root / drupal7 / sites / all / modules / ldap / ldap_servers / ldap_servers.api.php @ 91af538d
| 1 |
<?php
|
|---|---|
| 2 |
|
| 3 |
/**
|
| 4 |
* @file
|
| 5 |
* Hooks provided by ldap_servers module.
|
| 6 |
*/
|
| 7 |
|
| 8 |
/**
|
| 9 |
* Allows other modules to periodically affect an ldap associated user
|
| 10 |
* or its corresponding ldap entry.
|
| 11 |
*
|
| 12 |
* When cron runs a batch of ldap associated drupal accounts
|
| 13 |
* will be looked at and marked as tested. over the course
|
| 14 |
* of time all ldap related users will be looked at.
|
| 15 |
*
|
| 16 |
* Each module implementing this hook is responsible for
|
| 17 |
* altering ldap entries and drupal user objects; simply
|
| 18 |
* altering the variables will have no affect on the actual
|
| 19 |
* ldap entry or drupal user
|
| 20 |
*/
|
| 21 |
function hook_ldap_servers_user_cron(&$users) { |
| 22 |
|
| 23 |
} |
| 24 |
|
| 25 |
/**
|
| 26 |
* Helper hook to see if a batch of ldap users
|
| 27 |
* needs to be queried.
|
| 28 |
*
|
| 29 |
* If a module implements hook_ldap_servers_user_cron,
|
| 30 |
* but currently does not need to process user cron batches,
|
| 31 |
* it should return FALSE.
|
| 32 |
*/
|
| 33 |
function hook_ldap_servers_user_cron_needed() { |
| 34 |
return TRUE; |
| 35 |
} |
| 36 |
|
| 37 |
/**
|
| 38 |
* Allows other modules to alter ldap entry or perform other necessary
|
| 39 |
* LDAP operations before entires are provisioned.
|
| 40 |
* This should be invoked before provisioning ldap entries.
|
| 41 |
*
|
| 42 |
* @param array $ldap_entries
|
| 43 |
* as array keyed on lowercase dn of entry with
|
| 44 |
* value of array in format used in ldap_add or ldap_modify function
|
| 45 |
* e.g.
|
| 46 |
* $ldap_entries['cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu'] = array(
|
| 47 |
* "attribute1" => array("value"),
|
| 48 |
* "attribute2" => array("value1", "value2"),
|
| 49 |
* );.
|
| 50 |
*
|
| 51 |
* @param LdapServer $ldap_server
|
| 52 |
* as ldap server configuration object that is
|
| 53 |
* performing provisioning.
|
| 54 |
*
|
| 55 |
* @param array $context
|
| 56 |
* with the following key/values:
|
| 57 |
* 'action' => add|modify|delete
|
| 58 |
*
|
| 59 |
* 'corresponding_drupal_data' => if ldap entries have corresponding drupal objects, such
|
| 60 |
* as ldap user entries and drupal user objects; ldap groups and drupal roles; etc
|
| 61 |
* this will be array keyed on lowercase dn with values of objects, e.g. :
|
| 62 |
* [
|
| 63 |
* 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu' => drupal user object1,
|
| 64 |
* 'cn=jfun,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu => drupal user object2,
|
| 65 |
* ]
|
| 66 |
* 'corresponding_drupal_data_type' => 'user', 'role', etc.
|
| 67 |
*/
|
| 68 |
function hook_ldap_entry_pre_provision_alter(&$ldap_entries, $ldap_server, $context) { |
| 69 |
|
| 70 |
} |
| 71 |
|
| 72 |
/**
|
| 73 |
* Allows modules to react to provisioning of ldap entries.
|
| 74 |
*
|
| 75 |
* This should be invoked after provisioning ldap entries.
|
| 76 |
*
|
| 77 |
* -- same signature as hook_ldap_entry_pre_provision_alter with ldap entries not passed by reference
|
| 78 |
* -- ldap entries are not queried after provisioning, so $ldap_entries are in form
|
| 79 |
* hook_ldap_entry_pre_provision; not actual queryied ldap entries
|
| 80 |
* -- if actual ldap entries are available after provisioning, they will be in
|
| 81 |
* $context['provisioned_ldap_entries][<dn>] => ldap entry array in format of an ldap query
|
| 82 |
* returned from ldap_get_entries() with 'count' keys
|
| 83 |
*/
|
| 84 |
function hook_ldap_entry_post_provision(&$ldap_entries, $ldap_server, $context) { |
| 85 |
|
| 86 |
} |
| 87 |
|
| 88 |
/**
|
| 89 |
* Perform alterations of ldap attributes before query is made.
|
| 90 |
*
|
| 91 |
* To avoid excessive attributes in an ldap query, modules should
|
| 92 |
* alter attributes needed based on $op parameter.
|
| 93 |
*
|
| 94 |
* @param array $attributes
|
| 95 |
* array of attributes to be returned from ldap queries where:
|
| 96 |
* - each key is ldap attribute name (e.g. mail, cn)
|
| 97 |
* - each value is associative array of form:
|
| 98 |
* - 'conversion' => NULL,
|
| 99 |
* - 'values' => array(0 => 'john', 1 => 'johnny'))
|
| 100 |
*
|
| 101 |
* @param array $params
|
| 102 |
* context array with some or all of the following key/values
|
| 103 |
* 'sid' => drupal account object,
|
| 104 |
* 'ldap_context' => ,
|
| 105 |
* 'direction' =>.
|
| 106 |
*/
|
| 107 |
function hook_ldap_attributes_needed_alter(&$attributes, $params) { |
| 108 |
|
| 109 |
$attributes['dn'] = ldap_servers_set_attribute_map(@$attributes['dn'], 'ldap_dn'); |
| 110 |
// Puid attributes are server specific.
|
| 111 |
if ($params['sid']) { |
| 112 |
$ldap_server = (is_object($params['sid'])) ? $params['sid'] : ldap_servers_get_servers($params['sid'], 'enabled', TRUE); |
| 113 |
|
| 114 |
switch ($op) { |
| 115 |
case 'user_insert': |
| 116 |
case 'user_update': |
| 117 |
if (!isset($attributes[$ldap_server->user_attr])) { |
| 118 |
// don't provide attribute if it exists, unless you are adding data_type or value information
|
| 119 |
// in that case, don't overwrite the whole array (see $ldap_server->mail_attr example below)
|
| 120 |
$attributes[$ldap_server->user_attr] = ldap_servers_set_attribute_map(); |
| 121 |
} |
| 122 |
if (!isset($attributes[$ldap_server->mail_attr])) { |
| 123 |
// Set default values for an attribute, force data_type.
|
| 124 |
$attributes[$ldap_server->mail_attr] = ldap_servers_set_attribute_map(); |
| 125 |
} |
| 126 |
|
| 127 |
ldap_servers_token_extract_attributes($attributes, $ldap_server_obj->mail_template); |
| 128 |
$attributes[$ldap_server->unique_persistent_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->unique_persistent_attr]); |
| 129 |
|
| 130 |
break;
|
| 131 |
} |
| 132 |
} |
| 133 |
} |
| 134 |
|
| 135 |
/**
|
| 136 |
* Perform alterations of $ldap_user variable.
|
| 137 |
*
|
| 138 |
* @param array $ldap_user
|
| 139 |
* see README.developers.txt for structure.
|
| 140 |
* @param array $params
|
| 141 |
* context array with some or all of the following key/values
|
| 142 |
* 'account' => drupal account object,
|
| 143 |
* 'ldap_context' => ,
|
| 144 |
* 'module' => module calling alter, e.g. 'ldap_user',
|
| 145 |
* 'function' => function calling alter, e.g. 'provisionLdapEntry'.
|
| 146 |
*/
|
| 147 |
function hook_ldap_user_alter(&$ldap_entry, $params) { |
| 148 |
|
| 149 |
} |
| 150 |
|
| 151 |
/**
|
| 152 |
* Allow the results from the ldap search answer to be modified
|
| 153 |
* The query parameters are provided as context infomation
|
| 154 |
* (readonly)
|
| 155 |
*/
|
| 156 |
function hook_ldap_server_search_results_alter(&$entries, $ldap_query_params) { |
| 157 |
// Look for a specific part of the $results array
|
| 158 |
// and maybe change it.
|
| 159 |
} |
| 160 |
|
| 161 |
/**
|
| 162 |
* Allows other modules to transform the Drupal login username to an LDAP
|
| 163 |
* UserName attribute.
|
| 164 |
* Invoked in LdapServer::userUsernameToLdapNameTransform()
|
| 165 |
*
|
| 166 |
* @param $ldap_username
|
| 167 |
* The ldap username that will be used for the AuthName attribute
|
| 168 |
* @param $drupal_username
|
| 169 |
* The Drupal user name
|
| 170 |
* @param $context
|
| 171 |
* An array of additional contextual information
|
| 172 |
* - ldap_server: The LDAP server that is invoking the hook
|
| 173 |
*/
|
| 174 |
function hook_user_ldap_servers_username_to_ldapname_alter(&$ldap_username, $drupal_username, $context) { |
| 175 |
// Alter the name only if it has not been altered already, ie php eval code.
|
| 176 |
if ($ldap_username == $drupal_username) { |
| 177 |
$authname = ldap_user_get_authname($ldap_username); |
| 178 |
if (!empty($authname)) { |
| 179 |
$ldap_username = $authname; |
| 180 |
} |
| 181 |
} |
| 182 |
} |