|
1
|
|
|
2
|
Vocubulary of LDAP Authorization and its Code
|
|
3
|
|
|
4
|
----------------------
|
|
5
|
"Consumer"
|
|
6
|
----------------------
|
|
7
|
The "consumer" or entity that authorization is being granted.
|
|
8
|
|
|
9
|
Examples: Drupal role, Organic Group group
|
|
10
|
|
|
11
|
----------------------
|
|
12
|
"Consumer Type"
|
|
13
|
----------------------
|
|
14
|
Machine ID of a consumer. This is used in naming conventionss.
|
|
15
|
|
|
16
|
Examples: drupal_role, og_group
|
|
17
|
|
|
18
|
----------------------
|
|
19
|
"Consumer Module"
|
|
20
|
----------------------
|
|
21
|
The module that bridges ldap_authorization and the consumer.
|
|
22
|
It needs to (1) provide a class: LdapAuthorizationConsumer<consumer_type>
|
|
23
|
and (2) implement hook_ldap_authorization_consumer.
|
|
24
|
|
|
25
|
Examples: ldap_authorization_drupal_role
|
|
26
|
|
|
27
|
|
|
28
|
----------------------
|
|
29
|
"Authorization ID" aka "Consumer ID"
|
|
30
|
----------------------
|
|
31
|
The id of an individual authorization such as a drupal role or organic group.
|
|
32
|
|
|
33
|
Examples: "authenticated user", "admin" (for drupal roles)
|
|
34
|
Examples: "knitters on skates", "vacationing programmers" (og group names for organic groups)
|
|
35
|
|
|
36
|
|
|
37
|
----------------------
|
|
38
|
"Consumer Configuration"
|
|
39
|
----------------------
|
|
40
|
Configuration of how a users ldap attributes will
|
|
41
|
determine a set of Consumer ids the user should be granted.
|
|
42
|
Represented by LdapAuthorizationConsumerConf and LdapAuthorizationConsumerConfAdmin classes
|
|
43
|
and managed at /admin/config/people/ldap/authorization. Stored in ldap_authorization database table.
|
|
44
|
|
|
45
|
---------------------
|
|
46
|
LDAP Server Configuration
|
|
47
|
---------------------
|
|
48
|
Each Consumer Configuration will use a single ldap server configuration to bind
|
|
49
|
and query ldap. The ldap server configuration is also used to map the drupal
|
|
50
|
username to an ldap user entry.
|
|
51
|
|
|
52
|
|
|
53
|
----------------------
|
|
54
|
LDAP Authorization data storage:
|
|
55
|
---------------------
|
|
56
|
|
|
57
|
Authorization data is stored in user->data array
|
|
58
|
|
|
59
|
such as:
|
|
60
|
|
|
61
|
$user->data = array(
|
|
62
|
'ldap_authorizations' => array(
|
|
63
|
'og_group' => array (
|
|
64
|
'3-2' => array (
|
|
65
|
'date_granted' => 1329105152,
|
|
66
|
),
|
|
67
|
'2-3' => array (
|
|
68
|
'date_granted' => 1329105152,
|
|
69
|
),
|
|
70
|
),
|
|
71
|
'drupal_role' => array (
|
|
72
|
'7' => array (
|
|
73
|
'date_granted' => 1329105152,
|
|
74
|
),
|
|
75
|
'5' => array (
|
|
76
|
'date_granted' => 1329105152,
|
|
77
|
),
|
|
78
|
),
|
|
79
|
);
|
