Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.module | ||
---|---|---|
2 | 2 |
|
3 | 3 |
/** |
4 | 4 |
* @file |
5 |
* Module for the LDAP User Entity |
|
6 |
* |
|
5 |
* Module for the LDAP User Entity. |
|
7 | 6 |
*/ |
8 | 7 |
|
9 | 8 |
define('LDAP_USER_DRUPAL_HELP_URL', 'http://drupal.org/node/997082'); |
10 | 9 |
|
11 |
// configurable drupal acct provision triggers
|
|
10 |
// Configurable drupal acct provision triggers.
|
|
12 | 11 |
define('LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE', 1); |
13 | 12 |
define('LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE', 2); |
14 | 13 |
define('LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE', 3); |
15 | 14 |
|
16 |
// configurable ldap entry provision triggers
|
|
15 |
// Configurable ldap entry provision triggers.
|
|
17 | 16 |
define('LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE', 6); |
18 | 17 |
define('LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE', 7); |
19 | 18 |
define('LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE', 8); |
20 | 19 |
|
21 |
// provisioning events (events are triggered by triggers)
|
|
20 |
// Provisioning events (events are triggered by triggers)
|
|
22 | 21 |
define('LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER', 1); |
23 | 22 |
define('LDAP_USER_EVENT_CREATE_DRUPAL_USER', 2); |
24 | 23 |
define('LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY', 3); |
25 | 24 |
define('LDAP_USER_EVENT_CREATE_LDAP_ENTRY', 4); |
26 | 25 |
define('LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT', 5); |
27 | 26 |
|
28 |
// results of ldap entry provisioning
|
|
27 |
// Results of ldap entry provisioning.
|
|
29 | 28 |
define('LDAP_USER_PROVISION_LDAP_ENTRY_EXISTS', 1); |
30 | 29 |
define('LDAP_USER_PROVISION_LDAP_ENTRY_CREATE_FAILED', 2); |
31 | 30 |
define('LDAP_USER_PROVISION_LDAP_ENTRY_SYNCH_FAILED', 3); |
32 | 31 |
|
33 |
// options for what to do when existing non ldap associated Drupal account conflicts with ldap account
|
|
32 |
// Options for what to do when existing non ldap associated Drupal account conflicts with ldap account.
|
|
34 | 33 |
define('LDAP_USER_CONFLICT_LOG', 1); |
35 | 34 |
define('LDAP_USER_CONFLICT_RESOLVE', 2); |
36 | 35 |
define('LDAP_USER_CONFLICT_RESOLVE_DEFAULT', 2); |
37 | 36 |
|
38 |
// options for what to do if another Drupal account has the same email address
|
|
37 |
// Options for what to do if another Drupal account has the same email address.
|
|
39 | 38 |
define('LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED', 0); |
40 | 39 |
define('LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED', 1); |
41 | 40 |
|
42 |
// options for dealing with manual account creation that conflict with ldap entries
|
|
41 |
// Options for dealing with manual account creation that conflict with ldap entries.
|
|
43 | 42 |
define('LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT', 1); |
44 | 43 |
define('LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE', 2); |
45 | 44 |
define('LDAP_USER_MANUAL_ACCT_CONFLICT_SHOW_OPTION_ON_FORM', 3); |
46 | 45 |
define('LDAP_USER_MANUAL_ACCT_CONFLICT_NO_LDAP_ASSOCIATE', 4); |
47 | 46 |
|
48 |
// options for account creation behavior
|
|
47 |
// Options for account creation behavior.
|
|
49 | 48 |
define('LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR', 4); |
50 | 49 |
define('LDAP_USER_ACCT_CREATION_USER_SETTINGS_FOR_LDAP', 1); |
51 | 50 |
define('LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT', 4); |
52 | 51 |
|
53 |
// provision directions
|
|
52 |
// Provision directions.
|
|
54 | 53 |
define('LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER', 1); |
55 | 54 |
define('LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY', 2); |
56 | 55 |
define('LDAP_USER_PROV_DIRECTION_NONE', 3); |
... | ... | |
60 | 59 |
define('LDAP_USER_PROV_RESULT_NO_PWD', 1); |
61 | 60 |
define('LDAP_USER_PROV_RESULT_BAD_PARAMS', 2); |
62 | 61 |
|
63 |
define('LDAP_USER_NO_SERVER_SID', 0); // need to avoid conflicting with server ids |
|
62 |
// Need to avoid conflicting with server ids. |
|
63 |
define('LDAP_USER_NO_SERVER_SID', 0); |
|
64 | 64 |
define('LDAP_USER_TEST_FORM_PATH', 'admin/config/people/ldap/user/test'); |
65 | 65 |
define('LDAP_USER_WS_USER_PATH', 'ldap/user/ws'); |
66 | 66 |
|
... | ... | |
72 | 72 |
* Implements hook_menu(). |
73 | 73 |
*/ |
74 | 74 |
function ldap_user_menu() { |
75 |
$items = array();
|
|
75 |
$items = [];
|
|
76 | 76 |
|
77 |
$items['admin/config/people/ldap/user'] = array(
|
|
77 |
$items['admin/config/people/ldap/user'] = [
|
|
78 | 78 |
'title' => '3. User', |
79 | 79 |
'description' => 'Settings related to user provisioning and data synching between ldap and drupal users.', |
80 | 80 |
'page callback' => 'drupal_get_form', |
81 |
'page arguments' => array('ldap_user_admin_form'),
|
|
82 |
'access arguments' => array('administer site configuration'),
|
|
81 |
'page arguments' => ['ldap_user_admin_form'],
|
|
82 |
'access arguments' => ['administer site configuration'],
|
|
83 | 83 |
'type' => MENU_LOCAL_TASK, |
84 | 84 |
'weight' => 2, |
85 | 85 |
'file' => 'ldap_user.admin.inc', |
86 |
);
|
|
86 |
];
|
|
87 | 87 |
|
88 |
$items[LDAP_USER_TEST_FORM_PATH] = array(
|
|
88 |
$items[LDAP_USER_TEST_FORM_PATH] = [
|
|
89 | 89 |
'title' => 'Test LDAP User Functionality for a given user.', |
90 | 90 |
'description' => '', |
91 | 91 |
'page callback' => 'drupal_get_form', |
92 |
'page arguments' => array('ldap_user_test_form'),
|
|
93 |
'access arguments' => array('administer site configuration'),
|
|
92 |
'page arguments' => ['ldap_user_test_form'],
|
|
93 |
'access arguments' => ['administer site configuration'],
|
|
94 | 94 |
'file' => 'ldap_user.test_form.inc', |
95 | 95 |
'type' => MENU_LOCAL_ACTION, |
96 |
); |
|
97 |
|
|
98 |
// $ws_arg_start = count(explode('/', LDAP_USER_WS_USER_PATH)); |
|
99 |
// $items[LDAP_USER_WS_USER_PATH] = array( |
|
100 |
// 'title' => 'Webservice Path', |
|
101 |
// 'page callback' => 'ldap_user_ws', |
|
102 |
// 'page arguments' => array($ws_arg_start, $ws_arg_start + 1, $ws_arg_start + 2, $ws_arg_start + 3), |
|
103 |
// 'access arguments' => array('view content'), |
|
104 |
// 'file' => 'ldap_user.ws.inc', |
|
105 |
// ); |
|
106 |
|
|
96 |
]; |
|
107 | 97 |
return $items; |
108 | 98 |
} |
109 | 99 |
|
110 |
/** |
|
111 |
* function ldap_user_ws_urls_item_list() { |
|
112 |
module_load_include('inc', 'ldap_user', 'ldap_user.ws'); |
|
113 |
return _ldap_user_ws_urls_item_list(); |
|
114 |
} |
|
115 |
*/ |
|
116 |
|
|
117 | 100 |
/** |
118 | 101 |
* Implements hook_init(). |
119 | 102 |
*/ |
120 | 103 |
function ldap_user_init() { |
121 |
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE); // reset for simpletest page load behavior |
|
104 |
// Reset for simpletest page load behavior. |
|
105 |
ldap_user_ldap_provision_semaphore(NULL, NULL, NULL, TRUE); |
|
122 | 106 |
} |
123 | 107 |
|
124 | 108 |
/** |
125 | 109 |
* Implements hook_theme(). |
126 | 110 |
*/ |
127 | 111 |
function ldap_user_theme() { |
128 |
return array('ldap_user_conf_form' => array( |
|
129 |
'render element' => 'form', |
|
130 |
'file' => 'ldap_user.theme.inc' |
|
131 |
), |
|
132 |
); |
|
112 |
return [ |
|
113 |
'ldap_user_conf_form' => [ |
|
114 |
'render element' => 'form', |
|
115 |
'file' => 'ldap_user.theme.inc', |
|
116 |
], |
|
117 |
]; |
|
133 | 118 |
} |
134 | 119 |
|
135 | 120 |
/** |
... | ... | |
141 | 126 |
module_load_include('inc', 'ldap_user', 'ldap_user.cron'); |
142 | 127 |
$result = _ldap_user_orphans($ldap_user_conf); |
143 | 128 |
if ($result !== TRUE) { |
144 |
watchdog('ldap_user', 'LDAP User check for orphaned ldap provisioned Drupal accounts failed', array(), WATCHDOG_ERROR);
|
|
129 |
watchdog('ldap_user', 'LDAP User check for orphaned ldap provisioned Drupal accounts failed', [], WATCHDOG_ERROR);
|
|
145 | 130 |
} |
146 | 131 |
} |
147 | 132 |
} |
... | ... | |
155 | 140 |
$message['subject'] = variable_get('site_name') . ' ' . t('Orphaned LDAP Users'); |
156 | 141 |
$message['body'][] = t('The following !count Drupal users no longer have |
157 | 142 |
corresponding LDAP Entries. Perhaps they have been removed from the LDAP |
158 |
and should be removed:', array('!count' => count($params['accounts'])))
|
|
143 |
and should be removed:', ['!count' => count($params['accounts'])])
|
|
159 | 144 |
. "\n\n" . t('username,mail,edit url') . "\n" . |
160 | 145 |
join("\n", $params['accounts']); |
161 | 146 |
break; |
162 | 147 |
} |
163 | 148 |
} |
164 | 149 |
|
165 |
|
|
166 | 150 |
/** |
167 | 151 |
* Implements hook_ldap_derived_user_name_alter(). |
168 | 152 |
*/ |
169 | 153 |
function ldap_user_ldap_derived_user_name_alter(&$name, $ldap_user) { |
170 |
// alter $name in some way here |
|
171 |
|
|
154 |
// Alter $name in some way here. |
|
172 | 155 |
} |
173 | 156 |
|
174 |
|
|
157 |
/** |
|
158 |
* |
|
159 |
*/ |
|
175 | 160 |
function ldap_user_conf_cache_clear() { |
176 | 161 |
$discard = ldap_user_conf('admin', TRUE); |
177 | 162 |
$discard = ldap_user_conf(NULL, TRUE); |
... | ... | |
179 | 164 |
} |
180 | 165 |
|
181 | 166 |
/** |
182 |
* get ldapUserConf or ldapUserConfAdmin object
|
|
167 |
* Get ldapUserConf or ldapUserConfAdmin object.
|
|
183 | 168 |
* |
184 |
* @param enum $type is 'admin' for ldapUserConfAdmin object or NULL for ldapUserConf object |
|
185 |
* @param boolean $resect clear static cache of object. |
|
169 |
* @param enum $type |
|
170 |
* is 'admin' for ldapUserConfAdmin object or NULL for ldapUserConf object. |
|
171 |
* @param bool $resect |
|
172 |
* clear static cache of object. |
|
186 | 173 |
* |
187 |
* @return object ldapUserConf or ldapUserConfAdmin object
|
|
174 |
* @return \LdapUserConf|\LdapUserConfAdmin
|
|
188 | 175 |
*/ |
189 | 176 |
function ldap_user_conf($type = NULL, $reset = FALSE) { |
190 | 177 |
static $ldap_user_conf; |
... | ... | |
202 | 189 |
return ($type == 'admin') ? $ldap_user_conf_admin : $ldap_user_conf; |
203 | 190 |
} |
204 | 191 |
|
205 |
|
|
206 | 192 |
/** |
207 | 193 |
* Implements hook_ldap_attributes_needed_alter(). |
208 | 194 |
*/ |
209 | 195 |
function ldap_user_ldap_attributes_needed_alter(&$attributes, $params) { |
210 | 196 |
|
211 |
if (isset($params['sid']) && $params['sid']) { // puid attributes are server specific |
|
197 |
// Puid attributes are server specific. |
|
198 |
if (isset($params['sid']) && $params['sid']) { |
|
212 | 199 |
if (is_scalar($params['sid'])) { |
213 | 200 |
$ldap_server = ldap_servers_get_servers($params['sid'], 'enabled', TRUE); |
214 | 201 |
} |
... | ... | |
216 | 203 |
$ldap_server = $params['sid']; |
217 | 204 |
} |
218 | 205 |
|
219 |
if ($ldap_server === FALSE) { // failed to find enabled server |
|
206 |
// Failed to find enabled server. |
|
207 |
if ($ldap_server === FALSE) { |
|
220 | 208 |
return; |
221 | 209 |
} |
222 | 210 |
|
223 | 211 |
$ldap_user_conf = ldap_user_conf(); |
224 | 212 |
if (!isset($attributes['dn'])) { |
225 |
$attributes['dn'] = array();
|
|
213 |
$attributes['dn'] = [];
|
|
226 | 214 |
} |
227 |
$attributes['dn'] = ldap_servers_set_attribute_map($attributes['dn']); // force dn "attribute" to exist |
|
228 |
switch ($params['ldap_context']) { // Add the attributes required by the user configuration when provisioning drupal users |
|
215 |
// Force dn "attribute" to exist. |
|
216 |
$attributes['dn'] = ldap_servers_set_attribute_map($attributes['dn']); |
|
217 |
// Add the attributes required by the user configuration when provisioning drupal users. |
|
218 |
switch ($params['ldap_context']) { |
|
229 | 219 |
case 'ldap_user_insert_drupal_user': |
230 | 220 |
case 'ldap_user_update_drupal_user': |
231 | 221 |
case 'ldap_user_ldap_associate': |
232 | 222 |
case 'all': |
233 |
$attributes[$ldap_server->user_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->user_attr]); // array($ldap_server->user_attr, 0, NULL);
|
|
223 |
$attributes[$ldap_server->user_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->user_attr]); |
|
234 | 224 |
$attributes[$ldap_server->mail_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->mail_attr]); |
235 | 225 |
if ($ldap_server->picture_attr) { |
236 | 226 |
$attributes[$ldap_server->picture_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->picture_attr]); |
... | ... | |
241 | 231 |
if ($ldap_server->mail_template) { |
242 | 232 |
ldap_servers_token_extract_attributes($attributes, $ldap_server->mail_template); |
243 | 233 |
} |
244 |
break; |
|
234 |
break;
|
|
245 | 235 |
} |
246 | 236 |
|
247 | 237 |
$ldap_context = empty($params['ldap_context']) ? NULL : $params['ldap_context']; |
... | ... | |
263 | 253 |
$direction = isset($params['direction']) ? $params['direction'] : LDAP_USER_PROV_DIRECTION_NONE; |
264 | 254 |
|
265 | 255 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { |
266 |
$available_user_attrs['[property.name]'] = array(
|
|
256 |
$available_user_attrs['[property.name]'] = [
|
|
267 | 257 |
'name' => 'Property: Username', |
268 | 258 |
'source' => '', |
269 | 259 |
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, |
270 | 260 |
'enabled' => TRUE, |
271 |
'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
|
|
261 |
'prov_events' => [LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY],
|
|
272 | 262 |
'config_module' => 'ldap_user', |
273 | 263 |
'prov_module' => 'ldap_user', |
274 | 264 |
'configurable_to_ldap' => TRUE, |
275 |
);
|
|
265 |
];
|
|
276 | 266 |
|
277 |
$available_user_attrs['[property.mail]'] = array(
|
|
267 |
$available_user_attrs['[property.mail]'] = [
|
|
278 | 268 |
'name' => 'Property: Email', |
279 | 269 |
'source' => '', |
280 | 270 |
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, |
281 | 271 |
'enabled' => TRUE, |
282 |
'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
|
|
272 |
'prov_events' => [LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY],
|
|
283 | 273 |
'config_module' => 'ldap_user', |
284 | 274 |
'prov_module' => 'ldap_user', |
285 | 275 |
'configurable_to_ldap' => TRUE, |
286 |
);
|
|
276 |
];
|
|
287 | 277 |
|
288 |
$available_user_attrs['[property.picture]'] = array(
|
|
278 |
$available_user_attrs['[property.picture]'] = [
|
|
289 | 279 |
'name' => 'Property: picture', |
290 | 280 |
'source' => '', |
291 | 281 |
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, |
292 | 282 |
'enabled' => TRUE, |
293 |
'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
|
|
283 |
'prov_events' => [LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY],
|
|
294 | 284 |
'config_module' => 'ldap_user', |
295 | 285 |
'prov_module' => 'ldap_user', |
296 | 286 |
'configurable_to_ldap' => TRUE, |
297 |
);
|
|
287 |
];
|
|
298 | 288 |
|
299 |
$available_user_attrs['[property.uid]'] = array(
|
|
289 |
$available_user_attrs['[property.uid]'] = [
|
|
300 | 290 |
'name' => 'Property: Drupal User Id (uid)', |
301 | 291 |
'source' => '', |
302 | 292 |
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, |
303 | 293 |
'enabled' => TRUE, |
304 |
'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
|
|
294 |
'prov_events' => [LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY],
|
|
305 | 295 |
'config_module' => 'ldap_user', |
306 | 296 |
'prov_module' => 'ldap_user', |
307 | 297 |
'configurable_to_ldap' => TRUE, |
308 |
);
|
|
298 |
];
|
|
309 | 299 |
|
310 | 300 |
} |
311 | 301 |
|
312 | 302 |
// 1. Drupal user properties |
313 |
// 1.a make sure empty array are present so array + function works |
|
314 |
foreach (array('property.status', 'property.timezone', 'property.signature') as $i => $property_id) {
|
|
303 |
// 1.a make sure empty array are present so array + function works.
|
|
304 |
foreach (['property.status', 'property.timezone', 'property.signature'] as $i => $property_id) {
|
|
315 | 305 |
$property_token = '[' . $property_id . ']'; |
316 | 306 |
if (!isset($available_user_attrs[$property_token]) || !is_array($available_user_attrs[$property_token])) { |
317 |
$available_user_attrs[$property_token] = array();
|
|
307 |
$available_user_attrs[$property_token] = [];
|
|
318 | 308 |
} |
319 | 309 |
} |
320 |
//@todo make these merges so they don't override saved values such as 'enabled' |
|
321 |
$available_user_attrs['[property.status]'] = $available_user_attrs['[property.status]'] + array(
|
|
310 |
// @todo make these merges so they don't override saved values such as 'enabled'
|
|
311 |
$available_user_attrs['[property.status]'] = $available_user_attrs['[property.status]'] + [
|
|
322 | 312 |
'name' => 'Property: Acount Status', |
323 | 313 |
'configurable_to_drupal' => 1, |
324 | 314 |
'configurable_to_ldap' => 1, |
... | ... | |
326 | 316 |
'enabled' => FALSE, |
327 | 317 |
'config_module' => 'ldap_user', |
328 | 318 |
'prov_module' => 'ldap_user', |
329 |
);
|
|
319 |
];
|
|
330 | 320 |
|
331 |
$available_user_attrs['[property.timezone]'] = $available_user_attrs['[property.timezone]'] + array(
|
|
321 |
$available_user_attrs['[property.timezone]'] = $available_user_attrs['[property.timezone]'] + [
|
|
332 | 322 |
'name' => 'Property: User Timezone', |
333 | 323 |
'configurable_to_drupal' => 1, |
334 | 324 |
'configurable_to_ldap' => 1, |
335 | 325 |
'enabled' => FALSE, |
336 | 326 |
'config_module' => 'ldap_user', |
337 | 327 |
'prov_module' => 'ldap_user', |
338 |
);
|
|
328 |
];
|
|
339 | 329 |
|
340 |
$available_user_attrs['[property.signature]'] = $available_user_attrs['[property.signature]'] + array(
|
|
330 |
$available_user_attrs['[property.signature]'] = $available_user_attrs['[property.signature]'] + [
|
|
341 | 331 |
'name' => 'Property: User Signature', |
342 | 332 |
'configurable_to_drupal' => 1, |
343 | 333 |
'configurable_to_ldap' => 1, |
344 | 334 |
'enabled' => FALSE, |
345 | 335 |
'config_module' => 'ldap_user', |
346 | 336 |
'prov_module' => 'ldap_user', |
347 |
);
|
|
337 |
];
|
|
348 | 338 |
|
349 |
// 2. Drupal user fields |
|
339 |
// 2. Drupal user fields.
|
|
350 | 340 |
$user_fields = field_info_instances('user', 'user'); |
351 | 341 |
foreach ($user_fields as $field_name => $field_instance) { |
352 | 342 |
$field_id = "[field.$field_name]"; |
353 | 343 |
if (!isset($available_user_attrs[$field_id]) || !is_array($available_user_attrs[$field_id])) { |
354 |
$available_user_attrs[$field_id] = array();
|
|
344 |
$available_user_attrs[$field_id] = [];
|
|
355 | 345 |
} |
356 | 346 |
|
357 |
$available_user_attrs[$field_id] = $available_user_attrs[$field_id] + array(
|
|
347 |
$available_user_attrs[$field_id] = $available_user_attrs[$field_id] + [
|
|
358 | 348 |
'name' => t('Field') . ': ' . $field_instance['label'], |
359 | 349 |
'configurable_to_drupal' => 1, |
360 | 350 |
'configurable_to_ldap' => 1, |
361 | 351 |
'enabled' => FALSE, |
362 | 352 |
'config_module' => 'ldap_user', |
363 | 353 |
'prov_module' => 'ldap_user', |
364 |
);
|
|
354 |
];
|
|
365 | 355 |
} |
366 | 356 |
|
367 |
|
|
368 | 357 |
if (!$ldap_user_conf->provisionsDrupalAccountsFromLdap) { |
369 | 358 |
$available_user_attrs['[property.mail]']['config_module'] = 'ldap_user'; |
370 | 359 |
$available_user_attrs['[property.name]']['config_module'] = 'ldap_user'; |
... | ... | |
372 | 361 |
} |
373 | 362 |
|
374 | 363 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { |
375 |
$available_user_attrs['[password.random]'] = array(
|
|
364 |
$available_user_attrs['[password.random]'] = [
|
|
376 | 365 |
'name' => 'Pwd: Random', |
377 | 366 |
'source' => '', |
378 | 367 |
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, |
379 | 368 |
'enabled' => TRUE, |
380 |
'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
|
|
369 |
'prov_events' => [LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY],
|
|
381 | 370 |
'config_module' => 'ldap_user', |
382 | 371 |
'prov_module' => 'ldap_user', |
383 | 372 |
'configurable_to_ldap' => TRUE, |
384 |
);
|
|
373 |
];
|
|
385 | 374 |
|
386 |
// use user password when available fall back to random pwd
|
|
387 |
$available_user_attrs['[password.user-random]'] = array(
|
|
375 |
// Use user password when available fall back to random pwd.
|
|
376 |
$available_user_attrs['[password.user-random]'] = [
|
|
388 | 377 |
'name' => 'Pwd: User or Random', |
389 | 378 |
'source' => '', |
390 | 379 |
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, |
391 | 380 |
'enabled' => TRUE, |
392 |
'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
|
|
381 |
'prov_events' => [LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY],
|
|
393 | 382 |
'config_module' => 'ldap_user', |
394 | 383 |
'prov_module' => 'ldap_user', |
395 | 384 |
'configurable_to_ldap' => TRUE, |
396 |
);
|
|
385 |
];
|
|
397 | 386 |
|
398 |
// use user password, do not modify if unavailable
|
|
399 |
$available_user_attrs['[password.user-only]'] = array(
|
|
400 |
'name' => 'Pwd: User Only',
|
|
401 |
'source' => '',
|
|
402 |
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY,
|
|
403 |
'enabled' => TRUE,
|
|
404 |
'prov_events' => array(LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY),
|
|
405 |
'config_module' => 'ldap_user',
|
|
406 |
'prov_module' => 'ldap_user',
|
|
407 |
'configurable_to_ldap' => TRUE,
|
|
408 |
);
|
|
387 |
// Use user password, do not modify if unavailable.
|
|
388 |
$available_user_attrs['[password.user-only]'] = [
|
|
389 |
'name' => 'Pwd: User Only', |
|
390 |
'source' => '', |
|
391 |
'direction' => LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, |
|
392 |
'enabled' => TRUE, |
|
393 |
'prov_events' => [LDAP_USER_EVENT_CREATE_LDAP_ENTRY, LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY],
|
|
394 |
'config_module' => 'ldap_user', |
|
395 |
'prov_module' => 'ldap_user', |
|
396 |
'configurable_to_ldap' => TRUE, |
|
397 |
];
|
|
409 | 398 |
|
410 | 399 |
} |
411 | 400 |
|
412 |
//this is where need to be added to arrays
|
|
401 |
// This is where need to be added to arrays.
|
|
413 | 402 |
if (!empty($ldap_user_conf->ldapUserSynchMappings[$direction])) { |
414 | 403 |
|
415 | 404 |
foreach ($ldap_user_conf->ldapUserSynchMappings[$direction] as $target_token => $mapping) { |
... | ... | |
423 | 412 |
continue; |
424 | 413 |
} |
425 | 414 |
|
426 |
foreach (array('ldap_attr', 'user_attr', 'convert', 'direction', 'enabled', 'prov_events') as $k) {
|
|
415 |
foreach (['ldap_attr', 'user_attr', 'convert', 'direction', 'enabled', 'prov_events'] as $k) {
|
|
427 | 416 |
if (isset($mapping[$k])) { |
428 | 417 |
$available_user_attrs[$key][$k] = $mapping[$k]; |
429 | 418 |
} |
... | ... | |
441 | 430 |
|
442 | 431 |
} |
443 | 432 |
|
444 |
// 3. profile2 fields
|
|
433 |
// 3. profile2 fields |
|
445 | 434 |
// 4. $user->data array. will need to be added manually. perhaps better not to implement this at all? |
446 |
|
|
447 |
|
|
448 | 435 |
} |
436 |
|
|
449 | 437 |
/** |
450 | 438 |
* Implements hook_help(). |
451 | 439 |
*/ |
452 |
|
|
453 | 440 |
function ldap_user_help($path, $arg) { |
454 | 441 |
|
455 | 442 |
$ldap_user_help = t('LDAP user configuration determines how and when |
456 | 443 |
Drupal accounts are created based on LDAP data and which user fields |
457 | 444 |
are derived and synched to and from LDAP. See !helplink.', |
458 |
array(
|
|
445 |
[
|
|
459 | 446 |
'!helplink' => l(LDAP_USER_DRUPAL_HELP_URL, LDAP_USER_DRUPAL_HELP_URL), |
460 |
));
|
|
447 |
]);
|
|
461 | 448 |
|
462 | 449 |
switch ($path) { |
463 | 450 |
case 'admin/config/people/ldap/user': |
... | ... | |
470 | 457 |
} |
471 | 458 |
} |
472 | 459 |
|
473 |
|
|
474 | 460 |
/** |
475 |
* Implements hook_form_FORM_ID_alter(). for user_login_block |
|
461 |
* Implements hook_form_FORM_ID_alter(). for user_login_block.
|
|
476 | 462 |
*/ |
477 | 463 |
function ldap_user_form_user_login_block_alter(&$form, &$form_state) { |
478 | 464 |
array_unshift($form['#validate'], 'ldap_user_grab_password_validate'); |
479 | 465 |
} |
480 | 466 |
|
481 | 467 |
/** |
482 |
* Implements hook_form_FORM_ID_alter(). for user_login_form |
|
468 |
* Implements hook_form_FORM_ID_alter(). for user_login_form.
|
|
483 | 469 |
*/ |
484 | 470 |
function ldap_user_form_user_login_alter(&$form, $form_state) { |
485 | 471 |
array_unshift($form['#validate'], 'ldap_user_grab_password_validate'); |
486 | 472 |
} |
487 | 473 |
|
488 | 474 |
/** |
489 |
* Implements hook_form_FORM_ID_alter(). for user_register_form |
|
475 |
* Implements hook_form_FORM_ID_alter(). for user_register_form.
|
|
490 | 476 |
*/ |
491 | 477 |
function ldap_user_form_user_profile_form_alter(&$form, $form_state) { |
492 | 478 |
array_unshift($form['#submit'], 'ldap_user_grab_password_validate'); |
493 | 479 |
} |
494 | 480 |
|
495 | 481 |
/** |
496 |
* Implements hook_form_FORM_ID_alter(). for password_policy_password_tab
|
|
497 |
*/ |
|
482 |
* Implements hook_form_FORM_ID_alter(). for password_policy_password_tab.
|
|
483 |
*/
|
|
498 | 484 |
function ldap_user_form_password_policy_password_tab_alter(&$form, &$form_state) { |
499 | 485 |
array_unshift($form['#validate'], 'ldap_user_grab_password_validate'); |
500 | 486 |
} |
501 | 487 |
|
502 | 488 |
/** |
503 |
* Implements hook_form_FORM_ID_alter(). for user-pass-reset form. Useful for |
|
504 |
* sites where this is the form ID for a user to intially set their password |
|
505 |
* (user clicks an emailed registration link, is prompted to set their password). |
|
506 |
*/ |
|
489 |
* Implements hook_form_FORM_ID_alter(). for user-pass-reset form. Useful for
|
|
490 |
* sites where this is the form ID for a user to intially set their password
|
|
491 |
* (user clicks an emailed registration link, is prompted to set their password).
|
|
492 |
*/
|
|
507 | 493 |
function ldap_user_form_user_pass_reset_alter(&$form, &$form_state) { |
508 | 494 |
array_unshift($form['#validate'], 'ldap_user_grab_password_validate'); |
509 | 495 |
} |
510 | 496 |
|
511 | 497 |
/** |
512 |
* store password from logon forms in ldap_user_ldap_provision_pwd static variable
|
|
513 |
* for use in provisioning to ldap |
|
498 |
* Store password from logon forms in ldap_user_ldap_provision_pwd static variable
|
|
499 |
* for use in provisioning to ldap.
|
|
514 | 500 |
*/ |
515 | 501 |
function ldap_user_grab_password_validate($form, &$form_state) { |
516 | 502 |
|
517 |
// This is not a login form but profile form and user is inserting password to update email
|
|
503 |
// This is not a login form but profile form and user is inserting password to update email.
|
|
518 | 504 |
if (!empty($form_state['values']['current_pass_required_values'])) { |
519 | 505 |
if (!empty($form_state['values']['current_pass']) && empty($form_state['values']['pass'])) { |
520 | 506 |
ldap_user_ldap_provision_pwd('set', $form_state['values']['current_pass']); |
521 | 507 |
} |
522 |
// Or this is a profile form where the user is updating their own password |
|
508 |
// Or this is a profile form where the user is updating their own password.
|
|
523 | 509 |
elseif (!empty($form_state['values']['pass'])) { |
524 |
ldap_user_ldap_provision_pwd('set', $form_state['values']['pass']);
|
|
510 |
ldap_user_ldap_provision_pwd('set', $form_state['values']['pass']); |
|
525 | 511 |
} |
526 | 512 |
} |
527 |
// otherwise a logon form
|
|
513 |
// Otherwise a logon form.
|
|
528 | 514 |
elseif (!empty($form_state['values']['pass'])) { |
529 | 515 |
ldap_user_ldap_provision_pwd('set', $form_state['values']['pass']); |
530 | 516 |
} |
531 | 517 |
|
532 | 518 |
} |
533 | 519 |
|
534 |
|
|
535 |
|
|
536 |
|
|
537 | 520 |
/** |
538 |
* Implements hook_form_FORM_ID_alter(). for user_register_form |
|
521 |
* Implements hook_form_FORM_ID_alter(). for user_register_form.
|
|
539 | 522 |
*/ |
540 | 523 |
function ldap_user_form_user_register_form_alter(&$form, $form_state) { |
541 | 524 |
|
... | ... | |
553 | 536 |
$form['account']['pass_disabled'][]['#markup'] = t('An LDAP setting at /admin/config/people/ldap/user has disabled the password fields. Drupal will store a 20 character random password in the Drupal "users" table, and the user will login with their LDAP password.'); |
554 | 537 |
} |
555 | 538 |
|
556 |
$ldap_fieldset = array();
|
|
557 |
$options = array(
|
|
539 |
$ldap_fieldset = [];
|
|
540 |
$options = [
|
|
558 | 541 |
LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE => t('Make this an LDAP Associated account. If a related LDAP account can not be found, a validation error will appear and the account will not be created.'), |
559 | 542 |
LDAP_USER_MANUAL_ACCT_CONFLICT_NO_LDAP_ASSOCIATE => t('Do not make this an LDAP Associated account.'), |
560 |
);
|
|
561 |
$ldap_fieldset['ldap_user_association'] = array(
|
|
543 |
];
|
|
544 |
$ldap_fieldset['ldap_user_association'] = [
|
|
562 | 545 |
'#type' => 'radios', |
563 | 546 |
'#options' => $options, |
564 | 547 |
'#required' => FALSE, |
565 | 548 |
'#title' => t('LDAP Entry Association.'), |
566 |
);
|
|
549 |
];
|
|
567 | 550 |
|
568 | 551 |
if ($ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE)) { |
569 | 552 |
$ldap_fieldset['ldap_user_association']['#disabled'] = TRUE; |
... | ... | |
579 | 562 |
admin/config/people/ldap/user and "Show option on user create form..." must be selected.'); |
580 | 563 |
} |
581 | 564 |
|
582 |
$ldap_fieldset['ldap_user_create_ldap_acct'] = array(
|
|
565 |
$ldap_fieldset['ldap_user_create_ldap_acct'] = [
|
|
583 | 566 |
'#type' => 'checkbox', |
584 | 567 |
'#title' => t('Create corresponding LDAP entry.'), |
585 |
);
|
|
568 |
];
|
|
586 | 569 |
if (!$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE)) { |
587 | 570 |
$ldap_fieldset['ldap_user_create_ldap_acct']['#disabled'] = TRUE; |
588 | 571 |
$ldap_fieldset['ldap_user_create_ldap_acct']['#description'] = t('To enable |
... | ... | |
604 | 587 |
|
605 | 588 |
} |
606 | 589 |
|
607 |
|
|
590 |
/** |
|
591 |
* |
|
592 |
*/ |
|
608 | 593 |
function ldap_user_form_register_form_validate($form, &$form_state) { |
609 | 594 |
|
610 | 595 |
$values = $form_state['values']; |
... | ... | |
615 | 600 |
$form_state['values']['ldap_user_ldap_exclude'][LANGUAGE_NONE][0]['value'] = 1; |
616 | 601 |
} |
617 | 602 |
|
618 |
// if corresponding ldap account doesn't exist and provision not selected and make ldap associated is selected, throw error
|
|
603 |
// If corresponding ldap account doesn't exist and provision not selected and make ldap associated is selected, throw error.
|
|
619 | 604 |
if (!@$values['ldap_user_create_ldap_acct'] && @$values['ldap_user_association'] == LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE) { |
620 | 605 |
$ldap_user_conf = ldap_user_conf(); |
621 | 606 |
$ldap_user = ldap_servers_get_user_ldap_data($drupal_username, $ldap_user_conf->ldapEntryProvisionServer, 'ldap_user_prov_to_drupal'); |
622 | 607 |
if (!$ldap_user) { |
623 | 608 |
|
624 | 609 |
form_set_error('ldap_user_association', t('User %name does not have a corresponding LDAP Entry (dn). |
625 |
Under LDAP options, you may NOT select "Make this an LDAP Associated Account"', array('%name' => $drupal_username)));
|
|
610 |
Under LDAP options, you may NOT select "Make this an LDAP Associated Account"', ['%name' => $drupal_username]));
|
|
626 | 611 |
} |
627 | 612 |
} |
628 | 613 |
|
629 |
// if trying to provision and ldap account and one already exists, throw error.
|
|
614 |
// If trying to provision and ldap account and one already exists, throw error.
|
|
630 | 615 |
if (@$values['ldap_user_create_ldap_acct']) { |
631 | 616 |
$ldap_user_conf = ldap_user_conf(); |
632 | 617 |
$ldap_user = ldap_servers_get_user_ldap_data($drupal_username, $ldap_user_conf->ldapEntryProvisionServer, 'ldap_user_prov_to_ldap'); |
633 | 618 |
if ($ldap_user) { |
634 |
$tokens = array('%dn' => $ldap_user['dn'], '%name' => $drupal_username);
|
|
619 |
$tokens = ['%dn' => $ldap_user['dn'], '%name' => $drupal_username];
|
|
635 | 620 |
form_set_error('ldap_user_create_ldap_acct', t('User %name already has a corresponding LDAP Entry (%dn). |
636 | 621 |
Uncheck "Create corresponding LDAP entry" to allow this Drupal user to be created. Select |
637 | 622 |
"Make this an LDAP associated account" to associate this account with the ldap entry.', $tokens)); |
... | ... | |
639 | 624 |
} |
640 | 625 |
} |
641 | 626 |
|
642 |
|
|
643 |
/** called after user_register_form_submit **/
|
|
627 |
/** |
|
628 |
* Called after user_register_form_submit .**/
|
|
644 | 629 |
function ldap_user_form_register_form_submit2($form, &$form_state) { |
645 | 630 |
|
646 | 631 |
$values = $form_state['values']; |
... | ... | |
658 | 643 |
} |
659 | 644 |
} |
660 | 645 |
else { |
661 |
// don't do anything here. If account is not created, other user module warnings will exist |
|
646 |
// don't do anything here. If account is not created, other user module warnings will exist.
|
|
662 | 647 |
} |
663 | 648 |
} |
664 | 649 |
|
... | ... | |
670 | 655 |
} |
671 | 656 |
|
672 | 657 |
/** |
673 |
* @param stdClass $account as drupal user object |
|
674 |
* @param array $edit is a drupal user edit array |
|
675 |
* @param enum int $direction indicating which directions to test for association |
|
658 |
* @param object $account |
|
659 |
* as drupal user object. |
|
660 |
* @param array $edit |
|
661 |
* is a drupal user edit array. |
|
662 |
* @param enum int $direction |
|
663 |
* indicating which directions to test for association. |
|
676 | 664 |
* |
677 | 665 |
* |
678 | 666 |
* @return boolean TRUE if user should be excluded from ldap provision/synching |
679 | 667 |
*/ |
680 |
|
|
681 | 668 |
function ldap_user_ldap_exclude($account = NULL, $edit = NULL, $direction = LDAP_USER_PROV_DIRECTION_ALL) { |
682 |
// always exclude user 1
|
|
669 |
// Always exclude user 1.
|
|
683 | 670 |
if (is_object($account) && isset($account->uid) && $account->uid == 1) { |
684 | 671 |
return TRUE; |
685 | 672 |
} |
686 | 673 |
|
687 |
// exclude users who have the field ldap_user_ldap_exclude set to 1
|
|
674 |
// Exclude users who have the field ldap_user_ldap_exclude set to 1.
|
|
688 | 675 |
if (is_object($account) && isset($account->ldap_user_ldap_exclude[LANGUAGE_NONE][0]['value']) |
689 | 676 |
&& $account->ldap_user_ldap_exclude[LANGUAGE_NONE][0]['value'] == 1) { |
690 | 677 |
return TRUE; |
691 | 678 |
} |
692 | 679 |
|
693 |
// exclude new users who have the value set to 1 in their $edit array
|
|
680 |
// Exclude new users who have the value set to 1 in their $edit array.
|
|
694 | 681 |
if (is_array($edit) && isset($edit['ldap_user_ldap_exclude'][LANGUAGE_NONE][0]['value']) |
695 | 682 |
&& $edit['ldap_user_ldap_exclude'][LANGUAGE_NONE][0]['value'] == 1) { |
696 | 683 |
return TRUE; |
697 | 684 |
} |
698 | 685 |
|
699 |
// everyone else is fine
|
|
686 |
// Everyone else is fine.
|
|
700 | 687 |
return FALSE; |
701 | 688 |
|
702 | 689 |
} |
703 | 690 |
|
704 | 691 |
/** |
705 |
* @param stdClass $account as drupal user object |
|
706 |
* @param enum int $direction indicating which directions to test for association |
|
692 |
* @param object $account |
|
693 |
* as drupal user object. |
|
694 |
* @param enum int $direction |
|
695 |
* indicating which directions to test for association |
|
707 | 696 |
* LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER signifies test if drupal account has been provisioned or synched from ldap |
708 | 697 |
* LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY signifies test if ldap account has been provisioned or synched from drupal |
709 |
* NULL signifies check for either direction |
|
698 |
* NULL signifies check for either direction.
|
|
710 | 699 |
* |
711 | 700 |
* @return boolean if user is ldap associated |
712 | 701 |
*/ |
... | ... | |
722 | 711 |
} |
723 | 712 |
elseif (isset($account->uid)) { |
724 | 713 |
$authname = ldap_user_get_authname($account); |
725 |
$to_drupal_user = (boolean)$authname; |
|
714 |
$to_drupal_user = (boolean) $authname;
|
|
726 | 715 |
} |
727 | 716 |
} |
728 | 717 |
|
... | ... | |
742 | 731 |
return ($to_ldap_entry || $to_drupal_user); |
743 | 732 |
} |
744 | 733 |
|
745 |
|
|
746 |
|
|
747 |
|
|
748 | 734 |
} |
735 |
|
|
749 | 736 |
/** |
750 |
* api function for synching
|
|
751 |
* note: does no checking if synching is enabled or configured for a given context |
|
737 |
* Api function for synching
|
|
738 |
* note: does no checking if synching is enabled or configured for a given context.
|
|
752 | 739 |
*/ |
753 |
|
|
754 | 740 |
function ldap_user_synch_to_drupal($username, $prov_event = LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user = NULL) { |
755 | 741 |
|
756 | 742 |
$ldap_user_conf = ldap_user_conf(); |
757 | 743 |
$account = user_load_by_name($username); |
758 |
$user_edit = array();
|
|
744 |
$user_edit = [];
|
|
759 | 745 |
$ldap_user_conf->synchToDrupalAccount($account, $user_edit, $prov_event, $ldap_user, TRUE); |
760 | 746 |
|
761 | 747 |
} |
762 | 748 |
|
763 | 749 |
/** |
764 |
* api function for ldap associated user provisioning
|
|
765 |
* note: does no checking if synching is enabled or configured for a given context |
|
750 |
* Api function for ldap associated user provisioning
|
|
751 |
* note: does no checking if synching is enabled or configured for a given context.
|
|
766 | 752 |
*/ |
767 |
function ldap_user_provision_to_drupal($ldap_user, $user_edit = array()) {
|
|
753 |
function ldap_user_provision_to_drupal($ldap_user, $user_edit = []) {
|
|
768 | 754 |
|
769 | 755 |
$sid = $ldap_user['sid']; |
770 | 756 |
$ldap_user_conf = ldap_user_conf(); |
... | ... | |
773 | 759 |
|
774 | 760 |
} |
775 | 761 |
|
776 |
|
|
777 | 762 |
/** |
778 |
* function to:
|
|
763 |
* Function to:
|
|
779 | 764 |
* -- store user entered password during pageload |
780 |
* and protect unencrypted user password from other modules |
|
765 |
* and protect unencrypted user password from other modules.
|
|
781 | 766 |
* |
782 |
* @param enum string $action 'get' | 'set' |
|
783 |
* @param string | FALSE $value as user entered password |
|
767 |
* @param enum string $action |
|
768 |
* 'get' | 'set'. |
|
769 |
* @param string | FALSE $value |
|
770 |
* as user entered password. |
|
784 | 771 |
*/ |
785 | 772 |
function ldap_user_ldap_provision_pwd($action, $value = NULL, $reset = FALSE) { |
786 | 773 |
|
787 |
//$calling_function = FALSE; |
|
788 |
//if (function_exists('debug_backtrace') && $backtrace = debug_backtrace()) { // { |
|
789 |
// $calling_function = $backtrace[1]['function']; |
|
790 |
//} |
|
791 |
|
|
792 | 774 |
static $current_user_pass; |
793 | 775 |
|
794 | 776 |
if ($reset) { |
... | ... | |
799 | 781 |
$current_user_pass = $value; |
800 | 782 |
} |
801 | 783 |
elseif ($action == 'get' && $current_user_pass) { |
802 |
// && (!$calling_function || $calling_function == 'ldap_servers_token_tokenize_user_account') |
|
803 | 784 |
return $current_user_pass; |
804 | 785 |
} |
805 | 786 |
else { |
... | ... | |
808 | 789 |
|
809 | 790 |
} |
810 | 791 |
|
811 |
|
|
812 |
|
|
813 | 792 |
/** |
814 |
* function to avoid multiple synch or provision in same page load (if desired) |
|
793 |
* Function to avoid multiple synch or provision in same page load (if desired) |
|
794 |
* |
|
795 |
* @param enum string $action |
|
796 |
* 'synch' | 'provision' | 'set_page_load_key' | NULL. |
|
797 |
* @param enum string $op |
|
798 |
* = 'set' or 'get'. |
|
815 | 799 |
* |
816 |
* @param enum string $action 'synch' | 'provision' | 'set_page_load_key' | NULL
|
|
817 |
* @param enum string $op = 'set' or 'get'
|
|
818 |
* @value mixed value associate with $op.
|
|
800 |
* @value mixed value associate with $op.
|
|
801 |
* |
|
802 |
* @return bool|void
|
|
819 | 803 |
*/ |
820 |
|
|
821 |
|
|
822 | 804 |
function ldap_user_ldap_provision_semaphore($action, $op, $value = NULL, $reset = FALSE) { |
823 | 805 |
|
824 | 806 |
$calling_function = FALSE; |
825 |
if (function_exists('debug_backtrace') && $backtrace = debug_backtrace()) { // { |
|
807 |
// {. |
|
808 |
if (function_exists('debug_backtrace') && $backtrace = debug_backtrace()) { |
|
826 | 809 |
$calling_function = $backtrace[1]['function']; |
827 | 810 |
} |
828 | 811 |
|
... | ... | |
830 | 813 |
static $intialized; |
831 | 814 |
|
832 | 815 |
if ($reset || !$intialized) { |
833 |
$ldap_accts = array();
|
|
816 |
$ldap_accts = [];
|
|
834 | 817 |
$intialized = TRUE; |
835 | 818 |
} |
836 | 819 |
|
837 |
// mark that the given drupal user has had ldap entry synched or provisioned on this page load.
|
|
820 |
// Mark that the given drupal user has had ldap entry synched or provisioned on this page load.
|
|
838 | 821 |
if ($op == 'set') { |
839 | 822 |
if ($action && $value) { |
840 | 823 |
$ldap_accts[$action][$value] = TRUE; |
... | ... | |
842 | 825 |
return; |
843 | 826 |
} |
844 | 827 |
|
845 |
// has the given drupal user x action (synch or provision) been executed.
|
|
828 |
// Has the given drupal user x action (synch or provision) been executed.
|
|
846 | 829 |
if ($op == 'get') { |
847 | 830 |
if ($action && $value && isset($ldap_accts[$action][$value])) { |
848 | 831 |
return $ldap_accts[$action][$value]; |
... | ... | |
854 | 837 |
|
855 | 838 |
} |
856 | 839 |
|
857 |
|
|
858 | 840 |
/** |
859 | 841 |
* Implements hook_user_login(). |
860 | 842 |
*/ |
... | ... | |
864 | 846 |
return; |
865 | 847 |
} |
866 | 848 |
$ldap_user_conf = ldap_user_conf(); |
867 |
$user_edit = array();
|
|
849 |
$user_edit = [];
|
|
868 | 850 |
|
869 | 851 |
ldap_user_reset_provision_server($ldap_user_conf, $account); |
870 | 852 |
|
871 |
// provision or synch to ldap, not both
|
|
872 |
$provision_result = array('status' => 'none');
|
|
853 |
// Provision or synch to ldap, not both.
|
|
854 |
$provision_result = ['status' => 'none'];
|
|
873 | 855 |
|
874 |
// provision to ldap
|
|
875 |
// if ($account->access == 0 && $account->login != 0) {} check for first time user
|
|
856 |
// Provision to ldap
|
|
857 |
// Check for first time user.
|
|
876 | 858 |
if ( |
877 | 859 |
$ldap_user_conf->provisionsLdapEntriesFromDrupalUsers |
878 | 860 |
&& ldap_user_ldap_provision_semaphore('provision', 'get', $account->name) === FALSE |
... | ... | |
885 | 867 |
ldap_user_ldap_provision_semaphore('provision', 'set', $account->name); |
886 | 868 |
} |
887 | 869 |
} |
888 |
// don't synch if just provisioned |
|
870 |
// don't synch if just provisioned.
|
|
889 | 871 |
if ( |
890 | 872 |
$ldap_user_conf->provisionsLdapEntriesFromDrupalUsers |
891 |
&& ldap_user_ldap_provision_semaphore('synch', 'get' , $account->name) === FALSE
|
|
873 |
&& ldap_user_ldap_provision_semaphore('synch', 'get', $account->name) === FALSE |
|
892 | 874 |
&& $provision_result['status'] != 'success' |
893 | 875 |
&& $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE) |
894 | 876 |
) { |
... | ... | |
900 | 882 |
|
901 | 883 |
$prov_enabled = $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE); |
902 | 884 |
|
903 |
// Provision from LDAP if a new account was not just provisioned from LDAP |
|
885 |
// Provision from LDAP if a new account was not just provisioned from LDAP.
|
|
904 | 886 |
if (ldap_user_ldap_provision_semaphore('drupal_created', 'get', $account->name) === FALSE) { |
905 | 887 |
if ($ldap_user_conf->provisionsDrupalAccountsFromLdap && in_array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, array_keys($ldap_user_conf->provisionsDrupalEvents))) { |
906 | 888 |
$ldap_user = ldap_servers_get_user_ldap_data($account->name, $ldap_user_conf->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal'); |
907 | 889 |
if ($ldap_user) { |
908 | 890 |
$ldap_server = ldap_servers_get_servers($ldap_user_conf->drupalAcctProvisionServer, NULL, TRUE); |
909 |
$ldap_user_conf->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER)); |
|
910 |
if (empty($account->picture->fid)) { // see #1973352 and #935592 |
|
891 |
$ldap_user_conf->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, [LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER]); |
|
892 |
// See #1973352 and #935592. |
|
893 |
if (empty($account->picture->fid)) { |
|
911 | 894 |
$account2 = user_load($account->uid); |
912 | 895 |
$account->picture = $account2->picture; |
913 | 896 |
} |
... | ... | |
918 | 901 |
|
919 | 902 |
} |
920 | 903 |
|
921 |
|
|
922 | 904 |
/** |
923 | 905 |
* Implements hook_user_insert(). |
924 |
* |
|
925 | 906 |
*/ |
926 | 907 |
function ldap_user_user_insert(&$user_edit, $account, $category) { |
927 | 908 |
|
928 | 909 |
global $user; |
929 | 910 |
$not_associated = ldap_user_ldap_exclude($account, $user_edit); |
930 |
$new_account_request = (boolean)($user->uid == 0 && $account->access == 0 && $account->login == 0); // check for first time user |
|
931 |
$already_provisioned_to_ldap = ldap_user_ldap_provision_semaphore('provision', 'get' , $account->name); |
|
932 |
$already_synched_to_ldap = ldap_user_ldap_provision_semaphore('synch', 'user_action_query' , $account->name); |
|
911 |
// Check for first time user. |
|
912 |
$new_account_request = (boolean) ($user->uid == 0 && $account->access == 0 && $account->login == 0); |
|
913 |
$already_provisioned_to_ldap = ldap_user_ldap_provision_semaphore('provision', 'get', $account->name); |
|
914 |
$already_synched_to_ldap = ldap_user_ldap_provision_semaphore('synch', 'user_action_query', $account->name); |
|
933 | 915 |
if ($not_associated || $already_synched_to_ldap || $already_synched_to_ldap || $new_account_request) { |
934 | 916 |
return; |
935 | 917 |
} |
... | ... | |
939 | 921 |
* in hook_user_insert, account is already created, so never call provisionDrupalAccount(), just |
940 | 922 |
* synchToDrupalAccount(), even if action is 'provision' |
941 | 923 |
*/ |
942 |
$empty_user_edit = array();
|
|
924 |
$empty_user_edit = [];
|
|
943 | 925 |
if ($account->status && $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE)) { |
944 | 926 |
$ldap_user_conf->synchToDrupalAccount($account, $empty_user_edit, LDAP_USER_EVENT_CREATE_DRUPAL_USER, NULL, TRUE); |
945 | 927 |
} |
... | ... | |
953 | 935 |
if ($provision_result['status'] == 'success') { |
954 | 936 |
ldap_user_ldap_provision_semaphore('provision', 'set', $account->name); |
955 | 937 |
} |
956 |
}
|
|
938 |
} |
|
957 | 939 |
elseif ($ldap_provision_entry) { |
958 | 940 |
$bool_result = $ldap_user_conf->synchToLdapEntry($account, $user_edit); |
959 | 941 |
if ($bool_result) { |
... | ... | |
967 | 949 |
/** |
968 | 950 |
* Implements hook_user_update() |
969 | 951 |
*/ |
970 |
|
|
971 | 952 |
function ldap_user_user_update(&$user_edit, $account, $category) { |
972 | 953 |
if (ldap_user_ldap_exclude($account, $user_edit)) { |
973 | 954 |
return; |
974 | 955 |
} |
975 | 956 |
|
976 | 957 |
$ldap_user_conf = ldap_user_conf(); |
977 |
// check for provisioning to LDAP; this will normally occur on hook_user_insert or other event when drupal user is created.
|
|
958 |
// Check for provisioning to LDAP; this will normally occur on hook_user_insert or other event when drupal user is created.
|
|
978 | 959 |
if ($ldap_user_conf->provisionsLdapEntriesFromDrupalUsers && |
979 | 960 |
$ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE)) { |
980 | 961 |
|
981 |
$already_provisioned_to_ldap = ldap_user_ldap_provision_semaphore('provision', 'get' , $account->name);
|
|
982 |
$already_synched_to_ldap = ldap_user_ldap_provision_semaphore('synch', 'get' , $account->name);
|
|
962 |
$already_provisioned_to_ldap = ldap_user_ldap_provision_semaphore('provision', 'get', $account->name); |
|
963 |
$already_synched_to_ldap = ldap_user_ldap_provision_semaphore('synch', 'get', $account->name); |
|
983 | 964 |
if ($already_provisioned_to_ldap || $already_synched_to_ldap) { |
984 | 965 |
return; |
985 | 966 |
} |
986 | 967 |
|
987 |
$provision_result = array('status' => 'none');
|
|
988 |
// always check if provisioning to ldap has already occurred this page load
|
|
968 |
$provision_result = ['status' => 'none'];
|
|
969 |
// Always check if provisioning to ldap has already occurred this page load.
|
|
989 | 970 |
$ldap_entry = $ldap_user_conf->getProvisionRelatedLdapEntry($account); |
990 |
if (!$ldap_entry) { //{ |
|
971 |
// {. |
|
972 |
if (!$ldap_entry) { |
|
991 | 973 |
$provision_result = $ldap_user_conf->provisionLdapEntry($account); |
992 | 974 |
if ($provision_result['status'] == 'success') { |
993 | 975 |
ldap_user_ldap_provision_semaphore('provision', 'set', $account->name); |
994 | 976 |
} |
995 | 977 |
} |
996 |
// synch if not just provisioned and enabled
|
|
997 |
if ($provision_result['status'] != 'success' ) {
|
|
998 |
// always check if provisioing to ldap has already occurred this page load
|
|
978 |
// Synch if not just provisioned and enabled.
|
|
979 |
if ($provision_result['status'] != 'success') { |
|
980 |
// Always check if provisioing to ldap has already occurred this page load.
|
|
999 | 981 |
$provision_enabled = $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE); |
1000 | 982 |
$ldap_entry = $ldap_user_conf->getProvisionRelatedLdapEntry($account); |
1001 | 983 |
if ($provision_enabled && $ldap_entry) { |
... | ... | |
1009 | 991 |
|
1010 | 992 |
} |
1011 | 993 |
|
1012 |
/**
|
|
994 |
/** |
|
1013 | 995 |
* Implements hook_user_presave() |
1014 | 996 |
*/ |
1015 |
|
|
1016 | 997 |
function ldap_user_user_presave(&$user_edit, $account, $category) { |
1017 | 998 |
|
1018 | 999 |
if (ldap_user_ldap_exclude($account, $user_edit)) { |
... | ... | |
1031 | 1012 |
|
1032 | 1013 |
ldap_user_reset_provision_server($ldap_user_conf, $account); |
1033 | 1014 |
|
1034 |
// check for provisioning to drupal and override synched user fields/props
|
|
1035 |
// Provision from LDAP if a new account was not just provisioned from LDAP |
|
1015 |
// Check for provisioning to drupal and override synched user fields/props
|
|
1016 |
// Provision from LDAP if a new account was not just provisioned from LDAP.
|
|
1036 | 1017 |
if (ldap_user_ldap_provision_semaphore('drupal_created', 'get', $drupal_username) === FALSE) { |
1037 | 1018 |
if ($ldap_user_conf->provisionsDrupalAccountsFromLdap && in_array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, array_keys($ldap_user_conf->provisionsDrupalEvents))) { |
1038 | 1019 |
if ($ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE)) { |
... | ... | |
1040 | 1021 |
$ldap_user = ldap_servers_get_user_ldap_data($drupal_username, $ldap_user_conf->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal'); |
1041 | 1022 |
if ($ldap_user) { |
1042 | 1023 |
$ldap_server = ldap_servers_get_servers($ldap_user_conf->drupalAcctProvisionServer, NULL, TRUE); |
1043 |
$ldap_user_conf->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, array(LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER));
|
|
1024 |
$ldap_user_conf->entryToUserEdit($ldap_user, $user_edit, $ldap_server, LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, [LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER]);
|
|
1044 | 1025 |
} |
1045 | 1026 |
} |
1046 | 1027 |
} |
... | ... | |
1053 | 1034 |
* Implements hook_user_delete(). |
1054 | 1035 |
*/ |
1055 | 1036 |
function ldap_user_user_delete($account) { |
1056 |
// drupal user account is about to be deleted.
|
|
1037 |
// Drupal user account is about to be deleted.
|
|
1057 | 1038 |
$ldap_user_conf = ldap_user_conf(); |
1058 | 1039 |
if ( |
1059 | 1040 |
$ldap_user_conf->provisionsLdapEntriesFromDrupalUsers |
1060 | 1041 |
&& $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE) |
1061 | 1042 |
) { |
1062 | 1043 |
$boolean_result = $ldap_user_conf->deleteProvisionedLdapEntries($account); |
1063 |
// no need to watchdog here, because fail in deleteProvisionedLdapEntries provides watchdog entry
|
|
1044 |
// No need to watchdog here, because fail in deleteProvisionedLdapEntries provides watchdog entry.
|
|
1064 | 1045 |
} |
1065 | 1046 |
} |
1066 | 1047 |
|
1067 | 1048 |
/** |
1068 | 1049 |
* Implements hook_field_widget_info(). |
1069 |
* to provide field type for LDAP fields |
|
1050 |
* to provide field type for LDAP fields.
|
|
1070 | 1051 |
*/ |
1071 | 1052 |
function ldap_user_field_widget_info() { |
1072 |
return array(
|
|
1073 |
'ldap_user_hidden' => array(
|
|
1053 |
return [
|
|
1054 |
'ldap_user_hidden' => [
|
|
1074 | 1055 |
'label' => t('Hidden Text Field'), |
1075 |
'field types' => array('text'),
|
|
1076 |
'settings' => array(),
|
|
1077 |
),
|
|
1078 |
);
|
|
1056 |
'field types' => ['text'],
|
|
1057 |
'settings' => [],
|
|
1058 |
],
|
|
1059 |
];
|
|
1079 | 1060 |
} |
1080 | 1061 |
|
1081 | 1062 |
/** |
1082 | 1063 |
* Implements hook_field_widget_settings_form(). |
1083 | 1064 |
*/ |
1084 | 1065 |
function ldap_user_field_widget_settings_form($field, $instance) { |
1085 |
return array();
|
|
1066 |
return [];
|
|
1086 | 1067 |
} |
1087 | 1068 |
|
1088 | 1069 |
/** |
... | ... | |
1090 | 1071 |
*/ |
1091 | 1072 |
function ldap_user_field_widget_form(&$form, &$form_state, $field, $instance, $langcode, $items, $delta, $element) { |
1092 | 1073 |
|
1093 |
$main_widget = array();
|
|
1074 |
$main_widget = [];
|
|
1094 | 1075 |
|
1095 | 1076 |
switch ($instance['widget']['type']) { |
1096 | 1077 |
case 'ldap_user_hidden': |
1097 |
$element['value'] = $element + array(
|
|
1078 |
$element['value'] = $element + [
|
|
1098 | 1079 |
'#type' => 'value', |
1099 | 1080 |
'#value' => isset($items[$delta]['value']) ? $items[$delta]['value'] : NULL, |
1100 |
'#attached' => array(
|
|
1101 |
'css' => array(
|
|
1081 |
'#attached' => [
|
|
1082 |
'css' => [
|
|
1102 | 1083 |
drupal_get_path('module', 'ldap_user') . '/ldap_user.css', |
1103 |
),
|
|
1104 |
),
|
|
1105 |
);
|
|
1084 |
],
|
|
1085 |
],
|
|
1086 |
];
|
|
1106 | 1087 |
break; |
1107 | 1088 |
} |
1108 | 1089 |
|
1109 | 1090 |
return $element; |
1110 | 1091 |
} |
1111 | 1092 |
|
1093 |
/** |
|
1094 |
* |
|
1095 |
*/ |
|
1112 | 1096 |
function ldap_user_synch_triggers_key_values() { |
1113 | 1097 |
|
1114 |
return array(
|
|
1098 |
return [
|
|
1115 | 1099 |
LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE => t('On synch to Drupal user create or update. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind".'), |
1116 | 1100 |
LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE => t('On create or synch to Drupal user when successfully authenticated with LDAP credentials. (Requires LDAP Authentication module).'), |
1117 | 1101 |
LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE => t('On manual creation of Drupal user from admin/people/create and "Create corresponding LDAP entry" is checked'), |
1118 | 1102 |
LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE => t('On creation or synch of an LDAP entry when a Drupal account is created or updated. Only applied to accounts with a status of approved.'), |
1119 | 1103 |
LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE => t('On creation or synch of an LDAP entry when a user authenticates.'), |
1120 | 1104 |
LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE => t('On deletion of an LDAP entry when the corresponding Drupal Account is deleted. This only applies when the LDAP entry was provisioned by Drupal by the LDAP User module.'), |
1121 |
);
|
|
1105 |
];
|
|
1122 | 1106 |
|
1123 | 1107 |
} |
1124 | 1108 |
|
1109 |
/** |
|
1110 |
* |
|
1111 |
*/ |
|
1125 | 1112 |
function ldap_user_all_events() { |
1126 |
return array(
|
|
1113 |
return [
|
|
1127 | 1114 |
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, |
1128 | 1115 |
LDAP_USER_EVENT_CREATE_DRUPAL_USER, |
1129 | 1116 |
LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY, |
1130 | 1117 |
LDAP_USER_EVENT_CREATE_LDAP_ENTRY, |
1131 | 1118 |
LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT, |
1132 |
);
|
|
1119 |
];
|
|
1133 | 1120 |
|
1134 | 1121 |
} |
1135 | 1122 |
|
... | ... | |
1138 | 1125 |
* @param string $text |
1139 | 1126 |
* @return string text with tokens replaced |
1140 | 1127 |
*/ |
1141 |
|
|
1142 | 1128 |
function ldap_user_token_replace($token, $account, $entity = NULL) { |
1143 | 1129 |
$desired_tokens = ldap_servers_token_tokens_needed_for_template($token); |
1144 | 1130 |
$tokens = ldap_user_token_tokenize_entry($account, $desired_tokens, LDAP_SERVERS_TOKEN_PRE, LDAP_SERVERS_TOKEN_POST, $entity); |
... | ... | |
1146 | 1132 |
return $result; |
1147 | 1133 |
} |
1148 | 1134 |
|
1149 |
|
|
1150 |
|
|
1151 | 1135 |
/** |
1152 |
* Turn an ldap entry into a token array suitable for the t() function |
|
1136 |
* Turn an ldap entry into a token array suitable for the t() function. |
|
1137 |
* |
|
1153 | 1138 |
* @param drupal user object $account |
1154 |
* @param array $token_keys as list of token/value pairs to generate |
|
1139 |
* @param array $token_keys |
|
1140 |
* as list of token/value pairs to generate. |
|
1155 | 1141 |
* @param string prefix token prefix such as !,%,[ |
1156 | 1142 |
* @param string suffix token suffix such as ] |
1157 | 1143 |
* |
... | ... | |
1160 | 1146 |
function ldap_user_token_tokenize_entry($account, $token_keys, $pre = LDAP_SERVERS_TOKEN_PRE, $post = LDAP_SERVERS_TOKEN_POST, $user_entity = NULL) { |
1161 | 1147 |
|
1162 | 1148 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0); |
1163 |
$tokens = array();
|
|
1149 |
$tokens = [];
|
|
1164 | 1150 |
if (!$user_entity) { |
1165 | 1151 |
list($discard, $user_entity) = ldap_user_load_user_acct_and_entity($account->uid, 'uid'); |
1166 | 1152 |
} |
1167 | 1153 |
|
1168 | 1154 |
foreach ($token_keys as $token_key) { |
1169 |
// target id is of form field.lname, property.mail, field.dept:0, etc.
|
|
1155 |
// Target id is of form field.lname, property.mail, field.dept:0, etc.
|
|
1170 | 1156 |
list($type, $attr_ordinal) = explode('.', $token_key); |
1171 | 1157 |
$parts = explode(':', $attr_ordinal); |
1172 | 1158 |
$attr = $parts[0]; |
... | ... | |
1175 | 1161 |
switch ($type) { |
1176 | 1162 |
|
1177 | 1163 |
case 'field': |
1178 |
if (isset( $user_entity->{$attr}[LANGUAGE_NONE][$ordinal]['value'])) {
|
|
1164 |
if (isset($user_entity->{$attr}[LANGUAGE_NONE][$ordinal]['value'])) { |
|
1179 | 1165 |
$tokens[$token] = $user_entity->{$attr}[LANGUAGE_NONE][$ordinal]['value']; |
1180 | 1166 |
} |
1181 |
break; |
|
1182 |
|
|
1167 |
break; |
|
1183 | 1168 |
|
1184 | 1169 |
case 'property': |
1185 | 1170 |
if (property_exists($account, $attr)) { |
1186 | 1171 |
$tokens[$token] = $account->{$attr}; |
1187 | 1172 |
} |
1188 |
break; |
|
1173 |
break;
|
|
1189 | 1174 |
|
1190 | 1175 |
// @todo: 3. tokenize profile 2 |
1191 | 1176 |
} |
... | ... | |
1195 | 1180 |
return $tokens; |
1196 | 1181 |
} |
1197 | 1182 |
|
1198 |
/** |
|
1199 |
* load user $account and $entity, given uid or $username |
|
1200 |
* |
|
1201 |
* @param string $user_id is username or uid |
|
1202 |
* @param enum $user_id_type is 'username' or 'uid' |
|
1203 |
* |
|
1204 |
* return array $account and $user_entity |
|
1205 |
*/ |
|
1206 |
|
|
1207 |
function ldap_user_load_user_acct_and_entity($user_id, $user_id_type = 'username') { |
|
1183 |
/** |
|
1184 |
* Load user $account and $entity, given uid or $username. |
|
1185 |
* |
|
1186 |
* @param string $user_id |
|
1187 |
* is username or uid. |
|
1188 |
* @param enum $user_id_type |
|
1189 |
* is 'username' or 'uid' |
|
1190 |
* |
|
1191 |
* return array $account and $user_entity. |
|
1192 |
*/ |
|
1193 |
function ldap_user_load_user_acct_and_entity($user_id, $user_id_type = 'username') { |
|
1208 | 1194 |
|
1209 |
if ($user_id_type == 'username') {
|
|
1210 |
$account = user_load_by_name($user_id);
|
|
1211 |
}
|
|
1212 |
else {
|
|
1213 |
$account = user_load($user_id);
|
|
1214 |
}
|
|
1215 |
if ($account) {
|
|
1216 |
$user_entities = entity_load('user', array($account->uid));
|
|
1217 |
$user_entity = $user_entities[$account->uid];
|
|
1218 |
}
|
|
1219 |
else {
|
|
1220 |
$user_entity = NULL;
|
|
1221 |
}
|
|
1195 |
if ($user_id_type == 'username') { |
|
1196 |
$account = user_load_by_name($user_id); |
|
1197 |
} |
|
1198 |
else { |
|
1199 |
$account = user_load($user_id); |
|
1200 |
} |
|
1201 |
if ($account) { |
|
1202 |
$user_entities = entity_load('user', [$account->uid]);
|
|
1203 |
$user_entity = $user_entities[$account->uid]; |
|
1204 |
} |
|
1205 |
else { |
|
1206 |
$user_entity = NULL; |
|
1207 |
} |
|
1222 | 1208 |
|
1223 |
return array($account, $user_entity);
|
|
1209 |
return [$account, $user_entity];
|
|
1224 | 1210 |
|
1225 |
}
|
|
1211 |
} |
|
1226 | 1212 |
|
1227 | 1213 |
/** |
1228 | 1214 |
* Implements hook_ldap_servers_username_to_ldapname_alter |
1229 |
* - Set ldap name to auth name |
|
1215 |
* - Set ldap name to auth name.
|
|
1230 | 1216 |
*/ |
1231 | 1217 |
function ldap_user_ldap_servers_username_to_ldapname_alter(&$ldap_username, $drupal_username, $context) { |
1232 |
// Alter the name only if it has not been altered already, ie php eval code |
|
1218 |
// Alter the name only if it has not been altered already, ie php eval code.
|
|
1233 | 1219 |
if ($ldap_username == $drupal_username) { |
1234 | 1220 |
$authname = ldap_user_get_authname($ldap_username); |
1235 | 1221 |
if (!empty($authname)) { |
... | ... | |
1246 | 1232 |
* - object: user account object |
1247 | 1233 |
* - string: username |
1248 | 1234 |
* |
1249 |
* @return string|NULL
|
|
1235 |
* @return string|null
|
|
1250 | 1236 |
* Returns the LDAP authname of the passed Drupal user. |
1251 | 1237 |
*/ |
1252 | 1238 |
function ldap_user_get_authname($data) { |
1253 |
$cache = &drupal_static(__FUNCTION__, array());
|
|
1239 |
$cache = &drupal_static(__FUNCTION__, []);
|
|
1254 | 1240 |
|
1255 | 1241 |
$authname = NULL; |
1256 | 1242 |
$uid = NULL; |
1257 | 1243 |
|
1258 | 1244 |
if (is_object($data)) { |
1259 |
// Object - set uid if object has uid and uid > 0 |
|
1245 |
// Object - set uid if object has uid and uid > 0.
|
|
1260 | 1246 |
if (!empty($data->uid)) { |
1261 | 1247 |
$uid = $data->uid; |
1262 | 1248 |
} |
1263 | 1249 |
} |
1264 | 1250 |
else { |
1265 |
// String - load account and set uid if uid > 0 |
|
1251 |
// String - load account and set uid if uid > 0.
|
|
1266 | 1252 |
$account = user_load_by_name($data); |
1267 | 1253 |
if (!empty($account->uid)) { |
1268 | 1254 |
$uid = $account->uid; |
1269 | 1255 |
} |
1270 | 1256 |
} |
1271 | 1257 |
|
1272 |
// Exit if no uid found |
|
1258 |
// Exit if no uid found.
|
|
1273 | 1259 |
if (empty($uid)) { |
1274 | 1260 |
return NULL; |
1275 | 1261 |
} |
1276 | 1262 |
|
1277 |
// Run query if uid is not statically cached |
|
1263 |
// Run query if uid is not statically cached.
|
|
1278 | 1264 |
if (!array_key_exists($uid, $cache)) { |
1279 |
$authname = db_query('SELECT authname FROM {authmap} WHERE uid = :uid AND module = :module', array(
|
|
1265 |
$authname = db_query('SELECT authname FROM {authmap} WHERE uid = :uid AND module = :module', [
|
|
1280 | 1266 |
':uid' => $uid, |
1281 | 1267 |
':module' => 'ldap_user', |
1282 |
))->fetchField();
|
|
1268 |
])->fetchField();
|
|
1283 | 1269 |
|
1284 | 1270 |
$cache[$uid] = !empty($authname) ? $authname : NULL; |
1285 | 1271 |
} |
Formats disponibles : Unified diff
Weekly update of contrib modules