1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Install, update and uninstall functions for the LDAP API module.
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
* Implements hook_install().
|
10
|
*/
|
11
|
function ldap_servers_install() {
|
12
|
|
13
|
}
|
14
|
|
15
|
/**
|
16
|
* Implements hook_uninstall().
|
17
|
*/
|
18
|
function ldap_servers_uninstall() {
|
19
|
variable_del('ldap_servers_encryption');
|
20
|
variable_del('ldap_servers_require_ssl_for_credentials');
|
21
|
variable_del('ldap_servers_encrypt_key');
|
22
|
|
23
|
}
|
24
|
|
25
|
/**
|
26
|
* Implements hook_requirements().
|
27
|
*/
|
28
|
function ldap_servers_requirements($phase) {
|
29
|
$requirements = [];
|
30
|
$t = get_t();
|
31
|
|
32
|
if ($phase == 'install') {
|
33
|
$requirements['ldap_extension_loaded']['title'] = t('LDAP Extension Loaded');
|
34
|
if (extension_loaded('ldap')) {
|
35
|
$requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_OK;
|
36
|
}
|
37
|
else {
|
38
|
$requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_ERROR;
|
39
|
$requirements['ldap_extension_loaded']['description'] = t('No LDAP PHP Extension is loaded for PHP, so LDAP will not work properly.');
|
40
|
}
|
41
|
}
|
42
|
|
43
|
if ($phase == 'runtime' && !extension_loaded('ldap')) {
|
44
|
$requirements['ldap_extension_loaded']['title'] = t('LDAP Extension Loaded');
|
45
|
$requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_ERROR;
|
46
|
$requirements['ldap_extension_loaded']['description'] = t('No LDAP PHP Extension is loaded for PHP, so LDAP will not work properly.');
|
47
|
}
|
48
|
|
49
|
if ($phase != "install" && db_table_exists('ldapauth')) {
|
50
|
$requirements['ldap_servers']['title'] = t('LDAP Integration LDAP Auth to LDAP Servers Upgrade Concern');
|
51
|
$requirements['ldap_servers']['severity'] = REQUIREMENT_WARNING;
|
52
|
$requirements['ldap_servers']['value'] = NULL;
|
53
|
$requirements['ldap_servers']['description'] = t('Upgrade from Drupal 6 LDAP Auth to Drupal 7
|
54
|
LDAP Servers is not automatic. LDAP Servers will need to be configured by hand.
|
55
|
See http://drupal.org/node/1023016. This message will go away when the ldapauth database table is removed.');
|
56
|
}
|
57
|
// Check that ldapauth not installed.
|
58
|
// Check enabled LDAP servers are configured and Drupal can connect to them.
|
59
|
if ($phase == 'runtime') {
|
60
|
$requirements['ldap_servers_enabled'] = [
|
61
|
'title' => $t('LDAP Server status'),
|
62
|
'value' => $t('Disabled'),
|
63
|
'severity' => REQUIREMENT_WARNING,
|
64
|
];
|
65
|
|
66
|
$servers = ldap_servers_get_servers(NULL, 'enabled');
|
67
|
if (!empty($servers)) {
|
68
|
unset($requirements['ldap_servers_enabled']);
|
69
|
|
70
|
foreach ($servers as $server) {
|
71
|
$server_req_key = 'ldap_servers_sid_' . $server->sid;
|
72
|
$server_tokens = [
|
73
|
'@host' => $server->address,
|
74
|
'@sid' => $server->sid,
|
75
|
];
|
76
|
$requirements[$server_req_key] = [
|
77
|
'title' => $t('LDAP Server status: @sid (@host)', $server_tokens),
|
78
|
'value' => $t('Connection: Failed, check logs for details.', $server_tokens),
|
79
|
'severity' => REQUIREMENT_ERROR,
|
80
|
];
|
81
|
|
82
|
try {
|
83
|
$connect_result = $server->connect();
|
84
|
if ($connect_result == LDAP_SUCCESS) {
|
85
|
if ($server->bind_method == LDAP_SERVERS_BIND_METHOD_USER) {
|
86
|
// Check bind anonymously if set to bind via user credentials.
|
87
|
// The user has already logged in and so their is no dn or password
|
88
|
// to check since LDAP doesn't store passwords.
|
89
|
$bind_result = $server->bind(NULL, NULL, TRUE);
|
90
|
}
|
91
|
else {
|
92
|
$bind_result = $server->bind();
|
93
|
}
|
94
|
if ($bind_result == LDAP_SUCCESS) {
|
95
|
$requirements[$server_req_key]['value'] = $t('Connection: Success, Bind: Success', $server_tokens);
|
96
|
$requirements[$server_req_key]['severity'] = REQUIREMENT_OK;
|
97
|
}
|
98
|
}
|
99
|
$server->disconnect();
|
100
|
}
|
101
|
catch (Exception $e) {
|
102
|
}
|
103
|
}
|
104
|
}
|
105
|
}
|
106
|
|
107
|
return $requirements;
|
108
|
}
|
109
|
|
110
|
/**
|
111
|
* Implements hook_schema().
|
112
|
*/
|
113
|
function ldap_servers_schema() {
|
114
|
module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
115
|
// To get the LDAP_SERVERS_ENC_TYPE_CLEARTEXT constants issue#1209576.
|
116
|
module_load_include('module', 'ldap_servers', 'ldap_servers');
|
117
|
module_load_include('php', 'ldap_servers', 'LdapServerAdmin.class');
|
118
|
|
119
|
$schema['ldap_servers'] = [
|
120
|
'export' => [
|
121
|
'key' => 'sid',
|
122
|
'key name' => 'Server ID',
|
123
|
'primary key' => 'numeric_sid',
|
124
|
'identifier' => 'ldap_servers_conf',
|
125
|
'api' => [
|
126
|
'owner' => 'ldap_servers',
|
127
|
'api' => 'ldap_servers',
|
128
|
'minimum_version' => 1,
|
129
|
'current_version' => 1,
|
130
|
],
|
131
|
],
|
132
|
'primary key' => ['numeric_sid'],
|
133
|
'unique keys' => ['name' => ['name']],
|
134
|
];
|
135
|
|
136
|
$fields = LdapServerAdmin::fields();
|
137
|
foreach ($fields as $name => $props) {
|
138
|
if (isset($props['schema'])) {
|
139
|
$schema['ldap_servers']['fields'][$name] = $props['schema'];
|
140
|
}
|
141
|
}
|
142
|
|
143
|
return $schema;
|
144
|
|
145
|
}
|
146
|
|
147
|
/**
|
148
|
* Rename ldap_servers type field to ldap_type.
|
149
|
*/
|
150
|
function ldap_servers_update_7100() {
|
151
|
if (!ldap_servers_db_field_exists('ldap_servers', 'ldap_type') && ldap_servers_db_field_exists('ldap_servers', 'type')) {
|
152
|
db_change_field('ldap_servers', 'type', 'ldap_type', [
|
153
|
'type' => 'varchar',
|
154
|
'length' => 20,
|
155
|
'not null' => FALSE,
|
156
|
]);
|
157
|
}
|
158
|
|
159
|
return t('ldap_servers table field "type" renamed to "ldap_type"');
|
160
|
|
161
|
}
|
162
|
|
163
|
/**
|
164
|
* Ldap_server table field changes.
|
165
|
*/
|
166
|
function ldap_servers_update_7101() {
|
167
|
|
168
|
db_add_field(
|
169
|
'ldap_servers',
|
170
|
'allow_conflicting_drupal_accts',
|
171
|
[
|
172
|
'type' => 'int',
|
173
|
'size' => 'tiny',
|
174
|
'not null' => FALSE,
|
175
|
'default' => 0,
|
176
|
]
|
177
|
);
|
178
|
|
179
|
db_add_field(
|
180
|
'ldap_servers',
|
181
|
'unique_persistent_attr',
|
182
|
[
|
183
|
'type' => 'varchar',
|
184
|
'length' => '64',
|
185
|
'not null' => FALSE,
|
186
|
]
|
187
|
);
|
188
|
|
189
|
db_add_field(
|
190
|
'ldap_servers',
|
191
|
'mail_template',
|
192
|
[
|
193
|
'type' => 'varchar',
|
194
|
'length' => '255',
|
195
|
'not null' => FALSE,
|
196
|
]
|
197
|
);
|
198
|
|
199
|
db_change_field('ldap_servers', 'ldap_to_drupal_user', 'ldap_to_drupal_user', [
|
200
|
'type' => 'varchar',
|
201
|
'length' => 1024,
|
202
|
'not null' => FALSE,
|
203
|
]);
|
204
|
|
205
|
db_change_field('ldap_servers', 'binddn', 'binddn', [
|
206
|
'type' => 'varchar',
|
207
|
'length' => 511,
|
208
|
]);
|
209
|
|
210
|
return t('Updated LDAP Server to include "allow_conflicting_drupal_accts" and "unique_persistent_attr" fields.');
|
211
|
}
|
212
|
|
213
|
/**
|
214
|
* Add bind_method field to ldap_servers table.
|
215
|
*/
|
216
|
function ldap_servers_update_7102() {
|
217
|
|
218
|
if (!ldap_servers_db_field_exists('ldap_servers', 'bind_method')) {
|
219
|
db_add_field('ldap_servers', 'bind_method', [
|
220
|
'type' => 'int',
|
221
|
'size' => 'tiny',
|
222
|
'not null' => TRUE,
|
223
|
'default' => 0,
|
224
|
]);
|
225
|
$msg = t('"bind_method" field added to ldap_servers table');
|
226
|
}
|
227
|
|
228
|
return ($msg) ? $msg : t('No database changes made.');
|
229
|
}
|
230
|
|
231
|
/**
|
232
|
* Add group_object_category field to ldap_servers table.
|
233
|
*/
|
234
|
function ldap_servers_update_7103() {
|
235
|
|
236
|
if (!ldap_servers_db_field_exists('ldap_servers', 'group_object_category')) {
|
237
|
db_add_field('ldap_servers', 'group_object_category', [
|
238
|
'type' => 'varchar',
|
239
|
'length' => 64,
|
240
|
'not null' => FALSE,
|
241
|
]);
|
242
|
$msg = t('"group_object_category" field added to ldap_servers table');
|
243
|
}
|
244
|
|
245
|
return ($msg) ? $msg : t('No database changes made.');
|
246
|
}
|
247
|
|
248
|
/**
|
249
|
* Add pagination fields to ldap_servers table.
|
250
|
*/
|
251
|
function ldap_servers_update_7104() {
|
252
|
|
253
|
if (!ldap_servers_db_field_exists('ldap_servers', 'search_pagination')) {
|
254
|
db_add_field('ldap_servers', 'search_pagination', [
|
255
|
'type' => 'int',
|
256
|
'size' => 'tiny',
|
257
|
'not null' => FALSE,
|
258
|
'default' => 0,
|
259
|
]);
|
260
|
$msg = t('"search_pagination" field added to ldap_servers table');
|
261
|
}
|
262
|
|
263
|
if (!ldap_servers_db_field_exists('ldap_servers', 'search_page_size')) {
|
264
|
db_add_field('ldap_servers', 'search_page_size', [
|
265
|
'type' => 'int',
|
266
|
'size' => 'medium',
|
267
|
'not null' => FALSE,
|
268
|
'default' => 1000,
|
269
|
]);
|
270
|
$msg .= '<br/>' . t('"search_page_size" field added to ldap_servers table');
|
271
|
}
|
272
|
|
273
|
if (!ldap_servers_db_field_exists('ldap_servers', 'unique_persistent_attr_binary')) {
|
274
|
db_add_field('ldap_servers', 'unique_persistent_attr_binary', [
|
275
|
'type' => 'int',
|
276
|
'size' => 'tiny',
|
277
|
'not null' => FALSE,
|
278
|
'default' => 0,
|
279
|
]);
|
280
|
$msg = t('"unique_persistent_attr_binary" field added to ldap_servers table');
|
281
|
}
|
282
|
|
283
|
return ($msg) ? $msg : t('No database changes made.');
|
284
|
}
|
285
|
|
286
|
/**
|
287
|
* Enable ldap_user module.
|
288
|
*/
|
289
|
function ldap_servers_update_7105() {
|
290
|
|
291
|
if (!module_exists('ldap_user')) {
|
292
|
module_enable(['ldap_user']);
|
293
|
$msg = t('LDAP User module enabled. Some authentication and authorization functionality shifted to LDAP User module.');
|
294
|
}
|
295
|
|
296
|
return ($msg) ? $msg : t('LDAP User module was already enabled. No action taken.');
|
297
|
}
|
298
|
|
299
|
/**
|
300
|
* Add account_name_attr field to ldap_servers table.
|
301
|
*/
|
302
|
function ldap_servers_update_7106() {
|
303
|
if (!ldap_servers_db_field_exists('ldap_servers', 'account_name_attr')) {
|
304
|
db_add_field('ldap_servers', 'account_name_attr', [
|
305
|
'description' => 'The attribute to be used as the account name if not the user_attr',
|
306
|
'type' => 'varchar',
|
307
|
'length' => 255,
|
308
|
'not null' => FALSE,
|
309
|
'default' => '',
|
310
|
]);
|
311
|
$msg = t('"account_name_attr" field added to ldap_servers table');
|
312
|
}
|
313
|
|
314
|
return ($msg) ? $msg : t('No database changes made.');
|
315
|
}
|
316
|
|
317
|
/**
|
318
|
* Remove allow_conflicting_drupal_accts from ldap_servers table.
|
319
|
*/
|
320
|
function ldap_servers_update_7107() {
|
321
|
if (ldap_servers_db_field_exists('ldap_servers', 'allow_conflicting_drupal_accts')) {
|
322
|
db_drop_field('ldap_servers', 'allow_conflicting_drupal_accts');
|
323
|
$msg = t('"allow_conflicting_drupal_accts" field removed from ldap_servers table');
|
324
|
}
|
325
|
return ($msg) ? $msg : t('No database changes made.');
|
326
|
}
|
327
|
|
328
|
/**
|
329
|
*
|
330
|
*/
|
331
|
function ldap_servers_db_field_exists($table, $field_name) {
|
332
|
if (!db_field_exists($table, $field_name) && !db_field_exists($table, drupal_strtolower($field_name))) {
|
333
|
return FALSE;
|
334
|
}
|
335
|
else {
|
336
|
return TRUE;
|
337
|
}
|
338
|
}
|
339
|
|
340
|
/**
|
341
|
* Add group related fields to ldap_servers table.
|
342
|
*/
|
343
|
function ldap_servers_update_7108() {
|
344
|
|
345
|
foreach (['groupFunctionalityUnused', 'groupNested', 'groupSearchAll', 'groupUserMembershipsAttrExists', 'groupDeriveFromDn', 'groupUserMembershipsAttrExists'] as $tinyint_field_name) {
|
346
|
if (!ldap_servers_db_field_exists('ldap_servers', $tinyint_field_name)) {
|
347
|
db_add_field('ldap_servers', $tinyint_field_name, [
|
348
|
'type' => 'int',
|
349
|
'size' => 'tiny',
|
350
|
'not null' => FALSE,
|
351
|
'default' => 0,
|
352
|
]);
|
353
|
$msg = t('"!name" field added to ldap_servers table', ['!name' => $tinyint_field_name]);
|
354
|
}
|
355
|
}
|
356
|
foreach (['groupUserMembershipsAttr', 'groupMembershipsAttr', 'groupTestGroupDn', 'groupUserMembershipsAttr', 'groupMembershipsAttrMatchingUserAttr'] as $varchar255field_name) {
|
357
|
if (!ldap_servers_db_field_exists('ldap_servers', $varchar255field_name) && !ldap_servers_db_field_exists('ldap_servers', drupal_strtolower($varchar255field_name))) {
|
358
|
db_add_field('ldap_servers', $varchar255field_name, [
|
359
|
'type' => 'varchar',
|
360
|
'length' => '255',
|
361
|
'not null' => FALSE,
|
362
|
]);
|
363
|
$msg = t('"!name" field added to ldap_servers table', ['!name' => $varchar255field_name]);
|
364
|
}
|
365
|
}
|
366
|
}
|
367
|
|
368
|
/**
|
369
|
* Adjust group related fields to ldap_servers table.
|
370
|
*/
|
371
|
function ldap_servers_update_7109() {
|
372
|
|
373
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupNested')) {
|
374
|
db_add_field('ldap_servers', 'groupNested', [
|
375
|
'type' => 'int',
|
376
|
'size' => 'tiny',
|
377
|
'not null' => FALSE,
|
378
|
'default' => 0,
|
379
|
]);
|
380
|
$msg = t('"groupNested" field added to ldap_servers table');
|
381
|
}
|
382
|
|
383
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUseFirstAttr')) {
|
384
|
db_add_field('ldap_servers', 'groupUseFirstAttr', [
|
385
|
'type' => 'int',
|
386
|
'size' => 'tiny',
|
387
|
'not null' => FALSE,
|
388
|
'default' => 0,
|
389
|
]);
|
390
|
$msg .= '<br/>' . t('"groupUseFirstAttr" field added to ldap_servers table');
|
391
|
}
|
392
|
|
393
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupSearchAll')) {
|
394
|
db_add_field('ldap_servers', 'groupSearchAll', [
|
395
|
'type' => 'int',
|
396
|
'size' => 'tiny',
|
397
|
'not null' => FALSE,
|
398
|
'default' => 0,
|
399
|
]);
|
400
|
$msg = t('"groupSearchAll" field added to ldap_servers table');
|
401
|
}
|
402
|
|
403
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttrExists')) {
|
404
|
db_add_field('ldap_servers', 'groupUserMembershipsAttrExists', [
|
405
|
'type' => 'int',
|
406
|
'size' => 'tiny',
|
407
|
'not null' => FALSE,
|
408
|
'default' => 0,
|
409
|
]);
|
410
|
$msg = t('"groupUserMembershipsAttrExists" field added to ldap_servers table');
|
411
|
}
|
412
|
|
413
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttr')) {
|
414
|
db_add_field('ldap_servers', 'groupUserMembershipsAttr', [
|
415
|
'type' => 'varchar',
|
416
|
'length' => '255',
|
417
|
'not null' => FALSE,
|
418
|
]);
|
419
|
$msg = t('"groupUserMembershipsAttr" field added to ldap_servers table');
|
420
|
}
|
421
|
|
422
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupMembershipsAttr')) {
|
423
|
db_add_field('ldap_servers', 'groupMembershipsAttr', [
|
424
|
'type' => 'varchar',
|
425
|
'length' => '255',
|
426
|
'not null' => FALSE,
|
427
|
]);
|
428
|
$msg = t('"groupMembershipsAttr" field added to ldap_servers table');
|
429
|
}
|
430
|
|
431
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupMembershipsAttrMatchingUserAttr')) {
|
432
|
db_add_field('ldap_servers', 'groupMembershipsAttrMatchingUserAttr', [
|
433
|
'type' => 'varchar',
|
434
|
'length' => '255',
|
435
|
'not null' => FALSE,
|
436
|
]);
|
437
|
$msg = t('"groupMembershipsAttrMatchingUserAttr" field added to ldap_servers table');
|
438
|
}
|
439
|
|
440
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttrExists')) {
|
441
|
db_add_field('ldap_servers', 'groupUserMembershipsAttrExists', [
|
442
|
'type' => 'int',
|
443
|
'size' => 'tiny',
|
444
|
'not null' => FALSE,
|
445
|
'default' => 0,
|
446
|
]);
|
447
|
$msg = t('"groupUserMembershipsAttrExists" field added to ldap_servers table');
|
448
|
}
|
449
|
|
450
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttr')) {
|
451
|
db_add_field('ldap_servers', 'groupUserMembershipsAttr', [
|
452
|
'type' => 'varchar',
|
453
|
'length' => '255',
|
454
|
'not null' => FALSE,
|
455
|
]);
|
456
|
$msg = t('"groupUserMembershipsAttr" field added to ldap_servers table');
|
457
|
}
|
458
|
|
459
|
}
|
460
|
|
461
|
/**
|
462
|
* Adjust group related fields to ldap_servers table.
|
463
|
*/
|
464
|
function ldap_servers_update_7110() {
|
465
|
|
466
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupFunctionalityUnused')) {
|
467
|
db_add_field('ldap_servers', 'groupFunctionalityUnused', [
|
468
|
'type' => 'int',
|
469
|
'size' => 'tiny',
|
470
|
'not null' => FALSE,
|
471
|
'default' => 0,
|
472
|
]);
|
473
|
$msg = t('"groupFunctionalityUnused" field added to ldap_servers table');
|
474
|
}
|
475
|
|
476
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDn')) {
|
477
|
db_add_field('ldap_servers', 'groupTestGroupDn', [
|
478
|
'type' => 'varchar',
|
479
|
'length' => '255',
|
480
|
'not null' => FALSE,
|
481
|
]);
|
482
|
$msg = t('"groupTestGroupDn" field added to ldap_servers table');
|
483
|
}
|
484
|
|
485
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDnWriteable')) {
|
486
|
db_add_field('ldap_servers', 'groupTestGroupDnWriteable', [
|
487
|
'type' => 'varchar',
|
488
|
'length' => '255',
|
489
|
'not null' => FALSE,
|
490
|
]);
|
491
|
$msg = t('"groupTestGroupDnWriteable" field added to ldap_servers table');
|
492
|
}
|
493
|
|
494
|
}
|
495
|
|
496
|
/**
|
497
|
* Add field groupTestGroupDnWriteable to ldap_servers table.
|
498
|
*/
|
499
|
function ldap_servers_update_7111() {
|
500
|
|
501
|
if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDnWriteable')) {
|
502
|
db_add_field('ldap_servers', 'groupTestGroupDnWriteable', [
|
503
|
'type' => 'varchar',
|
504
|
'length' => '255',
|
505
|
'not null' => FALSE,
|
506
|
]);
|
507
|
$msg = t('"groupTestGroupDnWriteable" field added to ldap_servers table');
|
508
|
}
|
509
|
|
510
|
}
|
511
|
|
512
|
/**
|
513
|
* Add field testingDrupalUserDn to ldap_servers table.
|
514
|
*/
|
515
|
function ldap_servers_update_7112() {
|
516
|
|
517
|
if (!ldap_servers_db_field_exists('ldap_servers', 'testingDrupalUserDn')) {
|
518
|
db_add_field('ldap_servers', 'testingDrupalUserDn', [
|
519
|
'type' => 'varchar',
|
520
|
'length' => '255',
|
521
|
'not null' => FALSE,
|
522
|
]);
|
523
|
$msg = t('"testingDrupalUserDn" field added to ldap_servers table');
|
524
|
}
|
525
|
|
526
|
}
|
527
|
|
528
|
/**
|
529
|
* Upgrade as much as feasible for 7.1 to 7.2 branch.
|
530
|
*/
|
531
|
function ldap_servers_update_7201() {
|
532
|
|
533
|
$change_log = [];
|
534
|
|
535
|
// 1. ldap_user is now required for ldap_authentication and ldap_authorization.
|
536
|
if (module_exists('ldap_authentication') || module_exists('ldap_authorization')) {
|
537
|
module_enable(['ldap_user'], TRUE);
|
538
|
$change_log[] = t('LDAP User Module Enabled');
|
539
|
}
|
540
|
|
541
|
/**
|
542
|
* ldap_servers and ldap_authorization tables in 7.x-1.x to 7.x-2.x update
|
543
|
*
|
544
|
* LDAP_SERVERS fields that don't change:
|
545
|
* sid, numeric_sid, name, status, ldap_type, address, port, tls, bind_method,
|
546
|
* binding_service_acct, binddn, bindpw, basedn, user_attr, account_name_attr,
|
547
|
* mail_attr, mail_template, unique_persistent_attr, user_dn_expression,
|
548
|
* testing_drupal_username, group_object_category
|
549
|
* search_pagination, search_page_size, ldap_to_drupal_user,
|
550
|
*
|
551
|
* LDAP_SERVERS fields not populated in update:
|
552
|
* unique_persistent_attr_binary
|
553
|
* testingDrupalUserDn
|
554
|
* groupTestGroupDn - new no value in it and not important
|
555
|
* groupTestGroupDnWriteable - new no value in it and not important
|
556
|
*
|
557
|
* LDAP_SERVERS fields set/adjusted in update:
|
558
|
* groupNested
|
559
|
* groupFunctionalityUnused = 1 if ldap authorization tables exist
|
560
|
* groupDeriveFromDn from option IIA of ldap authorization
|
561
|
* groupDeriveFromDnAttr from option IIA of ldap authorization
|
562
|
* groupUserMembershipsAttrExists = 1 if option IIB used in ldap authorization
|
563
|
* groupUserMembershipsAttr get from ldap authorization IIB
|
564
|
* groupMembershipsAttr from option IIC in ldap authorization derive from entry
|
565
|
* groupMembershipsAttrMatchingUserAttr from option IIC
|
566
|
*
|
567
|
*
|
568
|
* LDAP_AUTHORIZATION fields that don't change:
|
569
|
* numeric_consumer_conf_id, sid, consumer_type, consumer_module
|
570
|
* status, only_ldap_authenticated, mappings, use_filter,
|
571
|
* synchronization_modes, synchronization_actions, synch_to_ldap,
|
572
|
* synch_on_logon, revoke_ldap_provisioned, create_consumers,
|
573
|
* regrant_ldap_provisioned
|
574
|
*
|
575
|
* LDAP_AUTHORIZATION fields populated in update:
|
576
|
* useFirstAttrAsGroupId = derive_from_attr_use_first_attr || derive_from_entry_use_first_attr
|
577
|
*
|
578
|
* LDAP_AUTHORIZATION fields to remove in update
|
579
|
* derive_from_dn, derive_from_dn_attr, derive_from_entry, derive_from_attr
|
580
|
* derive_from_attr_attr, derive_from_entry, derive_from_entry_attr,
|
581
|
* derive_from_entry_entries_attr, derive_from_entry_nested,
|
582
|
* derive_from_attr_use_first_attr, derive_from_entry_search_all
|
583
|
* derive_from_entry_use_first_attr
|
584
|
*
|
585
|
*/
|
586
|
|
587
|
// 2. add any missing fields from schema.
|
588
|
ldap_servers_install_update_schema(ldap_servers_schema(), $change_log);
|
589
|
if (module_exists('ldap_authorization')) {
|
590
|
ldap_servers_install_update_schema(ldap_authorization_schema(), $change_log);
|
591
|
}
|
592
|
if (module_exists('ldap_query')) {
|
593
|
ldap_servers_install_update_schema(ldap_query_schema(), $change_log);
|
594
|
}
|
595
|
|
596
|
// 3. move configuration data that has changed location within ldap modules.
|
597
|
$field_changes = [];
|
598
|
$ldap_server_records = [];
|
599
|
$select = db_select('ldap_servers')
|
600
|
->fields('ldap_servers')
|
601
|
->execute();
|
602
|
foreach ($select as $record) {
|
603
|
$ldap_server_records[$record->sid] = $record;
|
604
|
}
|
605
|
|
606
|
if (db_table_exists('ldap_authorization')) {
|
607
|
$ldap_authorization_record = NULL;
|
608
|
$select = db_select('ldap_authorization', 'authz')
|
609
|
->fields('authz')
|
610
|
->execute();
|
611
|
// Pick best ldap authorization conf to use to configure ldap server.
|
612
|
$max_weight = -1;
|
613
|
foreach ($select as $record) {
|
614
|
$weight = (int) ($record->status) + (int) ($record->consumer_type == 'drupal_role');
|
615
|
if ($weight > $max_weight) {
|
616
|
$max_weight = $weight;
|
617
|
$ldap_authorization_record = $record;
|
618
|
}
|
619
|
}
|
620
|
|
621
|
foreach ($ldap_server_records as $sid => $ldap_server_record) {
|
622
|
if ($ldap_authorization_record && $ldap_authorization_record->sid == $sid) {
|
623
|
$consumer_type = $ldap_authorization_record->consumer_type;
|
624
|
$field_changes['ldap_servers'][$sid]['groupFunctionalityUnused'] = 0;
|
625
|
if ($ldap_authorization_record->derive_from_dn) {
|
626
|
$field_changes['ldap_servers'][$sid]['groupDeriveFromDn'] = 1;
|
627
|
$field_changes['ldap_servers'][$sid]['groupDeriveFromDnAttr'] = $ldap_authorization_record->derive_from_dn_attr;
|
628
|
}
|
629
|
if ($ldap_authorization_record->derive_from_attr) {
|
630
|
$field_changes['ldap_servers'][$sid]['groupUserMembershipsAttrExists'] = 1;
|
631
|
$field_changes['ldap_servers'][$sid]['groupUserMembershipsAttr'] = $ldap_authorization_record->derive_from_attr_attr;
|
632
|
}
|
633
|
if ($ldap_authorization_record->derive_from_entry) {
|
634
|
// Eg members.
|
635
|
$field_changes['ldap_servers'][$sid]['groupMembershipsAttr'] = $ldap_authorization_record->derive_from_entry_attr;
|
636
|
// Eg dn.
|
637
|
$field_changes['ldap_servers'][$sid]['groupMembershipsAttrMatchingUserAttr'] = $ldap_authorization_record->derive_from_entry_entries_attr;
|
638
|
}
|
639
|
if ($ldap_authorization_record->derive_from_entry_nested) {
|
640
|
$field_changes['ldap_servers'][$sid]['groupNested'] = 1;
|
641
|
}
|
642
|
if ($ldap_authorization_record->derive_from_attr_use_first_attr || $ldap_authorization_record->derive_from_entry_use_first_attr) {
|
643
|
$field_changes['ldap_authorization'][$consumer_type]['useFirstAttrAsGroupId'] = 1;
|
644
|
}
|
645
|
}
|
646
|
else {
|
647
|
$field_changes['ldap_servers'][$sid]['groupFunctionalityUnused'] = 1;
|
648
|
}
|
649
|
}
|
650
|
}
|
651
|
|
652
|
foreach ($field_changes as $table_name => $record) {
|
653
|
foreach ($record as $id => $field_data) {
|
654
|
if ($table_name == 'ldap_servers' || $table_name == 'ldap_authorization') {
|
655
|
$id_field_name = 'sid';
|
656
|
}
|
657
|
else {
|
658
|
continue;
|
659
|
}
|
660
|
if (count($field_data)) {
|
661
|
$change_log[] = t("!table_name where !id_field_name = !id values updated", [
|
662
|
'!table_name' => $table_name,
|
663
|
'!id_field_name' => $id_field_name,
|
664
|
'!id' => $id,
|
665
|
]);
|
666
|
$num_updated = db_update($table_name)
|
667
|
->fields($field_data)
|
668
|
->condition($id_field_name, $id, '=')
|
669
|
->execute();
|
670
|
}
|
671
|
}
|
672
|
}
|
673
|
|
674
|
// 4. remove ldap_authorization fields that are unused.
|
675
|
$ldap_authorization_fields_to_remove = [
|
676
|
'derive_from_dn',
|
677
|
'derive_from_dn_attr',
|
678
|
'derive_from_attr',
|
679
|
'derive_from_entry',
|
680
|
'derive_from_attr_attr',
|
681
|
'derive_from_entry_attr',
|
682
|
'derive_from_entry_entries_attr',
|
683
|
'derive_from_entry_nested',
|
684
|
'derive_from_entry_search_all',
|
685
|
'derive_from_entry_use_first_attr',
|
686
|
'derive_from_attr_use_first_attr',
|
687
|
];
|
688
|
|
689
|
foreach ($ldap_authorization_fields_to_remove as $ldap_authorization_field) {
|
690
|
db_drop_field('ldap_authorization', $ldap_authorization_field);
|
691
|
}
|
692
|
$change_log[] = t("ldap_authorization table fields removed: !fields_removed", ['!fields_removed' => join(', ', $ldap_authorization_fields_to_remove)]);
|
693
|
|
694
|
// 5. ldap_authentication and ldap_user changes are in variables, not tables.
|
695
|
$ldap_authentication_conf_data = variable_get('ldap_authentication_conf', []);
|
696
|
if (!is_array($ldap_authentication_conf_data['sids'])) {
|
697
|
$ldap_authentication_conf_data['sids'] = [];
|
698
|
}
|
699
|
|
700
|
$ldap_user_conf_data = variable_get('ldap_user_conf', []);
|
701
|
|
702
|
$ldap_authentication_sids = array_keys($ldap_authentication_conf_data['sids']);
|
703
|
if (count($ldap_authentication_sids) == 1) {
|
704
|
$ldap_user_conf_data['drupalAcctProvisionServer'] = $ldap_authentication_sids[0];
|
705
|
}
|
706
|
|
707
|
// Conflict log vs resolve moved from ldap_authentication to ldap_user.
|
708
|
if (!empty($ldap_authentication_conf_data['authenticationMode'])) {
|
709
|
if ($ldap_authentication_conf_data['loginConflictResolve'] == LDAP_AUTHENTICATION_CONFLICT_LOG) {
|
710
|
$ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_LOG;
|
711
|
$change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_LOG;
|
712
|
}
|
713
|
elseif ($ldap_authentication_conf_data['loginConflictResolve'] == LDAP_AUTHENTICATION_CONFLICT_RESOLVE) {
|
714
|
$ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_RESOLVE;
|
715
|
$change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_RESOLVE;
|
716
|
}
|
717
|
unset($ldap_authentication_conf_data['loginConflictResolve']);
|
718
|
$change_log[] = t('ldap_authentication_conf -> loginConflictResolve value removed');
|
719
|
}
|
720
|
else {
|
721
|
$ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
|
722
|
$change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
|
723
|
}
|
724
|
|
725
|
if (isset($ldap_authentication_conf_data['acctCreation'])) {
|
726
|
$ldap_user_conf_data['acctCreation'] = $ldap_authentication_conf_data['acctCreation'];
|
727
|
$change_log[] = t('ldap_user_conf -> acctCreation set to value in ldap_authentication_conf -> acctCreation');
|
728
|
unset($ldap_authentication_conf_data['acctCreation']);
|
729
|
$change_log[] = t('ldap_authentication_conf -> acctCreation value removed');
|
730
|
}
|
731
|
else {
|
732
|
$ldap_user_conf_data['acctCreation'] = LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
|
733
|
$change_log[] = t('ldap_user_conf -> acctCreation set to default:') . ' ' . LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
|
734
|
}
|
735
|
|
736
|
$ldap_user_conf_data['manualAccountConflict'] = LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT;
|
737
|
$change_log[] = t('ldap_user_conf -> manualAccountConflict set to default:') . ' ' . LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT;
|
738
|
|
739
|
$change_log[] = t('LDAP User configuration populated.');
|
740
|
$change_log[] = t('LDAP Authentication configuration updated.');
|
741
|
variable_set('ldap_authentication_conf', $ldap_authentication_conf_data);
|
742
|
variable_set('ldap_user_conf', $ldap_user_conf_data);
|
743
|
|
744
|
$summary = '<h2>' . t('Please check through all the LDAP module configuration pages.
|
745
|
The update from 7.x-1.x to 7.x-2.x is not automatable! The configuration pages
|
746
|
must be read through and configured.') . '</h2>' .
|
747
|
theme('item_list', [
|
748
|
'items' => $change_log,
|
749
|
'type' => 'ul',
|
750
|
'title' => 'Changes in 7.x-1.x to 7.x-2.x update',
|
751
|
]
|
752
|
);
|
753
|
|
754
|
watchdog('ldap_servers', $summary, [], WATCHDOG_INFO);
|
755
|
return $summary;
|
756
|
|
757
|
}
|
758
|
|
759
|
/**
|
760
|
* Make ldap_servers.bind_method field small int instead of tiny int for ctools bug.
|
761
|
*/
|
762
|
function ldap_servers_update_7202() {
|
763
|
|
764
|
db_change_field('ldap_servers', 'bind_method', 'bind_method', [
|
765
|
'type' => 'int',
|
766
|
'size' => 'small',
|
767
|
'not null' => TRUE,
|
768
|
'default' => 0,
|
769
|
]);
|
770
|
|
771
|
}
|
772
|
|
773
|
/**
|
774
|
* Make all schema field names lowercase in ldap server to deal with cronic case sensitivity issues.
|
775
|
*/
|
776
|
function ldap_servers_update_7203() {
|
777
|
$schema = ldap_servers_schema();
|
778
|
$changes = [
|
779
|
'testingDrupalUserDn' => 'testing_drupal_user_dn',
|
780
|
'group_object_category' => 'grp_object_cat',
|
781
|
'groupFunctionalityUnused' => 'grp_unused',
|
782
|
'groupNested' => 'grp_nested',
|
783
|
'groupUserMembershipsAttrExists' => 'grp_user_memb_attr_exists',
|
784
|
'groupUserMembershipsAttr' => 'grp_user_memb_attr',
|
785
|
'groupMembershipsAttr' => 'grp_memb_attr',
|
786
|
'groupMembershipsAttrMatchingUserAttr' => 'grp_memb_attr_match_user_attr',
|
787
|
'groupDeriveFromDn' => 'grp_derive_from_dn',
|
788
|
'groupDeriveFromDnAttr' => 'grp_derive_from_dn_attr',
|
789
|
'groupTestGroupDn' => 'grp_test_grp_dn',
|
790
|
'groupTestGroupDnWriteable' => 'grp_test_grp_dn_writeable',
|
791
|
];
|
792
|
foreach ($changes as $old_field_name => $new_field_name) {
|
793
|
$field_schema = $schema['ldap_servers']['fields'][$new_field_name];
|
794
|
if (ldap_servers_db_field_exists('ldap_servers', $old_field_name)) {
|
795
|
if (ldap_servers_db_field_exists('ldap_servers', $new_field_name)) {
|
796
|
db_drop_field('ldap_servers', $old_field_name);
|
797
|
}
|
798
|
else {
|
799
|
db_change_field('ldap_servers', $old_field_name, $new_field_name, $field_schema);
|
800
|
}
|
801
|
}
|
802
|
}
|
803
|
|
804
|
}
|
805
|
|
806
|
/**
|
807
|
* Add picture_attr field in schema.
|
808
|
*/
|
809
|
function ldap_servers_update_7204() {
|
810
|
if (!ldap_servers_db_field_exists('ldap_servers', 'picture_attr')) {
|
811
|
db_add_field(
|
812
|
'ldap_servers',
|
813
|
'picture_attr',
|
814
|
[
|
815
|
'type' => 'varchar',
|
816
|
'length' => 255,
|
817
|
'not null' => FALSE,
|
818
|
]
|
819
|
);
|
820
|
}
|
821
|
}
|
822
|
|
823
|
/**
|
824
|
* Fix any double serialized ldap server basedns.
|
825
|
*/
|
826
|
function ldap_servers_update_7205() {
|
827
|
|
828
|
module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
829
|
$ldap_servers = ldap_servers_get_servers();
|
830
|
foreach ($ldap_servers as $sid => $ldap_server) {
|
831
|
if ($ldap_server->basedn && is_scalar($ldap_server->basedn)) {
|
832
|
// These are still serialized after being loaded from db/ctools so were double serialized.
|
833
|
$ldap_server->basedn = unserialize($ldap_server->basedn);
|
834
|
$ldap_server->save();
|
835
|
}
|
836
|
}
|
837
|
|
838
|
}
|
839
|
|
840
|
/**
|
841
|
* Add LDAP Referrals fields in schema.
|
842
|
*/
|
843
|
function ldap_servers_update_7206() {
|
844
|
if (!ldap_servers_db_field_exists('ldap_servers', 'followrefs')) {
|
845
|
db_add_field(
|
846
|
'ldap_servers',
|
847
|
'followrefs',
|
848
|
[
|
849
|
'type' => 'int',
|
850
|
'size' => 'tiny',
|
851
|
'not null' => FALSE,
|
852
|
'default' => 0,
|
853
|
]
|
854
|
);
|
855
|
}
|
856
|
}
|
857
|
|
858
|
/**
|
859
|
* Fixes a typo in an LDAP variable name.
|
860
|
*/
|
861
|
function ldap_servers_update_7207() {
|
862
|
if (!is_null($old_var = variable_get('ldap_servers_require_ssl_for_credentails'))) {
|
863
|
variable_set('ldap_servers_require_ssl_for_credentials', $old_var);
|
864
|
variable_del('ldap_servers_require_ssl_for_credentails');
|
865
|
}
|
866
|
}
|
867
|
|
868
|
/**
|
869
|
* Removes HTTPS checking.
|
870
|
*/
|
871
|
function ldap_servers_update_7208() {
|
872
|
variable_del('ldap_servers_require_ssl_for_credentials');
|
873
|
return t('HTTPS validation was removed, if you need mixed mode consider another module such as securelogin for this. Mixed mode is strongly discouraged.');
|
874
|
|
875
|
}
|
876
|
|
877
|
/**
|
878
|
*
|
879
|
*/
|
880
|
function ldap_servers_install_update_schema($schema, &$change_log) {
|
881
|
foreach ($schema as $table_name => $table_schema) {
|
882
|
foreach ($table_schema['fields'] as $field_name => $field_schema) {
|
883
|
if (!ldap_servers_db_field_exists($table_name, $field_name)) {
|
884
|
db_add_field($table_name, $field_name, $field_schema);
|
885
|
$change_log[] = t("!field_name field added to !table_name table", ['!field_name' => $field_name, '!table_name' => $table_name]);
|
886
|
}
|
887
|
}
|
888
|
}
|
889
|
}
|
890
|
|
891
|
/**
|
892
|
* Change mcrypt to openssl.
|
893
|
*/
|
894
|
function ldap_servers_update_7209() {
|
895
|
if (variable_get('ldap_servers_encryption') != LDAP_SERVERS_ENC_TYPE_CLEARTEXT) {
|
896
|
variable_set('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_OPENSSL);
|
897
|
if (!extension_loaded('openssl')) {
|
898
|
watchdog('ldap', 'Warning: OpenSSL missing, no alternative for encryption.');
|
899
|
}
|
900
|
return t('Encryption backend has changed, please re-enter your service account credentials.');
|
901
|
}
|
902
|
}
|