Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_user/LdapUserConfAdmin.class.php | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* This classextends by LdapUserConf for configuration and other admin functions |
|
5 |
* This classextends by LdapUserConf for configuration and other admin functions.
|
|
6 | 6 |
*/ |
7 | 7 |
|
8 | 8 |
module_load_include('php', 'ldap_user', 'LdapUserConf.class'); |
9 | 9 |
module_load_include('inc', 'user', 'user.pages'); |
10 |
|
|
10 |
/** |
|
11 |
* |
|
12 |
*/ |
|
11 | 13 |
class LdapUserConfAdmin extends LdapUserConf { |
12 | 14 |
|
13 | 15 |
/** |
14 |
* basic settings
|
|
16 |
* Basic settings.
|
|
15 | 17 |
*/ |
16 | 18 |
|
17 | 19 |
protected $drupalAcctProvisionServerDescription; |
18 |
protected $drupalAcctProvisionServerOptions = array();
|
|
19 |
protected $ldapEntryProvisionServerOptions = array();
|
|
20 |
protected $drupalAcctProvisionServerOptions = [];
|
|
21 |
protected $ldapEntryProvisionServerOptions = [];
|
|
20 | 22 |
|
21 | 23 |
protected $drupalAccountProvisionEventsDescription; |
22 |
protected $drupalAccountProvisionEventsOptions = array();
|
|
24 |
protected $drupalAccountProvisionEventsOptions = [];
|
|
23 | 25 |
|
24 | 26 |
protected $ldapEntryProvisionTriggersDescription; |
25 |
protected $ldapEntryProvisionTriggersOptions = array();
|
|
27 |
protected $ldapEntryProvisionTriggersOptions = [];
|
|
26 | 28 |
|
27 | 29 |
protected $synchFormRow = 0; |
28 | 30 |
|
29 |
/* |
|
30 |
* 3. Drupal Account Provisioning and Syncing |
|
31 |
/**
|
|
32 |
* 3. Drupal Account Provisioning and Syncing.
|
|
31 | 33 |
*/ |
34 |
|
|
32 | 35 |
public $userConflictResolveDescription; |
33 | 36 |
public $userConflictResolveDefault = LDAP_USER_CONFLICT_RESOLVE_DEFAULT; |
34 | 37 |
public $userConflictOptions; |
... | ... | |
45 | 48 |
public $hasError = FALSE; |
46 | 49 |
public $errorName = NULL; |
47 | 50 |
|
51 |
/** |
|
52 |
* |
|
53 |
*/ |
|
48 | 54 |
public function clearError() { |
49 | 55 |
$this->hasError = FALSE; |
50 | 56 |
$this->errorMsg = NULL; |
51 | 57 |
$this->errorName = NULL; |
52 | 58 |
} |
53 | 59 |
|
60 |
/** |
|
61 |
* |
|
62 |
*/ |
|
54 | 63 |
public function save() { |
55 | 64 |
foreach ($this->saveable as $property) { |
56 | 65 |
$save[$property] = $this->{$property}; |
... | ... | |
59 | 68 |
ldap_user_conf_cache_clear(); |
60 | 69 |
} |
61 | 70 |
|
62 |
static public function uninstall() { |
|
71 |
/** |
|
72 |
* |
|
73 |
*/ |
|
74 |
public static function uninstall() { |
|
63 | 75 |
variable_del('ldap_user_conf'); |
64 | 76 |
} |
65 | 77 |
|
78 |
/** |
|
79 |
* |
|
80 |
*/ |
|
66 | 81 |
public function __construct() { |
67 | 82 |
parent::__construct(); |
68 | 83 |
$this->setTranslatableProperties(); |
... | ... | |
80 | 95 |
|
81 | 96 |
} |
82 | 97 |
|
83 |
|
|
84 |
/** |
|
85 |
* generate admin form for ldapUserConf object |
|
86 |
* |
|
87 |
* @return array $form as drupal form api form array |
|
88 |
*/ |
|
98 |
/** |
|
99 |
* Generate admin form for ldapUserConf object. |
|
100 |
* |
|
101 |
* @return array $form as drupal form api form array |
|
102 |
*/ |
|
89 | 103 |
public function drupalForm() { |
90 | 104 |
if (count($this->drupalAcctProvisionServerOptions) == 0) { |
91 | 105 |
$message = ldap_servers_no_enabled_servers_msg('configure LDAP User'); |
92 |
$form['intro'] = array(
|
|
106 |
$form['intro'] = [
|
|
93 | 107 |
'#type' => 'item', |
94 | 108 |
'#markup' => t('<h1>LDAP User Settings</h1>') . $message, |
95 |
);
|
|
109 |
];
|
|
96 | 110 |
return $form; |
97 | 111 |
} |
98 |
$form['#storage'] = array();
|
|
112 |
$form['#storage'] = [];
|
|
99 | 113 |
$form['#theme'] = 'ldap_user_conf_form'; |
100 | 114 |
|
101 |
$form['intro'] = array(
|
|
115 |
$form['intro'] = [
|
|
102 | 116 |
'#type' => 'item', |
103 | 117 |
'#markup' => t('<h1>LDAP User Settings</h1>'), |
104 |
);
|
|
118 |
];
|
|
105 | 119 |
|
106 |
$form['manual_drupal_account_editing'] = array(
|
|
120 |
$form['manual_drupal_account_editing'] = [
|
|
107 | 121 |
'#type' => 'fieldset', |
108 | 122 |
'#title' => t('Manual Drupal Account Creation and Updates'), |
109 | 123 |
'#collapsible' => TRUE, |
110 | 124 |
'#collapsed' => FALSE, |
111 |
);
|
|
125 |
];
|
|
112 | 126 |
|
113 |
$form['manual_drupal_account_editing']['manualAccountConflict'] = array(
|
|
127 |
$form['manual_drupal_account_editing']['manualAccountConflict'] = [
|
|
114 | 128 |
'#type' => 'radios', |
115 | 129 |
'#options' => $this->manualAccountConflictOptions, |
116 | 130 |
'#title' => t('How to resolve LDAP conflicts with manually created Drupal accounts.'), |
117 | 131 |
'#description' => t('This applies only to accounts created manually through admin/people/create |
118 | 132 |
for which an LDAP entry can be found on the LDAP server selected in "LDAP Servers Providing Provisioning Data"'), |
119 | 133 |
'#default_value' => $this->manualAccountConflict, |
120 |
);
|
|
134 |
];
|
|
121 | 135 |
|
122 |
$form['basic_to_drupal'] = array(
|
|
136 |
$form['basic_to_drupal'] = [
|
|
123 | 137 |
'#type' => 'fieldset', |
124 | 138 |
'#title' => t('Basic Provisioning to Drupal Account Settings'), |
125 | 139 |
'#collapsible' => TRUE, |
126 | 140 |
'#collapsed' => FALSE, |
127 |
);
|
|
141 |
];
|
|
128 | 142 |
|
129 | 143 |
$default_value = ($this->drupalAcctProvisionServer) ? $this->drupalAcctProvisionServer : 'none'; |
130 |
$form['basic_to_drupal']['drupalAcctProvisionServer'] = array(
|
|
144 |
$form['basic_to_drupal']['drupalAcctProvisionServer'] = [
|
|
131 | 145 |
'#type' => 'radios', |
132 | 146 |
'#title' => t('LDAP Servers Providing Provisioning Data'), |
133 | 147 |
'#required' => 1, |
134 | 148 |
'#default_value' => $default_value, |
135 | 149 |
'#options' => $this->drupalAcctProvisionServerOptions, |
136 | 150 |
'#description' => $this->drupalAcctProvisionServerDescription, |
137 |
'#states' => array( |
|
138 |
'enabled' => array( // action to take. |
|
139 |
':input[name=drupalAcctProvisionTriggers]' => array('value' => LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE), |
|
140 |
), |
|
141 |
), |
|
142 |
); |
|
143 |
|
|
144 |
|
|
145 |
$form['basic_to_drupal']['drupalAcctProvisionTriggers'] = array( |
|
151 |
'#states' => [ |
|
152 |
'enabled' => [ |
|
153 |
':input[name=drupalAcctProvisionTriggers]' => ['value' => LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE], |
|
154 |
], |
|
155 |
], |
|
156 |
]; |
|
157 |
|
|
158 |
$form['basic_to_drupal']['drupalAcctProvisionTriggers'] = [ |
|
146 | 159 |
'#type' => 'checkboxes', |
147 | 160 |
'#title' => t('Drupal Account Provisioning Events'), |
148 | 161 |
'#required' => FALSE, |
149 | 162 |
'#default_value' => $this->drupalAcctProvisionTriggers, |
150 | 163 |
'#options' => $this->drupalAccountProvisionEventsOptions, |
151 | 164 |
'#description' => $this->drupalAccountProvisionEventsDescription, |
152 |
);
|
|
165 |
];
|
|
153 | 166 |
|
154 |
$form['basic_to_drupal']['disableAdminPasswordField'] = array(
|
|
167 |
$form['basic_to_drupal']['disableAdminPasswordField'] = [
|
|
155 | 168 |
'#type' => 'checkbox', |
156 | 169 |
'#title' => t('Disable the password fields at /admin/create/people since the password is going to be randomly generated anyway. This is useful if you are synching data to Drupal from LDAP, and not bringing the user password from LDAP.'), |
157 | 170 |
'#default_value' => $this->disableAdminPasswordField, |
158 |
);
|
|
171 |
];
|
|
159 | 172 |
|
160 |
$form['basic_to_drupal']['userConflictResolve'] = array(
|
|
173 |
$form['basic_to_drupal']['userConflictResolve'] = [
|
|
161 | 174 |
'#type' => 'radios', |
162 | 175 |
'#title' => t('Existing Drupal User Account Conflict'), |
163 | 176 |
'#required' => 1, |
164 | 177 |
'#default_value' => $this->userConflictResolve, |
165 | 178 |
'#options' => $this->userConflictOptions, |
166 |
'#description' => t( $this->userConflictResolveDescription),
|
|
167 |
);
|
|
179 |
'#description' => t($this->userConflictResolveDescription), |
|
180 |
];
|
|
168 | 181 |
|
169 |
$form['basic_to_drupal']['accountsWithSameEmail'] = array(
|
|
182 |
$form['basic_to_drupal']['accountsWithSameEmail'] = [
|
|
170 | 183 |
'#type' => 'radios', |
171 | 184 |
'#title' => t('Existing Account with Same Email Address'), |
172 | 185 |
'#default_value' => $this->accountsWithSameEmail, |
173 | 186 |
'#options' => $this->accountsWithSameEmailOptions, |
174 | 187 |
'#description' => t($this->accountsWithSameEmailDescription), |
175 | 188 |
'#disabled' => (module_exists('sharedemail') === FALSE), |
176 |
);
|
|
189 |
];
|
|
177 | 190 |
|
178 |
$form['basic_to_drupal']['acctCreation'] = array(
|
|
191 |
$form['basic_to_drupal']['acctCreation'] = [
|
|
179 | 192 |
'#type' => 'radios', |
180 | 193 |
'#title' => t('Application of Drupal Account settings to LDAP Authenticated Users'), |
181 | 194 |
'#required' => 1, |
182 | 195 |
'#default_value' => $this->acctCreation, |
183 | 196 |
'#options' => $this->acctCreationOptions, |
184 | 197 |
'#description' => t($this->acctCreationDescription), |
185 |
);
|
|
198 |
];
|
|
186 | 199 |
|
187 |
$account_options = array();
|
|
200 |
$account_options = [];
|
|
188 | 201 |
$account_options['ldap_user_orphan_do_not_check'] = t('Do not check for orphaned Drupal accounts.'); |
189 | 202 |
$account_options['ldap_user_orphan_email'] = t('Perform no action, but email list of orphaned accounts. (All the other options will send email summaries also.)'); |
190 | 203 |
foreach (user_cancel_methods() as $option_name => $option) { |
191 | 204 |
$account_options[$option_name] = $option['#title']; |
192 | 205 |
} |
193 | 206 |
|
194 |
//@todo these 2 options are removed until this feature is better tested in |
|
207 |
// @todo these 2 options are removed until this feature is better tested in
|
|
195 | 208 |
// actual production environments; it has potentially disastrous effects |
196 | 209 |
unset($account_options['user_cancel_reassign']); |
197 | 210 |
unset($account_options['user_cancel_delete']); |
198 | 211 |
|
199 |
$form['basic_to_drupal']['orphanedDrupalAcctBehavior'] = array(
|
|
212 |
$form['basic_to_drupal']['orphanedDrupalAcctBehavior'] = [
|
|
200 | 213 |
'#type' => 'radios', |
201 | 214 |
'#title' => t('Action to perform on Drupal account that no longer have a |
202 | 215 |
corresponding LDAP entry'), |
... | ... | |
204 | 217 |
'#default_value' => $this->orphanedDrupalAcctBehavior, |
205 | 218 |
'#options' => $account_options, |
206 | 219 |
'#description' => t($this->orphanedDrupalAcctBehaviorDescription), |
207 |
);
|
|
220 |
];
|
|
208 | 221 |
|
209 |
|
|
210 |
$form['basic_to_drupal']['orphanedCheckQty'] = array( |
|
222 |
$form['basic_to_drupal']['orphanedCheckQty'] = [ |
|
211 | 223 |
'#type' => 'textfield', |
212 | 224 |
'#size' => 10, |
213 | 225 |
'#title' => t('Number of users to check each cron run.'), |
214 | 226 |
'#description' => t(''), |
215 | 227 |
'#default_value' => $this->orphanedCheckQty, |
216 | 228 |
'#required' => FALSE, |
217 |
);
|
|
229 |
];
|
|
218 | 230 |
|
219 |
|
|
220 |
$form['basic_to_ldap'] = array( |
|
231 |
$form['basic_to_ldap'] = [ |
|
221 | 232 |
'#type' => 'fieldset', |
222 | 233 |
'#title' => t('Basic Provisioning to LDAP Settings'), |
223 | 234 |
'#collapsible' => TRUE, |
224 | 235 |
'#collapsed' => !($this->ldapEntryProvisionServer), |
225 |
);
|
|
236 |
];
|
|
226 | 237 |
|
227 | 238 |
$default_value = ($this->ldapEntryProvisionServer) ? $this->ldapEntryProvisionServer : 'none'; |
228 |
$form['basic_to_ldap']['ldapEntryProvisionServer'] = array(
|
|
239 |
$form['basic_to_ldap']['ldapEntryProvisionServer'] = [
|
|
229 | 240 |
'#type' => 'radios', |
230 | 241 |
'#title' => t('LDAP Servers to Provision LDAP Entries on'), |
231 | 242 |
'#required' => 1, |
232 | 243 |
'#default_value' => $default_value, |
233 | 244 |
'#options' => $this->ldapEntryProvisionServerOptions, |
234 | 245 |
'#description' => $this->ldapEntryProvisionServerDescription, |
235 |
);
|
|
246 |
];
|
|
236 | 247 |
|
237 |
$form['basic_to_ldap']['ldapEntryProvisionTriggers'] = array(
|
|
248 |
$form['basic_to_ldap']['ldapEntryProvisionTriggers'] = [
|
|
238 | 249 |
'#type' => 'checkboxes', |
239 | 250 |
'#title' => t('LDAP Entry Provisioning Events'), |
240 | 251 |
'#required' => FALSE, |
241 | 252 |
'#default_value' => $this->ldapEntryProvisionTriggers, |
242 | 253 |
'#options' => $this->ldapEntryProvisionTriggersOptions, |
243 |
'#description' => $this->ldapEntryProvisionTriggersDescription |
|
244 |
);
|
|
254 |
'#description' => $this->ldapEntryProvisionTriggersDescription,
|
|
255 |
];
|
|
245 | 256 |
|
246 |
/** |
|
247 |
$form['ws'] = array( |
|
248 |
'#type' => 'fieldset', |
|
249 |
'#title' => t('[Untested and Unfinished Code] REST Webservice for Provisioning and Synching.'), |
|
250 |
'#collapsible' => TRUE, |
|
251 |
'#collapsed' => !$this->wsEnabled, |
|
252 |
'#description' => t('Once configured, this webservice can be used to trigger creation, synching, deletion, etc of an LDAP associated Drupal account.'), |
|
253 |
); |
|
254 |
|
|
255 |
$form['ws']['wsEnabled'] = array( |
|
256 |
'#type' => 'checkbox', |
|
257 |
'#title' => t('Enable REST Webservice'), |
|
258 |
'#required' => FALSE, |
|
259 |
'#default_value' => $this->wsEnabled, |
|
260 |
); |
|
261 |
|
|
262 |
$form['ws']['wsUserIps'] = array( |
|
263 |
'#type' => 'textarea', |
|
264 |
'#title' => t('Allowed IP Addresses to request webservice.'), |
|
265 |
'#required' => FALSE, |
|
266 |
'#default_value' => join("\n", $this->wsUserIps), |
|
267 |
'#description' => t('One Per Line. The current server address is LOCAL_ADDR and the client ip requesting this page is REMOTE_ADDR .', $_SERVER), |
|
268 |
'#cols' => 20, |
|
269 |
'#rows' => 2, |
|
270 |
'#states' => array( |
|
271 |
'visible' => array( // action to take. |
|
272 |
':input[name="wsEnabled"]' => array('checked' => TRUE), |
|
273 |
), |
|
274 |
), |
|
275 |
); |
|
276 |
|
|
277 |
if (!$this->wsKey) { |
|
278 |
$urls = t('URLs are not available until a key is create a key and urls will be generated'); |
|
279 |
} |
|
280 |
else { |
|
281 |
$urls = theme('item_list', |
|
282 |
array( |
|
283 |
'items' => ldap_user_ws_urls_item_list(), |
|
284 |
'title' => 'REST urls', |
|
285 |
'type' => 'ul', |
|
286 |
)); |
|
287 |
} |
|
288 |
|
|
289 |
$form['ws']['wsKey'] = array( |
|
290 |
'#type' => 'textfield', |
|
291 |
'#title' => t('Key for webservice'), |
|
292 |
'#required' => FALSE, |
|
293 |
'#default_value' => $this->wsKey, |
|
294 |
'#description' => t('Any random string of characters.') . $urls, |
|
295 |
'#states' => array( |
|
296 |
'visible' => array( // action to take. |
|
297 |
':input[name="wsEnabled"]' => array('checked' => TRUE), |
|
298 |
), |
|
299 |
), |
|
300 |
); |
|
301 |
*/ |
|
302 |
|
|
303 |
$form['basic_to_drupal']['server_mapping_preamble'] = array( |
|
257 |
$form['basic_to_drupal']['server_mapping_preamble'] = [ |
|
304 | 258 |
'#type' => 'markup', |
305 | 259 |
'#markup' => t(' |
306 | 260 |
The relationship between a Drupal user and an LDAP entry is defined within the LDAP server configurations. |
... | ... | |
312 | 266 |
mappings need to be setup for each server. If no tables are listed below, you have not enabled any provisioning servers at |
313 | 267 |
the top of this form. |
314 | 268 |
'), |
315 |
);
|
|
269 |
];
|
|
316 | 270 |
|
317 |
foreach (array(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) as $direction) {
|
|
271 |
foreach ([LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY] as $direction) {
|
|
318 | 272 |
$sid = $this->provisionSidFromDirection[$direction]; |
319 | 273 |
$ldap_server = ($sid) ? ldap_servers_get_servers($sid, NULL, TRUE) : FALSE; |
320 |
$ldap_server_selected = (boolean)$ldap_server; |
|
274 |
$ldap_server_selected = (boolean) $ldap_server;
|
|
321 | 275 |
|
322 | 276 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) { |
323 | 277 |
$parent_fieldset = 'basic_to_drupal'; |
... | ... | |
328 | 282 |
$description = t('Provisioning from Drupal to LDAP Mappings:'); |
329 | 283 |
} |
330 | 284 |
|
331 |
$form[$parent_fieldset]['mappings__' . $direction] = array(
|
|
285 |
$form[$parent_fieldset]['mappings__' . $direction] = [
|
|
332 | 286 |
'#type' => 'fieldset', |
333 | 287 |
'#title' => $description, |
334 | 288 |
'#collapsible' => TRUE, |
335 | 289 |
'#collapsed' => FALSE, |
336 | 290 |
'#description' => '', |
337 |
'table__' . $direction => array(
|
|
291 |
'table__' . $direction => [
|
|
338 | 292 |
'#type' => 'markup', |
339 | 293 |
'#markup' => '[replace_with_table__' . $direction . ']', |
340 |
),
|
|
341 |
);
|
|
294 |
],
|
|
295 |
];
|
|
342 | 296 |
|
343 |
|
|
344 |
$password_notes = '<h3>' . t('Password Tokens') . '</h3><ul>' . |
|
345 |
'<li>' . t('Pwd: Random -- Uses a random Drupal generated password') . '</li>' . |
|
346 |
'<li>' . t('Pwd: User or Random -- Uses password supplied on user forms. |
|
297 |
$password_notes = '<h3>' . t('Password Tokens') . '</h3><ul>' . |
|
298 |
'<li>' . t('Pwd: Random -- Uses a random Drupal generated password') . '</li>' . |
|
299 |
'<li>' . t('Pwd: User or Random -- Uses password supplied on user forms. |
|
347 | 300 |
If none available uses random password.') . '</li></ul>' . |
348 |
'<h3>' . t('Password Concerns') . '</h3>' . |
|
349 |
'<ul>' . |
|
350 |
'<li>' . t('Provisioning passwords to LDAP means passwords must meet the LDAP\'s |
|
301 |
'<h3>' . t('Password Concerns') . '</h3>' .
|
|
302 |
'<ul>' .
|
|
303 |
'<li>' . t('Provisioning passwords to LDAP means passwords must meet the LDAP\'s
|
|
351 | 304 |
password requirements. Password Policy module can be used to add requirements.') . '</li>' . |
352 |
'<li>' . t('Some LDAPs require a user to reset their password if it has been changed |
|
305 |
'<li>' . t('Some LDAPs require a user to reset their password if it has been changed
|
|
353 | 306 |
by someone other that user. Consider this when provisioning LDAP passwords.') . '</li>' . |
354 |
'</ul></p>'; |
|
355 |
|
|
307 |
'</ul></p>'; |
|
356 | 308 |
|
357 | 309 |
$source_drupal_token_notes = <<<EOT |
358 | 310 |
<p>Examples in form: Source Drupal User token => Target LDAP Token (notes)</p> |
... | ... | |
369 | 321 |
</ul> |
370 | 322 |
EOT; |
371 | 323 |
|
372 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { // add some password notes |
|
373 |
$form[$parent_fieldset]['password_notes'] = array( |
|
324 |
// Add some password notes. |
|
325 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { |
|
326 |
$form[$parent_fieldset]['password_notes'] = [ |
|
374 | 327 |
'#type' => 'fieldset', |
375 | 328 |
'#title' => t('Password Notes'), |
376 | 329 |
'#collapsible' => TRUE, |
377 | 330 |
'#collapsed' => TRUE, |
378 |
'directions' => array(
|
|
331 |
'directions' => [
|
|
379 | 332 |
'#type' => 'markup', |
380 | 333 |
'#markup' => $password_notes, |
381 |
),
|
|
382 |
);
|
|
383 |
$form[$parent_fieldset]['source_drupal_token_notes'] = array(
|
|
334 |
],
|
|
335 |
];
|
|
336 |
$form[$parent_fieldset]['source_drupal_token_notes'] = [
|
|
384 | 337 |
'#type' => 'fieldset', |
385 | 338 |
'#title' => t('Source Drupal User Tokens and Corresponding Target LDAP Tokens'), |
386 | 339 |
'#collapsible' => TRUE, |
387 | 340 |
'#collapsed' => TRUE, |
388 |
'directions' => array(
|
|
341 |
'directions' => [
|
|
389 | 342 |
'#type' => 'markup', |
390 | 343 |
'#markup' => $source_drupal_token_notes, |
391 |
),
|
|
392 |
);
|
|
344 |
],
|
|
345 |
];
|
|
393 | 346 |
} |
394 | 347 |
$this->addServerMappingFields($form, $direction); |
395 | 348 |
} |
396 | 349 |
|
397 |
foreach (array('orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'accountsWithSameEmail', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) as $input_name) {
|
|
350 |
foreach (['orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'accountsWithSameEmail', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER] as $input_name) {
|
|
398 | 351 |
$form['basic_to_drupal'][$input_name]['#states']['invisible'] = |
399 |
array(
|
|
400 |
':input[name=drupalAcctProvisionServer]' => array('value' => 'none'),
|
|
401 |
);
|
|
352 |
[
|
|
353 |
':input[name=drupalAcctProvisionServer]' => ['value' => 'none'],
|
|
354 |
];
|
|
402 | 355 |
} |
403 | 356 |
|
404 |
foreach (array('ldapEntryProvisionTriggers', 'password_notes', 'source_drupal_token_notes', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) as $input_name) {
|
|
357 |
foreach (['ldapEntryProvisionTriggers', 'password_notes', 'source_drupal_token_notes', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY] as $input_name) {
|
|
405 | 358 |
$form['basic_to_ldap'][$input_name]['#states']['invisible'] = |
406 |
array(
|
|
407 |
':input[name=ldapEntryProvisionServer]' => array('value' => 'none'),
|
|
408 |
);
|
|
359 |
[
|
|
360 |
':input[name=ldapEntryProvisionServer]' => ['value' => 'none'],
|
|
361 |
];
|
|
409 | 362 |
} |
410 | 363 |
|
411 |
$form['submit'] = array(
|
|
364 |
$form['submit'] = [
|
|
412 | 365 |
'#type' => 'submit', |
413 | 366 |
'#value' => 'Save', |
414 |
);
|
|
367 |
];
|
|
415 | 368 |
|
416 |
return $form; |
|
417 |
} |
|
369 |
return $form;
|
|
370 |
}
|
|
418 | 371 |
|
419 | 372 |
/** |
420 | 373 |
* @param $sid |
... | ... | |
428 | 381 |
} |
429 | 382 |
} |
430 | 383 |
|
431 |
/** |
|
432 |
* validate submitted form |
|
433 |
* |
|
434 |
* @param array $values as $form_state['values'] from drupal form api |
|
435 |
* @param array $storage as $form_state['storage'] from drupal form api |
|
436 |
* |
|
437 |
* @return array in form array($errors, $warnings)to be thrown by form api |
|
438 |
*/ |
|
439 |
public function drupalFormValidate($values, $storage) { |
|
384 |
/** |
|
385 |
* Validate submitted form. |
|
386 |
* |
|
387 |
* @param array $values |
|
388 |
* as $form_state['values'] from drupal form api. |
|
389 |
* @param array $storage |
|
390 |
* as $form_state['storage'] from drupal form api. |
|
391 |
* |
|
392 |
* @return array in form array($errors, $warnings)to be thrown by form api |
|
393 |
*/ |
|
394 |
public function drupalFormValidate($values, $storage) { |
|
440 | 395 |
$this->populateFromDrupalForm($values, $storage); |
441 | 396 |
list($errors, $warnings) = $this->validate($values); |
442 | 397 |
|
443 | 398 |
$this->checkPuidOrphans($values['drupalAcctProvisionServer'], $values['orphanedDrupalAcctBehavior']); |
444 | 399 |
|
445 |
// since failed mapping rows in form, don't populate ->ldapUserSynchMappings, need to validate these from values
|
|
400 |
// Since failed mapping rows in form, don't populate ->ldapUserSynchMappings, need to validate these from values.
|
|
446 | 401 |
foreach ($values as $field => $value) { |
447 | 402 |
$parts = explode('__', $field); |
448 |
// since synch mapping fields are in n-tuples, process entire n-tuple at once (on field == configurable_to_drupal)
|
|
403 |
// Since synch mapping fields are in n-tuples, process entire n-tuple at once (on field == configurable_to_drupal)
|
|
449 | 404 |
if (count($parts) != 4 || $parts[1] !== 'sm' || $parts[2] != 'configurable_to_drupal') { |
450 | 405 |
continue; |
451 | 406 |
} |
452 | 407 |
list($direction, $discard, $column_name, $i) = $parts; |
453 | 408 |
$action = $storage['synch_mapping_fields'][$direction][$i]['action']; |
454 |
$tokens = array();
|
|
455 |
$row_mappings = array();
|
|
456 |
foreach (array('remove', 'configurable_to_drupal', 'configurable_to_ldap', 'convert', 'direction', 'ldap_attr', 'user_attr', 'user_tokens') as $column_name) {
|
|
457 |
$input_name = join('__', array('sm', $column_name, $i));
|
|
409 |
$tokens = [];
|
|
410 |
$row_mappings = [];
|
|
411 |
foreach (['remove', 'configurable_to_drupal', 'configurable_to_ldap', 'convert', 'direction', 'ldap_attr', 'user_attr', 'user_tokens'] as $column_name) {
|
|
412 |
$input_name = join('__', ['sm', $column_name, $i]);
|
|
458 | 413 |
$row_mappings[$column_name] = isset($values[$input_name]) ? $values[$input_name] : NULL; |
459 | 414 |
} |
460 | 415 |
|
... | ... | |
464 | 419 |
$row_descriptor = t("server %sid row mapping to ldap attribute %ldap_attr", $tokens); |
465 | 420 |
$tokens['!row_descriptor'] = $row_descriptor; |
466 | 421 |
if (!$row_mappings['direction']) { |
467 |
$input_name = join('__', array('sm', 'direction', $i));
|
|
422 |
$input_name = join('__', ['sm', 'direction', $i]);
|
|
468 | 423 |
$errors[$input_name] = t('No mapping direction given in !row_descriptor', $tokens); |
469 | 424 |
} |
470 | 425 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER && $row_mappings['user_attr'] == 'user_tokens') { |
471 |
$input_name = join('__', array('sm', 'user_attr', $i));
|
|
426 |
$input_name = join('__', ['sm', 'user_attr', $i]);
|
|
472 | 427 |
$errors[$input_name] = t('User tokens not allowed when mapping to Drupal user. Location: !row_descriptor', $tokens); |
473 | 428 |
} |
474 | 429 |
if (!$row_mappings['ldap_attr']) { |
475 |
$input_name = join('__', array('sm', 'ldap_attr', $i));
|
|
430 |
$input_name = join('__', ['sm', 'ldap_attr', $i]);
|
|
476 | 431 |
$errors[$input_name] = t('No ldap attribute given in !row_descriptor', $tokens); |
477 | 432 |
} |
478 | 433 |
if (!$row_mappings['user_attr']) { |
479 |
$input_name = join('__', array('sm', 'user_attr', $i));
|
|
434 |
$input_name = join('__', ['sm', 'user_attr', $i]);
|
|
480 | 435 |
$errors[$input_name] = t('No user attribute given in !row_descriptor', $tokens); |
481 | 436 |
} |
482 | 437 |
} |
483 | 438 |
|
484 | 439 |
} |
485 |
return array($errors, $warnings);
|
|
440 |
return [$errors, $warnings];
|
|
486 | 441 |
} |
487 | 442 |
|
488 |
/** |
|
489 |
* validate object, not form |
|
490 |
* @param array $values as $form_state['values'] from drupal form api |
|
491 |
* @return array in form array($errors, $warnings)to be thrown by form api |
|
492 |
* |
|
493 |
* @todo validate that a user field exists, such as field.field_user_lname |
|
494 |
* |
|
495 |
*/ |
|
443 |
/** |
|
444 |
* Validate object, not form. |
|
445 |
* |
|
446 |
* @param array $values |
|
447 |
* as $form_state['values'] from drupal form api. |
|
448 |
* |
|
449 |
* @return array in form array($errors, $warnings)to be thrown by form api |
|
450 |
* |
|
451 |
* @todo validate that a user field exists, such as field.field_user_lname |
|
452 |
*/ |
|
496 | 453 |
public function validate($values) { |
497 |
$errors = array();
|
|
498 |
$warnings = array();
|
|
499 |
$tokens = array();
|
|
454 |
$errors = [];
|
|
455 |
$warnings = [];
|
|
456 |
$tokens = [];
|
|
500 | 457 |
|
501 |
$has_drupal_acct_prov_servers = (boolean)($this->drupalAcctProvisionServer);
|
|
502 |
$has_drupal_acct_prov_settings_options = (count(array_filter($this->drupalAcctProvisionTriggers)) > 0);
|
|
458 |
$has_drupal_acct_prov_servers = (boolean) ($this->drupalAcctProvisionServer);
|
|
459 |
$has_drupal_acct_prov_settings_options = (count(array_filter($this->drupalAcctProvisionTriggers)) > 0); |
|
503 | 460 |
|
504 | 461 |
if (!$has_drupal_acct_prov_servers && $has_drupal_acct_prov_settings_options) { |
505 | 462 |
$warnings['drupalAcctProvisionServer'] = t('No Servers are enabled to provide provisioning to Drupal, but Drupal Account Provisioning Options are selected.', $tokens); |
... | ... | |
508 | 465 |
$warnings['drupalAcctProvisionTriggers'] = t('Servers are enabled to provide provisioning to Drupal, but no Drupal Account Provisioning Options are selected. This will result in no synching happening.', $tokens); |
509 | 466 |
} |
510 | 467 |
|
511 |
$has_ldap_prov_servers = (boolean)($this->ldapEntryProvisionServer); |
|
468 |
$has_ldap_prov_servers = (boolean) ($this->ldapEntryProvisionServer);
|
|
512 | 469 |
$has_ldap_prov_settings_options = (count(array_filter($this->ldapEntryProvisionTriggers)) > 0); |
513 | 470 |
if (!$has_ldap_prov_servers && $has_ldap_prov_settings_options) { |
514 | 471 |
$warnings['ldapEntryProvisionServer'] = t('No Servers are enabled to provide provisioning to ldap, but LDAP Entry Options are selected.', $tokens); |
... | ... | |
520 | 477 |
if (isset($this->ldapUserSynchMappings)) { |
521 | 478 |
$to_ldap_entries_mappings_exist = FALSE; |
522 | 479 |
foreach ($this->ldapUserSynchMappings as $synch_direction => $mappings) { |
523 |
$map_index = array(); |
|
524 |
$tokens = array(); // array('%sid' => $sid); |
|
480 |
$map_index = []; |
|
481 |
// Format ['%sid' => $sid]. |
|
482 |
$tokens = []; |
|
525 | 483 |
$to_drupal_user_mappings_exist = FALSE; |
526 | 484 |
$to_ldap_entries_mappings_exist = FALSE; |
527 | 485 |
|
... | ... | |
550 | 508 |
} |
551 | 509 |
$row_descriptor = t("server %sid row mapping to ldap attribute %ldap_attr", $tokens); |
552 | 510 |
$tokens['!row_descriptor'] = $row_descriptor; |
553 |
$ldap_attribute_maps_in_token = array();
|
|
511 |
$ldap_attribute_maps_in_token = [];
|
|
554 | 512 |
ldap_servers_token_extract_attributes($ldap_attribute_maps_in_token, $mapping['ldap_attr']); |
555 | 513 |
|
556 | 514 |
if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) { |
557 | 515 |
$row_id = $map_index[$mapping['user_attr']]; |
558 | 516 |
$to_drupal_user_mappings_exist = TRUE; |
559 |
// if (!$is_drupal_user_prov_server) { |
|
560 |
// $errors['mappings__'. $sid] = t('Mapping rows exist for provisioning to drupal user, but server %sid is not enabled for provisioning |
|
561 |
// to drupal users.', $tokens); |
|
562 |
// } |
|
563 | 517 |
} |
564 | 518 |
if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { |
565 | 519 |
$row_id = $map_index[$mapping['ldap_attr']]; |
566 | 520 |
$to_ldap_entries_mappings_exist = TRUE; |
567 |
// if (!$is_ldap_entry_prov_server) { |
|
568 |
// $errors['mappings__'. $sid] = t('Mapping rows exist for provisioning to ldap entries, |
|
569 |
// but server %sid is not enabled for provisioning |
|
570 |
// to ldap entries.', $tokens); |
|
571 |
// } |
|
572 | 521 |
|
573 | 522 |
if (count(array_keys($ldap_attribute_maps_in_token)) != 1) { |
574 |
$token_field_id = join('__', array('sm', 'user_tokens', $row_id));
|
|
523 |
$token_field_id = join('__', ['sm', 'user_tokens', $row_id]);
|
|
575 | 524 |
$errors[$token_field_id] = t('When provisioning to ldap, ldap attribute column must be singular token such as [cn]. %ldap_attr is not. |
576 | 525 |
Do not use compound tokens such as "[displayName] [sn]" or literals such as "physics". Location: !row_descriptor', $tokens); |
577 | 526 |
} |
578 | 527 |
|
579 | 528 |
} |
580 |
$ldap_attr_field_id = join('__', array('sm', 'ldap_attr', $row_id));
|
|
581 |
$user_attr_field_id = join('__', array('sm', 'user_attr', $row_id));
|
|
582 |
$first_context_field_id = join('__', array('sm', 1, $row_id));
|
|
583 |
$user_tokens_field_id = join('__', array('sm', 'user_tokens', $row_id));
|
|
529 |
$ldap_attr_field_id = join('__', ['sm', 'ldap_attr', $row_id]);
|
|
530 |
$user_attr_field_id = join('__', ['sm', 'user_attr', $row_id]);
|
|
531 |
$first_context_field_id = join('__', ['sm', 1, $row_id]);
|
|
532 |
$user_tokens_field_id = join('__', ['sm', 'user_tokens', $row_id]);
|
|
584 | 533 |
|
585 | 534 |
if (!$mapping['ldap_attr']) { |
586 | 535 |
$errors[$ldap_attr_field_id] = t('No LDAP Attribute given in !row_descriptor', $tokens); |
... | ... | |
600 | 549 |
One row must map to [dn]. This row will have a user token like cn=[property.name],ou=users,dc=ldap,dc=mycompany,dc=com'); |
601 | 550 |
} |
602 | 551 |
} |
603 |
return array($errors, $warnings);
|
|
552 |
return [$errors, $warnings];
|
|
604 | 553 |
} |
605 | 554 |
|
606 | 555 |
/** |
607 |
* populate object with data from form values
|
|
556 |
* Populate object with data from form values.
|
|
608 | 557 |
* |
609 |
* @param array $values as $form_state['values'] from drupal form api |
|
610 |
* @param array $storage as $form_state['storage'] from drupal form api |
|
558 |
* @param array $values |
|
559 |
* as $form_state['values'] from drupal form api. |
|
560 |
* @param array $storage |
|
561 |
* as $form_state['storage'] from drupal form api. |
|
611 | 562 |
*/ |
612 | 563 |
protected function populateFromDrupalForm($values, $storage) { |
613 | 564 |
$this->drupalAcctProvisionServer = ($values['drupalAcctProvisionServer'] == 'none') ? 0 : $values['drupalAcctProvisionServer']; |
... | ... | |
619 | 570 |
$this->orphanedCheckQty = $values['orphanedCheckQty']; |
620 | 571 |
|
621 | 572 |
$this->manualAccountConflict = $values['manualAccountConflict']; |
622 |
$this->userConflictResolve = ($values['userConflictResolve']) ? (int)$values['userConflictResolve'] : NULL;
|
|
623 |
$this->accountsWithSameEmail = ($values['accountsWithSameEmail']) ? (int)$values['accountsWithSameEmail'] : NULL; |
|
624 |
$this->acctCreation = ($values['acctCreation']) ? (int)$values['acctCreation'] : NULL;
|
|
573 |
$this->userConflictResolve = ($values['userConflictResolve']) ? (int) $values['userConflictResolve'] : NULL;
|
|
574 |
$this->accountsWithSameEmail = ($values['accountsWithSameEmail']) ? (int) $values['accountsWithSameEmail'] : NULL;
|
|
575 |
$this->acctCreation = ($values['acctCreation']) ? (int) $values['acctCreation'] : NULL;
|
|
625 | 576 |
$this->disableAdminPasswordField = $values['disableAdminPasswordField']; |
626 |
// $this->wsKey = ($values['wsKey']) ? $values['wsKey'] : NULL; |
|
627 |
|
|
628 |
// $this->wsUserIps = ($values['wsUserIps']) ? explode("\n", $values['wsUserIps']) : array(); |
|
629 |
// foreach ($this->wsUserIps as $i => $ip) { |
|
630 |
// $this->wsUserIps[$i] = trim($ip); |
|
631 |
// } |
|
632 |
// $this->wsEnabled = ($values['wsEnabled']) ? (int)$values['wsEnabled'] : 0; |
|
633 | 577 |
|
634 | 578 |
$this->ldapUserSynchMappings = $this->synchMappingsFromForm($values, $storage); |
635 | 579 |
|
636 | 580 |
} |
637 | 581 |
|
638 |
|
|
639 |
|
|
640 |
/**
|
|
641 |
* Extract synch mappings array from mapping table in admin form.
|
|
642 |
*
|
|
643 |
* @param array $values as $form_state['values'] from drupal form api
|
|
644 |
* @param array $storage as $form_state['storage'] from drupal form api
|
|
645 |
* |
|
646 |
* $values input names in form:
|
|
647 |
* 1__sm__configurable__5, |
|
648 |
* 1__sm__remove__5, |
|
649 |
* 1__sm__ldap_attr__5, |
|
650 |
* 1__sm__convert__5, |
|
651 |
* 1__sm__direction__5, |
|
652 |
* 1__sm__user_attr__5, |
|
653 |
* 1__sm__user_tokens__5 |
|
654 |
* 1__sm__1__5, |
|
655 |
* 1__sm__2__5, |
|
656 |
...where |
|
657 |
-- first arg is direction, eg 1 or 2 LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY |
|
658 |
-- second arg is discarded ('sm') |
|
659 |
-- third part is field, e.g. user_attr |
|
660 |
-- fourth is the row in the configuration form, e.g. 5 |
|
661 |
|
|
662 |
where additiond data is in $form['#storage'][<direction>]['synch_mapping_fields'][N] |
|
663 |
$form['#storage']['synch_mapping_fields'][<direction>][N] = array( |
|
664 |
'sid' => $sid, |
|
665 |
'action' => 'add', |
|
666 |
);
|
|
667 |
*/ |
|
582 |
/** |
|
583 |
* Extract synch mappings array from mapping table in admin form. |
|
584 |
*
|
|
585 |
* @param array $values
|
|
586 |
* as $form_state['values'] from drupal form api.
|
|
587 |
* @param array $storage
|
|
588 |
* as $form_state['storage'] from drupal form api
|
|
589 |
*
|
|
590 |
* $values input names in form:
|
|
591 |
* 1__sm__configurable__5,
|
|
592 |
* 1__sm__remove__5,
|
|
593 |
* 1__sm__ldap_attr__5,
|
|
594 |
* 1__sm__convert__5,
|
|
595 |
* 1__sm__direction__5,
|
|
596 |
* 1__sm__user_attr__5,
|
|
597 |
* 1__sm__user_tokens__5
|
|
598 |
* 1__sm__1__5,
|
|
599 |
* 1__sm__2__5,
|
|
600 |
* ...where
|
|
601 |
* -- first arg is direction, eg 1 or 2 LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY
|
|
602 |
* -- second arg is discarded ('sm')
|
|
603 |
* -- third part is field, e.g. user_attr
|
|
604 |
* -- fourth is the row in the configuration form, e.g. 5
|
|
605 |
* |
|
606 |
* where additiond data is in $form['#storage'][<direction>]['synch_mapping_fields'][N]
|
|
607 |
* $form['#storage']['synch_mapping_fields'][<direction>][N] = array(
|
|
608 |
* 'sid' => $sid,
|
|
609 |
* 'action' => 'add',
|
|
610 |
* );.
|
|
611 |
*/
|
|
668 | 612 |
private function synchMappingsFromForm($values, $storage) { |
669 | 613 |
|
670 |
$mappings = array();
|
|
614 |
$mappings = [];
|
|
671 | 615 |
foreach ($values as $field => $value) { |
672 | 616 |
|
673 | 617 |
$parts = explode('__', $field); |
674 |
// since synch mapping fields are in n-tuples, process entire n-tuple at once
|
|
618 |
// Since synch mapping fields are in n-tuples, process entire n-tuple at once.
|
|
675 | 619 |
if (count($parts) != 4 || $parts[1] !== 'sm') { |
676 | 620 |
continue; |
677 | 621 |
} |
... | ... | |
679 | 623 |
list($direction, $discard, $column_name, $i) = $parts; |
680 | 624 |
$action = $storage['synch_mapping_fields'][$direction][$i]['action']; |
681 | 625 |
|
682 |
$row_mappings = array();
|
|
683 |
foreach (array('remove', 'configurable_to_drupal', 'configurable_to_ldap', 'convert', 'ldap_attr', 'user_attr', 'user_tokens') as $column_name) {
|
|
684 |
$input_name = join('__', array($direction, 'sm', $column_name, $i));
|
|
626 |
$row_mappings = [];
|
|
627 |
foreach (['remove', 'configurable_to_drupal', 'configurable_to_ldap', 'convert', 'ldap_attr', 'user_attr', 'user_tokens'] as $column_name) {
|
|
628 |
$input_name = join('__', [$direction, 'sm', $column_name, $i]);
|
|
685 | 629 |
$row_mappings[$column_name] = isset($values[$input_name]) ? $values[$input_name] : NULL; |
686 | 630 |
} |
687 | 631 |
|
... | ... | |
691 | 635 |
|
692 | 636 |
$key = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? $row_mappings['user_attr'] : $row_mappings['ldap_attr']; |
693 | 637 |
if ($row_mappings['configurable_to_drupal'] && $row_mappings['ldap_attr'] && $row_mappings['user_attr']) { |
694 |
$mappings[$direction][$key] = array(
|
|
638 |
$mappings[$direction][$key] = [
|
|
695 | 639 |
'ldap_attr' => $row_mappings['ldap_attr'], |
696 | 640 |
'user_attr' => $row_mappings['user_attr'], |
697 | 641 |
'convert' => $row_mappings['convert'], |
... | ... | |
700 | 644 |
'config_module' => 'ldap_user', |
701 | 645 |
'prov_module' => 'ldap_user', |
702 | 646 |
'enabled' => 1, |
703 |
);
|
|
647 |
];
|
|
704 | 648 |
|
705 | 649 |
$synchEvents = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? $this->provisionsDrupalEvents : $this->provisionsLdapEvents; |
706 | 650 |
foreach ($synchEvents as $prov_event => $discard) { |
707 |
$input_name = join('__', array($direction, 'sm', $prov_event, $i));
|
|
651 |
$input_name = join('__', [$direction, 'sm', $prov_event, $i]);
|
|
708 | 652 |
if (isset($values[$input_name]) && $values[$input_name]) { |
709 | 653 |
$mappings[$direction][$key]['prov_events'][] = $prov_event; |
710 | 654 |
} |
... | ... | |
716 | 660 |
} |
717 | 661 |
|
718 | 662 |
/** |
719 |
* method to respond to successfully validated form submit.
|
|
663 |
* Method to respond to successfully validated form submit.
|
|
720 | 664 |
* |
721 |
* @param array $values as $form_state['values'] from drupal form api |
|
722 |
* @param array $storage as $form_state['storage'] from drupal form api |
|
665 |
* @param array $values |
|
666 |
* as $form_state['values'] from drupal form api. |
|
667 |
* @param array $storage |
|
668 |
* as $form_state['storage'] from drupal form api. |
|
723 | 669 |
* |
724 | 670 |
* @return by reference to $form array |
725 | 671 |
*/ |
... | ... | |
739 | 685 |
} |
740 | 686 |
|
741 | 687 |
/** |
742 |
* add existing mappings to ldap user provisioning mapping admin form table
|
|
688 |
* Add existing mappings to ldap user provisioning mapping admin form table.
|
|
743 | 689 |
* |
744 | 690 |
* @param drupal form array $form |
745 |
* @param enum $direction LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY |
|
691 |
* @param enum $direction |
|
692 |
* LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY. |
|
746 | 693 |
* |
747 | 694 |
* @return by reference to $form array |
748 | 695 |
*/ |
749 |
|
|
750 | 696 |
private function addServerMappingFields(&$form, $direction) { |
751 | 697 |
|
752 | 698 |
if ($direction == LDAP_USER_PROV_DIRECTION_NONE) { |
... | ... | |
754 | 700 |
} |
755 | 701 |
|
756 | 702 |
$text = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 'target' : 'source'; |
757 |
$user_attr_options = array('0' => t('Select') . ' ' . $text);
|
|
703 |
$user_attr_options = ['0' => t('Select') . ' ' . $text];
|
|
758 | 704 |
|
759 | 705 |
if (!empty($this->synchMapping[$direction])) { |
760 | 706 |
foreach ($this->synchMapping[$direction] as $target_id => $mapping) { |
... | ... | |
777 | 723 |
|
778 | 724 |
$row = 0; |
779 | 725 |
|
780 |
// 1. non configurable mapping rows |
|
726 |
// 1. non configurable mapping rows.
|
|
781 | 727 |
foreach ($this->synchMapping[$direction] as $target_id => $mapping) { |
782 | 728 |
if (isset($mapping['exclude_from_mapping_ui']) && $mapping['exclude_from_mapping_ui']) { |
783 | 729 |
continue; |
784 | 730 |
} |
785 |
if ( !$this->isMappingConfigurable($mapping, 'ldap_user') && ($mapping['direction'] == $direction || $mapping['direction'] == LDAP_USER_PROV_DIRECTION_ALL)) { // is configurable by ldap_user module (not direction to ldap_user) |
|
731 |
// Is configurable by ldap_user module (not direction to ldap_user) |
|
732 |
if (!$this->isMappingConfigurable($mapping, 'ldap_user') && ($mapping['direction'] == $direction || $mapping['direction'] == LDAP_USER_PROV_DIRECTION_ALL)) { |
|
786 | 733 |
$this->addSynchFormRow($form, 'nonconfigurable', $direction, $mapping, $user_attr_options, $row); |
787 | 734 |
$row++; |
788 | 735 |
} |
789 | 736 |
} |
790 | 737 |
|
791 |
// 2. existing configurable mappings rows |
|
738 |
// 2. existing configurable mappings rows.
|
|
792 | 739 |
if (!empty($this->ldapUserSynchMappings[$direction])) { |
793 |
foreach ($this->ldapUserSynchMappings[$direction] as $target_attr_token => $mapping) { // key could be ldap attribute name or user attribute name |
|
740 |
// Key could be ldap attribute name or user attribute name. |
|
741 |
foreach ($this->ldapUserSynchMappings[$direction] as $target_attr_token => $mapping) { |
|
794 | 742 |
if (isset($mapping['enabled']) && $mapping['enabled'] && $this->isMappingConfigurable($this->synchMapping[$direction][$target_attr_token], 'ldap_user')) { |
795 | 743 |
$this->addSynchFormRow($form, 'update', $direction, $mapping, $user_attr_options, $row); |
796 | 744 |
$row++; |
... | ... | |
798 | 746 |
} |
799 | 747 |
} |
800 | 748 |
|
801 |
// 3. leave 4 rows for adding more mappings |
|
749 |
// 3. leave 4 rows for adding more mappings.
|
|
802 | 750 |
for ($i = 0; $i < 4; $i++) { |
803 | 751 |
$this->addSynchFormRow($form, 'add', $direction, NULL, $user_attr_options, $row); |
804 | 752 |
$row++; |
... | ... | |
807 | 755 |
} |
808 | 756 |
|
809 | 757 |
/** |
810 |
* add mapping form row to ldap user provisioning mapping admin form table
|
|
758 |
* Add mapping form row to ldap user provisioning mapping admin form table.
|
|
811 | 759 |
* |
812 | 760 |
* @param drupal form array $form |
813 |
* @param string $action is 'add', 'update', or 'nonconfigurable' |
|
814 |
* @param enum $direction LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY |
|
815 |
* @param array $mapping is current setting for updates or nonconfigurable items |
|
816 |
* @param array $user_attr_options of drupal user target options |
|
817 |
* @param int $row is current row in table |
|
818 |
|
|
761 |
* @param string $action |
|
762 |
* is 'add', 'update', or 'nonconfigurable'. |
|
763 |
* @param enum $direction |
|
764 |
* LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY. |
|
765 |
* @param array $mapping |
|
766 |
* is current setting for updates or nonconfigurable items. |
|
767 |
* @param array $user_attr_options |
|
768 |
* of drupal user target options. |
|
769 |
* @param int $row |
|
770 |
* is current row in table. |
|
819 | 771 |
* |
820 | 772 |
* @return by reference to $form |
821 | 773 |
*/ |
... | ... | |
824 | 776 |
$id_prefix = $direction . '__'; |
825 | 777 |
|
826 | 778 |
$id = $id_prefix . 'sm__remove__' . $row; |
827 |
$form[$id] = array(
|
|
779 |
$form[$id] = [
|
|
828 | 780 |
'#id' => $id, |
829 | 781 |
'#row' => $row, |
830 | 782 |
'#col' => 0, |
831 | 783 |
'#type' => 'checkbox', |
832 | 784 |
'#default_value' => NULL, |
833 | 785 |
'#disabled' => ($action == 'add' || $action == 'nonconfigurable'), |
834 |
);
|
|
786 |
];
|
|
835 | 787 |
|
836 | 788 |
$id = $id_prefix . 'sm__convert__' . $row; |
837 |
$form[$id] = array(
|
|
789 |
$form[$id] = [
|
|
838 | 790 |
'#id' => $id, |
839 | 791 |
'#row' => $row, |
840 | 792 |
'#col' => ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 2 : 3, |
841 | 793 |
'#type' => 'checkbox', |
842 | 794 |
'#default_value' => isset($mapping['convert']) ? $mapping['convert'] : '', |
843 | 795 |
'#disabled' => ($action == 'nonconfigurable'), |
844 |
'#attributes' => array('class' => array('convert')),
|
|
845 |
);
|
|
796 |
'#attributes' => ['class' => ['convert']],
|
|
797 |
];
|
|
846 | 798 |
|
847 | 799 |
$id = $id_prefix . 'sm__ldap_attr__' . $row; |
848 | 800 |
$col = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 1 : 4; |
849 | 801 |
if ($action == 'nonconfigurable') { |
850 |
$form[$id] = array(
|
|
802 |
$form[$id] = [
|
|
851 | 803 |
'#id' => $id, |
852 | 804 |
'#row' => $row, |
853 | 805 |
'#col' => $col, |
854 | 806 |
'#type' => 'item', |
855 | 807 |
'#markup' => isset($mapping['source']) ? $mapping['source'] : '?', |
856 |
'#attributes' => array('class' => array('source')),
|
|
857 |
);
|
|
808 |
'#attributes' => ['class' => ['source']],
|
|
809 |
];
|
|
858 | 810 |
} |
859 | 811 |
else { |
860 |
$form[$id] = array(
|
|
812 |
$form[$id] = [
|
|
861 | 813 |
'#id' => $id, |
862 | 814 |
'#row' => $row, |
863 | 815 |
'#col' => $col, |
... | ... | |
865 | 817 |
'#default_value' => isset($mapping['ldap_attr']) ? $mapping['ldap_attr'] : '', |
866 | 818 |
'#size' => 20, |
867 | 819 |
'#maxlength' => 255, |
868 |
'#attributes' => array('class' => array('ldap-attr')),
|
|
869 |
);
|
|
820 |
'#attributes' => ['class' => ['ldap-attr']],
|
|
821 |
];
|
|
870 | 822 |
} |
871 | 823 |
|
872 | 824 |
$user_attr_input_id = $id_prefix . 'sm__user_attr__' . $row; |
873 | 825 |
$col = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 3 : 1; |
874 | 826 |
if ($action == 'nonconfigurable') { |
875 |
$form[$user_attr_input_id] = array(
|
|
827 |
$form[$user_attr_input_id] = [
|
|
876 | 828 |
'#id' => $user_attr_input_id, |
877 | 829 |
'#row' => $row, |
878 | 830 |
'#col' => $col, |
879 | 831 |
'#type' => 'item', |
880 | 832 |
'#markup' => isset($mapping['name']) ? $mapping['name'] : '?', |
881 |
);
|
|
833 |
];
|
|
882 | 834 |
} |
883 | 835 |
else { |
884 |
$form[$user_attr_input_id] = array(
|
|
836 |
$form[$user_attr_input_id] = [
|
|
885 | 837 |
'#id' => $user_attr_input_id, |
886 | 838 |
'#row' => $row, |
887 | 839 |
'#col' => $col, |
888 | 840 |
'#type' => 'select', |
889 | 841 |
'#default_value' => isset($mapping['user_attr']) ? $mapping['user_attr'] : '', |
890 | 842 |
'#options' => $user_attr_options, |
891 |
);
|
|
843 |
];
|
|
892 | 844 |
} |
893 | 845 |
|
894 | 846 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { |
895 | 847 |
$id = $id_prefix . 'sm__user_tokens__' . $row; |
896 |
$form[$id] = array(
|
|
848 |
$form[$id] = [
|
|
897 | 849 |
'#id' => $id, |
898 | 850 |
'#row' => $row, |
899 | 851 |
'#col' => 2, |
... | ... | |
902 | 854 |
'#size' => 40, |
903 | 855 |
'#maxlength' => 255, |
904 | 856 |
'#disabled' => ($action == 'nonconfigurable'), |
905 |
'#states' => array(
|
|
906 |
'visible' => array( // action to take.
|
|
907 |
':input[name="' . $user_attr_input_id . '"]' => array('value' => 'user_tokens'),
|
|
908 |
)
|
|
909 |
),
|
|
910 |
'#attributes' => array('class' => array('tokens')),
|
|
911 |
);
|
|
857 |
'#states' => [
|
|
858 |
'visible' => [
|
|
859 |
':input[name="' . $user_attr_input_id . '"]' => ['value' => 'user_tokens'],
|
|
860 |
],
|
|
861 |
],
|
|
862 |
'#attributes' => ['class' => ['tokens']],
|
|
863 |
];
|
|
912 | 864 |
} |
913 | 865 |
|
914 |
$form['#storage']['synch_mapping_fields'][$direction][$row] = array(
|
|
866 |
$form['#storage']['synch_mapping_fields'][$direction][$row] = [
|
|
915 | 867 |
'action' => $action, |
916 | 868 |
'direction' => $direction, |
917 |
);
|
|
869 |
];
|
|
918 | 870 |
|
919 | 871 |
$id = $id_prefix . 'sm__configurable_to_drupal__' . $row; |
920 |
$form[$id] = array(
|
|
872 |
$form[$id] = [
|
|
921 | 873 |
'#id' => $id, |
922 | 874 |
'#type' => 'hidden', |
923 | 875 |
'#default_value' => ($action != 'nonconfigurable'), |
924 |
); |
|
925 |
|
|
876 |
]; |
|
926 | 877 |
|
927 | 878 |
$col = ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) ? 5 : 4; |
928 | 879 |
$synchEvents = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? $this->provisionsDrupalEvents : $this->provisionsLdapEvents; |
929 | 880 |
|
930 | 881 |
foreach ($synchEvents as $prov_event => $prov_event_name) { |
931 | 882 |
$col++; |
932 |
$id = $id_prefix . join('__', array('sm', $prov_event, $row));
|
|
933 |
$form[$id] = array(
|
|
883 |
$id = $id_prefix . join('__', ['sm', $prov_event, $row]);
|
|
884 |
$form[$id] = [
|
|
934 | 885 |
'#id' => $id , |
935 | 886 |
'#type' => 'checkbox', |
936 |
'#default_value' => isset($mapping['prov_events']) ? (int)(in_array($prov_event, $mapping['prov_events'])) : '', |
|
887 |
'#default_value' => isset($mapping['prov_events']) ? (int) (in_array($prov_event, $mapping['prov_events'])) : '',
|
|
937 | 888 |
'#row' => $row, |
938 | 889 |
'#col' => $col, |
939 | 890 |
'#disabled' => (!$this->provisionEventConfigurable($prov_event, $mapping) || ($action == 'nonconfigurable')), |
940 |
'#attributes' => array('class' => array('synch-method')),
|
|
941 |
);
|
|
891 |
'#attributes' => ['class' => ['synch-method']],
|
|
892 |
];
|
|
942 | 893 |
} |
943 | 894 |
} |
944 | 895 |
|
945 | 896 |
/** |
946 | 897 |
* Is a mapping configurable by a given module? |
947 | 898 |
* |
948 |
* @param array $mapping as mapping configuration for field, attribute, property, etc. |
|
949 |
* @param string $module machine name such as ldap_user |
|
899 |
* @param array $mapping |
|
900 |
* as mapping configuration for field, attribute, property, etc. |
|
901 |
* @param string $module |
|
902 |
* machine name such as ldap_user. |
|
950 | 903 |
* |
951 |
* @return boolean
|
|
904 |
* @return bool |
|
952 | 905 |
*/ |
953 | 906 |
private function isMappingConfigurable($mapping = NULL, $module = 'ldap_user') { |
954 | 907 |
$configurable = ( |
... | ... | |
966 | 919 |
return $configurable; |
967 | 920 |
} |
968 | 921 |
|
969 |
|
|
970 | 922 |
/** |
971 | 923 |
* Is a particular synch method viable for a given mapping? |
972 | 924 |
* That is, Can it be enabled in the UI by admins? |
973 | 925 |
* |
974 | 926 |
* @param int $prov_event |
975 |
* @param array $mapping is array of mapping configuration. |
|
927 |
* @param array $mapping |
|
928 |
* is array of mapping configuration. |
|
976 | 929 |
* |
977 |
* @return boolean
|
|
930 |
* @return bool |
|
978 | 931 |
*/ |
979 |
|
|
980 | 932 |
private function provisionEventConfigurable($prov_event, $mapping = NULL) { |
981 | 933 |
|
982 | 934 |
if ($mapping) { |
983 | 935 |
if ($prov_event == LDAP_USER_EVENT_CREATE_LDAP_ENTRY || $prov_event == LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY) { |
984 |
$configurable = (boolean)(!isset($mapping['configurable_to_ldap']) || $mapping['configurable_to_ldap']); |
|
936 |
$configurable = (boolean) (!isset($mapping['configurable_to_ldap']) || $mapping['configurable_to_ldap']);
|
|
985 | 937 |
} |
986 | 938 |
elseif ($prov_event == LDAP_USER_EVENT_CREATE_DRUPAL_USER || $prov_event == LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER) { |
987 |
$configurable = (boolean)(!isset($mapping['configurable_to_drupal']) || $mapping['configurable_to_drupal']); |
|
939 |
$configurable = (boolean) (!isset($mapping['configurable_to_drupal']) || $mapping['configurable_to_drupal']);
|
|
988 | 940 |
} |
989 | 941 |
} |
990 | 942 |
else { |
... | ... | |
994 | 946 |
return $configurable; |
995 | 947 |
} |
996 | 948 |
|
949 |
/** |
|
950 |
* |
|
951 |
*/ |
|
997 | 952 |
protected function setTranslatableProperties() { |
998 | 953 |
|
999 | 954 |
$values['drupalAcctProvisionServerDescription'] = t('Check ONE LDAP server configuration to use |
... | ... | |
1006 | 961 |
the user\'s Drupal account since Drupal requires a password for the "users" table. Check the watchdog at /admin/reports/dblog to |
1007 | 962 |
confirm that a random password was generated when the user account was created.'); |
1008 | 963 |
|
1009 |
$values['drupalAccountProvisionEventsOptions'] = array(
|
|
964 |
$values['drupalAccountProvisionEventsOptions'] = [
|
|
1010 | 965 |
LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE => t('Create or Synch to Drupal user on successful authentication with LDAP |
1011 | 966 |
credentials. (Requires LDAP Authentication module).'), |
1012 | 967 |
LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE => t('Create or Synch to Drupal user anytime a Drupal user account |
1013 | 968 |
is created or updated. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind".'), |
1014 |
);
|
|
969 |
];
|
|
1015 | 970 |
|
1016 | 971 |
$values['ldapEntryProvisionTriggersDescription'] = t('Which LDAP attributes are synched on create or synch is determined in the |
1017 | 972 |
"Provisioning from Drupal to LDAP mappings" table below in the right two columns.'); |
1018 | 973 |
|
1019 |
$values['ldapEntryProvisionTriggersOptions'] = array(
|
|
974 |
$values['ldapEntryProvisionTriggersOptions'] = [
|
|
1020 | 975 |
LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE => t('Create or Synch to LDAP entry when a Drupal account is created or updated. |
1021 | 976 |
Only applied to accounts with a status of approved.'), |
1022 | 977 |
LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE => t('Create or Synch to LDAP entry when a user authenticates.'), |
1023 | 978 |
LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE => t('Delete LDAP entry when the corresponding Drupal Account is deleted. This only applies when the LDAP entry was provisioned by Drupal by the LDAP User module.'), |
1024 | 979 |
LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE => t('Provide option on admin/people/create to create corresponding LDAP Entry.'), |
1025 | 980 |
|
1026 |
);
|
|
981 |
];
|
|
1027 | 982 |
|
1028 | 983 |
$values['orphanedDrupalAcctBehaviorDescription'] = t('It is highly recommended to use the "Perform no action, but email list of orphaned accounts" for some time before considering switching to "Disable the account" options.'); |
1029 | 984 |
|
1030 |
|
|
1031 |
$values['manualAccountConflictOptions'] = array( |
|
985 |
$values['manualAccountConflictOptions'] = [ |
|
1032 | 986 |
LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT => t('Reject manual creation of Drupal accounts that conflict with LDAP Accounts. This only applies to accounts created on user logon; Account conflicts can still be generated by manually creating users that conflict with ldap users and these users will have their data synched with LDAP data.'), |
1033 | 987 |
LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE => t('Associate manually created Drupal accounts with related LDAP Account if one exists.'), |
1034 | 988 |
LDAP_USER_MANUAL_ACCT_CONFLICT_SHOW_OPTION_ON_FORM => t('Show option on user create form to determine how account conflict is resolved.'), |
1035 |
);
|
|
989 |
];
|
|
1036 | 990 |
|
1037 | 991 |
/** |
1038 | 992 |
* Drupal Account Provisioning and Synching |
1039 | 993 |
*/ |
1040 | 994 |
$values['userConflictResolveDescription'] = t('What should be done if a local Drupal or other external |
1041 | 995 |
user account already exists with the same login name.'); |
1042 |
$values['userConflictOptions'] = array(
|
|
996 |
$values['userConflictOptions'] = [
|
|
1043 | 997 |
LDAP_USER_CONFLICT_LOG => t('Don\'t associate Drupal account with LDAP. Require user to use Drupal password. Log the conflict'), |
1044 | 998 |
LDAP_USER_CONFLICT_RESOLVE => t('Associate Drupal account with the LDAP entry. This option |
1045 | 999 |
is useful for creating accounts and assigning roles before an LDAP user authenticates.'), |
1046 |
);
|
|
1000 |
];
|
|
1047 | 1001 |
$values['accountsWithSameEmailDescription'] = t('Allows provisioning a Drupal user account from LDAP regardless of whether another Drupal user account has the same email address. This setting depends on the "sharedemail" contrib module being enabled. '); |
1048 | 1002 |
if (!module_exists('sharedemail')) { |
1049 | 1003 |
$values['accountsWithSameEmailDescription'] .= t('The module is not currently enabled; you must install/enable it if you want to use this setting.'); |
1050 | 1004 |
} |
1051 |
$values['accountsWithSameEmailOptions'] = array(
|
|
1005 |
$values['accountsWithSameEmailOptions'] = [
|
|
1052 | 1006 |
LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED => t('Prevent provisioning a user account if an existing account has the same email address.'), |
1053 | 1007 |
LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED => t('Allow provisioning a user account that has the same email address as another user account.'), |
1054 |
);
|
|
1055 |
$values['acctCreationOptions'] = array(
|
|
1008 |
];
|
|
1009 |
$values['acctCreationOptions'] = [
|
|
1056 | 1010 |
LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR => t('Account creation settings at |
1057 | 1011 |
/admin/config/people/accounts/settings do not affect "LDAP Associated" Drupal accounts.'), |
1058 | 1012 |
LDAP_USER_ACCT_CREATION_USER_SETTINGS_FOR_LDAP => t('Account creation policy |
... | ... | |
1060 | 1014 |
"Visitors" option automatically creates and account when they successfully LDAP authenticate. |
1061 | 1015 |
"Admin" and "Admin with approval" do not allow user to authenticate until the account is approved.'), |
1062 | 1016 |
|
1063 |
);
|
|
1017 |
];
|
|
1064 | 1018 |
|
1065 |
foreach ($values as $property => $default_value) { |
|
1066 |
$this->$property = $default_value; |
|
1067 |
} |
|
1019 |
foreach ($values as $property => $default_value) { |
|
1020 |
$this->$property = $default_value; |
|
1068 | 1021 |
} |
1022 |
} |
|
1069 | 1023 |
|
1070 | 1024 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules