |
715 | 716 |
'#size' => 80, |
716 |
'#states' => array(
|
|
717 |
'enabled' => array( // action to take.
|
|
718 |
':input[name=bind_method]' => array('value' => (string)LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT),
|
|
719 |
),
|
|
720 |
),
|
|
721 |
),
|
|
722 |
'schema' => array(
|
|
717 |
'#states' => [
|
|
718 |
'enabled' => [
|
|
719 |
':input[name=bind_method]' => ['value' => (string) LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT],
|
|
720 |
],
|
|
721 |
],
|
|
722 |
],
|
|
723 |
'schema' => [
|
|
723 | 724 |
'type' => 'varchar', |
724 | 725 |
'length' => 511, |
725 |
),
|
|
726 |
),
|
|
726 |
],
|
|
727 |
],
|
|
727 | 728 |
|
728 |
'bindpw' => array(
|
|
729 |
'form' => array(
|
|
729 |
'bindpw' => [
|
|
730 |
'form' => [
|
|
730 | 731 |
'fieldset' => 'bind_method', |
731 | 732 |
'#type' => 'password', |
732 | 733 |
'#title' => t('Password for non-anonymous search'), |
733 | 734 |
'#size' => 20, |
734 |
'#states' => array(
|
|
735 |
'enabled' => array( // action to take.
|
|
736 |
':input[name=bind_method]' => array('value' => (string)LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT),
|
|
737 |
),
|
|
738 |
),
|
|
739 |
),
|
|
740 |
'schema' => array(
|
|
735 |
'#states' => [
|
|
736 |
'enabled' => [
|
|
737 |
':input[name=bind_method]' => ['value' => (string) LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT],
|
|
738 |
],
|
|
739 |
],
|
|
740 |
],
|
|
741 |
'schema' => [
|
|
741 | 742 |
'type' => 'varchar', |
742 | 743 |
'length' => 255, |
743 |
),
|
|
744 |
),
|
|
744 |
],
|
|
745 |
],
|
|
745 | 746 |
|
746 |
'clear_bindpw' => array(
|
|
747 |
'form' => array(
|
|
747 |
'clear_bindpw' => [
|
|
748 |
'form' => [
|
|
748 | 749 |
'fieldset' => 'bind_method', |
749 | 750 |
'#type' => 'checkbox', |
750 | 751 |
'#title' => t('Clear existing password from database. Check this when switching away from Service Account Binding.'), |
751 | 752 |
'#default_value' => 0, |
752 |
),
|
|
753 |
),
|
|
753 |
],
|
|
754 |
],
|
|
754 | 755 |
|
755 |
'basedn' => array(
|
|
756 |
'form' => array(
|
|
756 |
'basedn' => [
|
|
757 |
'form' => [
|
|
757 | 758 |
'fieldset' => 'users', |
758 | 759 |
'#type' => 'textarea', |
759 | 760 |
'#cols' => 50, |
... | ... | |
764 | 765 |
Keep in mind that every additional basedn likely doubles the number of queries. Place the |
765 | 766 |
more heavily used one first and consider using one higher base DN rather than 2 or more lower base DNs. |
766 | 767 |
Enter one per line in case if you need more than one.') . '</div>', |
767 |
),
|
|
768 |
'schema' => array(
|
|
768 |
],
|
|
769 |
'schema' => [
|
|
769 | 770 |
'type' => 'text', |
770 | 771 |
'serialize' => TRUE, |
771 |
),
|
|
772 |
),
|
|
772 |
],
|
|
773 |
],
|
|
773 | 774 |
|
774 |
'user_attr' => array(
|
|
775 |
'form' => array(
|
|
775 |
'user_attr' => [
|
|
776 |
'form' => [
|
|
776 | 777 |
'fieldset' => 'users', |
777 | 778 |
'#type' => 'textfield', |
778 | 779 |
'#size' => 30, |
779 | 780 |
'#title' => t('AuthName attribute'), |
780 | 781 |
'#description' => t('The attribute that holds the users\' login name. (eg. <code>cn</code> for eDir or <code>sAMAccountName</code> for Active Directory).'), |
781 |
),
|
|
782 |
'schema' => array(
|
|
782 |
],
|
|
783 |
'schema' => [
|
|
783 | 784 |
'type' => 'varchar', |
784 | 785 |
'length' => 255, |
785 | 786 |
'not null' => FALSE, |
786 |
),
|
|
787 |
),
|
|
787 |
],
|
|
788 |
],
|
|
788 | 789 |
|
789 |
'account_name_attr' => array(
|
|
790 |
'form' => array(
|
|
790 |
'account_name_attr' => [
|
|
791 |
'form' => [
|
|
791 | 792 |
'fieldset' => 'users', |
792 | 793 |
'#type' => 'textfield', |
793 | 794 |
'#size' => 30, |
794 | 795 |
'#title' => t('AccountName attribute'), |
795 | 796 |
'#description' => t('The attribute that holds the unique account name. Defaults to the same as the AuthName attribute.'), |
796 |
),
|
|
797 |
'schema' => array(
|
|
797 |
],
|
|
798 |
'schema' => [
|
|
798 | 799 |
'type' => 'varchar', |
799 | 800 |
'length' => 255, |
800 | 801 |
'not null' => FALSE, |
801 | 802 |
'default' => '', |
802 |
),
|
|
803 |
),
|
|
803 |
],
|
|
804 |
],
|
|
804 | 805 |
|
805 |
'mail_attr' => array(
|
|
806 |
'form' => array(
|
|
806 |
'mail_attr' => [
|
|
807 |
'form' => [
|
|
807 | 808 |
'fieldset' => 'users', |
808 | 809 |
'#type' => 'textfield', |
809 | 810 |
'#size' => 30, |
810 | 811 |
'#title' => t('Email attribute'), |
811 | 812 |
'#description' => t('The attribute that holds the users\' email address. (eg. <code>mail</code>). Leave empty if no such attribute exists'), |
812 |
),
|
|
813 |
'schema' => array(
|
|
813 |
],
|
|
814 |
'schema' => [
|
|
814 | 815 |
'type' => 'varchar', |
815 | 816 |
'length' => 255, |
816 | 817 |
'not null' => FALSE, |
817 |
),
|
|
818 |
),
|
|
818 |
],
|
|
819 |
],
|
|
819 | 820 |
|
820 |
'mail_template' => array(
|
|
821 |
'form' => array(
|
|
821 |
'mail_template' => [
|
|
822 |
'form' => [
|
|
822 | 823 |
'fieldset' => 'users', |
823 | 824 |
'#type' => 'textfield', |
824 | 825 |
'#size' => 30, |
... | ... | |
829 | 830 |
such as <code>[cn]@mycompany.com</code>. |
830 | 831 |
See http://drupal.org/node/997082 for additional documentation on ldap tokens. |
831 | 832 |
'), |
832 |
),
|
|
833 |
'schema' => array(
|
|
833 |
],
|
|
834 |
'schema' => [
|
|
834 | 835 |
'type' => 'varchar', |
835 | 836 |
'length' => 255, |
836 | 837 |
'not null' => FALSE, |
837 |
),
|
|
838 |
),
|
|
839 |
|
|
840 |
'picture_attr' => array(
|
|
841 |
'form' => array(
|
|
842 |
'fieldset' => 'users',
|
|
843 |
'#type' => 'textfield',
|
|
844 |
'#size' => 30,
|
|
845 |
'#title' => t('Thumbnail attribute'),
|
|
846 |
'#description' => t('The attribute that holds the users\' thumnail image. (eg. <code>thumbnailPhoto</code>). Leave empty if no such attribute exists'),
|
|
847 |
),
|
|
848 |
'schema' => array(
|
|
849 |
'type' => 'varchar',
|
|
850 |
'length' => 255,
|
|
851 |
'not null' => FALSE,
|
|
852 |
),
|
|
853 |
),
|
|
854 |
|
|
855 |
'unique_persistent_attr' => array(
|
|
856 |
'form' => array(
|
|
838 |
],
|
|
839 |
],
|
|
840 |
|
|
841 |
'picture_attr' => [
|
|
842 |
'form' => [
|
|
843 |
'fieldset' => 'users',
|
|
844 |
'#type' => 'textfield',
|
|
845 |
'#size' => 30,
|
|
846 |
'#title' => t('Thumbnail attribute'),
|
|
847 |
'#description' => t('The attribute that holds the users\' thumnail image. (eg. <code>thumbnailPhoto</code>). Leave empty if no such attribute exists'),
|
|
848 |
],
|
|
849 |
'schema' => [
|
|
850 |
'type' => 'varchar',
|
|
851 |
'length' => 255,
|
|
852 |
'not null' => FALSE,
|
|
853 |
],
|
|
854 |
],
|
|
855 |
|
|
856 |
'unique_persistent_attr' => [
|
|
857 |
'form' => [
|
|
857 | 858 |
'fieldset' => 'users', |
858 | 859 |
'#type' => 'textfield', |
859 | 860 |
'#size' => 30, |
... | ... | |
864 | 865 |
enter a unique and persistent ldap attribute for users. In cases |
865 | 866 |
where DN does not change, enter "dn" here. |
866 | 867 |
If no such attribute exists, leave this blank.' |
867 |
),
|
|
868 |
),
|
|
869 |
'schema' => array(
|
|
868 |
), |
|
869 |
],
|
|
870 |
'schema' => [
|
|
870 | 871 |
'type' => 'varchar', |
871 | 872 |
'length' => 64, |
872 | 873 |
'not null' => FALSE, |
873 |
),
|
|
874 |
),
|
|
874 |
],
|
|
875 |
],
|
|
875 | 876 |
|
876 |
'unique_persistent_attr_binary' => array(
|
|
877 |
'form' => array(
|
|
877 |
'unique_persistent_attr_binary' => [
|
|
878 |
'form' => [
|
|
878 | 879 |
'fieldset' => 'users', |
879 | 880 |
'#type' => 'checkbox', |
880 | 881 |
'#title' => t('Does the <em>Persistent and Unique User ID |
... | ... | |
883 | 884 |
attribute such as objectSid in ActiveDirectory for the PUID.<br> |
884 | 885 |
If you don\'t want this consider switching to another attribute, |
885 | 886 |
such as samaccountname.'), |
886 |
),
|
|
887 |
'schema' => array(
|
|
887 |
],
|
|
888 |
'schema' => [
|
|
888 | 889 |
'type' => 'int', |
889 | 890 |
'size' => 'tiny', |
890 | 891 |
'not null' => FALSE, |
891 | 892 |
'default' => 0, |
892 |
),
|
|
893 |
),
|
|
893 |
],
|
|
894 |
],
|
|
894 | 895 |
|
895 |
'user_dn_expression' => array(
|
|
896 |
'form' => array(
|
|
896 |
'user_dn_expression' => [
|
|
897 |
'form' => [
|
|
897 | 898 |
'fieldset' => 'users', |
898 | 899 |
'#type' => 'textfield', |
899 | 900 |
'#size' => 80, |
... | ... | |
902 | 903 |
Typically it will be:<br/> <code>cn=%username,%basedn</code> |
903 | 904 |
which might evaluate to <code>cn=jdoe,ou=campus accounts,dc=ad,dc=mycampus,dc=edu</code> |
904 | 905 |
Base DNs are entered above.'), |
905 |
),
|
|
906 |
'schema' => array(
|
|
906 |
],
|
|
907 |
'schema' => [
|
|
907 | 908 |
'type' => 'varchar', |
908 | 909 |
'length' => 255, |
909 | 910 |
'not null' => FALSE, |
910 |
),
|
|
911 |
),
|
|
911 |
],
|
|
912 |
],
|
|
912 | 913 |
|
913 |
'ldap_to_drupal_user' => array(
|
|
914 |
'form' => array(
|
|
914 |
'ldap_to_drupal_user' => [
|
|
915 |
'form' => [
|
|
915 | 916 |
'fieldset' => 'users', |
916 | 917 |
'#disabled' => (!module_exists('php')), |
917 | 918 |
'#type' => 'textarea', |
... | ... | |
925 | 926 |
Careful, bad PHP code here will break your site. If left empty, no name transformation will be done. |
926 | 927 |
<br/>Example:<br/>Given the user will logon with jdoe@xyz.com and you want the ldap UserName attribute to be |
927 | 928 |
jdoe.<br/><code>$parts = explode(\'@\', $name); if (count($parts) == 2) {print $parts[0]};</code>'), |
928 |
),
|
|
929 |
'schema' => array(
|
|
929 |
],
|
|
930 |
'schema' => [
|
|
930 | 931 |
'type' => 'varchar', |
931 | 932 |
'length' => 1024, |
932 | 933 |
'not null' => FALSE, |
933 |
),
|
|
934 |
),
|
|
934 |
],
|
|
935 |
],
|
|
935 | 936 |
|
936 |
'testing_drupal_username' => array(
|
|
937 |
'form' => array(
|
|
937 |
'testing_drupal_username' => [
|
|
938 |
'form' => [
|
|
938 | 939 |
'fieldset' => 'users', |
939 | 940 |
'#type' => 'textfield', |
940 | 941 |
'#size' => 30, |
941 | 942 |
'#title' => t('Testing Drupal Username'), |
942 | 943 |
'#description' => t('This is optional and used for testing this server\'s configuration against an actual username. The user need not exist in Drupal and testing will not affect the user\'s LDAP or Drupal Account.'), |
943 |
),
|
|
944 |
'schema' => array(
|
|
944 |
],
|
|
945 |
'schema' => [
|
|
945 | 946 |
'type' => 'varchar', |
946 | 947 |
'length' => 255, |
947 | 948 |
'not null' => FALSE, |
948 |
),
|
|
949 |
),
|
|
949 |
],
|
|
950 |
],
|
|
950 | 951 |
|
951 |
'testing_drupal_user_dn' => array(
|
|
952 |
'form' => array(
|
|
952 |
'testing_drupal_user_dn' => [
|
|
953 |
'form' => [
|
|
953 | 954 |
'fieldset' => 'users', |
954 | 955 |
'#type' => 'textfield', |
955 | 956 |
'#size' => 120, |
956 | 957 |
'#title' => t('DN of testing username, e.g. cn=hpotter,ou=people,dc=hogwarts,dc=edu'), |
957 | 958 |
'#description' => t('This is optional and used for testing this server\'s configuration against an actual username. The user need not exist in Drupal and testing will not affect the user\'s LDAP or Drupal Account.'), |
958 |
),
|
|
959 |
'schema' => array(
|
|
959 |
],
|
|
960 |
'schema' => [
|
|
960 | 961 |
'type' => 'varchar', |
961 | 962 |
'length' => 255, |
962 | 963 |
'not null' => FALSE, |
963 |
),
|
|
964 |
),
|
|
964 |
],
|
|
965 |
],
|
|
965 | 966 |
|
966 |
'grp_unused' => array(
|
|
967 |
'form' => array(
|
|
967 |
'grp_unused' => [
|
|
968 |
'form' => [
|
|
968 | 969 |
'fieldset' => 'groups', |
969 | 970 |
'#type' => 'checkbox', |
970 | 971 |
'#title' => t('Groups are not relevant to this Drupal site. This is generally true if LDAP Groups, LDAP Authorization, etc are not it use.'), |
971 | 972 |
'#disabled' => FALSE, |
972 |
),
|
|
973 |
'schema' => array(
|
|
973 |
],
|
|
974 |
'schema' => [
|
|
974 | 975 |
'type' => 'int', |
975 | 976 |
'size' => 'tiny', |
976 | 977 |
'not null' => FALSE, |
977 | 978 |
'default' => 0, |
978 |
),
|
|
979 |
),
|
|
979 |
],
|
|
980 |
],
|
|
980 | 981 |
|
981 |
'grp_object_cat' => array(
|
|
982 |
'form' => array(
|
|
982 |
'grp_object_cat' => [
|
|
983 |
'form' => [
|
|
983 | 984 |
'fieldset' => 'groups', |
984 | 985 |
'#type' => 'textfield', |
985 | 986 |
'#size' => 30, |
986 | 987 |
'#title' => t('Name of Group Object Class'), |
987 | 988 |
'#description' => t('e.g. groupOfNames, groupOfUniqueNames, group.'), |
988 |
'#states' => array(
|
|
989 |
'visible' => array( // action to take.
|
|
990 |
':input[name=grp_unused]' => array('checked' => FALSE),
|
|
991 |
),
|
|
992 |
),
|
|
993 |
),
|
|
994 |
'schema' => array(
|
|
989 |
'#states' => [
|
|
990 |
'visible' => [
|
|
991 |
':input[name=grp_unused]' => ['checked' => FALSE],
|
|
992 |
],
|
|
993 |
],
|
|
994 |
],
|
|
995 |
'schema' => [
|
|
995 | 996 |
'type' => 'varchar', |
996 | 997 |
'length' => 64, |
997 | 998 |
'not null' => FALSE, |
998 |
),
|
|
999 |
),
|
|
999 |
],
|
|
1000 |
],
|
|
1000 | 1001 |
|
1001 |
'grp_nested' => array(
|
|
1002 |
'form' => array(
|
|
1002 |
'grp_nested' => [
|
|
1003 |
'form' => [
|
|
1003 | 1004 |
'fieldset' => 'groups', |
1004 | 1005 |
'#type' => 'checkbox', |
1005 | 1006 |
'#title' => t('Nested groups are used in my LDAP'), |
... | ... | |
1007 | 1008 |
'#description' => t('If a user is a member of group A and group A is a member of group B, |
1008 | 1009 |
user should be considered to be in group A and B. If your LDAP has nested groups, but you |
1009 | 1010 |
want to ignore nesting, leave this unchecked.'), |
1010 |
'#states' => array(
|
|
1011 |
'visible' => array( // action to take.
|
|
1012 |
':input[name=grp_unused]' => array('checked' => FALSE),
|
|
1013 |
),
|
|
1014 |
),
|
|
1015 |
),
|
|
1016 |
'schema' => array(
|
|
1011 |
'#states' => [
|
|
1012 |
'visible' => [
|
|
1013 |
':input[name=grp_unused]' => ['checked' => FALSE],
|
|
1014 |
],
|
|
1015 |
],
|
|
1016 |
],
|
|
1017 |
'schema' => [
|
|
1017 | 1018 |
'type' => 'int', |
1018 | 1019 |
'size' => 'tiny', |
1019 | 1020 |
'not null' => FALSE, |
1020 | 1021 |
'default' => 0, |
1021 |
),
|
|
1022 |
),
|
|
1022 |
],
|
|
1023 |
],
|
|
1023 | 1024 |
|
1024 |
'grp_user_memb_attr_exists' => array(
|
|
1025 |
'form' => array(
|
|
1025 |
'grp_user_memb_attr_exists' => [
|
|
1026 |
'form' => [
|
|
1026 | 1027 |
'fieldset' => 'groups', |
1027 | 1028 |
'#type' => 'checkbox', |
1028 | 1029 |
'#title' => t('A user LDAP attribute such as <code>memberOf</code> exists that contains a list of their groups. |
1029 | 1030 |
Active Directory and openLdap with memberOf overlay fit this model.'), |
1030 | 1031 |
'#disabled' => FALSE, |
1031 |
'#states' => array(
|
|
1032 |
'visible' => array( // action to take.
|
|
1033 |
':input[name=grp_unused]' => array('checked' => FALSE),
|
|
1034 |
),
|
|
1035 |
),
|
|
1036 |
),
|
|
1037 |
'schema' => array(
|
|
1032 |
'#states' => [
|
|
1033 |
'visible' => [
|
|
1034 |
':input[name=grp_unused]' => ['checked' => FALSE],
|
|
1035 |
],
|
|
1036 |
],
|
|
1037 |
],
|
|
1038 |
'schema' => [
|
|
1038 | 1039 |
'type' => 'int', |
1039 | 1040 |
'size' => 'tiny', |
1040 | 1041 |
'not null' => FALSE, |
1041 | 1042 |
'default' => 0, |
1042 |
),
|
|
1043 |
),
|
|
1043 |
],
|
|
1044 |
],
|
|
1044 | 1045 |
|
1045 |
'grp_user_memb_attr' => array(
|
|
1046 |
'form' => array(
|
|
1046 |
'grp_user_memb_attr' => [
|
|
1047 |
'form' => [
|
|
1047 | 1048 |
'fieldset' => 'groups', |
1048 | 1049 |
'#type' => 'textfield', |
1049 | 1050 |
'#size' => 30, |
1050 | 1051 |
'#title' => t('Attribute in User Entry Containing Groups'), |
1051 | 1052 |
'#description' => t('e.g. memberOf'), |
1052 |
'#states' => array(
|
|
1053 |
'enabled' => array( // action to take.
|
|
1054 |
':input[name=grp_user_memb_attr_exists]' => array('checked' => TRUE),
|
|
1055 |
),
|
|
1056 |
'visible' => array( // action to take.
|
|
1057 |
':input[name=grp_unused]' => array('checked' => FALSE),
|
|
1058 |
),
|
|
1059 |
),
|
|
1060 |
),
|
|
1061 |
'schema' => array(
|
|
1053 |
'#states' => [
|
|
1054 |
'enabled' => [
|
|
1055 |
':input[name=grp_user_memb_attr_exists]' => ['checked' => TRUE],
|
|
1056 |
],
|
|
1057 |
'visible' => [
|
|
1058 |
':input[name=grp_unused]' => ['checked' => FALSE],
|
|
1059 |
],
|
|
1060 |
],
|
|
1061 |
],
|
|
1062 |
'schema' => [
|
|
1062 | 1063 |
'type' => 'varchar', |
1063 | 1064 |
'length' => 255, |
1064 | 1065 |
'not null' => FALSE, |
1065 |
),
|
|
1066 |
),
|
|
1066 |
],
|
|
1067 |
],
|
|
1067 | 1068 |
|
1068 |
'grp_memb_attr' => array(
|
|
1069 |
'form' => array(
|
|
1069 |
'grp_memb_attr' => [
|
|
1070 |
'form' => [
|
|
1070 | 1071 |
'fieldset' => 'groups', |
1071 | 1072 |
'#type' => 'textfield', |
1072 | 1073 |
'#size' => 30, |
1073 | 1074 |
'#title' => t('LDAP Group Entry Attribute Holding User\'s DN, CN, etc.'), |
1074 | 1075 |
'#description' => t('e.g uniquemember, memberUid'), |
1075 |
'#states' => array(
|
|
1076 |
'visible' => array( // action to take.
|
|
1077 |
':input[name=grp_unused]' => array('checked' => FALSE),
|
|
1078 |
),
|
|
1079 |
),
|
|
1080 |
),
|
|
1081 |
'schema' => array(
|
|
1076 |
'#states' => [
|
|
1077 |
'visible' => [
|
|
1078 |
':input[name=grp_unused]' => ['checked' => FALSE],
|
|
1079 |
],
|
|
1080 |
],
|
|
1081 |
],
|
|
1082 |
'schema' => [
|
|
1082 | 1083 |
'type' => 'varchar', |
1083 | 1084 |
'length' => 255, |
1084 | 1085 |
'not null' => FALSE, |
1085 |
),
|
|
1086 |
),
|
|
1086 |
],
|
|
1087 |
],
|
|
1087 | 1088 |
|
1088 |
'grp_memb_attr_match_user_attr' => array(
|
|
1089 |
'form' => array(
|
|
1089 |
'grp_memb_attr_match_user_attr' => [
|
|
1090 |
'form' => [
|
|
1090 | 1091 |
'fieldset' => 'groups', |
1091 | 1092 |
'#type' => 'textfield', |
1092 | 1093 |
'#size' => 30, |
1093 | 1094 |
'#title' => t('User attribute held in "LDAP Group Entry Attribute Holding..."'), |
1094 | 1095 |
'#description' => t('This is almost always "dn" (which technically isn\'t an attribute). Sometimes its "cn".'), |
1095 |
'#states' => array(
|
|
1096 |
'visible' => array( // action to take.
|
|
1097 |
':input[name=grp_unused]' => array('checked' => FALSE),
|
|
1098 |
),
|
|
1099 |
),
|
|
1100 |
),
|
|
1101 |
'schema' => array(
|
|
1096 |
'#states' => [
|
|
1097 |
'visible' => [
|
|
1098 |
':input[name=grp_unused]' => ['checked' => FALSE],
|
|
1099 |
],
|
|
1100 |
],
|
|
1101 |
],
|
|
1102 |
'schema' => [
|
|
1102 | 1103 |
'type' => 'varchar', |
1103 | 1104 |
'length' => 255, |
1104 | 1105 |
'not null' => FALSE, |
1105 |
),
|
|
1106 |
),
|
|
1106 |
],
|
|
1107 |
],
|
|
1107 | 1108 |
|
1108 |
'grp_derive_from_dn' => array(
|
|
1109 |
'form' => array(
|
|
1109 |
'grp_derive_from_dn' => [
|
|
1110 |
'form' => [
|
|
1110 | 1111 |
'fieldset' => 'groups', |
1111 | 1112 |
'#type' => 'checkbox', |
1112 | 1113 |
'#title' => t('Groups are derived from user\'s LDAP entry DN.') . '<em>' . |
1113 |
t('This
|
|
1114 |
t('This |
|
1114 | 1115 |
group definition has very limited functionality and most modules will |
1115 | 1116 |
not take this into account. LDAP Authorization will.') . '</em>', |
1116 | 1117 |
'#disabled' => FALSE, |
1117 |
'#states' => array(
|
|
1118 |
'visible' => array( // action to take.
|
|
1119 |
':input[name=grp_unused]' => array('checked' => FALSE),
|
|
1120 |
),
|
|
1121 |
),
|
|
1122 |
),
|
|
1123 |
'schema' => array(
|
|
1118 |
'#states' => [
|
|
1119 |
'visible' => [
|
|
1120 |
':input[name=grp_unused]' => ['checked' => FALSE],
|
|
1121 |
],
|
|
1122 |
],
|
|
1123 |
],
|
|
1124 |
'schema' => [
|
|
1124 | 1125 |
'type' => 'int', |
1125 | 1126 |
'size' => 'tiny', |
1126 | 1127 |
'not null' => FALSE, |
1127 | 1128 |
'default' => 0, |
1128 |
),
|
|
1129 |
),
|
|
1129 |
],
|
|
1130 |
],
|
|
1130 | 1131 |
|
1131 |
'grp_derive_from_dn_attr' => array(
|
|
1132 |
'form' => array(
|
|
1132 |
'grp_derive_from_dn_attr' => [
|
|
1133 |
'form' => [
|
|
1133 | 1134 |
'fieldset' => 'groups', |
1134 | 1135 |
'#type' => 'textfield', |
1135 | 1136 |
'#size' => 30, |
1136 | 1137 |
'#title' => t('Attribute of the User\'s LDAP Entry DN which contains the group'), |
1137 | 1138 |
'#description' => t('e.g. ou'), |
1138 |
'#states' => array(
|
|
1139 |
'enabled' => array( // action to take.
|
|
1140 |
':input[name=grp_derive_from_dn]' => array('checked' => TRUE),
|
|
1141 |
),
|
|
1142 |
'visible' => array( // action to take.
|
|
1143 |
':input[name=grp_unused]' => array('checked' => FALSE),
|
|
1144 |
),
|
|
1145 |
),
|
|
1146 |
),
|
|
1147 |
'schema' => array(
|
|
1139 |
'#states' => [
|
|
1140 |
'enabled' => [
|
|
1141 |
':input[name=grp_derive_from_dn]' => ['checked' => TRUE],
|
|
1142 |
],
|
|
1143 |
'visible' => [
|
|
1144 |
':input[name=grp_unused]' => ['checked' => FALSE],
|
|
1145 |
],
|
|
1146 |
],
|
|
1147 |
],
|
|
1148 |
'schema' => [
|
|
1148 | 1149 |
'type' => 'varchar', |
1149 | 1150 |
'length' => 255, |
1150 | 1151 |
'not null' => FALSE, |
1151 |
),
|
|
1152 |
),
|
|
1152 |
],
|
|
1153 |
],
|
|
1153 | 1154 |
|
1154 |
'grp_test_grp_dn' => array(
|
|
1155 |
'form' => array(
|
|
1155 |
'grp_test_grp_dn' => [
|
|
1156 |
'form' => [
|
|
1156 | 1157 |
'fieldset' => 'groups', |
Formats disponibles : Unified diff
Weekly update of contrib modules