1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Install, update and uninstall functions for the LDAP API module.
|
6
|
*/
|
7
|
|
8
|
|
9
|
/**
|
10
|
* Implements hook_install().
|
11
|
*/
|
12
|
function ldap_servers_install() {
|
13
|
|
14
|
}
|
15
|
|
16
|
/**
|
17
|
* Implements hook_uninstall().
|
18
|
*/
|
19
|
function ldap_servers_uninstall() {
|
20
|
variable_del('ldap_servers_encryption');
|
21
|
variable_del('ldap_servers_require_ssl_for_credentails');
|
22
|
variable_del('ldap_servers_encrypt_key');
|
23
|
|
24
|
}
|
25
|
|
26
|
/**
|
27
|
* Implements hook_requirements().
|
28
|
*/
|
29
|
function ldap_servers_requirements($phase) {
|
30
|
$requirements = array();
|
31
|
|
32
|
if ($phase == 'install') {
|
33
|
$requirements['ldap_extension_loaded']['title'] = t('LDAP Extension Loaded');
|
34
|
if (extension_loaded('ldap')) {
|
35
|
$requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_OK;
|
36
|
}
|
37
|
else {
|
38
|
$requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_ERROR;
|
39
|
$requirements['ldap_extension_loaded']['description'] = t('No LDAP PHP Extension is loaded for PHP, so LDAP will not work properly.');
|
40
|
}
|
41
|
}
|
42
|
|
43
|
if ($phase == 'runtime' && !extension_loaded('ldap')) {
|
44
|
$requirements['ldap_extension_loaded']['title'] = t('LDAP Extension Loaded');
|
45
|
$requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_ERROR;
|
46
|
$requirements['ldap_extension_loaded']['description'] = t('No LDAP PHP Extension is loaded for PHP, so LDAP will not work properly.');
|
47
|
}
|
48
|
|
49
|
if ($phase != "install" && db_table_exists('ldapauth')) {
|
50
|
$requirements['ldap_servers']['title'] = t('LDAP Integration LDAP Auth to LDAP Servers Upgrade Concern');
|
51
|
$requirements['ldap_servers']['severity'] = REQUIREMENT_WARNING;
|
52
|
$requirements['ldap_servers']['value'] = NULL;
|
53
|
$requirements['ldap_servers']['description'] = t('Upgrade from Drupal 6 LDAP Auth to Drupal 7
|
54
|
LDAP Servers is not automatic. LDAP Servers will need to be configured by hand.
|
55
|
See http://drupal.org/node/1023016. This message will go away when the ldapauth database table is removed.');
|
56
|
}
|
57
|
// check that ldapauth not installed.
|
58
|
return $requirements;
|
59
|
}
|
60
|
|
61
|
/**
|
62
|
* Implements hook_schema().
|
63
|
*/
|
64
|
function ldap_servers_schema() {
|
65
|
module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
66
|
module_load_include('module', 'ldap_servers', 'ldap_servers'); // to get the LDAP_SERVERS_ENC_TYPE_CLEARTEXT constants issue#1209576
|
67
|
module_load_include('php', 'ldap_servers', 'LdapServerAdmin.class');
|
68
|
|
69
|
$schema['ldap_servers'] = array(
|
70
|
'export' => array(
|
71
|
'key' => 'sid',
|
72
|
'key name' => 'Server ID',
|
73
|
'primary key' => 'numeric_sid',
|
74
|
'identifier' => 'ldap_servers_conf',
|
75
|
'api' => array(
|
76
|
'owner' => 'ldap_servers',
|
77
|
'api' => 'ldap_servers',
|
78
|
'minimum_version' => 1,
|
79
|
'current_version' => 1,
|
80
|
),
|
81
|
),
|
82
|
'primary key' => array('numeric_sid'),
|
83
|
'unique keys' => array('name' => array('name')),
|
84
|
);
|
85
|
|
86
|
$fields = LdapServerAdmin::fields();
|
87
|
foreach ($fields as $name => $props) {
|
88
|
if (isset($props['schema'])) {
|
89
|
$schema['ldap_servers']['fields'][$name] = $props['schema'];
|
90
|
}
|
91
|
}
|
92
|
|
93
|
return $schema;
|
94
|
|
95
|
}
|
96
|
|
97
|
/**
|
98
|
* rename ldap_servers type field to ldap_type
|
99
|
*/
|
100
|
|
101
|
function ldap_servers_update_7100() {
|
102
|
if (!ldap_servers_db_field_exists('ldap_servers', 'ldap_type') && ldap_servers_db_field_exists('ldap_servers', 'type')) {
|
103
|
db_change_field('ldap_servers', 'type', 'ldap_type', array(
|
104
|
'type' => 'varchar',
|
105
|
'length' => 20,
|
106
|
'not null' => FALSE
|
107
|
));
|
108
|
}
|
109
|
|
110
|
return t('ldap_servers table field "type" renamed to "ldap_type"');
|
111
|
|
112
|
}
|
113
|
|
114
|
/**
|
115
|
* ldap_server table field changes
|
116
|
*/
|
117
|
|
118
|
function ldap_servers_update_7101() {
|
119
|
|
120
|
db_add_field(
|
121
|
'ldap_servers',
|
122
|
'allow_conflicting_drupal_accts',
|
123
|
array(
|
124
|
'type' => 'int',
|
125
|
'size' => 'tiny',
|
126
|
'not null' => FALSE,
|
127
|
'default' => 0,
|
128
|
)
|
129
|
);
|
130
|
|
131
|
db_add_field(
|
132
|
'ldap_servers',
|
133
|
'unique_persistent_attr',
|
134
|
array(
|
135
|
'type' => 'varchar',
|
136
|
'length' => '64',
|
137
|
'not null' => FALSE,
|
138
|
)
|
139
|
);
|
140
|
|
141
|
db_add_field(
|
142
|
'ldap_servers',
|
143
|
'mail_template',
|
144
|
array(
|
145
|
'type' => 'varchar',
|
146
|
'length' => '255',
|
147
|
'not null' => FALSE,
|
148
|
)
|
149
|
);
|
150
|
|
151
|
db_change_field('ldap_servers', 'ldap_to_drupal_user', 'ldap_to_drupal_user', array(
|
152
|
'type' => 'varchar',
|
153
|
'length' => 1024,
|
154
|
'not null' => FALSE
|
155
|
));
|
156
|
|
157
|
db_change_field('ldap_servers', 'binddn', 'binddn', array(
|
158
|
'type' => 'varchar',
|
159
|
'length' => 511,
|
160
|
));
|
161
|
|
162
|
|
163
|
return t('Updated LDAP Server to include "allow_conflicting_drupal_accts" and "unique_persistent_attr" fields.');
|
164
|
}
|
165
|
|
166
|
|
167
|
/**
|
168
|
* add bind_method field to ldap_servers table
|
169
|
*/
|
170
|
function ldap_servers_update_7102() {
|
171
|
|
172
|
if (!ldap_servers_db_field_exists('ldap_servers', 'bind_method')) {
|
173
|
db_add_field('ldap_servers', 'bind_method', array(
|
174
|
'type' => 'int',
|
175
|
'size' => 'tiny',
|
176
|
'not null' => TRUE,
|
177
|
'default' => 0,
|
178
|
));
|
179
|
$msg = t('"bind_method" field added to ldap_servers table');
|
180
|
}
|
181
|
|
182
|
return ($msg) ? $msg : t('No database changes made.');
|
183
|
}
|
184
|
|
185
|
/**
|
186
|
* add group_object_category field to ldap_servers table
|
187
|
*/
|
188
|
function ldap_servers_update_7103() {
|
189
|
|
190
|
if (!ldap_servers_db_field_exists('ldap_servers', 'group_object_category')) {
|
191
|
db_add_field('ldap_servers', 'group_object_category', array(
|
192
|
'type' => 'varchar',
|
193
|
'length' => 64,
|
194
|
'not null' => FALSE,
|
195
|
));
|
196
|
$msg = t('"group_object_category" field added to ldap_servers table');
|
197
|
}
|
198
|
|
199
|
return ($msg) ? $msg : t('No database changes made.');
|
200
|
}
|
201
|
|
202
|
|
203
|
/**
|
204
|
* add pagination fields to ldap_servers table
|
205
|
*/
|
206
|
function ldap_servers_update_7104() {
|
207
|
|
208
|
if (!ldap_servers_db_field_exists('ldap_servers', 'search_pagination')) {
|
209
|
db_add_field('ldap_servers', 'search_pagination', array(
|
210
|
'type' => 'int',
|
211
|
'size' => 'tiny',
|
212
|
'not null' => FALSE,
|
213
|
'default' => 0,
|
214
|
));
|
215
|
$msg = t('"search_pagination" field added to ldap_servers table');
|
216
|
}
|
217
|
|
218
|
if (!ldap_servers_db_field_exists('ldap_servers', 'search_page_size')) {
|
219
|
db_add_field('ldap_servers', 'search_page_size', array(
|
220
|
'type' => 'int',
|
221
|
'size' => 'medium',
|
222
|
'not null' => FALSE,
|
223
|
'default' => 1000,
|
224
|
));
|
225
|
$msg .= '<br/>' . t('"search_page_size" field added to ldap_servers table');
|
226
|
}
|
227
|
|
228
|
if (!ldap_servers_db_field_exists('ldap_servers', 'unique_persistent_attr_binary')) {
|
229
|
db_add_field('ldap_servers', 'unique_persistent_attr_binary', array(
|
230
|
'type' => 'int',
|
231
|
'size' => 'tiny',
|
232
|
'not null' => FALSE,
|
233
|
'default' => 0,
|
234
|
));
|
235
|
$msg = t('"unique_persistent_attr_binary" field added to ldap_servers table');
|
236
|
}
|
237
|
|
238
|
|
239
|
|
240
|
return ($msg) ? $msg : t('No database changes made.');
|
241
|
}
|
242
|
|
243
|
/**
|
244
|
* enable ldap_user module
|
245
|
*/
|
246
|
function ldap_servers_update_7105() {
|
247
|
|
248
|
if (!module_exists('ldap_user')) {
|
249
|
module_enable(array('ldap_user'));
|
250
|
$msg = t('LDAP User module enabled. Some authentication and authorization functionality shifted to LDAP User module.');
|
251
|
}
|
252
|
|
253
|
return ($msg) ? $msg : t('LDAP User module was already enabled. No action taken.');
|
254
|
}
|
255
|
|
256
|
|
257
|
|
258
|
/**
|
259
|
* add account_name_attr field to ldap_servers table
|
260
|
*/
|
261
|
function ldap_servers_update_7106() {
|
262
|
if (!ldap_servers_db_field_exists('ldap_servers', 'account_name_attr')) {
|
263
|
db_add_field('ldap_servers', 'account_name_attr', array(
|
264
|
'description' => 'The attribute to be used as the account name if not the user_attr',
|
265
|
'type' => 'varchar',
|
266
|
'length' => 255,
|
267
|
'not null' => FALSE,
|
268
|
'default' => '',
|
269
|
));
|
270
|
$msg = t('"account_name_attr" field added to ldap_servers table');
|
271
|
}
|
272
|
|
273
|
return ($msg) ? $msg : t('No database changes made.');
|
274
|
}
|
275
|
|
276
|
/**
|
277
|
* remove allow_conflicting_drupal_accts from ldap_servers table
|
278
|
*/
|
279
|
function ldap_servers_update_7107() {
|
280
|
if (ldap_servers_db_field_exists('ldap_servers', 'allow_conflicting_drupal_accts')) {
|
281
|
db_drop_field('ldap_servers', 'allow_conflicting_drupal_accts');
|
282
|
$msg = t('"allow_conflicting_drupal_accts" field removed from ldap_servers table');
|
283
|
}
|
284
|
return ($msg) ? $msg : t('No database changes made.');
|
285
|
}
|
286
|
|
287
|
|
288
|
|
289
|
function ldap_servers_db_field_exists($table, $field_name) {
|
290
|
if (!ldap_servers_db_field_exists($table, $field_name) && !ldap_servers_db_field_exists($table, drupal_strtolower($field_name)) ) {
|
291
|
return false;
|
292
|
}
|
293
|
else {
|
294
|
return true;
|
295
|
}
|
296
|
}
|
297
|
/**
|
298
|
* add group related fields to ldap_servers table
|
299
|
*/
|
300
|
function ldap_servers_update_7108() {
|
301
|
|
302
|
foreach (array('groupFunctionalityUnused', 'groupNested', 'groupSearchAll', 'groupUserMembershipsAttrExists', 'groupDeriveFromDn', 'groupUserMembershipsAttrExists') as $tinyint_field_name) {
|
303
|
if (!ldap_servers_ldap_servers_db_field_exists('ldap_servers', $tinyint_field_name)) {
|
304
|
db_add_field('ldap_servers', $tinyint_field_name, array(
|
305
|
'type' => 'int',
|
306
|
'size' => 'tiny',
|
307
|
'not null' => FALSE,
|
308
|
'default' => 0,
|
309
|
));
|
310
|
$msg = t('"!name" field added to ldap_servers table', array('!name' => $tinyint_field_name));
|
311
|
}
|
312
|
}
|
313
|
foreach (array('groupUserMembershipsAttr', 'groupMembershipsAttr', 'groupTestGroupDn', 'groupUserMembershipsAttr', 'groupMembershipsAttrMatchingUserAttr') as $varchar255field_name) {
|
314
|
if (!ldap_servers_db_field_exists('ldap_servers', $varchar255field_name) && !ldap_servers_db_field_exists('ldap_servers', drupal_strtolower($varchar255field_name))) {
|
315
|
db_add_field('ldap_servers', $varchar255field_name, array(
|
316
|
'type' => 'varchar',
|
317
|
'length' => '255',
|
318
|
'not null' => FALSE,
|
319
|
));
|
320
|
$msg = t('"!name" field added to ldap_servers table', array('!name' => $varchar255field_name));
|
321
|
}
|
322
|
}
|
323
|
}
|
324
|
|
325
|
|
326
|
/**
|
327
|
* adjust group related fields to ldap_servers table
|
328
|
*/
|
329
|
function ldap_servers_update_7109() {
|
330
|
|
331
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupNested')) {
|
332
|
db_add_field('ldap_servers', 'groupNested', array(
|
333
|
'type' => 'int',
|
334
|
'size' => 'tiny',
|
335
|
'not null' => FALSE,
|
336
|
'default' => 0,
|
337
|
));
|
338
|
$msg = t('"groupNested" field added to ldap_servers table');
|
339
|
}
|
340
|
|
341
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUseFirstAttr')) {
|
342
|
db_add_field('ldap_servers', 'groupUseFirstAttr', array(
|
343
|
'type' => 'int',
|
344
|
'size' => 'tiny',
|
345
|
'not null' => FALSE,
|
346
|
'default' => 0,
|
347
|
));
|
348
|
$msg .= '<br/>' . t('"groupUseFirstAttr" field added to ldap_servers table');
|
349
|
}
|
350
|
|
351
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupSearchAll')) {
|
352
|
db_add_field('ldap_servers', 'groupSearchAll', array(
|
353
|
'type' => 'int',
|
354
|
'size' => 'tiny',
|
355
|
'not null' => FALSE,
|
356
|
'default' => 0,
|
357
|
));
|
358
|
$msg = t('"groupSearchAll" field added to ldap_servers table');
|
359
|
}
|
360
|
|
361
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttrExists')) {
|
362
|
db_add_field('ldap_servers', 'groupUserMembershipsAttrExists', array(
|
363
|
'type' => 'int',
|
364
|
'size' => 'tiny',
|
365
|
'not null' => FALSE,
|
366
|
'default' => 0,
|
367
|
));
|
368
|
$msg = t('"groupUserMembershipsAttrExists" field added to ldap_servers table');
|
369
|
}
|
370
|
|
371
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttr')) {
|
372
|
db_add_field('ldap_servers', 'groupUserMembershipsAttr', array(
|
373
|
'type' => 'varchar',
|
374
|
'length' => '255',
|
375
|
'not null' => FALSE,
|
376
|
));
|
377
|
$msg = t('"groupUserMembershipsAttr" field added to ldap_servers table');
|
378
|
}
|
379
|
|
380
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupMembershipsAttr')) {
|
381
|
db_add_field('ldap_servers', 'groupMembershipsAttr', array(
|
382
|
'type' => 'varchar',
|
383
|
'length' => '255',
|
384
|
'not null' => FALSE,
|
385
|
));
|
386
|
$msg = t('"groupMembershipsAttr" field added to ldap_servers table');
|
387
|
}
|
388
|
|
389
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupMembershipsAttrMatchingUserAttr')) {
|
390
|
db_add_field('ldap_servers', 'groupMembershipsAttrMatchingUserAttr', array(
|
391
|
'type' => 'varchar',
|
392
|
'length' => '255',
|
393
|
'not null' => FALSE,
|
394
|
));
|
395
|
$msg = t('"groupMembershipsAttrMatchingUserAttr" field added to ldap_servers table');
|
396
|
}
|
397
|
|
398
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttrExists')) {
|
399
|
db_add_field('ldap_servers', 'groupUserMembershipsAttrExists', array(
|
400
|
'type' => 'int',
|
401
|
'size' => 'tiny',
|
402
|
'not null' => FALSE,
|
403
|
'default' => 0,
|
404
|
));
|
405
|
$msg = t('"groupUserMembershipsAttrExists" field added to ldap_servers table');
|
406
|
}
|
407
|
|
408
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttr')) {
|
409
|
db_add_field('ldap_servers', 'groupUserMembershipsAttr', array(
|
410
|
'type' => 'varchar',
|
411
|
'length' => '255',
|
412
|
'not null' => FALSE,
|
413
|
));
|
414
|
$msg = t('"groupUserMembershipsAttr" field added to ldap_servers table');
|
415
|
}
|
416
|
|
417
|
}
|
418
|
|
419
|
/**
|
420
|
* adjust group related fields to ldap_servers table
|
421
|
*/
|
422
|
function ldap_servers_update_7110() {
|
423
|
|
424
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupFunctionalityUnused')) {
|
425
|
db_add_field('ldap_servers', 'groupFunctionalityUnused', array(
|
426
|
'type' => 'int',
|
427
|
'size' => 'tiny',
|
428
|
'not null' => FALSE,
|
429
|
'default' => 0,
|
430
|
));
|
431
|
$msg = t('"groupFunctionalityUnused" field added to ldap_servers table');
|
432
|
}
|
433
|
|
434
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDn')) {
|
435
|
db_add_field('ldap_servers', 'groupTestGroupDn', array(
|
436
|
'type' => 'varchar',
|
437
|
'length' => '255',
|
438
|
'not null' => FALSE,
|
439
|
));
|
440
|
$msg = t('"groupTestGroupDn" field added to ldap_servers table');
|
441
|
}
|
442
|
|
443
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDnWriteable')) {
|
444
|
db_add_field('ldap_servers', 'groupTestGroupDnWriteable', array(
|
445
|
'type' => 'varchar',
|
446
|
'length' => '255',
|
447
|
'not null' => FALSE,
|
448
|
));
|
449
|
$msg = t('"groupTestGroupDnWriteable" field added to ldap_servers table');
|
450
|
}
|
451
|
|
452
|
}
|
453
|
|
454
|
/**
|
455
|
* add field groupTestGroupDnWriteable to ldap_servers table
|
456
|
*/
|
457
|
function ldap_servers_update_7111() {
|
458
|
|
459
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDnWriteable')) {
|
460
|
db_add_field('ldap_servers', 'groupTestGroupDnWriteable', array(
|
461
|
'type' => 'varchar',
|
462
|
'length' => '255',
|
463
|
'not null' => FALSE,
|
464
|
));
|
465
|
$msg = t('"groupTestGroupDnWriteable" field added to ldap_servers table');
|
466
|
}
|
467
|
|
468
|
}
|
469
|
|
470
|
/**
|
471
|
* add field testingDrupalUserDn to ldap_servers table
|
472
|
*/
|
473
|
function ldap_servers_update_7112() {
|
474
|
|
475
|
if (!ldap_servers_db_field_exists('ldap_servers', 'testingDrupalUserDn')) {
|
476
|
db_add_field('ldap_servers', 'testingDrupalUserDn', array(
|
477
|
'type' => 'varchar',
|
478
|
'length' => '255',
|
479
|
'not null' => FALSE,
|
480
|
));
|
481
|
$msg = t('"testingDrupalUserDn" field added to ldap_servers table');
|
482
|
}
|
483
|
|
484
|
}
|
485
|
|
486
|
|
487
|
/**
|
488
|
* upgrade as much as feasible for 7.1 to 7.2 branch
|
489
|
*/
|
490
|
function ldap_servers_update_7201() {
|
491
|
|
492
|
$change_log = array();
|
493
|
|
494
|
// 1. ldap_user is now required for ldap_authentication and ldap_authorization
|
495
|
if (module_exists('ldap_authentication') || module_exists('ldap_authorization')) {
|
496
|
module_enable(array('ldap_user'), TRUE);
|
497
|
$change_log[] = t('LDAP User Module Enabled');
|
498
|
}
|
499
|
|
500
|
/**
|
501
|
* ldap_servers and ldap_authorization tables in 7.x-1.x to 7.x-2.x update
|
502
|
*
|
503
|
* LDAP_SERVERS fields that don't change:
|
504
|
* sid, numeric_sid, name, status, ldap_type, address, port, tls, bind_method,
|
505
|
* binding_service_acct, binddn, bindpw, basedn, user_attr, account_name_attr,
|
506
|
* mail_attr, mail_template, unique_persistent_attr, user_dn_expression,
|
507
|
* testing_drupal_username, group_object_category
|
508
|
* search_pagination, search_page_size, ldap_to_drupal_user,
|
509
|
*
|
510
|
* LDAP_SERVERS fields not populated in update:
|
511
|
* unique_persistent_attr_binary
|
512
|
* testingDrupalUserDn
|
513
|
* groupTestGroupDn - new no value in it and not important
|
514
|
* groupTestGroupDnWriteable - new no value in it and not important
|
515
|
*
|
516
|
* LDAP_SERVERS fields set/adjusted in update:
|
517
|
* groupNested
|
518
|
* groupFunctionalityUnused = 1 if ldap authorization tables exist
|
519
|
* groupDeriveFromDn from option IIA of ldap authorization
|
520
|
* groupDeriveFromDnAttr from option IIA of ldap authorization
|
521
|
* groupUserMembershipsAttrExists = 1 if option IIB used in ldap authorization
|
522
|
* groupUserMembershipsAttr get from ldap authorization IIB
|
523
|
* groupMembershipsAttr from option IIC in ldap authorization derive from entry
|
524
|
* groupMembershipsAttrMatchingUserAttr from option IIC
|
525
|
*
|
526
|
*
|
527
|
* LDAP_AUTHORIZATION fields that don't change:
|
528
|
* numeric_consumer_conf_id, sid, consumer_type, consumer_module
|
529
|
* status, only_ldap_authenticated, mappings, use_filter,
|
530
|
* synchronization_modes, synchronization_actions, synch_to_ldap,
|
531
|
* synch_on_logon, revoke_ldap_provisioned, create_consumers,
|
532
|
* regrant_ldap_provisioned
|
533
|
*
|
534
|
* LDAP_AUTHORIZATION fields populated in update:
|
535
|
* useFirstAttrAsGroupId = derive_from_attr_use_first_attr || derive_from_entry_use_first_attr
|
536
|
*
|
537
|
* LDAP_AUTHORIZATION fields to remove in update
|
538
|
* derive_from_dn, derive_from_dn_attr, derive_from_entry, derive_from_attr
|
539
|
* derive_from_attr_attr, derive_from_entry, derive_from_entry_attr,
|
540
|
* derive_from_entry_entries_attr, derive_from_entry_nested,
|
541
|
* derive_from_attr_use_first_attr, derive_from_entry_search_all
|
542
|
* derive_from_entry_use_first_attr
|
543
|
*
|
544
|
*/
|
545
|
|
546
|
|
547
|
// 2. add any missing fields from schema
|
548
|
ldap_servers_install_update_schema(ldap_servers_schema(), $change_log);
|
549
|
if (module_exists('ldap_authorization')) {
|
550
|
ldap_servers_install_update_schema(ldap_authorization_schema(), $change_log);
|
551
|
}
|
552
|
if (module_exists('ldap_query')) {
|
553
|
ldap_servers_install_update_schema(ldap_query_schema(), $change_log);
|
554
|
}
|
555
|
|
556
|
// 3. move configuration data that has changed location within ldap modules
|
557
|
$field_changes = array();
|
558
|
$ldap_server_records = array();
|
559
|
$select = db_select('ldap_servers')
|
560
|
->fields('ldap_servers')
|
561
|
->execute();
|
562
|
foreach ($select as $record) {
|
563
|
$ldap_server_records[$record->sid] = $record;
|
564
|
}
|
565
|
|
566
|
if (db_table_exists('ldap_authorization')) {
|
567
|
$ldap_authorization_record = NULL;
|
568
|
$select = db_select('ldap_authorization', 'authz')
|
569
|
->fields('authz')
|
570
|
->execute();
|
571
|
// pick best ldap authorization conf to use to configure ldap server
|
572
|
$max_weight = -1;
|
573
|
foreach ($select as $record) {
|
574
|
$weight = (int)($record->status) + (int)($record->consumer_type == 'drupal_role');
|
575
|
if ($weight > $max_weight) {
|
576
|
$max_weight = $weight;
|
577
|
$ldap_authorization_record = $record;
|
578
|
}
|
579
|
}
|
580
|
|
581
|
foreach ($ldap_server_records as $sid => $ldap_server_record) {
|
582
|
if ($ldap_authorization_record && $ldap_authorization_record->sid == $sid) {
|
583
|
$consumer_type = $ldap_authorization_record->consumer_type;
|
584
|
$field_changes['ldap_servers'][$sid]['groupFunctionalityUnused'] = 0;
|
585
|
if ($ldap_authorization_record->derive_from_dn) {
|
586
|
$field_changes['ldap_servers'][$sid]['groupDeriveFromDn'] = 1;
|
587
|
$field_changes['ldap_servers'][$sid]['groupDeriveFromDnAttr'] = $ldap_authorization_record->derive_from_dn_attr;
|
588
|
}
|
589
|
if ($ldap_authorization_record->derive_from_attr) {
|
590
|
$field_changes['ldap_servers'][$sid]['groupUserMembershipsAttrExists'] = 1;
|
591
|
$field_changes['ldap_servers'][$sid]['groupUserMembershipsAttr'] = $ldap_authorization_record->derive_from_attr_attr;
|
592
|
}
|
593
|
if ($ldap_authorization_record->derive_from_entry) {
|
594
|
$field_changes['ldap_servers'][$sid]['groupMembershipsAttr'] = $ldap_authorization_record->derive_from_entry_attr; // eg members
|
595
|
$field_changes['ldap_servers'][$sid]['groupMembershipsAttrMatchingUserAttr'] = $ldap_authorization_record->derive_from_entry_entries_attr; // eg dn
|
596
|
}
|
597
|
if ($ldap_authorization_record->derive_from_entry_nested) {
|
598
|
$field_changes['ldap_servers'][$sid]['groupNested'] = 1;
|
599
|
}
|
600
|
if ($ldap_authorization_record->derive_from_attr_use_first_attr || $ldap_authorization_record->derive_from_entry_use_first_attr) {
|
601
|
$field_changes['ldap_authorization'][$consumer_type]['useFirstAttrAsGroupId'] = 1;
|
602
|
}
|
603
|
}
|
604
|
else {
|
605
|
$field_changes['ldap_servers'][$sid]['groupFunctionalityUnused'] = 1;
|
606
|
}
|
607
|
}
|
608
|
}
|
609
|
|
610
|
foreach ($field_changes as $table_name => $record) {
|
611
|
foreach ($record as $id => $field_data) {
|
612
|
if ($table_name == 'ldap_servers' || $table_name == 'ldap_authorization') {
|
613
|
$id_field_name = 'sid';
|
614
|
}
|
615
|
else {
|
616
|
continue;
|
617
|
}
|
618
|
if (count($field_data)) {
|
619
|
$change_log[] = t("!table_name where !id_field_name = !id values updated", array(
|
620
|
'!table_name' => $table_name,
|
621
|
'!id_field_name' => $id_field_name,
|
622
|
'!id' => $id,
|
623
|
));
|
624
|
$num_updated = db_update($table_name)
|
625
|
->fields($field_data)
|
626
|
->condition($id_field_name, $id, '=')
|
627
|
->execute();
|
628
|
}
|
629
|
}
|
630
|
}
|
631
|
|
632
|
// 4. remove ldap_authorization fields that are unused
|
633
|
$ldap_authorization_fields_to_remove = array(
|
634
|
'derive_from_dn',
|
635
|
'derive_from_dn_attr',
|
636
|
'derive_from_attr',
|
637
|
'derive_from_entry',
|
638
|
'derive_from_attr_attr',
|
639
|
'derive_from_entry_attr',
|
640
|
'derive_from_entry_entries_attr',
|
641
|
'derive_from_entry_nested',
|
642
|
'derive_from_entry_search_all',
|
643
|
'derive_from_entry_use_first_attr',
|
644
|
'derive_from_attr_use_first_attr',
|
645
|
);
|
646
|
|
647
|
foreach ($ldap_authorization_fields_to_remove as $ldap_authorization_field) {
|
648
|
db_drop_field('ldap_authorization', $ldap_authorization_field);
|
649
|
}
|
650
|
$change_log[] = t("ldap_authorization table fields removed: !fields_removed", array('!fields_removed' => join(', ', $ldap_authorization_fields_to_remove)));
|
651
|
|
652
|
|
653
|
//5. ldap_authentication and ldap_user changes are in variables, not tables
|
654
|
|
655
|
$ldap_authentication_conf_data = variable_get('ldap_authentication_conf', array());
|
656
|
$ldap_user_conf_data = variable_get('ldap_user_conf', array());
|
657
|
|
658
|
$ldap_authentication_sids = array_keys($ldap_authentication_conf_data['sids']);
|
659
|
if (count($ldap_authentication_sids) == 1) {
|
660
|
$ldap_user_conf_data['drupalAcctProvisionServer'] = $ldap_authentication_sids[0];
|
661
|
}
|
662
|
|
663
|
// conflict log vs resolve moved from ldap_authentication to ldap_user
|
664
|
if (!empty($ldap_authentication_conf_data['authenticationMode'])) {
|
665
|
if ($ldap_authentication_conf_data['loginConflictResolve'] == LDAP_AUTHENTICATION_CONFLICT_LOG) {
|
666
|
$ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_LOG;
|
667
|
$change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_LOG;
|
668
|
}
|
669
|
elseif ($ldap_authentication_conf_data['loginConflictResolve'] == LDAP_AUTHENTICATION_CONFLICT_RESOLVE) {
|
670
|
$ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_RESOLVE;
|
671
|
$change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_RESOLVE;
|
672
|
}
|
673
|
unset($ldap_authentication_conf_data['loginConflictResolve']);
|
674
|
$change_log[] = t('ldap_authentication_conf -> loginConflictResolve value removed');
|
675
|
}
|
676
|
else {
|
677
|
$ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
|
678
|
$change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
|
679
|
}
|
680
|
|
681
|
|
682
|
if (isset($ldap_authentication_conf_data['acctCreation'])) {
|
683
|
$ldap_user_conf_data['acctCreation'] = $ldap_authentication_conf_data['acctCreation'];
|
684
|
$change_log[] = t('ldap_user_conf -> acctCreation set to value in ldap_authentication_conf -> acctCreation');
|
685
|
unset($ldap_authentication_conf_data['acctCreation']);
|
686
|
$change_log[] = t('ldap_authentication_conf -> acctCreation value removed');
|
687
|
}
|
688
|
else {
|
689
|
$ldap_user_conf_data['acctCreation'] = LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
|
690
|
$change_log[] = t('ldap_user_conf -> acctCreation set to default:') . ' ' . LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
|
691
|
}
|
692
|
|
693
|
$ldap_user_conf_data['manualAccountConflict'] = LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT;
|
694
|
$change_log[] = t('ldap_user_conf -> manualAccountConflict set to default:') . ' ' . LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT;
|
695
|
|
696
|
$change_log[] = t('LDAP User configuration populated.');
|
697
|
$change_log[] = t('LDAP Authentication configuration updated.');
|
698
|
variable_set('ldap_authentication_conf', $ldap_authentication_conf_data);
|
699
|
variable_set('ldap_user_conf', $ldap_user_conf_data);
|
700
|
|
701
|
$summary = '<h2>' . t('Please check through all the LDAP module configuration pages.
|
702
|
The update from 7.x-1.x to 7.x-2.x is not automatable! The configuration pages
|
703
|
must be read through and configured.') . '</h2>' .
|
704
|
theme('item_list', array(
|
705
|
'items' => $change_log,
|
706
|
'type' => 'ul',
|
707
|
'title' => 'Changes in 7.x-1.x to 7.x-2.x update')
|
708
|
);
|
709
|
|
710
|
watchdog('ldap_servers', $summary, WATCHDOG_INFO);
|
711
|
return $summary;
|
712
|
|
713
|
|
714
|
}
|
715
|
|
716
|
/**
|
717
|
* make ldap_servers.bind_method field small int instead of tiny int for ctools bug
|
718
|
*/
|
719
|
function ldap_servers_update_7202() {
|
720
|
|
721
|
db_change_field('ldap_servers', 'bind_method', 'bind_method', array(
|
722
|
'type' => 'int',
|
723
|
'size' => 'small',
|
724
|
'not null' => TRUE,
|
725
|
'default' => 0,
|
726
|
));
|
727
|
|
728
|
}
|
729
|
|
730
|
/**
|
731
|
* make all schema field names lowercase in ldap server to deal with cronic case sensitivity issues
|
732
|
*/
|
733
|
function ldap_servers_update_7203() {
|
734
|
$schema = ldap_servers_schema();
|
735
|
$changes = array(
|
736
|
'testingDrupalUserDn' => 'testing_drupal_user_dn',
|
737
|
'group_object_category' => 'grp_object_cat',
|
738
|
'groupFunctionalityUnused' => 'grp_unused',
|
739
|
'groupNested' => 'grp_nested',
|
740
|
'groupUserMembershipsAttrExists' => 'grp_user_memb_attr_exists',
|
741
|
'groupUserMembershipsAttr' => 'grp_user_memb_attr',
|
742
|
'groupMembershipsAttr' => 'grp_memb_attr',
|
743
|
'groupMembershipsAttrMatchingUserAttr' => 'grp_memb_attr_match_user_attr',
|
744
|
'groupDeriveFromDn' => 'grp_derive_from_dn',
|
745
|
'groupDeriveFromDnAttr' => 'grp_derive_from_dn_attr',
|
746
|
'groupTestGroupDn' => 'grp_test_grp_dn',
|
747
|
'groupTestGroupDnWriteable' => 'grp_test_grp_dn_writeable'
|
748
|
);
|
749
|
foreach ($changes as $old_field_name => $new_field_name) {
|
750
|
$field_schema = $schema['ldap_servers']['fields'][$new_field_name];
|
751
|
if (ldap_servers_db_field_exists('ldap_servers', $old_field_name)) {
|
752
|
if (ldap_servers_db_field_exists('ldap_servers', $new_field_name)) {
|
753
|
db_drop_field('ldap_servers', $old_field_name);
|
754
|
}
|
755
|
else {
|
756
|
db_change_field('ldap_servers', $old_field_name, $new_field_name, $field_schema);
|
757
|
}
|
758
|
}
|
759
|
}
|
760
|
|
761
|
}
|
762
|
|
763
|
/**
|
764
|
* Add picture_attr field in schema
|
765
|
*/
|
766
|
function ldap_servers_update_7204() {
|
767
|
if (!ldap_servers_db_field_exists('ldap_servers', 'picture_attr')) {
|
768
|
db_add_field(
|
769
|
'ldap_servers',
|
770
|
'picture_attr',
|
771
|
array(
|
772
|
'type' => 'varchar',
|
773
|
'length' => 255,
|
774
|
'not null' => FALSE,
|
775
|
)
|
776
|
);
|
777
|
}
|
778
|
}
|
779
|
|
780
|
|
781
|
/**
|
782
|
* fix any double serialized ldap server basedns
|
783
|
*/
|
784
|
function ldap_servers_update_7205() {
|
785
|
|
786
|
module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
787
|
$ldap_servers = ldap_servers_get_servers();
|
788
|
foreach ($ldap_servers as $sid => $ldap_server) {
|
789
|
if ($ldap_server->basedn && is_scalar($ldap_server->basedn)) {
|
790
|
// these are still serialized after being loaded from db/ctools so were double serialized
|
791
|
$ldap_server->basedn = unserialize($ldap_server->basedn);
|
792
|
$ldap_server->save();
|
793
|
}
|
794
|
}
|
795
|
|
796
|
}
|
797
|
|
798
|
|
799
|
|
800
|
/**
|
801
|
* Add LDAP Referrals fields in schema
|
802
|
*/
|
803
|
function ldap_servers_update_7206() {
|
804
|
db_add_field(
|
805
|
'ldap_servers',
|
806
|
'followrefs',
|
807
|
array(
|
808
|
'type' => 'int',
|
809
|
'size' => 'tiny',
|
810
|
'not null' => FALSE,
|
811
|
'default' => 0,
|
812
|
)
|
813
|
);
|
814
|
}
|
815
|
|
816
|
function ldap_servers_install_update_schema($schema, &$change_log) {
|
817
|
foreach ($schema as $table_name => $table_schema) {
|
818
|
foreach ($table_schema['fields'] as $field_name => $field_schema) {
|
819
|
if (!ldap_servers_db_field_exists($table_name, $field_name)) {
|
820
|
db_add_field($table_name, $field_name, $field_schema);
|
821
|
$change_log[] = t("!field_name field added to !table_name table", array('!field_name' => $field_name, '!table_name' => $table_name));
|
822
|
}
|
823
|
}
|
824
|
}
|
825
|
}
|