Project

General

Profile

Paste
Download (29.7 KB) Statistics
| Branch: | Revision:

root / drupal7 / sites / all / modules / ldap / ldap_servers / ldap_servers.install @ b42754b9

1
<?php
2

    
3
/**
4
 * @file
5
 * Install, update and uninstall functions for the LDAP API module.
6
 */
7

    
8

    
9
/**
10
 * Implements hook_install().
11
 */
12
function ldap_servers_install() {
13

    
14
}
15

    
16
/**
17
 * Implements hook_uninstall().
18
 */
19
function ldap_servers_uninstall() {
20
  variable_del('ldap_servers_encryption');
21
  variable_del('ldap_servers_require_ssl_for_credentials');
22
  variable_del('ldap_servers_encrypt_key');
23

    
24
}
25

    
26
/**
27
 * Implements hook_requirements().
28
 */
29
function ldap_servers_requirements($phase) {
30
  $requirements = array();
31
  $t = get_t();
32

    
33
  if ($phase == 'install') {
34
    $requirements['ldap_extension_loaded']['title'] = t('LDAP Extension Loaded');
35
    if (extension_loaded('ldap')) {
36
      $requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_OK;
37
    }
38
    else {
39
      $requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_ERROR;
40
      $requirements['ldap_extension_loaded']['description'] = t('No LDAP PHP Extension is loaded for PHP, so LDAP will not work properly.');
41
    }
42
  }
43

    
44
  if ($phase == 'runtime' && !extension_loaded('ldap')) {
45
    $requirements['ldap_extension_loaded']['title'] = t('LDAP Extension Loaded');
46
    $requirements['ldap_extension_loaded']['severity'] = REQUIREMENT_ERROR;
47
    $requirements['ldap_extension_loaded']['description'] = t('No LDAP PHP Extension is loaded for PHP, so LDAP will not work properly.');
48
  }
49

    
50
  if ($phase != "install" && db_table_exists('ldapauth')) {
51
    $requirements['ldap_servers']['title'] = t('LDAP Integration LDAP Auth to LDAP Servers Upgrade Concern');
52
    $requirements['ldap_servers']['severity'] = REQUIREMENT_WARNING;
53
    $requirements['ldap_servers']['value'] = NULL;
54
    $requirements['ldap_servers']['description'] = t('Upgrade from Drupal 6 LDAP Auth to Drupal 7
55
      LDAP Servers is not automatic.  LDAP Servers will need to be configured by hand.
56
      See http://drupal.org/node/1023016. This message will go away when the ldapauth database table is removed.');
57
  }
58
  // check that ldapauth not installed.
59

    
60
  // Check enabled LDAP servers are configured and Drupal can connect to them.
61
  if ($phase == 'runtime') {
62
    $requirements['ldap_servers_enabled'] = array(
63
      'title' => $t('LDAP Server status'),
64
      'value' =>  $t('Disabled'),
65
      'severity' => REQUIREMENT_WARNING,
66
    );
67

    
68
    $servers = ldap_servers_get_servers(NULL, 'enabled');
69
    if (!empty($servers)) {
70
      unset($requirements['ldap_servers_enabled']);
71

    
72
      foreach ($servers as $server) {
73
        $server_req_key = 'ldap_servers_sid_' . $server->sid;
74
        $server_tokens = array(
75
          '@host' => $server->address,
76
          '@sid' => $server->sid,
77
        );
78
        $requirements[$server_req_key] = array(
79
          'title' => $t('LDAP Server status: @sid (@host)', $server_tokens),
80
          'value' =>  $t('Connection: Failed, check logs for details.', $server_tokens),
81
          'severity' => REQUIREMENT_ERROR,
82
        );
83

    
84
        try {
85
          $connect_result = $server->connect();
86
          if ($connect_result == LDAP_SUCCESS) {
87
            if ($server->bind_method == LDAP_SERVERS_BIND_METHOD_USER) {
88
              // Check bind anonymously if set to bind via user credentials.
89
              // The user has already logged in and so their is no dn or password
90
              // to check since LDAP doesn't store passwords.
91
              $bind_result = $server->bind(NULL, NULL, TRUE);
92
            } else {
93
              $bind_result = $server->bind();
94
            }
95
            if ($bind_result == LDAP_SUCCESS) {
96
              $requirements[$server_req_key]['value'] = $t('Connection: Success, Bind: Success', $server_tokens);
97
              $requirements[$server_req_key]['severity'] = REQUIREMENT_OK;
98
            }
99
          }
100
          $server->disconnect();
101
        }
102
        catch (Exception $e) {
103
        }
104
      }
105
    }
106
  }
107

    
108
  return $requirements;
109
}
110

    
111
/**
112
 * Implements hook_schema().
113
 */
114
function ldap_servers_schema() {
115
  module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
116
  module_load_include('module', 'ldap_servers', 'ldap_servers'); // to get the LDAP_SERVERS_ENC_TYPE_CLEARTEXT constants issue#1209576
117
  module_load_include('php', 'ldap_servers', 'LdapServerAdmin.class');
118

    
119
  $schema['ldap_servers'] = array(
120
    'export' => array(
121
      'key' => 'sid',
122
      'key name' => 'Server ID',
123
      'primary key' => 'numeric_sid',
124
      'identifier' => 'ldap_servers_conf',
125
      'api' => array(
126
        'owner' => 'ldap_servers',
127
        'api' => 'ldap_servers',
128
        'minimum_version' => 1,
129
        'current_version' => 1,
130
        ),
131
      ),
132
    'primary key' => array('numeric_sid'),
133
    'unique keys' => array('name' => array('name')),
134
  );
135

    
136
  $fields = LdapServerAdmin::fields();
137
  foreach ($fields as $name => $props) {
138
    if (isset($props['schema'])) {
139
      $schema['ldap_servers']['fields'][$name] = $props['schema'];
140
    }
141
  }
142

    
143
  return $schema;
144

    
145
}
146

    
147
/**
148
 * rename ldap_servers type field to ldap_type
149
 */
150

    
151
function ldap_servers_update_7100() {
152
  if (!ldap_servers_db_field_exists('ldap_servers', 'ldap_type') && ldap_servers_db_field_exists('ldap_servers', 'type')) {
153
    db_change_field('ldap_servers', 'type', 'ldap_type', array(
154
      'type' => 'varchar',
155
      'length' => 20,
156
      'not null' => FALSE
157
    ));
158
  }
159

    
160
  return t('ldap_servers table field "type" renamed to "ldap_type"');
161

    
162
}
163

    
164
/**
165
 * ldap_server table field changes
166
 */
167

    
168
function ldap_servers_update_7101() {
169

    
170
  db_add_field(
171
    'ldap_servers',
172
    'allow_conflicting_drupal_accts',
173
    array(
174
      'type' => 'int',
175
      'size' => 'tiny',
176
      'not null' => FALSE,
177
      'default' => 0,
178
    )
179
  );
180

    
181
  db_add_field(
182
    'ldap_servers',
183
    'unique_persistent_attr',
184
    array(
185
      'type' => 'varchar',
186
      'length' => '64',
187
      'not null' => FALSE,
188
    )
189
  );
190

    
191
  db_add_field(
192
    'ldap_servers',
193
    'mail_template',
194
    array(
195
      'type' => 'varchar',
196
      'length' => '255',
197
      'not null' => FALSE,
198
    )
199
  );
200

    
201
  db_change_field('ldap_servers', 'ldap_to_drupal_user', 'ldap_to_drupal_user', array(
202
    'type' => 'varchar',
203
    'length' => 1024,
204
    'not null' => FALSE
205
  ));
206

    
207
  db_change_field('ldap_servers', 'binddn', 'binddn', array(
208
    'type' => 'varchar',
209
    'length' => 511,
210
  ));
211

    
212

    
213
  return t('Updated LDAP Server to include "allow_conflicting_drupal_accts" and "unique_persistent_attr" fields.');
214
}
215

    
216

    
217
/**
218
 * add bind_method field to ldap_servers table
219
 */
220
function ldap_servers_update_7102() {
221

    
222
  if (!ldap_servers_db_field_exists('ldap_servers', 'bind_method')) {
223
    db_add_field('ldap_servers', 'bind_method', array(
224
      'type' => 'int',
225
      'size' => 'tiny',
226
      'not null' => TRUE,
227
      'default' => 0,
228
    ));
229
    $msg = t('"bind_method" field added to ldap_servers table');
230
  }
231

    
232
  return ($msg) ? $msg :  t('No database changes made.');
233
}
234

    
235
/**
236
 * add group_object_category field to ldap_servers table
237
 */
238
function ldap_servers_update_7103() {
239

    
240
  if (!ldap_servers_db_field_exists('ldap_servers', 'group_object_category')) {
241
    db_add_field('ldap_servers', 'group_object_category', array(
242
      'type' => 'varchar',
243
      'length' => 64,
244
      'not null' => FALSE,
245
    ));
246
    $msg = t('"group_object_category" field added to ldap_servers table');
247
  }
248

    
249
  return ($msg) ? $msg :  t('No database changes made.');
250
}
251

    
252

    
253
/**
254
 * add pagination fields to ldap_servers table
255
 */
256
function ldap_servers_update_7104() {
257

    
258
  if (!ldap_servers_db_field_exists('ldap_servers', 'search_pagination')) {
259
    db_add_field('ldap_servers', 'search_pagination', array(
260
      'type' => 'int',
261
      'size' => 'tiny',
262
      'not null' => FALSE,
263
      'default' => 0,
264
    ));
265
    $msg = t('"search_pagination" field added to ldap_servers table');
266
  }
267

    
268
  if (!ldap_servers_db_field_exists('ldap_servers', 'search_page_size')) {
269
    db_add_field('ldap_servers', 'search_page_size', array(
270
      'type' => 'int',
271
      'size' => 'medium',
272
      'not null' => FALSE,
273
      'default' => 1000,
274
    ));
275
    $msg .= '<br/>' . t('"search_page_size" field added to ldap_servers table');
276
  }
277

    
278
  if (!ldap_servers_db_field_exists('ldap_servers', 'unique_persistent_attr_binary')) {
279
    db_add_field('ldap_servers', 'unique_persistent_attr_binary', array(
280
      'type' => 'int',
281
      'size' => 'tiny',
282
      'not null' => FALSE,
283
      'default' => 0,
284
    ));
285
    $msg = t('"unique_persistent_attr_binary" field added to ldap_servers table');
286
  }
287

    
288

    
289

    
290
  return ($msg) ? $msg :  t('No database changes made.');
291
}
292

    
293
/**
294
 * enable ldap_user module
295
 */
296
function ldap_servers_update_7105() {
297

    
298
  if (!module_exists('ldap_user')) {
299
    module_enable(array('ldap_user'));
300
    $msg = t('LDAP User module enabled.  Some authentication and authorization functionality shifted to LDAP User module.');
301
  }
302

    
303
  return ($msg) ? $msg :  t('LDAP User module was already enabled.  No action taken.');
304
}
305

    
306

    
307

    
308
/**
309
 * add account_name_attr field to ldap_servers table
310
 */
311
function ldap_servers_update_7106() {
312
  if (!ldap_servers_db_field_exists('ldap_servers', 'account_name_attr')) {
313
    db_add_field('ldap_servers', 'account_name_attr', array(
314
    'description' => 'The attribute to be used as the account name if not the user_attr',
315
    'type' => 'varchar',
316
    'length' => 255,
317
    'not null' => FALSE,
318
    'default' => '',
319
  ));
320
    $msg = t('"account_name_attr" field added to ldap_servers table');
321
  }
322

    
323
  return ($msg) ? $msg :  t('No database changes made.');
324
}
325

    
326
/**
327
 *  remove allow_conflicting_drupal_accts from ldap_servers table
328
 */
329
function ldap_servers_update_7107() {
330
  if (ldap_servers_db_field_exists('ldap_servers', 'allow_conflicting_drupal_accts')) {
331
    db_drop_field('ldap_servers', 'allow_conflicting_drupal_accts');
332
    $msg = t('"allow_conflicting_drupal_accts" field removed from ldap_servers table');
333
  }
334
  return ($msg) ? $msg :  t('No database changes made.');
335
}
336

    
337

    
338

    
339
function ldap_servers_db_field_exists($table, $field_name) {
340
  if (!db_field_exists($table, $field_name) && !db_field_exists($table, drupal_strtolower($field_name)) ) {
341
    return false;
342
  }
343
  else {
344
    return true;
345
  }
346
}
347
/**
348
 * add group related fields to ldap_servers table
349
 */
350
function ldap_servers_update_7108() {
351

    
352
  foreach (array('groupFunctionalityUnused', 'groupNested', 'groupSearchAll', 'groupUserMembershipsAttrExists', 'groupDeriveFromDn', 'groupUserMembershipsAttrExists') as $tinyint_field_name) {
353
    if (!ldap_servers_db_field_exists('ldap_servers', $tinyint_field_name))  {
354
      db_add_field('ldap_servers', $tinyint_field_name, array(
355
        'type' => 'int',
356
        'size' => 'tiny',
357
        'not null' => FALSE,
358
        'default' => 0,
359
      ));
360
      $msg = t('"!name" field added to ldap_servers table', array('!name' => $tinyint_field_name));
361
    }
362
  }
363
  foreach (array('groupUserMembershipsAttr', 'groupMembershipsAttr', 'groupTestGroupDn', 'groupUserMembershipsAttr', 'groupMembershipsAttrMatchingUserAttr') as $varchar255field_name) {
364
    if (!ldap_servers_db_field_exists('ldap_servers', $varchar255field_name) && !ldap_servers_db_field_exists('ldap_servers', drupal_strtolower($varchar255field_name))) {
365
      db_add_field('ldap_servers', $varchar255field_name, array(
366
        'type' => 'varchar',
367
        'length' => '255',
368
        'not null' => FALSE,
369
      ));
370
      $msg = t('"!name" field added to ldap_servers table', array('!name' => $varchar255field_name));
371
    }
372
  }
373
}
374

    
375

    
376
/**
377
 * adjust group related fields to ldap_servers table
378
 */
379
function ldap_servers_update_7109() {
380

    
381
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupNested')) {
382
    db_add_field('ldap_servers', 'groupNested', array(
383
      'type' => 'int',
384
      'size' => 'tiny',
385
      'not null' => FALSE,
386
      'default' => 0,
387
    ));
388
    $msg = t('"groupNested" field added to ldap_servers table');
389
  }
390

    
391
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupUseFirstAttr')) {
392
    db_add_field('ldap_servers', 'groupUseFirstAttr', array(
393
      'type' => 'int',
394
      'size' => 'tiny',
395
      'not null' => FALSE,
396
      'default' => 0,
397
    ));
398
    $msg .= '<br/>' . t('"groupUseFirstAttr" field added to ldap_servers table');
399
  }
400

    
401
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupSearchAll')) {
402
    db_add_field('ldap_servers', 'groupSearchAll', array(
403
      'type' => 'int',
404
      'size' => 'tiny',
405
      'not null' => FALSE,
406
      'default' => 0,
407
    ));
408
    $msg = t('"groupSearchAll" field added to ldap_servers table');
409
  }
410

    
411
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttrExists')) {
412
    db_add_field('ldap_servers', 'groupUserMembershipsAttrExists', array(
413
      'type' => 'int',
414
      'size' => 'tiny',
415
      'not null' => FALSE,
416
      'default' => 0,
417
    ));
418
    $msg = t('"groupUserMembershipsAttrExists" field added to ldap_servers table');
419
  }
420

    
421
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttr')) {
422
    db_add_field('ldap_servers', 'groupUserMembershipsAttr', array(
423
      'type' => 'varchar',
424
      'length' => '255',
425
      'not null' => FALSE,
426
    ));
427
    $msg = t('"groupUserMembershipsAttr" field added to ldap_servers table');
428
  }
429

    
430
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupMembershipsAttr')) {
431
    db_add_field('ldap_servers', 'groupMembershipsAttr', array(
432
      'type' => 'varchar',
433
      'length' => '255',
434
      'not null' => FALSE,
435
    ));
436
    $msg = t('"groupMembershipsAttr" field added to ldap_servers table');
437
  }
438

    
439
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupMembershipsAttrMatchingUserAttr')) {
440
    db_add_field('ldap_servers', 'groupMembershipsAttrMatchingUserAttr', array(
441
      'type' => 'varchar',
442
      'length' => '255',
443
      'not null' => FALSE,
444
    ));
445
    $msg = t('"groupMembershipsAttrMatchingUserAttr" field added to ldap_servers table');
446
  }
447

    
448
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttrExists')) {
449
    db_add_field('ldap_servers', 'groupUserMembershipsAttrExists', array(
450
      'type' => 'int',
451
      'size' => 'tiny',
452
      'not null' => FALSE,
453
      'default' => 0,
454
    ));
455
    $msg = t('"groupUserMembershipsAttrExists" field added to ldap_servers table');
456
  }
457

    
458
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupUserMembershipsAttr')) {
459
    db_add_field('ldap_servers', 'groupUserMembershipsAttr', array(
460
      'type' => 'varchar',
461
      'length' => '255',
462
      'not null' => FALSE,
463
    ));
464
    $msg = t('"groupUserMembershipsAttr" field added to ldap_servers table');
465
  }
466

    
467
}
468

    
469
/**
470
 * adjust group related fields to ldap_servers table
471
 */
472
function ldap_servers_update_7110() {
473

    
474
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupFunctionalityUnused')) {
475
    db_add_field('ldap_servers', 'groupFunctionalityUnused', array(
476
      'type' => 'int',
477
      'size' => 'tiny',
478
      'not null' => FALSE,
479
      'default' => 0,
480
    ));
481
    $msg = t('"groupFunctionalityUnused" field added to ldap_servers table');
482
  }
483

    
484
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDn')) {
485
    db_add_field('ldap_servers', 'groupTestGroupDn', array(
486
      'type' => 'varchar',
487
      'length' => '255',
488
      'not null' => FALSE,
489
    ));
490
    $msg = t('"groupTestGroupDn" field added to ldap_servers table');
491
  }
492

    
493
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDnWriteable')) {
494
    db_add_field('ldap_servers', 'groupTestGroupDnWriteable', array(
495
      'type' => 'varchar',
496
      'length' => '255',
497
      'not null' => FALSE,
498
    ));
499
    $msg = t('"groupTestGroupDnWriteable" field added to ldap_servers table');
500
  }
501

    
502
}
503

    
504
/**
505
 * add field groupTestGroupDnWriteable to ldap_servers table
506
 */
507
function ldap_servers_update_7111() {
508

    
509
  if (!ldap_servers_db_field_exists('ldap_servers', 'groupTestGroupDnWriteable')) {
510
    db_add_field('ldap_servers', 'groupTestGroupDnWriteable', array(
511
      'type' => 'varchar',
512
      'length' => '255',
513
      'not null' => FALSE,
514
    ));
515
    $msg = t('"groupTestGroupDnWriteable" field added to ldap_servers table');
516
  }
517

    
518
}
519

    
520
/**
521
 * add field testingDrupalUserDn to ldap_servers table
522
 */
523
function ldap_servers_update_7112() {
524

    
525
  if (!ldap_servers_db_field_exists('ldap_servers', 'testingDrupalUserDn')) {
526
    db_add_field('ldap_servers', 'testingDrupalUserDn', array(
527
      'type' => 'varchar',
528
      'length' => '255',
529
      'not null' => FALSE,
530
    ));
531
    $msg = t('"testingDrupalUserDn" field added to ldap_servers table');
532
  }
533

    
534
}
535

    
536

    
537
/**
538
 * upgrade as much as feasible for 7.1 to 7.2 branch
539
 */
540
function ldap_servers_update_7201() {
541

    
542
  $change_log = array();
543

    
544
  // 1. ldap_user is now required for ldap_authentication and ldap_authorization
545
  if (module_exists('ldap_authentication') || module_exists('ldap_authorization')) {
546
    module_enable(array('ldap_user'), TRUE);
547
    $change_log[] = t('LDAP User Module Enabled');
548
  }
549

    
550
  /**
551
   * ldap_servers and ldap_authorization tables in 7.x-1.x to 7.x-2.x update
552
   *
553
   * LDAP_SERVERS fields that don't change:
554
   *  sid, numeric_sid, name, status, ldap_type, address, port, tls, bind_method,
555
   *  binding_service_acct, binddn, bindpw, basedn, user_attr, account_name_attr,
556
   *  mail_attr, mail_template, unique_persistent_attr, user_dn_expression,
557
   *  testing_drupal_username, group_object_category
558
   *  search_pagination, search_page_size, ldap_to_drupal_user,
559
   *
560
   * LDAP_SERVERS fields not populated in update:
561
   *   unique_persistent_attr_binary
562
   *   testingDrupalUserDn
563
   *   groupTestGroupDn - new no value in it and not important
564
   *   groupTestGroupDnWriteable - new no value in it and not important
565
   *
566
   * LDAP_SERVERS fields set/adjusted in update:
567
   *   groupNested
568
   *   groupFunctionalityUnused = 1 if ldap authorization tables exist
569
   *   groupDeriveFromDn from option IIA of ldap authorization
570
   *   groupDeriveFromDnAttr from option IIA of ldap authorization
571
   *   groupUserMembershipsAttrExists = 1 if option IIB used in ldap authorization
572
   *   groupUserMembershipsAttr  get from ldap authorization  IIB
573
   *   groupMembershipsAttr from option IIC in ldap authorization derive from entry
574
   *   groupMembershipsAttrMatchingUserAttr from option IIC
575
   *
576
   *
577
   * LDAP_AUTHORIZATION fields that don't change:
578
   *   numeric_consumer_conf_id, sid, consumer_type, consumer_module
579
   *   status, only_ldap_authenticated, mappings, use_filter,
580
   *   synchronization_modes, synchronization_actions, synch_to_ldap,
581
   *   synch_on_logon, revoke_ldap_provisioned, create_consumers,
582
   *   regrant_ldap_provisioned
583
   *
584
   * LDAP_AUTHORIZATION fields populated in update:
585
   *   useFirstAttrAsGroupId = derive_from_attr_use_first_attr || derive_from_entry_use_first_attr
586
   *
587
   * LDAP_AUTHORIZATION fields to remove in update
588
   *    derive_from_dn, derive_from_dn_attr, derive_from_entry, derive_from_attr
589
   *    derive_from_attr_attr, derive_from_entry, derive_from_entry_attr,
590
   *    derive_from_entry_entries_attr, derive_from_entry_nested,
591
   *    derive_from_attr_use_first_attr, derive_from_entry_search_all
592
   *    derive_from_entry_use_first_attr
593
   *
594
   */
595

    
596

    
597
  // 2.  add any missing fields from schema
598
  ldap_servers_install_update_schema(ldap_servers_schema(), $change_log);
599
  if (module_exists('ldap_authorization')) {
600
    ldap_servers_install_update_schema(ldap_authorization_schema(), $change_log);
601
  }
602
  if (module_exists('ldap_query')) {
603
    ldap_servers_install_update_schema(ldap_query_schema(), $change_log);
604
  }
605

    
606
  // 3.  move configuration data that has changed location within ldap modules
607
  $field_changes = array();
608
  $ldap_server_records = array();
609
  $select = db_select('ldap_servers')
610
    ->fields('ldap_servers')
611
    ->execute();
612
  foreach ($select as $record) {
613
    $ldap_server_records[$record->sid] = $record;
614
  }
615

    
616
  if (db_table_exists('ldap_authorization')) {
617
    $ldap_authorization_record = NULL;
618
    $select = db_select('ldap_authorization', 'authz')
619
      ->fields('authz')
620
      ->execute();
621
    // pick best ldap authorization conf to use to configure ldap server
622
    $max_weight = -1;
623
    foreach ($select as $record) {
624
      $weight = (int)($record->status) + (int)($record->consumer_type == 'drupal_role');
625
      if ($weight > $max_weight) {
626
        $max_weight = $weight;
627
        $ldap_authorization_record = $record;
628
      }
629
    }
630

    
631
    foreach ($ldap_server_records as $sid => $ldap_server_record) {
632
      if ($ldap_authorization_record && $ldap_authorization_record->sid == $sid) {
633
        $consumer_type = $ldap_authorization_record->consumer_type;
634
        $field_changes['ldap_servers'][$sid]['groupFunctionalityUnused'] = 0;
635
        if ($ldap_authorization_record->derive_from_dn) {
636
          $field_changes['ldap_servers'][$sid]['groupDeriveFromDn'] = 1;
637
          $field_changes['ldap_servers'][$sid]['groupDeriveFromDnAttr'] = $ldap_authorization_record->derive_from_dn_attr;
638
        }
639
        if ($ldap_authorization_record->derive_from_attr) {
640
          $field_changes['ldap_servers'][$sid]['groupUserMembershipsAttrExists'] = 1;
641
          $field_changes['ldap_servers'][$sid]['groupUserMembershipsAttr'] = $ldap_authorization_record->derive_from_attr_attr;
642
        }
643
        if ($ldap_authorization_record->derive_from_entry) {
644
          $field_changes['ldap_servers'][$sid]['groupMembershipsAttr'] = $ldap_authorization_record->derive_from_entry_attr; // eg members
645
          $field_changes['ldap_servers'][$sid]['groupMembershipsAttrMatchingUserAttr'] = $ldap_authorization_record->derive_from_entry_entries_attr; // eg dn
646
        }
647
        if ($ldap_authorization_record->derive_from_entry_nested) {
648
          $field_changes['ldap_servers'][$sid]['groupNested'] = 1;
649
        }
650
        if ($ldap_authorization_record->derive_from_attr_use_first_attr || $ldap_authorization_record->derive_from_entry_use_first_attr) {
651
          $field_changes['ldap_authorization'][$consumer_type]['useFirstAttrAsGroupId'] = 1;
652
        }
653
      }
654
      else {
655
        $field_changes['ldap_servers'][$sid]['groupFunctionalityUnused'] = 1;
656
      }
657
    }
658
  }
659

    
660
  foreach ($field_changes as $table_name => $record) {
661
    foreach ($record as $id => $field_data) {
662
      if ($table_name == 'ldap_servers' || $table_name == 'ldap_authorization') {
663
        $id_field_name = 'sid';
664
      }
665
      else {
666
        continue;
667
      }
668
      if (count($field_data)) {
669
        $change_log[] = t("!table_name where !id_field_name = !id values updated", array(
670
          '!table_name' => $table_name,
671
          '!id_field_name' => $id_field_name,
672
          '!id' => $id,
673
          ));
674
        $num_updated = db_update($table_name)
675
          ->fields($field_data)
676
          ->condition($id_field_name, $id, '=')
677
          ->execute();
678
      }
679
    }
680
  }
681

    
682
  // 4.  remove ldap_authorization fields that are unused
683
  $ldap_authorization_fields_to_remove = array(
684
    'derive_from_dn',
685
    'derive_from_dn_attr',
686
    'derive_from_attr',
687
    'derive_from_entry',
688
    'derive_from_attr_attr',
689
    'derive_from_entry_attr',
690
    'derive_from_entry_entries_attr',
691
    'derive_from_entry_nested',
692
    'derive_from_entry_search_all',
693
    'derive_from_entry_use_first_attr',
694
    'derive_from_attr_use_first_attr',
695
  );
696

    
697
  foreach ($ldap_authorization_fields_to_remove as $ldap_authorization_field) {
698
    db_drop_field('ldap_authorization', $ldap_authorization_field);
699
  }
700
  $change_log[] = t("ldap_authorization table fields removed: !fields_removed", array('!fields_removed' => join(', ', $ldap_authorization_fields_to_remove)));
701

    
702

    
703
  //5. ldap_authentication and ldap_user changes are in variables, not tables
704

    
705
  $ldap_authentication_conf_data = variable_get('ldap_authentication_conf', array());
706
  if (!is_array($ldap_authentication_conf_data['sids'])) {
707
    $ldap_authentication_conf_data['sids'] = array();
708
  }
709

    
710
  $ldap_user_conf_data = variable_get('ldap_user_conf', array());
711

    
712
  $ldap_authentication_sids = array_keys($ldap_authentication_conf_data['sids']);
713
  if (count($ldap_authentication_sids) == 1) {
714
    $ldap_user_conf_data['drupalAcctProvisionServer'] = $ldap_authentication_sids[0];
715
  }
716

    
717
  // conflict log vs resolve moved from ldap_authentication to ldap_user
718
  if (!empty($ldap_authentication_conf_data['authenticationMode'])) {
719
    if ($ldap_authentication_conf_data['loginConflictResolve'] == LDAP_AUTHENTICATION_CONFLICT_LOG) {
720
      $ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_LOG;
721
      $change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_LOG;
722
    }
723
    elseif ($ldap_authentication_conf_data['loginConflictResolve'] == LDAP_AUTHENTICATION_CONFLICT_RESOLVE) {
724
      $ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_RESOLVE;
725
      $change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_RESOLVE;
726
    }
727
    unset($ldap_authentication_conf_data['loginConflictResolve']);
728
    $change_log[] = t('ldap_authentication_conf -> loginConflictResolve value removed');
729
  }
730
  else {
731
    $ldap_user_conf_data['userConflictResolve'] = LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
732
    $change_log[] = t('ldap_authentication_conf -> userConflictResolve set to') . LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
733
  }
734

    
735

    
736
  if (isset($ldap_authentication_conf_data['acctCreation'])) {
737
    $ldap_user_conf_data['acctCreation'] = $ldap_authentication_conf_data['acctCreation'];
738
    $change_log[] = t('ldap_user_conf -> acctCreation set to value in ldap_authentication_conf -> acctCreation');
739
    unset($ldap_authentication_conf_data['acctCreation']);
740
    $change_log[] = t('ldap_authentication_conf -> acctCreation value removed');
741
  }
742
  else {
743
    $ldap_user_conf_data['acctCreation'] = LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
744
    $change_log[] = t('ldap_user_conf -> acctCreation set to default:') . ' ' . LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
745
  }
746

    
747
  $ldap_user_conf_data['manualAccountConflict'] = LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT;
748
  $change_log[] = t('ldap_user_conf -> manualAccountConflict set to default:') . ' ' . LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT;
749

    
750
  $change_log[] = t('LDAP User configuration populated.');
751
  $change_log[] = t('LDAP Authentication configuration updated.');
752
  variable_set('ldap_authentication_conf', $ldap_authentication_conf_data);
753
  variable_set('ldap_user_conf', $ldap_user_conf_data);
754

    
755
  $summary = '<h2>' . t('Please check through all the LDAP module configuration pages.
756
    The update from 7.x-1.x to 7.x-2.x is not automatable!  The configuration pages
757
    must be read through and configured.') . '</h2>' .
758
    theme('item_list', array(
759
      'items' => $change_log,
760
      'type' => 'ul',
761
      'title' => 'Changes in 7.x-1.x to 7.x-2.x update')
762
    );
763

    
764
  watchdog('ldap_servers', $summary, array(), WATCHDOG_INFO);
765
  return $summary;
766

    
767

    
768
}
769

    
770
/**
771
 * make ldap_servers.bind_method field small int instead of tiny int for ctools bug
772
 */
773
function ldap_servers_update_7202() {
774

    
775
  db_change_field('ldap_servers', 'bind_method', 'bind_method', array(
776
    'type' => 'int',
777
    'size' => 'small',
778
    'not null' => TRUE,
779
    'default' => 0,
780
  ));
781

    
782
}
783

    
784
/**
785
 * make all schema field names lowercase in ldap server to deal with cronic case sensitivity issues
786
 */
787
function ldap_servers_update_7203() {
788
  $schema = ldap_servers_schema();
789
    $changes = array(
790
    'testingDrupalUserDn' => 'testing_drupal_user_dn',
791
    'group_object_category' => 'grp_object_cat',
792
    'groupFunctionalityUnused' => 'grp_unused',
793
    'groupNested' => 'grp_nested',
794
    'groupUserMembershipsAttrExists' => 'grp_user_memb_attr_exists',
795
    'groupUserMembershipsAttr' => 'grp_user_memb_attr',
796
    'groupMembershipsAttr' => 'grp_memb_attr',
797
    'groupMembershipsAttrMatchingUserAttr' => 'grp_memb_attr_match_user_attr',
798
    'groupDeriveFromDn' => 'grp_derive_from_dn',
799
    'groupDeriveFromDnAttr' => 'grp_derive_from_dn_attr',
800
    'groupTestGroupDn' => 'grp_test_grp_dn',
801
    'groupTestGroupDnWriteable' => 'grp_test_grp_dn_writeable'
802
  );
803
  foreach ($changes as $old_field_name => $new_field_name) {
804
    $field_schema = $schema['ldap_servers']['fields'][$new_field_name];
805
    if (ldap_servers_db_field_exists('ldap_servers', $old_field_name)) {
806
      if (ldap_servers_db_field_exists('ldap_servers', $new_field_name)) {
807
        db_drop_field('ldap_servers', $old_field_name);
808
      }
809
      else {
810
        db_change_field('ldap_servers', $old_field_name, $new_field_name, $field_schema);
811
      }
812
    }
813
  }
814

    
815
}
816

    
817
/**
818
 * Add picture_attr field in schema
819
 */
820
function ldap_servers_update_7204() {
821
  if (!ldap_servers_db_field_exists('ldap_servers', 'picture_attr')) {
822
    db_add_field(
823
      'ldap_servers',
824
      'picture_attr',
825
      array(
826
        'type' => 'varchar',
827
        'length' => 255,
828
        'not null' => FALSE,
829
      )
830
    );
831
  }
832
}
833

    
834

    
835
/**
836
 * fix any double serialized ldap server basedns
837
 */
838
function ldap_servers_update_7205() {
839

    
840
  module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
841
  $ldap_servers = ldap_servers_get_servers();
842
  foreach ($ldap_servers as $sid => $ldap_server) {
843
    if ($ldap_server->basedn && is_scalar($ldap_server->basedn)) {
844
      // these are still serialized after being loaded from db/ctools so were double serialized
845
      $ldap_server->basedn = unserialize($ldap_server->basedn);
846
      $ldap_server->save();
847
    }
848
  }
849

    
850
}
851

    
852

    
853
/**
854
 * Add LDAP Referrals fields in schema
855
 */
856
function ldap_servers_update_7206() {
857
  if (!ldap_servers_db_field_exists('ldap_servers', 'followrefs')) {
858
    db_add_field(
859
      'ldap_servers',
860
      'followrefs',
861
      array(
862
        'type' => 'int',
863
        'size' => 'tiny',
864
        'not null' => FALSE,
865
        'default' => 0,
866
      )
867
    );
868
  }
869
}
870

    
871
/**
872
 * Fixes a typo in an LDAP variable name.
873
 */
874
function ldap_servers_update_7207() {
875
    if (!is_null($old_var = variable_get('ldap_servers_require_ssl_for_credentails'))) {
876
      variable_set('ldap_servers_require_ssl_for_credentials', $old_var);
877
      variable_del('ldap_servers_require_ssl_for_credentails');
878
    }
879
}
880

    
881
/**
882
 * Removes HTTPS checking.
883
 */
884
function ldap_servers_update_7208() {
885
  variable_del('ldap_servers_require_ssl_for_credentials');
886
  return t('HTTPS validation was removed, if you need mixed mode consider another module such as securelogin for this. Mixed mode is strongly discouraged.');
887

    
888
}
889

    
890
function ldap_servers_install_update_schema($schema, &$change_log) {
891
  foreach ($schema as $table_name => $table_schema) {
892
    foreach ($table_schema['fields'] as $field_name => $field_schema) {
893
      if (!ldap_servers_db_field_exists($table_name, $field_name)) {
894
        db_add_field($table_name, $field_name, $field_schema);
895
        $change_log[] = t("!field_name field added to !table_name table", array('!field_name' => $field_name, '!table_name' => $table_name));
896
      }
897
    }
898
  }
899
}