Révision b42754b9
Ajouté par Assos Assos il y a plus de 6 ans
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc | ||
---|---|---|
49 | 49 |
|
50 | 50 |
$form['links']['#markup'] = theme('ldap_authentication_user_login_block_links', $vars); |
51 | 51 |
} |
52 |
ldap_servers_disable_http_check($form); |
|
53 | 52 |
|
54 | 53 |
// Add help information for entering in username/password |
55 | 54 |
$auth_conf = ldap_authentication_get_valid_conf(); |
... | ... | |
391 | 390 |
if (!$drupal_account_exists) { |
392 | 391 |
|
393 | 392 |
// VI.C.1 Do not provision Drupal account if another account has same email. |
394 |
if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
|
|
393 |
if (($auth_conf->ldapUser->acctCreation == LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED) && ($account_with_same_email = user_load_by_mail($ldap_user['mail']))) {
|
|
395 | 394 |
$error = TRUE; |
396 | 395 |
/** |
397 | 396 |
* username does not exist but email does. Since user_external_login_register does not deal with |
drupal7/sites/all/modules/ldap/ldap_authentication/ldap_authentication.info | ||
---|---|---|
14 | 14 |
files[] = ldap_authentication.admin.inc |
15 | 15 |
files[] = tests/ldap_authentication.test |
16 | 16 |
|
17 |
; Information added by Drupal.org packaging script on 2017-05-30 |
|
18 |
version = "7.x-2.2" |
|
17 |
test_dependencies[] = ldap_sso:ldap_sso |
|
18 |
|
|
19 |
; Information added by Drupal.org packaging script on 2017-08-27 |
|
20 |
version = "7.x-2.3" |
|
19 | 21 |
core = "7.x" |
20 | 22 |
project = "ldap" |
21 |
datestamp = "1496167150"
|
|
23 |
datestamp = "1503841448"
|
|
22 | 24 |
|
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization.info | ||
---|---|---|
17 | 17 |
files[] = tests/Og2Tests.test |
18 | 18 |
configure = admin/config/people/ldap/authorization |
19 | 19 |
|
20 |
; Information added by Drupal.org packaging script on 2017-05-30 |
|
21 |
version = "7.x-2.2" |
|
20 |
test_dependencies[] = ldap_sso:ldap_sso |
|
21 |
|
|
22 |
; Information added by Drupal.org packaging script on 2017-08-27 |
|
23 |
version = "7.x-2.3" |
|
22 | 24 |
core = "7.x" |
23 | 25 |
project = "ldap" |
24 |
datestamp = "1496167150"
|
|
26 |
datestamp = "1503841448"
|
|
25 | 27 |
|
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.info | ||
---|---|---|
9 | 9 |
files[] = ldap_authorization_drupal_role.module |
10 | 10 |
files[] = ldap_authorization_drupal_role.inc |
11 | 11 |
|
12 |
; Information added by Drupal.org packaging script on 2017-05-30
|
|
13 |
version = "7.x-2.2"
|
|
12 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
13 |
version = "7.x-2.3"
|
|
14 | 14 |
core = "7.x" |
15 | 15 |
project = "ldap" |
16 |
datestamp = "1496167150"
|
|
16 |
datestamp = "1503841448"
|
|
17 | 17 |
|
drupal7/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.info | ||
---|---|---|
13 | 13 |
|
14 | 14 |
core = "7.x" |
15 | 15 |
|
16 |
; Information added by Drupal.org packaging script on 2017-05-30
|
|
17 |
version = "7.x-2.2"
|
|
16 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
17 |
version = "7.x-2.3"
|
|
18 | 18 |
core = "7.x" |
19 | 19 |
project = "ldap" |
20 |
datestamp = "1496167150"
|
|
20 |
datestamp = "1503841448"
|
|
21 | 21 |
|
drupal7/sites/all/modules/ldap/ldap_feeds/ldap_feeds.info | ||
---|---|---|
12 | 12 |
core = 7.x |
13 | 13 |
php = 5.2 |
14 | 14 |
|
15 |
; Information added by Drupal.org packaging script on 2017-05-30
|
|
16 |
version = "7.x-2.2"
|
|
15 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
16 |
version = "7.x-2.3"
|
|
17 | 17 |
core = "7.x" |
18 | 18 |
project = "ldap" |
19 |
datestamp = "1496167150"
|
|
19 |
datestamp = "1503841448"
|
|
20 | 20 |
|
drupal7/sites/all/modules/ldap/ldap_help/ldap_help.info | ||
---|---|---|
5 | 5 |
|
6 | 6 |
dependencies[] = ldap_servers |
7 | 7 |
dependencies[] = ldap_test |
8 |
; Information added by Drupal.org packaging script on 2017-05-30
|
|
9 |
version = "7.x-2.2"
|
|
8 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
9 |
version = "7.x-2.3"
|
|
10 | 10 |
core = "7.x" |
11 | 11 |
project = "ldap" |
12 |
datestamp = "1496167150"
|
|
12 |
datestamp = "1503841448"
|
|
13 | 13 |
|
drupal7/sites/all/modules/ldap/ldap_query/ldap_query.info | ||
---|---|---|
17 | 17 |
|
18 | 18 |
configure = admin/config/people/ldap/query |
19 | 19 |
|
20 |
; Information added by Drupal.org packaging script on 2017-05-30
|
|
21 |
version = "7.x-2.2"
|
|
20 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
21 |
version = "7.x-2.3"
|
|
22 | 22 |
core = "7.x" |
23 | 23 |
project = "ldap" |
24 |
datestamp = "1496167150"
|
|
24 |
datestamp = "1503841448"
|
|
25 | 25 |
|
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.info | ||
---|---|---|
17 | 17 |
files[] = tests/ldap_servers.test |
18 | 18 |
configure = admin/config/people/ldap/servers |
19 | 19 |
|
20 |
; Information added by Drupal.org packaging script on 2017-05-30
|
|
21 |
version = "7.x-2.2"
|
|
20 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
21 |
version = "7.x-2.3"
|
|
22 | 22 |
core = "7.x" |
23 | 23 |
project = "ldap" |
24 |
datestamp = "1496167150"
|
|
24 |
datestamp = "1503841448"
|
|
25 | 25 |
|
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.install | ||
---|---|---|
878 | 878 |
} |
879 | 879 |
} |
880 | 880 |
|
881 |
/** |
|
882 |
* Removes HTTPS checking. |
|
883 |
*/ |
|
884 |
function ldap_servers_update_7208() { |
|
885 |
variable_del('ldap_servers_require_ssl_for_credentials'); |
|
886 |
return t('HTTPS validation was removed, if you need mixed mode consider another module such as securelogin for this. Mixed mode is strongly discouraged.'); |
|
887 |
|
|
888 |
} |
|
889 |
|
|
881 | 890 |
function ldap_servers_install_update_schema($schema, &$change_log) { |
882 | 891 |
foreach ($schema as $table_name => $table_schema) { |
883 | 892 |
foreach ($table_schema['fields'] as $field_name => $field_schema) { |
... | ... | |
887 | 896 |
} |
888 | 897 |
} |
889 | 898 |
} |
890 |
} |
|
899 |
} |
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.module | ||
---|---|---|
256 | 256 |
'variables' => array('ldap_server' => NULL, 'actions' => FALSE, 'type' => 'detail'), |
257 | 257 |
'render element' => 'element', |
258 | 258 |
'file' => 'ldap_servers.theme.inc' |
259 |
), |
|
260 |
'ldap_servers_https_required' => array( |
|
261 |
'variables' => array('site_name' => NULL, 'site_mail' => FALSE, 'site_contact_link' => FALSE), |
|
262 |
'render element' => 'element', |
|
263 |
'file' => 'ldap_servers.theme.inc' |
|
264 | 259 |
), |
265 | 260 |
'ldap_server_token_table' => array( |
266 | 261 |
'variables' => array('tokens' => array()), |
... | ... | |
802 | 797 |
return $value; |
803 | 798 |
} |
804 | 799 |
|
805 |
|
|
806 |
/** |
|
807 |
* disable a logon form if ldap preferences exclude http logon forms |
|
808 |
* |
|
809 |
* @param drupal logon form array $form |
|
810 |
*/ |
|
811 |
function ldap_servers_disable_http_check(&$form) { |
|
812 |
|
|
813 |
if (variable_get('ldap_servers_require_ssl_for_credentials', 0) == 1 && !drupal_is_https()) { |
|
814 |
|
|
815 |
$tokens = array( |
|
816 |
'site_name' => variable_get('site_name', 'this site'), |
|
817 |
'site_mail' => variable_get('site_mail', ''), |
|
818 |
); |
|
819 |
|
|
820 |
drupal_set_message(t(theme('ldap_servers_https_required', $tokens)), 'error'); |
|
821 |
$form['#disabled'] = TRUE; |
|
822 |
} |
|
823 |
} |
|
824 |
|
|
825 | 800 |
function ldap_servers_ldap_extension_summary($op = 'data') { |
826 | 801 |
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.status'); |
827 | 802 |
return _ldap_servers_ldap_extension_summary($op); |
... | ... | |
864 | 839 |
case 'admin/help#ldap_servers': |
865 | 840 |
$servers_help .= '<h3>' . t('Configuration - Settings') . '</h3>'; |
866 | 841 |
$servers_help .= '<dl>'; |
867 |
$servers_help .= '<dt>' . t('REQUIRE HTTPS ON CREDENTIAL PAGES') . '</dt>'; |
|
868 |
$servers_help .= '<dd>' . t('If checked, modules using LDAP will not allow credentials to be entered on or submitted to HTTP pages, only HTTPS. This option should be used with an approach to get all logon forms to be HTTPS.') . '</dd>'; |
|
869 | 842 |
$servers_help .= '<dt>' . t('ENCRYPTION') . '</dt>'; |
870 | 843 |
$servers_help .= '<dd>' . t('With encryption enabled, passwords will be stored in encrypted form. This is two way encryption because the actual password needs to used to bind to LDAP. So it offers minimal defense if someone gets in the filespace. It mainly helps avoid the accidental discovery of a clear text password.') . '</dd>'; |
871 | 844 |
$servers_help .= '<dt>' . t('LOG DETAILED LDAP ACTIONS') . '</dt>'; |
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.settings.inc | ||
---|---|---|
13 | 13 |
drupal_set_message(t('PHP LDAP Extension is not loaded.'), "warning"); |
14 | 14 |
} |
15 | 15 |
|
16 |
$https_approaches = array(); |
|
17 |
$https_approaches[] = t('Use secure pages or secure login module to redirect to SSL (https)'); |
|
18 |
$https_approaches[] = t('Run entire site with SSL (https)'); |
|
19 |
$https_approaches[] = t('Remove logon block and redirect all /user page to https via webserver redirect'); |
|
20 |
|
|
21 | 16 |
$form['#title'] = "Configure LDAP Preferences"; |
22 |
$form['ssl'] = array('#type' => 'fieldset', '#title' => t('Require HTTPS on Credential Pages')); |
|
23 |
$form['ssl']['ldap_servers_require_ssl_for_credentials'] = array( |
|
24 |
'#type' => 'checkbox', |
|
25 |
'#title' => t('If checked, modules using LDAP will not allow credentials to |
|
26 |
be entered on or submitted to HTTP pages, only HTTPS. This option should be used with an |
|
27 |
approach to get all logon forms to be https, such as:') . |
|
28 |
theme('item_list', array('items' => $https_approaches)), |
|
29 |
'#default_value' => variable_get('ldap_servers_require_ssl_for_credentials', 0), |
|
30 |
); |
|
17 |
|
|
31 | 18 |
|
32 | 19 |
$options = ldap_servers_encrypt_types('encrypt'); |
33 | 20 |
|
drupal7/sites/all/modules/ldap/ldap_servers/ldap_servers.theme.inc | ||
---|---|---|
93 | 93 |
return $output; |
94 | 94 |
} |
95 | 95 |
|
96 |
function theme_ldap_servers_https_required($vars) { |
|
97 |
|
|
98 |
if (!isset($vars['site_contact_link']) || empty($vars['site_contact_link'])) { |
|
99 |
$vars['site_contact_link'] = 'site admin'; |
|
100 |
} |
|
101 |
return t("You are accessing site_name using an unencrypted connection. For your security, |
|
102 |
site_name only supports account logins using a secure protocol such as HTTPS. You can switch |
|
103 |
to HTTPS by trying to view this page again after changing the URL in your browser's |
|
104 |
location bar to begin with \"https\" instead of \"http\". Please contact |
|
105 |
site_contact_link for help if this error continues.", $vars); |
|
106 |
|
|
107 |
} |
|
108 |
|
|
109 | 96 |
function theme_ldap_server_token_table($variables) { |
110 | 97 |
$header = array( |
111 | 98 |
array('data' => 'Token', 'sort' => 'asc'), |
drupal7/sites/all/modules/ldap/ldap_sso/MSTMG.notes.txt | ||
---|---|---|
1 |
|
|
2 |
|
|
3 |
Microsoft Forefront Threat Management Gateway |
|
4 |
http://technet.microsoft.com/en-us/library/cc441438.aspx |
|
5 |
|
|
6 |
Overview of authentication in Forefront TMG |
|
7 |
http://technet.microsoft.com/en-us/library/cc441695.aspx |
|
8 |
|
|
9 |
|
|
10 |
About authentication in Web publishing |
|
11 |
http://technet.microsoft.com/en-us/library/cc441671.aspx |
|
12 |
-- third component of TMG authentication for web publishing is: "Delegation of authentication ot web servers behind FTMG". This is where LDAP modules need to be integrated. This aspect is configured in the "publishing rule" such that a single listener can have multiple types of delegation. |
|
13 |
|
|
14 |
1) The Web server must be configured to use the authentication scheme that matches the delegation method used by Forefront TMG. Delegation of client credentials is configured on the publishing rule. In the Publishing Rule wizard, configure this on the Authentication Delegation page. In the publishing rule properties, the authentication settings are on the Authentication Delegation tab. |
|
15 |
|
|
16 |
2) Delegation options are (sorted in order of what I think are desireable) |
|
17 |
- NTLM/Kerberos (Negotiate). Tries for Kerberos ticket and goes for credentials via NTLM. |
|
18 |
- NTLM. "In NTLM delegation, Forefront TMG delegates the credentials by using the NTLM challenge/response authentication protocol. If authentication fails, Forefront TMG replaces the delegation with the authentication type used by the Web listener. If the server requires a different type of credentials, Forefront TMG triggers an alert." |
|
19 |
- No delegation, and client cannot authenticate directly. Not useful. Just for avoiding false passing of credentials when not needed. |
|
20 |
- No delegation, but client may authenticate directly. User credentials passed to drupal. Not desireable. |
|
21 |
- Basic. cleartext passing of credentials to drupal. Not desireable. |
|
22 |
- SecurID |
|
23 |
- Kerberos constrained delegation |
drupal7/sites/all/modules/ldap/ldap_sso/README.txt | ||
---|---|---|
1 |
|
|
2 |
======================================= |
|
3 |
LDAP Single Sign-On |
|
4 |
======================================= |
|
5 |
|
|
6 |
|
|
7 |
To use the single sign-on feature, your web server must provide an authentication |
|
8 |
mechanism for LDAP. The only authentication mechanism used in development |
|
9 |
was mod_auth_sspi for Apache/Windows, but so long as the web server's LDAP |
|
10 |
authentication mechanism is configured to provide the $_SERVER variable |
|
11 |
$_SERVER['REMOTE_USER'] or $_SERVER['REDIRECT_REMOTE_USER'] corresponding |
|
12 |
directly to a user's LDAP user name, this should work all the same. This |
|
13 |
will require some sort of LDAP authentication mechanism; mod_auth_sspi is |
|
14 |
available here: http://mod-auth-sspi.sourceforge.net/, while mod_ntlm is |
|
15 |
available here: http://modntlm.sourceforge.net/, and mod_auth_ntlm_winbind is |
|
16 |
available here: http://samba.org/ftp/unpacked/lorikeet/mod_auth_ntlm_winbind/. |
|
17 |
If a Linux distribution is being used, Apache authentication modules are likely |
|
18 |
available within the distro's package manager. |
|
19 |
|
|
20 |
Unless an administrator wishes to require that all visitors be authenticated, |
|
21 |
NTLM and/or basic authentication should be set up only on the path |
|
22 |
user/login/sso, which will authentify the visitor but not deny access to view |
|
23 |
the site if the visitor is not authenticated. An administrator may wish to |
|
24 |
require LDAP authentication to view any portion of the site; this can be |
|
25 |
achieved by changing the location directive below to "/". An administrator may |
|
26 |
also wish to automatically log in visitors to Drupal; this can be achieved by |
|
27 |
checking "Turn on automated single sign-on" in the modules' configuration page. |
|
28 |
|
|
29 |
An example of an Apache configuration for a named virtualhost configuration |
|
30 |
using mod_auth_sspi on Windows is as follows: |
|
31 |
|
|
32 |
|
|
33 |
httpd.conf: |
|
34 |
_______________________________________________________________________________ |
|
35 |
_______________________________________________________________________________ |
|
36 |
|
|
37 |
|
|
38 |
|
|
39 |
|
|
40 |
# Virtual hosts |
|
41 |
Include conf/extra/httpd-vhosts.conf |
|
42 |
|
|
43 |
# Pass NTLM authentication to Apache |
|
44 |
LoadModule sspi_auth_module modules/mod_auth_sspi.so |
|
45 |
|
|
46 |
<IfModule !mod_auth_sspi.c> |
|
47 |
LoadModule sspi_auth_module modules/mod_auth_sspi.so |
|
48 |
</IfModule> |
|
49 |
|
|
50 |
|
|
51 |
|
|
52 |
_______________________________________________________________________________ |
|
53 |
_______________________________________________________________________________ |
|
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
httpd-vhosts.conf: |
|
59 |
_______________________________________________________________________________ |
|
60 |
_______________________________________________________________________________ |
|
61 |
|
|
62 |
|
|
63 |
|
|
64 |
|
|
65 |
NameVirtualHost example.com |
|
66 |
|
|
67 |
<VirtualHost example.com> |
|
68 |
DocumentRoot "D:/www/example.com/htdocs" |
|
69 |
ServerName example.com |
|
70 |
|
|
71 |
<directory "D:/www/example.com/htdocs"> |
|
72 |
Options Indexes FollowSymLinks MultiViews |
|
73 |
AllowOverride All |
|
74 |
Order Allow,Deny |
|
75 |
Allow from all |
|
76 |
</directory> |
|
77 |
|
|
78 |
<Location /user/login/sso> |
|
79 |
AuthType SSPI |
|
80 |
AuthName "Example.com - Login using your LDAP user name and password" |
|
81 |
SSPIAuth On |
|
82 |
SSPIAuthoritative On |
|
83 |
### The domain used to authenticate with LDAP; this should match the domain |
|
84 |
### configured in the LDAP integration configuration within Drupal |
|
85 |
SSPIDomain ad.example.com |
|
86 |
SSPIOmitDomain On |
|
87 |
SSPIOfferBasic On |
|
88 |
Require valid-user |
|
89 |
#SSPIBasicPreferred On |
|
90 |
#SSPIofferSSPI off |
|
91 |
</Location> |
|
92 |
</VirtualHost> |
|
93 |
|
|
94 |
_______________________________________________________________________________ |
|
95 |
_______________________________________________________________________________ |
|
96 |
|
|
97 |
|
|
98 |
After enabling and configuring an LDAP authentication module within Apache, |
|
99 |
visit user/login/sso in the Drupal installation on example.com. With or without |
|
100 |
the ldap sso feature enabled, the browser should prompt for a user name and |
|
101 |
password if using Internet Explorer 8 or a non-Microsoft browser. Internet |
|
102 |
Explorer 7 by default will pass NTLM authentication credentials to local |
|
103 |
websites, and IE8 and Firefox can be configured to do this as well. |
|
104 |
|
|
105 |
If prompted for credentials on that path, enter a valid LDAP user name, |
|
106 |
omitting the domain if "SSPIOmitDomain On" is configured, as well as a password. |
|
107 |
If the credentials are correct, or if NTLM credentials are passed automatically |
|
108 |
by the browser and successfully authenticated, a Drupal 404 "Page not found" |
|
109 |
message will be displayed if the module is not enabled; an "access is denied" |
|
110 |
message will be displayed if the module is enabled and the browser is already |
|
111 |
logged in; and if the ldap_sso module is fully configured and there is no |
|
112 |
existing session, the browser will display the message "You have been |
|
113 |
successfully authenticated" after redirecting to the sites' home page if you |
|
114 |
have checked "Notify user of successful authentication". |
drupal7/sites/all/modules/ldap/ldap_sso/ldap_sso.info | ||
---|---|---|
1 |
name = LDAP SSO |
|
2 |
description = Implements Single Sign On (SSO) LDAP Authentication |
|
3 |
package = Lightweight Directory Access Protocol |
|
4 |
dependencies[] = ldap_servers |
|
5 |
dependencies[] = ldap_authentication |
|
6 |
core = 7.x |
|
7 |
configure = admin/config/people/ldap/authentication |
|
8 |
|
|
9 |
; Information added by Drupal.org packaging script on 2017-05-30 |
|
10 |
version = "7.x-2.2" |
|
11 |
core = "7.x" |
|
12 |
project = "ldap" |
|
13 |
datestamp = "1496167150" |
|
14 |
|
drupal7/sites/all/modules/ldap/ldap_sso/ldap_sso.module | ||
---|---|---|
1 |
<?php |
|
2 |
|
|
3 |
/** |
|
4 |
* @file |
|
5 |
* This module injects itself into Drupal's Authentication stack. |
|
6 |
*/ |
|
7 |
|
|
8 |
/** |
|
9 |
* Implements hook_menu(). |
|
10 |
*/ |
|
11 |
function ldap_sso_menu() { |
|
12 |
$items = array(); |
|
13 |
|
|
14 |
$items['user/login/sso'] = array( |
|
15 |
'title' => 'Log In', |
|
16 |
'page callback' => 'ldap_sso_user_login_sso', |
|
17 |
'access callback' => '_ldap_authentication_user_access', |
|
18 |
'type' => MENU_NORMAL_ITEM, |
|
19 |
); |
|
20 |
|
|
21 |
return $items; |
|
22 |
} |
|
23 |
|
|
24 |
|
|
25 |
/** |
|
26 |
* Implements hook_user_logout(). |
|
27 |
* |
|
28 |
* The user just logged out. |
|
29 |
*/ |
|
30 |
function ldap_sso_user_logout($account) { |
|
31 |
$auth_conf = ldap_authentication_get_valid_conf(); |
|
32 |
if ($auth_conf->seamlessLogin == 1) { |
|
33 |
$cookie_string = 'do not auto login'; |
|
34 |
$cookie_timeout = (int) $auth_conf->cookieExpire; |
|
35 |
setcookie('seamless_login', $cookie_string, (($cookie_timeout == -1) ? 0 : $cookie_timeout + time()), base_path(), ""); |
|
36 |
ldap_servers_set_globals('_SESSION', 'seamless_login', $cookie_string); |
|
37 |
} |
|
38 |
} |
|
39 |
|
|
40 |
/** |
|
41 |
* Implements hook_boot(). |
|
42 |
* |
|
43 |
* Perform setup tasks. This entry point is used because hook_user_load no |
|
44 |
* longer runs on anonymous users, and hook_boot is guaranteed to run, |
|
45 |
* regardless of cache. |
|
46 |
*/ |
|
47 |
function ldap_sso_boot() { |
|
48 |
|
|
49 |
if (!drupal_is_cli() && ($GLOBALS['user']->uid == 0)) { |
|
50 |
|
|
51 |
if (ldap_sso_path_excluded_from_sso()) { |
|
52 |
return; |
|
53 |
} |
|
54 |
module_load_include('module', 'ldap_servers'); |
|
55 |
|
|
56 |
if (!(isset($_COOKIE['seamless_login'])) || $_COOKIE['seamless_login'] == 'auto login') { |
|
57 |
if ((arg(0) == 'user' && !(is_numeric(arg(1)))) || arg(0) == 'logout') { |
|
58 |
return; |
|
59 |
} |
|
60 |
else { |
|
61 |
if (isset($_COOKIE['seamless_login_attempted'])) { |
|
62 |
$login_attempted = $_COOKIE['seamless_login_attempted']; |
|
63 |
} |
|
64 |
else { |
|
65 |
$login_attempted = FALSE; |
|
66 |
} |
|
67 |
|
|
68 |
require_once DRUPAL_ROOT . '/includes/common.inc'; |
|
69 |
require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc'); |
|
70 |
$ldap_authentication_conf = variable_get('ldap_authentication_conf', array()); |
|
71 |
|
|
72 |
if (isset($ldap_authentication_conf['seamlessLogin']) && $ldap_authentication_conf['seamlessLogin'] == 1 && ($login_attempted != 'true')) { |
|
73 |
if ($ldap_authentication_conf['cookieExpire'] == 0) { |
|
74 |
setcookie("seamless_login_attempted", 'true', 0, base_path(), ""); |
|
75 |
} |
|
76 |
else { |
|
77 |
setcookie('seamless_login_attempted', 'true', time() + (int) $ldap_authentication_conf['cookieExpire'], base_path(), ""); |
|
78 |
} |
|
79 |
ldap_servers_set_globals('_SESSION', 'seamless_login_attempted', $login_attempted); |
|
80 |
|
|
81 |
drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE); |
|
82 |
// Seems redundant, but need to check this again after additional |
|
83 |
// bootstrap. |
|
84 |
if (ldap_sso_path_excluded_from_sso()) { |
|
85 |
return; |
|
86 |
} |
|
87 |
// Add the query key to the drupal_goto() options array only if there |
|
88 |
// is a destination set. This prevents infinite redirect loops. |
|
89 |
$options = array(); |
|
90 |
$destination = drupal_get_destination(); |
|
91 |
if (!empty($destination['destination'])) { |
|
92 |
$options['query'] = $destination; |
|
93 |
} |
|
94 |
drupal_goto('user/login/sso', $options); |
|
95 |
} |
|
96 |
else { |
|
97 |
return; |
|
98 |
} |
|
99 |
} |
|
100 |
} |
|
101 |
} |
|
102 |
} |
|
103 |
|
|
104 |
/** |
|
105 |
* Default excluded paths. |
|
106 |
*/ |
|
107 |
function ldap_sso_default_excluded_paths() { |
|
108 |
return array( |
|
109 |
'admin/config/search/clean-urls/check', |
|
110 |
); |
|
111 |
} |
|
112 |
|
|
113 |
/** |
|
114 |
* Paths excluded from SSO. |
|
115 |
*/ |
|
116 |
function ldap_sso_path_excluded_from_sso($path = FALSE) { |
|
117 |
module_load_include('module', 'ldap_servers'); |
|
118 |
$result = FALSE; |
|
119 |
if ($path) { |
|
120 |
// Don't derive. |
|
121 |
} |
|
122 |
elseif (ldap_servers_get_globals('_SERVER', 'PHP_SELF') == '/index.php') { |
|
123 |
$path = $_GET['q']; |
|
124 |
} |
|
125 |
else { |
|
126 |
// Cron.php, etc. |
|
127 |
$path = ltrim(ldap_servers_get_globals('_SERVER', 'PHP_SELF'), '/'); |
|
128 |
} |
|
129 |
|
|
130 |
if (in_array($path, ldap_sso_default_excluded_paths())) { |
|
131 |
return TRUE; |
|
132 |
} |
|
133 |
|
|
134 |
$ldap_authentication_conf = variable_get('ldap_authentication_conf', array()); |
|
135 |
|
|
136 |
if (isset($ldap_authentication_conf['ssoExcludedHosts']) && is_array($ldap_authentication_conf['ssoExcludedHosts'])) { |
|
137 |
$host = ldap_servers_get_globals('_SERVER', 'SERVER_NAME'); |
|
138 |
foreach ($ldap_authentication_conf['ssoExcludedHosts'] as $host_to_check) { |
|
139 |
if ($host_to_check == $host) { |
|
140 |
return TRUE; |
|
141 |
} |
|
142 |
} |
|
143 |
} |
|
144 |
|
|
145 |
if (isset($ldap_authentication_conf['ssoExcludedPaths'])) { |
|
146 |
$patterns = implode("\r\n", $ldap_authentication_conf['ssoExcludedPaths']); |
|
147 |
if ($patterns) { |
|
148 |
if (function_exists('drupal_get_path_alias')) { |
|
149 |
$path = drupal_get_path_alias($path); |
|
150 |
} |
|
151 |
$path = (function_exists('drupal_strtolower')) ? drupal_strtolower($path) : strtolower($path); |
|
152 |
|
|
153 |
$to_replace = array( |
|
154 |
// Newlines. |
|
155 |
'/(\r\n?|\n)/', |
|
156 |
// Asterisks. |
|
157 |
'/\\\\\*/', |
|
158 |
// <front>. |
|
159 |
'/(^|\|)\\\\<front\\\\>($|\|)/', |
|
160 |
); |
|
161 |
$replacements = array( |
|
162 |
'|', |
|
163 |
'.*', |
|
164 |
'\1' . preg_quote(variable_get('site_frontpage', 'node'), '/') . '\2', |
|
165 |
); |
|
166 |
$patterns_quoted = preg_quote($patterns, '/'); |
|
167 |
$regex = '/^(' . preg_replace($to_replace, $replacements, $patterns_quoted) . ')$/'; |
|
168 |
$result = (bool) preg_match($regex, $path); |
|
169 |
} |
|
170 |
} |
|
171 |
|
|
172 |
return $result; |
|
173 |
|
|
174 |
} |
|
175 |
|
|
176 |
|
|
177 |
/** |
|
178 |
* A proxy function for the actual authentication routine. |
|
179 |
* |
|
180 |
* This is in place so various implementations of grabbing NTLM credentials can |
|
181 |
* be used and selected from an administration page. This is the real gatekeeper |
|
182 |
* since this assumes that any NTLM authentication from the underlying web |
|
183 |
* server is good enough, and only checks that there are values in place for the |
|
184 |
* user name, and anything else that is set for a particular implementation. In |
|
185 |
* the case that there are no credentials set by the underlying web server, the |
|
186 |
* user is redirected to the normal user login form. |
|
187 |
*/ |
|
188 |
function ldap_sso_user_login_sso() { |
|
189 |
|
|
190 |
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0); |
|
191 |
$auth_conf = ldap_authentication_get_valid_conf(); |
|
192 |
|
|
193 |
if ($detailed_watchdog_log) { |
|
194 |
$watchdog_tokens = array( |
|
195 |
'!implementation' => $auth_conf->ldapImplementation, |
|
196 |
'!enabled' => $auth_conf->ssoEnabled, |
|
197 |
'!server_remote_user' => @$_SERVER['REMOTE_USER'], |
|
198 |
'!server_redirect_remote_user' => @$_SERVER['REDIRECT_REMOTE_USER'], |
|
199 |
'!ssoRemoteUserStripDomainName' => $auth_conf->ssoRemoteUserStripDomainName, |
|
200 |
'!seamlessLogin' => $auth_conf->seamlessLogin, |
|
201 |
); |
|
202 |
|
|
203 |
watchdog( |
|
204 |
'ldap_sso', |
|
205 |
'ldap_sso_user_login_sso.step1: implementation: !implementation, enabled: !enabled, server_remote_user: !server_remote_user, server_redirect_remote_user: !server_redirect_remote_user, ssoRemoteUserStripDomainName: !ssoRemoteUserStripDomainName,seamlessLogin: !seamlessLogin', |
|
206 |
$watchdog_tokens, |
|
207 |
WATCHDOG_DEBUG |
|
208 |
); |
|
209 |
} |
|
210 |
|
|
211 |
// Step 1. Derive $remote_user, $realm, and $domain from $_SERVER variable. |
|
212 |
$remote_user = NULL; |
|
213 |
$realm = NULL; |
|
214 |
$domain = NULL; |
|
215 |
|
|
216 |
switch ($auth_conf->ldapImplementation) { |
|
217 |
case 'mod_auth_sspi': |
|
218 |
$remote_user = FALSE; |
|
219 |
if ($remote_user = ldap_servers_get_globals('_SERVER', 'REMOTE_USER')) { |
|
220 |
} |
|
221 |
else { |
|
222 |
$remote_user = ldap_servers_get_globals('_SERVER', 'REDIRECT_REMOTE_USER'); |
|
223 |
} |
|
224 |
break; |
|
225 |
|
|
226 |
case 'mod_auth_kerb': |
|
227 |
if ($remote_user = ldap_servers_get_globals('_SERVER', 'REMOTE_USER')) { |
|
228 |
} |
|
229 |
else { |
|
230 |
$remote_user = ldap_servers_get_globals('_SERVER', 'REDIRECT_REMOTE_USER'); |
|
231 |
} |
|
232 |
|
|
233 |
if ($remote_user && preg_match('/^([A-Za-z0-9_\-\.]+)@([A-Za-z0-9_\-.]+)$/', $remote_user, $matches)) { |
|
234 |
$remote_user = $matches[1]; |
|
235 |
// This can be used later if realms is ever supported properly. |
|
236 |
$realm = $matches[2]; |
|
237 |
} |
|
238 |
break; |
|
239 |
} |
|
240 |
|
|
241 |
if ($detailed_watchdog_log) { |
|
242 |
$watchdog_tokens['!remote_user'] = $remote_user; |
|
243 |
$watchdog_tokens['!realm'] = $realm; |
|
244 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.implementation: username=!remote_user, (realm=!realm) found', |
|
245 |
$watchdog_tokens, WATCHDOG_DEBUG); |
|
246 |
} |
|
247 |
|
|
248 |
if ($remote_user) { |
|
249 |
if ($auth_conf->ssoRemoteUserStripDomainName) { |
|
250 |
// Might be in form <remote_user>@<domain> or <domain>\<remote_user>. |
|
251 |
$domain = NULL; |
|
252 |
$exploded = preg_split('/[\@\\\\]/', $remote_user); |
|
253 |
if (count($exploded) == 2) { |
|
254 |
if (strpos($remote_user, '@') !== FALSE) { |
|
255 |
$remote_user = $exploded[0]; |
|
256 |
$domain = $exploded[1]; |
|
257 |
} |
|
258 |
else { |
|
259 |
$domain = $exploded[0]; |
|
260 |
$remote_user = $exploded[1]; |
|
261 |
} |
|
262 |
if ($detailed_watchdog_log) { |
|
263 |
$watchdog_tokens['!remote_user'] = $remote_user; |
|
264 |
$watchdog_tokens['!domain'] = $domain; |
|
265 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.stripdomain: remote_user=!remote_user, domain=!domain', $watchdog_tokens, WATCHDOG_DEBUG); |
|
266 |
} |
|
267 |
} |
|
268 |
} |
|
269 |
|
|
270 |
if ($detailed_watchdog_log) { |
|
271 |
$watchdog_tokens['!remote_user'] = $remote_user; |
|
272 |
$watchdog_tokens['!realm'] = $realm; |
|
273 |
$watchdog_tokens['!domain'] = $domain; |
|
274 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user: username=!remote_user, (realm=!realm, domain=!domain) found', $watchdog_tokens, WATCHDOG_DEBUG); |
|
275 |
} |
|
276 |
$fake_form_state = array( |
|
277 |
'values' => array( |
|
278 |
'name' => check_plain($remote_user), |
|
279 |
'pass' => user_password(20), |
|
280 |
), |
|
281 |
'sso_login' => TRUE, |
|
282 |
); |
|
283 |
|
|
284 |
// Make sure we're populating the global user object so that we can log this |
|
285 |
// user in. |
|
286 |
global $user; |
|
287 |
$user = ldap_authentication_user_login_authenticate_validate(array(), $fake_form_state, TRUE); |
|
288 |
|
|
289 |
|
|
290 |
if ($detailed_watchdog_log) { |
|
291 |
$watchdog_tokens['!uid'] = is_object($user) ? $user->uid : NULL; |
|
292 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user: uid of user=!uid', $watchdog_tokens, WATCHDOG_DEBUG); |
|
293 |
} |
|
294 |
|
|
295 |
if ($user && $user->uid > 0) { |
|
296 |
// Reload the account to ensure we have a fully populated user object. |
|
297 |
$user = user_load($user->uid); |
|
298 |
|
|
299 |
if ($auth_conf->seamlessLogin == 1) { |
|
300 |
if ($detailed_watchdog_log) { |
|
301 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_success.seamlessLogin', $watchdog_tokens, WATCHDOG_DEBUG); |
|
302 |
} |
|
303 |
setcookie("seamless_login", 'auto login', time() + $auth_conf->cookieExpire, base_path(), ""); |
|
304 |
ldap_servers_set_globals('_SESSION', 'seamless_login', 'auto login'); |
|
305 |
setcookie("seamless_login_attempted", '', time() - 3600, base_path(), ""); |
|
306 |
ldap_servers_delete_globals('_SESSION', 'seamless_login_attempted'); |
|
307 |
// Make sure we tell Drupal to create the session cookie for this |
|
308 |
// authenticated user. |
|
309 |
} |
|
310 |
user_login_finalize(); |
|
311 |
if ($auth_conf->ssoNotifyAuthentication) { |
|
312 |
drupal_set_message(theme('ldap_authentication_login_message', |
|
313 |
array('message' => t('You have been successfully authenticated')))); |
|
314 |
} |
|
315 |
if ($detailed_watchdog_log) { |
|
316 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_success.drupal_goto front', $watchdog_tokens, WATCHDOG_DEBUG); |
|
317 |
} |
|
318 |
drupal_goto('<front>'); |
|
319 |
} |
|
320 |
else { |
|
321 |
if ($auth_conf->seamlessLogin == 1) { |
|
322 |
if ($detailed_watchdog_log) { |
|
323 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_fail.seamlessLogin', $watchdog_tokens, WATCHDOG_DEBUG); |
|
324 |
} |
|
325 |
setcookie("seamless_login", 'do not auto login', time() + $auth_conf->cookieExpire, base_path(), ""); |
|
326 |
ldap_servers_set_globals('_SESSION', 'seamless_login', 'do not auto login'); |
|
327 |
} |
|
328 |
drupal_set_message(theme('ldap_authentication_message_not_found', array( |
|
329 |
'message' => t('Sorry, your LDAP credentials were not found, or the LDAP server is not available. You may log in with other credentials on the !user_login_form.', |
|
330 |
array('!user_login_form' => l(t('user login form'), 'user/login')))) |
|
331 |
), 'error'); |
|
332 |
if ($detailed_watchdog_log) { |
|
333 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.remote_user.user_fail.drupal_goto user/logint', $watchdog_tokens, WATCHDOG_DEBUG); |
|
334 |
} |
|
335 |
drupal_goto('user/login'); |
|
336 |
} |
|
337 |
} |
|
338 |
else { |
|
339 |
if ($detailed_watchdog_log) { |
|
340 |
watchdog('ldap_authentication', '$_SERVER[\'REMOTE_USER\'] not found', array(), WATCHDOG_DEBUG); |
|
341 |
} |
|
342 |
if ($auth_conf->seamlessLogin == 1) { |
|
343 |
setcookie("seamless_login", 'do not auto login', time() + $auth_conf->cookieExpire, base_path(), ""); |
|
344 |
ldap_servers_set_globals('_SESSION', 'seamless_login', 'do not auto login'); |
|
345 |
if ($detailed_watchdog_log) { |
|
346 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.no_remote_user.seamlessLogin', $watchdog_tokens, WATCHDOG_DEBUG); |
|
347 |
} |
|
348 |
} |
|
349 |
drupal_set_message(theme('ldap_authentication_message_not_authenticated', array( |
|
350 |
'message' => t('You were not authenticated by the server. You may log in with your credentials below.'), |
|
351 |
)), 'error'); |
|
352 |
if ($detailed_watchdog_log) { |
|
353 |
watchdog('ldap_authentication', 'ldap_sso_user_login_sso.no_remote_user.drupal_goto user/login', $watchdog_tokens, WATCHDOG_DEBUG); |
|
354 |
} |
|
355 |
drupal_goto('user/login'); |
|
356 |
} |
|
357 |
} |
|
358 |
|
|
359 |
|
|
360 |
/** |
|
361 |
* Used to mock $_SERVER, $_SESSION, etc globals for simpletests. |
|
362 |
* |
|
363 |
* @param string $global_type |
|
364 |
* _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST. |
|
365 |
* @param string $key |
|
366 |
* Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc. |
|
367 |
* @param bool $only_mock_values |
|
368 |
* Don't get actual values when mock values don't exist. |
|
369 |
* |
|
370 |
* @return mixed |
|
371 |
* ldap_simpletest_globals variable for global and key or $_SERVER[][], |
|
372 |
* $_ENV[][], etv value if not in a simpletest or mock variable not available. |
|
373 |
*/ |
|
374 |
function ldap_servers_get_globals($global_type, $key, $only_mock_values = FALSE) { |
|
375 |
$simpletest_globals = variable_get('ldap_simpletest_globals', array()); |
|
376 |
$simpletest = variable_get('ldap_simpletest', FALSE); |
|
377 |
|
|
378 |
if ($simpletest && (isset($simpletest_globals[$global_type][$key]) || $only_mock_values)) { |
|
379 |
return ($simpletest_globals[$global_type][$key]) ? $simpletest_globals[$global_type][$key] : NULL; |
|
380 |
} |
|
381 |
else { |
|
382 |
return (isset($GLOBALS[$global_type][$key]) && !$only_mock_values) ? $GLOBALS[$global_type][$key] : NULL; |
|
383 |
} |
|
384 |
|
|
385 |
} |
|
386 |
|
|
387 |
/** |
|
388 |
* Set globals. |
|
389 |
* |
|
390 |
* @param string $global_type |
|
391 |
* _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST. |
|
392 |
* @param string $key |
|
393 |
* Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc. |
|
394 |
* @param string $value |
|
395 |
* The value to be set. |
|
396 |
*/ |
|
397 |
function ldap_servers_set_globals($global_type, $key, $value) { |
|
398 |
$simpletest_globals = variable_get('ldap_simpletest_globals', array()); |
|
399 |
$simpletest = variable_get('ldap_simpletest', FALSE); |
|
400 |
if ($simpletest) { |
|
401 |
$simpletest_globals[$global_type][$key] = $value; |
|
402 |
variable_set('ldap_simpletest_globals', $simpletest_globals); |
|
403 |
} |
|
404 |
else { |
|
405 |
$GLOBALS[$global_type][$key] = $value; |
|
406 |
} |
|
407 |
|
|
408 |
} |
|
409 |
|
|
410 |
/** |
|
411 |
* Delete globals. |
|
412 |
* |
|
413 |
* @param string $global_type |
|
414 |
* _SERVER, _ENV, _COOKIE, _GET, _POST, _REQUEST. |
|
415 |
* @param string $key |
|
416 |
* Such as 'SERVER_ADDR', 'SERVER_PROTOCOL', etc. |
|
417 |
* @param bool $only_mock_values |
|
418 |
* Don't get actual values when mock values don't exist. |
|
419 |
*/ |
|
420 |
function ldap_servers_delete_globals($global_type, $key, $only_mock_values = FALSE) { |
|
421 |
$simpletest_globals = variable_get('ldap_simpletest_globals', array()); |
|
422 |
$simpletest = variable_get('ldap_simpletest', FALSE); |
|
423 |
if ($simpletest && isset($simpletest_globals[$global_type][$key])) { |
|
424 |
unset($simpletest_globals[$global_type][$key]); |
|
425 |
variable_set('ldap_simpletest_globals', $simpletest_globals); |
|
426 |
} |
|
427 |
elseif (!$only_mock_values && isset($GLOBALS[$global_type][$key])) { |
|
428 |
unset($GLOBALS[$global_type][$key]); |
|
429 |
} |
|
430 |
|
|
431 |
} |
drupal7/sites/all/modules/ldap/ldap_test/ldap_test.info | ||
---|---|---|
18 | 18 |
files[] = LdapTestFunctions.class.php |
19 | 19 |
files[] = LdapUserTestCase.class.php |
20 | 20 |
|
21 |
; Information added by Drupal.org packaging script on 2017-05-30
|
|
22 |
version = "7.x-2.2"
|
|
21 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
22 |
version = "7.x-2.3"
|
|
23 | 23 |
core = "7.x" |
24 | 24 |
project = "ldap" |
25 |
datestamp = "1496167150"
|
|
25 |
datestamp = "1503841448"
|
|
26 | 26 |
|
drupal7/sites/all/modules/ldap/ldap_user/LdapUserConf.class.php | ||
---|---|---|
69 | 69 |
*/ |
70 | 70 |
public $userConflictResolve = LDAP_USER_CONFLICT_RESOLVE_DEFAULT; |
71 | 71 |
|
72 |
/** |
|
73 |
* Whether to allow/disallow provisioning accounts that have the same email. |
|
74 |
* Depending on whether the "sharedemail" module is enabled, this variable |
|
75 |
* will (by default) be set accordingly. It can be overridden by an admin. |
|
76 |
* |
|
77 |
* @var int |
|
78 |
* LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED (0) |
|
79 |
* LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED (1) |
|
80 |
*/ |
|
81 |
public $accountsWithSameEmail = LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED; |
|
82 |
|
|
72 | 83 |
/** |
73 | 84 |
* drupal account creation model |
74 | 85 |
* |
... | ... | |
181 | 192 |
'orphanedDrupalAcctBehavior', |
182 | 193 |
'orphanedCheckQty', |
183 | 194 |
'userConflictResolve', |
195 |
'accountsWithSameEmail', |
|
184 | 196 |
'manualAccountConflict', |
185 | 197 |
'acctCreation', |
186 | 198 |
'ldapUserSynchMappings', |
... | ... | |
231 | 243 |
} |
232 | 244 |
else { |
233 | 245 |
$this->inDatabase = FALSE; |
246 |
// By default this variable should be 0 if the "sharedemail" module |
|
247 |
// is not enabled, or 1 if the module is. |
|
248 |
$this->accountsWithSameEmail = (int)module_exists('sharedemail'); |
|
234 | 249 |
} |
235 | 250 |
// determine account creation configuration |
236 | 251 |
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL); |
... | ... | |
1078 | 1093 |
); |
1079 | 1094 |
return FALSE; |
1080 | 1095 |
} |
1081 |
if ($account_with_same_email = user_load_by_mail($user_edit['mail'])) {
|
|
1096 |
if(($this->accountsWithSameEmail == LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED) && ($account_with_same_email = user_load_by_mail($user_edit['mail']))) {
|
|
1082 | 1097 |
$watchdog_tokens['%email'] = $user_edit['mail']; |
1083 | 1098 |
$watchdog_tokens['%duplicate_name'] = $account_with_same_email->name; |
1084 | 1099 |
watchdog('ldap_user', 'LDAP user %drupal_username has email address |
drupal7/sites/all/modules/ldap/ldap_user/LdapUserConfAdmin.class.php | ||
---|---|---|
33 | 33 |
public $userConflictResolveDefault = LDAP_USER_CONFLICT_RESOLVE_DEFAULT; |
34 | 34 |
public $userConflictOptions; |
35 | 35 |
|
36 |
public $accountsWithSameEmailDescription; |
|
37 |
public $accountsWithSameEmailOptions; |
|
38 |
|
|
36 | 39 |
public $acctCreationDescription = ''; |
37 | 40 |
public $acctCreationDefault = LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT; |
38 | 41 |
public $acctCreationOptions; |
... | ... | |
163 | 166 |
'#description' => t( $this->userConflictResolveDescription), |
164 | 167 |
); |
165 | 168 |
|
169 |
$form['basic_to_drupal']['accountsWithSameEmail'] = array( |
|
170 |
'#type' => 'radios', |
|
171 |
'#title' => t('Existing Account with Same Email Address'), |
|
172 |
'#default_value' => $this->accountsWithSameEmail, |
|
173 |
'#options' => $this->accountsWithSameEmailOptions, |
|
174 |
'#description' => t($this->accountsWithSameEmailDescription), |
|
175 |
'#disabled' => (module_exists('sharedemail') === FALSE), |
|
176 |
); |
|
177 |
|
|
166 | 178 |
$form['basic_to_drupal']['acctCreation'] = array( |
167 | 179 |
'#type' => 'radios', |
168 | 180 |
'#title' => t('Application of Drupal Account settings to LDAP Authenticated Users'), |
... | ... | |
382 | 394 |
$this->addServerMappingFields($form, $direction); |
383 | 395 |
} |
384 | 396 |
|
385 |
foreach (array('orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) as $input_name) { |
|
397 |
foreach (array('orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'accountsWithSameEmail', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) as $input_name) {
|
|
386 | 398 |
$form['basic_to_drupal'][$input_name]['#states']['invisible'] = |
387 | 399 |
array( |
388 | 400 |
':input[name=drupalAcctProvisionServer]' => array('value' => 'none'), |
... | ... | |
596 | 608 |
|
597 | 609 |
$this->manualAccountConflict = $values['manualAccountConflict']; |
598 | 610 |
$this->userConflictResolve = ($values['userConflictResolve']) ? (int)$values['userConflictResolve'] : NULL; |
611 |
$this->accountsWithSameEmail = ($values['accountsWithSameEmail']) ? (int)$values['accountsWithSameEmail'] : NULL; |
|
599 | 612 |
$this->acctCreation = ($values['acctCreation']) ? (int)$values['acctCreation'] : NULL; |
600 | 613 |
$this->disableAdminPasswordField = $values['disableAdminPasswordField']; |
601 | 614 |
// $this->wsKey = ($values['wsKey']) ? $values['wsKey'] : NULL; |
... | ... | |
741 | 754 |
|| |
742 | 755 |
(isset($mapping['configurable_to_ldap']) && $mapping['configurable_to_ldap'] && $direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) |
743 | 756 |
) { |
744 |
$user_attr_options[$target_id] = substr($mapping['name'], 0, 25);
|
|
757 |
$user_attr_options[$target_id] = substr($target_id, 1, -1);
|
|
745 | 758 |
} |
746 | 759 |
} |
747 | 760 |
} |
748 |
$user_attr_options['user_tokens'] = '-- user tokens --'; |
|
761 |
|
|
762 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { |
|
763 |
$user_attr_options['user_tokens'] = '-- user tokens --'; |
|
764 |
} |
|
749 | 765 |
|
750 | 766 |
$row = 0; |
751 | 767 |
|
... | ... | |
1016 | 1032 |
LDAP_USER_CONFLICT_RESOLVE => t('Associate Drupal account with the LDAP entry. This option |
1017 | 1033 |
is useful for creating accounts and assigning roles before an LDAP user authenticates.'), |
1018 | 1034 |
); |
1019 |
|
|
1035 |
$values['accountsWithSameEmailDescription'] = t('Allows provisioning a Drupal user account from LDAP regardless of whether another Drupal user account has the same email address. This setting depends on the "sharedemail" contrib module being enabled. '); |
|
1036 |
if (!module_exists('sharedemail')) { |
|
1037 |
$values['accountsWithSameEmailDescription'] .= t('The module is not currently enabled; you must install/enable it if you want to use this setting.'); |
|
1038 |
} |
|
1039 |
$values['accountsWithSameEmailOptions'] = array( |
|
1040 |
LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED => t('Prevent provisioning a user account if an existing account has the same email address.'), |
|
1041 |
LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED => t('Allow provisioning a user account that has the same email address as another user account.'), |
|
1042 |
); |
|
1020 | 1043 |
$values['acctCreationOptions'] = array( |
1021 | 1044 |
LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR => t('Account creation settings at |
1022 | 1045 |
/admin/config/people/accounts/settings do not affect "LDAP Associated" Drupal accounts.'), |
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.cron.inc | ||
---|---|---|
167 | 167 |
* user_cancel_reassign, user_cancel_delete |
168 | 168 |
*/ |
169 | 169 |
if ($ldap_user_conf->orphanedDrupalAcctBehavior == 'ldap_user_orphan_email') { |
170 |
$email_list[] = $account->name . "," . $account->mail . "," . $base_url . "/user/$uid/edit";
|
|
170 |
$email_list[] = $account->name . "," . $account->mail . "," . $base_url . "/user/" . $account->uid . "/edit";
|
|
171 | 171 |
} |
172 | 172 |
else { |
173 | 173 |
_user_cancel(array(), $account, $ldap_user_conf->orphanedDrupalAcctBehavior); |
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.info | ||
---|---|---|
23 | 23 |
stylesheets[all][] = ldap_user.css |
24 | 24 |
configure = admin/config/people/ldap/user |
25 | 25 |
|
26 |
; Information added by Drupal.org packaging script on 2017-05-30 |
|
27 |
version = "7.x-2.2" |
|
26 |
test_dependencies[] = ldap_sso:ldap_sso |
|
27 |
|
|
28 |
; Information added by Drupal.org packaging script on 2017-08-27 |
|
29 |
version = "7.x-2.3" |
|
28 | 30 |
core = "7.x" |
29 | 31 |
project = "ldap" |
30 |
datestamp = "1496167150"
|
|
32 |
datestamp = "1503841448"
|
|
31 | 33 |
|
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.install | ||
---|---|---|
522 | 522 |
return $fields_added; |
523 | 523 |
|
524 | 524 |
} |
525 |
|
|
526 |
/** |
|
527 |
* Set an appropriate default value for accountsWithSameEmail. |
|
528 |
*/ |
|
529 |
function ldap_user_update_7206() { |
|
530 |
$message = NULL; |
|
531 |
$ldap_user_conf = ldap_user_conf('admin', TRUE); |
|
532 |
// If the configuration variable is not set, set a reasonable default and |
|
533 |
// advise the administrator. |
|
534 |
if (module_exists('sharedemail')) { |
|
535 |
$message = t('The module "sharedemail" was detected. LDAP User configuration has been set so that user accounts can be provisioned regardless of whether an existing user account has the same email address.'); |
|
536 |
$ldap_user_conf->accountsWithSameEmail = LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED; |
|
537 |
} |
|
538 |
else { |
|
539 |
// The "sharedemail" module is not enabled; do not enable this setting. |
|
540 |
// Do not mention anything in the hook_update_N output. |
|
541 |
$ldap_user_conf->accountsWithSameEmail = LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED; |
|
542 |
} |
|
543 |
$ldap_user_conf->save(); |
|
544 |
|
|
545 |
return $message; |
|
546 |
} |
drupal7/sites/all/modules/ldap/ldap_user/ldap_user.module | ||
---|---|---|
35 | 35 |
define('LDAP_USER_CONFLICT_RESOLVE', 2); |
36 | 36 |
define('LDAP_USER_CONFLICT_RESOLVE_DEFAULT', 2); |
37 | 37 |
|
38 |
// options for what to do if another Drupal account has the same email address |
|
39 |
define('LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED', 0); |
|
40 |
define('LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED', 1); |
|
41 |
|
|
38 | 42 |
// options for dealing with manual account creation that conflict with ldap entries |
39 | 43 |
define('LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT', 1); |
40 | 44 |
define('LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE', 2); |
drupal7/sites/all/modules/ldap/ldap_views/ldap_views.info | ||
---|---|---|
21 | 21 |
files[] = handlers/ldap_views_handler_filter_attribute.inc |
22 | 22 |
files[] = handlers/ldap_views_handler_sort.inc |
23 | 23 |
files[] = handlers/ldap_views_handler_sort_attribute.inc |
24 |
; Information added by Drupal.org packaging script on 2017-05-30
|
|
25 |
version = "7.x-2.2"
|
|
24 |
; Information added by Drupal.org packaging script on 2017-08-27
|
|
25 |
version = "7.x-2.3"
|
|
26 | 26 |
core = "7.x" |
27 | 27 |
project = "ldap" |
28 |
datestamp = "1496167150"
|
|
28 |
datestamp = "1503841448"
|
|
29 | 29 |
|
drupal7/sites/all/modules/ldap/ldap_views/plugins/ldap_views_plugin_query_ldap.inc | ||
---|---|---|
204 | 204 |
* $view->result should contain an array of objects. |
205 | 205 |
*/ |
206 | 206 |
function execute(&$view) { |
207 |
$start = microtime(); |
|
207 |
$start = microtime(TRUE);
|
|
208 | 208 |
$entries = array(); |
209 | 209 |
$num_entries = 0; |
210 | 210 |
|
... | ... | |
258 | 258 |
|
259 | 259 |
foreach ($entries as $key => &$entry) { |
260 | 260 |
if (isset($entry['jpegphoto'])) { |
261 |
$entry['jpegphoto'][0] = "<img src='data:image/jpeg;base64," . base64_encode($entry['jpegphoto'][0]) . "' alt='photo' />"; |
|
261 |
$entry['jpegphoto'][0] = '<img src="data:image/jpeg;base64,' . base64_encode($entry['jpegphoto'][0]) . '" alt="photo" />'; |
|
262 |
} |
|
263 |
if (isset($entry['thumbnailphoto'])) { |
|
264 |
$entry['thumbnailphoto'][0] = '<img src="data:image/jpeg;base64,' . base64_encode($entry['thumbnailphoto'][0]) . '" alt="photo" />'; |
|
262 | 265 |
} |
263 | 266 |
foreach ($view->field as $field) { |
264 | 267 |
if (! isset($field_alias[$field->field_alias])) { |
... | ... | |
338 | 341 |
|
339 | 342 |
$view->result = $result; |
340 | 343 |
$view->total_rows = $num_entries; |
341 |
$view->execute_time = microtime() - $start; |
|
344 |
$view->execute_time = microtime(TRUE) - $start;
|
|
342 | 345 |
$view->query->pager->total_items = $num_entries; |
343 | 346 |
$view->query->pager->update_page_info(); |
344 | 347 |
|
Formats disponibles : Unified diff
Weekly update of contrib modules