Project

General

Profile

Paste
Download (44.3 KB) Statistics
| Branch: | Revision:

root / drupal7 / sites / all / modules / ldap / ldap_user / LdapUserConfAdmin.class.php @ b42754b9

1
<?php
2

    
3
/**
4
 * @file
5
 * This classextends by LdapUserConf for configuration and other admin functions
6
 */
7

    
8
module_load_include('php', 'ldap_user', 'LdapUserConf.class');
9
module_load_include('inc', 'user', 'user.pages');
10

    
11
class LdapUserConfAdmin extends LdapUserConf {
12

    
13
  /**
14
   * basic settings
15
   */
16

    
17
  protected $drupalAcctProvisionServerDescription;
18
  protected $drupalAcctProvisionServerOptions = array();
19
  protected $ldapEntryProvisionServerOptions = array();
20

    
21
  protected $drupalAccountProvisionEventsDescription;
22
  protected $drupalAccountProvisionEventsOptions = array();
23

    
24
  protected $ldapEntryProvisionTriggersDescription;
25
  protected $ldapEntryProvisionTriggersOptions = array();
26

    
27
  protected $synchFormRow = 0;
28

    
29
  /*
30
   * 3. Drupal Account Provisioning and Syncing
31
   */
32
  public $userConflictResolveDescription;
33
  public $userConflictResolveDefault = LDAP_USER_CONFLICT_RESOLVE_DEFAULT;
34
  public $userConflictOptions;
35

    
36
  public $accountsWithSameEmailDescription;
37
  public $accountsWithSameEmailOptions;
38

    
39
  public $acctCreationDescription = '';
40
  public $acctCreationDefault = LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR_DEFAULT;
41
  public $acctCreationOptions;
42

    
43

    
44
  public $errorMsg = NULL;
45
  public $hasError = FALSE;
46
  public $errorName = NULL;
47

    
48
  public function clearError() {
49
    $this->hasError = FALSE;
50
    $this->errorMsg = NULL;
51
    $this->errorName = NULL;
52
  }
53

    
54
  public function save() {
55
    foreach ($this->saveable as $property) {
56
      $save[$property] = $this->{$property};
57
    }
58
    variable_set('ldap_user_conf', $save);
59
    ldap_user_conf_cache_clear();
60
  }
61

    
62
  static public function uninstall() {
63
    variable_del('ldap_user_conf');
64
  }
65

    
66
  public function __construct() {
67
    parent::__construct();
68
    $this->setTranslatableProperties();
69

    
70
    if ($servers = ldap_servers_get_servers(NULL, 'enabled')) {
71
      $this->drupalAcctProvisionServerOptions[LDAP_USER_AUTH_SERVER_SID] = t('Use server which performed the authentication. Useful for multi-domain environments.');
72
      foreach ($servers as $sid => $ldap_server) {
73
        $enabled = ($ldap_server->status) ? 'Enabled' : 'Disabled';
74
        $this->drupalAcctProvisionServerOptions[$sid] = $ldap_server->name . ' (' . $ldap_server->address . ') Status: ' . $enabled;
75
        $this->ldapEntryProvisionServerOptions[$sid] = $ldap_server->name . ' (' . $ldap_server->address . ') Status: ' . $enabled;
76
      }
77
    }
78
    $this->drupalAcctProvisionServerOptions['none'] = t('None');
79
    $this->ldapEntryProvisionServerOptions['none'] = t('None');
80

    
81
  }
82

    
83

    
84
/**
85
 * generate admin form for ldapUserConf object
86
 *
87
 * @return array $form as drupal form api form array
88
 */
89
  public function drupalForm() {
90
    if (count($this->drupalAcctProvisionServerOptions) == 0) {
91
      $message = ldap_servers_no_enabled_servers_msg('configure LDAP User');
92
      $form['intro'] = array(
93
        '#type' => 'item',
94
        '#markup' => t('<h1>LDAP User Settings</h1>') . $message,
95
      );
96
      return $form;
97
    }
98
    $form['#storage'] = array();
99
    $form['#theme'] = 'ldap_user_conf_form';
100

    
101
    $form['intro'] = array(
102
      '#type' => 'item',
103
      '#markup' => t('<h1>LDAP User Settings</h1>'),
104
    );
105

    
106
    $form['manual_drupal_account_editing'] = array(
107
      '#type' => 'fieldset',
108
      '#title' => t('Manual Drupal Account Creation and Updates'),
109
      '#collapsible' => TRUE,
110
      '#collapsed' => FALSE,
111
    );
112

    
113
    $form['manual_drupal_account_editing']['manualAccountConflict'] = array(
114
      '#type' => 'radios',
115
      '#options' => $this->manualAccountConflictOptions,
116
      '#title' => t('How to resolve LDAP conflicts with manually  created Drupal accounts.'),
117
      '#description' => t('This applies only to accounts created manually through admin/people/create
118
        for which an LDAP entry can be found on the LDAP server selected in "LDAP Servers Providing Provisioning Data"'),
119
      '#default_value' => $this->manualAccountConflict,
120
    );
121

    
122
    $form['basic_to_drupal'] = array(
123
      '#type' => 'fieldset',
124
      '#title' => t('Basic Provisioning to Drupal Account Settings'),
125
      '#collapsible' => TRUE,
126
      '#collapsed' => FALSE,
127
    );
128

    
129
    $default_value = ($this->drupalAcctProvisionServer) ? $this->drupalAcctProvisionServer : 'none';
130
    $form['basic_to_drupal']['drupalAcctProvisionServer'] = array(
131
      '#type' => 'radios',
132
      '#title' => t('LDAP Servers Providing Provisioning Data'),
133
      '#required' => 1,
134
      '#default_value' => $default_value,
135
      '#options' => $this->drupalAcctProvisionServerOptions,
136
      '#description' => $this->drupalAcctProvisionServerDescription,
137
      '#states' => array(
138
        'enabled' => array(   // action to take.
139
          ':input[name=drupalAcctProvisionTriggers]' => array('value' => LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE),
140
        ),
141
      ),
142
    );
143

    
144

    
145
    $form['basic_to_drupal']['drupalAcctProvisionTriggers'] = array(
146
      '#type' => 'checkboxes',
147
      '#title' => t('Drupal Account Provisioning Events'),
148
      '#required' => FALSE,
149
      '#default_value' => $this->drupalAcctProvisionTriggers,
150
      '#options' => $this->drupalAccountProvisionEventsOptions,
151
      '#description' => $this->drupalAccountProvisionEventsDescription,
152
    );
153

    
154
    $form['basic_to_drupal']['disableAdminPasswordField'] = array(
155
      '#type' => 'checkbox',
156
      '#title' => t('Disable the password fields at /admin/create/people since the password is going to be randomly generated anyway. This is useful if you are synching data to Drupal from LDAP, and not bringing the user password from LDAP.'),
157
      '#default_value' => $this->disableAdminPasswordField,
158
    );
159

    
160
    $form['basic_to_drupal']['userConflictResolve'] = array(
161
      '#type' => 'radios',
162
      '#title' => t('Existing Drupal User Account Conflict'),
163
      '#required' => 1,
164
      '#default_value' => $this->userConflictResolve,
165
      '#options' => $this->userConflictOptions,
166
      '#description' => t( $this->userConflictResolveDescription),
167
    );
168

    
169
    $form['basic_to_drupal']['accountsWithSameEmail'] = array(
170
      '#type' => 'radios',
171
      '#title' => t('Existing Account with Same Email Address'),
172
      '#default_value' => $this->accountsWithSameEmail,
173
      '#options' => $this->accountsWithSameEmailOptions,
174
      '#description' => t($this->accountsWithSameEmailDescription),
175
      '#disabled' => (module_exists('sharedemail') === FALSE),
176
    );
177

    
178
    $form['basic_to_drupal']['acctCreation'] = array(
179
      '#type' => 'radios',
180
      '#title' => t('Application of Drupal Account settings to LDAP Authenticated Users'),
181
      '#required' => 1,
182
      '#default_value' => $this->acctCreation,
183
      '#options' => $this->acctCreationOptions,
184
      '#description' => t($this->acctCreationDescription),
185
    );
186

    
187
    $account_options = array();
188
    $account_options['ldap_user_orphan_do_not_check'] = t('Do not check for orphaned Drupal accounts.');
189
    $account_options['ldap_user_orphan_email'] = t('Perform no action, but email list of orphaned accounts. (All the other options will send email summaries also.)');
190
    foreach (user_cancel_methods() as $option_name => $option) {
191
      $account_options[$option_name] = $option['#title'];
192
    }
193

    
194
    //@todo these 2 options are removed until this feature is better tested in
195
    // actual production environments; it has potentially disastrous effects
196
    unset($account_options['user_cancel_reassign']);
197
    unset($account_options['user_cancel_delete']);
198

    
199
    $form['basic_to_drupal']['orphanedDrupalAcctBehavior'] = array(
200
      '#type' => 'radios',
201
      '#title' => t('Action to perform on Drupal account that no longer have a
202
        corresponding LDAP entry'),
203
      '#required' => 0,
204
      '#default_value' => $this->orphanedDrupalAcctBehavior,
205
      '#options' => $account_options,
206
      '#description' => t($this->orphanedDrupalAcctBehaviorDescription),
207
    );
208

    
209

    
210
    $form['basic_to_drupal']['orphanedCheckQty'] = array(
211
      '#type' => 'textfield',
212
      '#size' => 10,
213
      '#title' => t('Number of users to check each cron run.'),
214
      '#description' => t(''),
215
      '#default_value' => $this->orphanedCheckQty,
216
      '#required' => FALSE,
217
    );
218

    
219

    
220
    $form['basic_to_ldap'] = array(
221
      '#type' => 'fieldset',
222
      '#title' => t('Basic Provisioning to LDAP Settings'),
223
      '#collapsible' => TRUE,
224
      '#collapsed' => !($this->ldapEntryProvisionServer),
225
    );
226

    
227
    $default_value = ($this->ldapEntryProvisionServer) ? $this->ldapEntryProvisionServer : 'none';
228
    $form['basic_to_ldap']['ldapEntryProvisionServer'] = array(
229
      '#type' => 'radios',
230
      '#title' => t('LDAP Servers to Provision LDAP Entries on'),
231
      '#required' => 1,
232
      '#default_value' => $default_value,
233
      '#options' => $this->ldapEntryProvisionServerOptions,
234
      '#description' => $this->ldapEntryProvisionServerDescription,
235
    );
236

    
237
    $form['basic_to_ldap']['ldapEntryProvisionTriggers'] = array(
238
      '#type' => 'checkboxes',
239
      '#title' => t('LDAP Entry Provisioning Events'),
240
      '#required' => FALSE,
241
      '#default_value' => $this->ldapEntryProvisionTriggers,
242
      '#options' => $this->ldapEntryProvisionTriggersOptions,
243
      '#description' => $this->ldapEntryProvisionTriggersDescription
244
    );
245

    
246
/**
247
    $form['ws'] = array(
248
      '#type' => 'fieldset',
249
      '#title' => t('[Untested and Unfinished Code] REST Webservice for Provisioning and Synching.'),
250
      '#collapsible' => TRUE,
251
      '#collapsed' => !$this->wsEnabled,
252
      '#description' => t('Once configured, this webservice can be used to trigger creation, synching, deletion, etc of an LDAP associated Drupal account.'),
253
    );
254

255
    $form['ws']['wsEnabled'] = array(
256
      '#type' => 'checkbox',
257
      '#title' => t('Enable REST Webservice'),
258
      '#required' => FALSE,
259
      '#default_value' => $this->wsEnabled,
260
    );
261

262
    $form['ws']['wsUserIps'] = array(
263
      '#type' => 'textarea',
264
      '#title' => t('Allowed IP Addresses to request webservice.'),
265
      '#required' => FALSE,
266
      '#default_value' => join("\n", $this->wsUserIps),
267
      '#description' => t('One Per Line. The current server address is LOCAL_ADDR and the client ip requesting this page is REMOTE_ADDR .', $_SERVER),
268
      '#cols' => 20,
269
      '#rows' => 2,
270
      '#states' => array(
271
        'visible' => array(   // action to take.
272
          ':input[name="wsEnabled"]' => array('checked' => TRUE),
273
        ),
274
      ),
275
    );
276

277
    if (!$this->wsKey) {
278
      $urls = t('URLs are not available until a key is create a key and urls will be generated');
279
    }
280
    else {
281
      $urls = theme('item_list',
282
        array(
283
          'items' => ldap_user_ws_urls_item_list(),
284
          'title' => 'REST urls',
285
          'type' => 'ul',
286
        ));
287
    }
288

289
    $form['ws']['wsKey'] = array(
290
      '#type' => 'textfield',
291
      '#title' => t('Key for webservice'),
292
      '#required' => FALSE,
293
      '#default_value' => $this->wsKey,
294
      '#description' => t('Any random string of characters.') . $urls,
295
      '#states' => array(
296
        'visible' => array(   // action to take.
297
          ':input[name="wsEnabled"]' => array('checked' => TRUE),
298
        ),
299
      ),
300
    );
301
*/
302

    
303
    $form['basic_to_drupal']['server_mapping_preamble'] = array(
304
      '#type' => 'markup',
305
      '#markup' => t('
306
The relationship between a Drupal user and an LDAP entry is defined within the LDAP server configurations.
307

308

309
The mappings below are for user fields, properties, and profile2 data that are not automatically mapped elsewhere.
310
Mappings such as username or email address that are configured elsewhere are shown at the top for clarity.
311
When more than one ldap server is enabled for provisioning data (or simply more than one configuration for the same ldap server),
312
mappings need to be setup for each server.  If no tables are listed below, you have not enabled any provisioning servers at
313
the top of this form.
314
'),
315
    );
316

    
317
    foreach (array(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) as $direction) {
318
      $sid = $this->provisionSidFromDirection[$direction];
319
      $ldap_server = ($sid) ? ldap_servers_get_servers($sid, NULL, TRUE) : FALSE;
320
      $ldap_server_selected = (boolean)$ldap_server;
321

    
322
      if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
323
        $parent_fieldset = 'basic_to_drupal';
324
        $description =  t('Provisioning from LDAP to Drupal Mappings:');
325
      }
326
      elseif ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
327
        $parent_fieldset = 'basic_to_ldap';
328
        $description =   t('Provisioning from Drupal to LDAP Mappings:');
329
      }
330

    
331
      $form[$parent_fieldset]['mappings__' . $direction] = array(
332
        '#type' => 'fieldset',
333
        '#title' =>  $description,
334
        '#collapsible' => TRUE,
335
        '#collapsed' => FALSE,
336
        '#description' => '',
337
        'table__' . $direction => array(
338
          '#type' => 'markup',
339
          '#markup' => '[replace_with_table__' . $direction . ']',
340
        ),
341
      );
342

    
343

    
344
$password_notes = '<h3>' . t('Password Tokens') . '</h3><ul>' .
345
'<li>' . t('Pwd: Random -- Uses a random Drupal generated password') . '</li>' .
346
'<li>' . t('Pwd: User or Random -- Uses password supplied on user forms.
347
  If none available uses random password.') . '</li></ul>' .
348
'<h3>' . t('Password Concerns') . '</h3>' .
349
'<ul>' .
350
'<li>' . t('Provisioning passwords to LDAP means passwords must meet the LDAP\'s
351
password requirements.  Password Policy module can be used to add requirements.') . '</li>' .
352
'<li>' . t('Some LDAPs require a user to reset their password if it has been changed
353
by someone other that user.  Consider this when provisioning LDAP passwords.') . '</li>' .
354
'</ul></p>';
355

    
356

    
357
      $source_drupal_token_notes = <<<EOT
358
<p>Examples in form: Source Drupal User token => Target LDAP Token (notes)</p>
359
<ul>
360
<li>Source Drupal User token => Target LDAP Token</li>
361
<li>cn=[property.name],ou=test,dc=ad,dc=mycollege,dc=edu => [dn] (example of token and constants)</li>
362
<li>top => [objectclass:0] (example of constants mapped to multivalued attribute)</li>
363
<li>person => [objectclass:1] (example of constants mapped to multivalued attribute)</li>
364
<li>organizationalPerson => [objectclass:2] (example of constants mapped to multivalued attribute)</li>
365
<li>user => [objectclass:3] (example of constants mapped to multivalued attribute)</li>
366
<li>Drupal Provisioned LDAP Account => [description] (example of constant)</li>
367
<li>[field.field_lname] => [sn]</li>
368

369
</ul>
370
EOT;
371

    
372
      if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { // add some password notes
373
        $form[$parent_fieldset]['password_notes'] = array(
374
          '#type' => 'fieldset',
375
          '#title' =>  t('Password Notes'),
376
          '#collapsible' => TRUE,
377
          '#collapsed' => TRUE,
378
          'directions' => array(
379
            '#type' => 'markup',
380
            '#markup' => $password_notes,
381
          ),
382
        );
383
        $form[$parent_fieldset]['source_drupal_token_notes'] = array(
384
          '#type' => 'fieldset',
385
          '#title' =>  t('Source Drupal User Tokens and Corresponding Target LDAP Tokens'),
386
          '#collapsible' => TRUE,
387
          '#collapsed' => TRUE,
388
          'directions' => array(
389
            '#type' => 'markup',
390
            '#markup' => $source_drupal_token_notes,
391
          ),
392
        );
393
      }
394
      $this->addServerMappingFields($form, $direction);
395
    }
396

    
397
    foreach (array('orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'accountsWithSameEmail', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) as $input_name) {
398
      $form['basic_to_drupal'][$input_name]['#states']['invisible'] =
399
        array(
400
          ':input[name=drupalAcctProvisionServer]' => array('value' => 'none'),
401
        );
402
    }
403

    
404
    foreach (array('ldapEntryProvisionTriggers', 'password_notes', 'source_drupal_token_notes', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) as $input_name) {
405
      $form['basic_to_ldap'][$input_name]['#states']['invisible'] =
406
        array(
407
          ':input[name=ldapEntryProvisionServer]' => array('value' => 'none'),
408
        );
409
    }
410

    
411
    $form['submit'] = array(
412
      '#type' => 'submit',
413
      '#value' => 'Save',
414
    );
415

    
416
  return $form;
417
}
418

    
419

    
420

    
421
/**
422
 * validate submitted form
423
 *
424
 * @param array $values as $form_state['values'] from drupal form api
425
 * @param array $storage as $form_state['storage'] from drupal form api
426
 *
427
 * @return array in form array($errors, $warnings)to be thrown by form api
428
 */
429
  public function drupalFormValidate($values, $storage)  {
430
    $this->populateFromDrupalForm($values, $storage);
431
    list($errors, $warnings) = $this->validate($values);
432

    
433
    // since failed mapping rows in form, don't populate ->ldapUserSynchMappings, need to validate these from values
434
    foreach ($values as $field => $value) {
435
      $parts = explode('__', $field);
436
      // since synch mapping fields are in n-tuples, process entire n-tuple at once (on field == configurable_to_drupal)
437
      if (count($parts) != 4 || $parts[1] !== 'sm' || $parts[2] != 'configurable_to_drupal') {
438
        continue;
439
      }
440
      list($direction, $discard, $column_name, $i) = $parts;
441
      $action = $storage['synch_mapping_fields'][$direction][$i]['action'];
442
      $tokens = array();
443
      $row_mappings = array();
444
      foreach (array('remove', 'configurable_to_drupal', 'configurable_to_ldap', 'convert', 'direction', 'ldap_attr', 'user_attr', 'user_tokens') as $column_name) {
445
        $input_name = join('__', array('sm', $column_name, $i));
446
        $row_mappings[$column_name] = isset($values[$input_name]) ? $values[$input_name] : NULL;
447
      }
448

    
449
      $has_values = $row_mappings['ldap_attr'] || $row_mappings['user_attr'];
450
      if ($has_values) {
451
        $tokens['%ldap_attr'] = $row_mappings['ldap_attr'];
452
        $row_descriptor = t("server %sid row mapping to ldap attribute %ldap_attr", $tokens);
453
        $tokens['!row_descriptor'] = $row_descriptor;
454
        if (!$row_mappings['direction']) {
455
          $input_name = join('__', array('sm', 'direction', $i));
456
          $errors[$input_name] = t('No mapping direction given in !row_descriptor', $tokens);
457
        }
458
        if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER && $row_mappings['user_attr'] == 'user_tokens') {
459
          $input_name = join('__', array('sm', 'user_attr', $i));
460
          $errors[$input_name] =  t('User tokens not allowed when mapping to Drupal user.  Location: !row_descriptor', $tokens);
461
        }
462
        if (!$row_mappings['ldap_attr']) {
463
          $input_name = join('__', array('sm', 'ldap_attr', $i));
464
          $errors[$input_name] = t('No ldap attribute given in !row_descriptor', $tokens);
465
        }
466
        if (!$row_mappings['user_attr']) {
467
          $input_name = join('__', array('sm', 'user_attr', $i));
468
          $errors[$input_name] = t('No user attribute given in !row_descriptor', $tokens);
469
        }
470
      }
471

    
472
    }
473
    return array($errors, $warnings);
474
  }
475

    
476
/**
477
 * validate object, not form
478
 * @param array $values as $form_state['values'] from drupal form api
479
 * @return array in form array($errors, $warnings)to be thrown by form api
480
 *
481
 * @todo validate that a user field exists, such as field.field_user_lname
482
 *
483
 */
484
  public function validate($values) {
485
    $errors = array();
486
    $warnings = array();
487
    $tokens = array();
488

    
489
    $has_drupal_acct_prov_servers  = (boolean)($this->drupalAcctProvisionServer);
490
    $has_drupal_acct_prov_settings_options  = (count(array_filter($this->drupalAcctProvisionTriggers)) > 0);
491

    
492
    if (!$has_drupal_acct_prov_servers && $has_drupal_acct_prov_settings_options) {
493
      $warnings['drupalAcctProvisionServer'] =  t('No Servers are enabled to provide provisioning to Drupal, but Drupal Account Provisioning Options are selected.', $tokens);
494
    }
495
    if ($has_drupal_acct_prov_servers && !$has_drupal_acct_prov_settings_options) {
496
      $warnings['drupalAcctProvisionTriggers'] =  t('Servers are enabled to provide provisioning to Drupal, but no Drupal Account Provisioning Options are selected.  This will result in no synching happening.', $tokens);
497
    }
498

    
499
    $has_ldap_prov_servers = (boolean)($this->ldapEntryProvisionServer);
500
    $has_ldap_prov_settings_options = (count(array_filter($this->ldapEntryProvisionTriggers)) > 0);
501
    if (!$has_ldap_prov_servers && $has_ldap_prov_settings_options) {
502
      $warnings['ldapEntryProvisionServer'] =  t('No Servers are enabled to provide provisioning to ldap, but LDAP Entry Options are selected.', $tokens);
503
    }
504
    if ($has_ldap_prov_servers && !$has_ldap_prov_settings_options) {
505
      $warnings['ldapEntryProvisionTriggers'] =  t('Servers are enabled to provide provisioning to ldap, but no LDAP Entry Options are selected.  This will result in no synching happening.', $tokens);
506
    }
507

    
508
    if (isset($this->ldapUserSynchMappings)) {
509
      $to_ldap_entries_mappings_exist = FALSE;
510
      foreach ($this->ldapUserSynchMappings as $synch_direction => $mappings) {
511
        $map_index = array();
512
        $tokens = array(); // array('%sid' => $sid);
513
        $to_drupal_user_mappings_exist = FALSE;
514
        $to_ldap_entries_mappings_exist = FALSE;
515

    
516
        foreach ($mappings as $target_attr => $mapping) {
517
          if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
518
            $attr_value = $mapping['user_attr'];
519
            $attr_name = 'user_attr';
520
          }
521
          if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
522
            $attr_value = $mapping['ldap_attr'];
523
            $attr_name = 'ldap_attr';
524
          }
525
          foreach ($values as $field => $value) {
526
            $parts = explode('__', $field);
527
            if (count($parts) == 4 && $parts[2] == $attr_name && $value == $attr_value) {
528
              $map_index[$attr_value] = $parts[3];
529
            }
530
          }
531
        }
532

    
533
        foreach ($mappings as $target_attr => $mapping) {
534
          foreach ($mapping as $key => $value) {
535
            if (is_scalar($value)) {
536
              $tokens['%' . $key] = $value;
537
            }
538
          }
539
          $row_descriptor = t("server %sid row mapping to ldap attribute %ldap_attr", $tokens);
540
          $tokens['!row_descriptor'] = $row_descriptor;
541
          $ldap_attribute_maps_in_token = array();
542
          ldap_servers_token_extract_attributes($ldap_attribute_maps_in_token, $mapping['ldap_attr']);
543

    
544
          if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
545
            $row_id = $map_index[$mapping['user_attr']];
546
            $to_drupal_user_mappings_exist = TRUE;
547
          //  if (!$is_drupal_user_prov_server) {
548
           //   $errors['mappings__'. $sid] =  t('Mapping rows exist for provisioning to drupal user, but server %sid is not enabled for provisioning
549
            //    to drupal users.', $tokens);
550
          //  }
551
          }
552
          if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
553
            $row_id = $map_index[$mapping['ldap_attr']];
554
            $to_ldap_entries_mappings_exist = TRUE;
555
           // if (!$is_ldap_entry_prov_server) {
556
            //  $errors['mappings__'. $sid] =  t('Mapping rows exist for provisioning to ldap entries,
557
            //    but server %sid is not enabled for provisioning
558
             //   to ldap entries.', $tokens);
559
           // }
560

    
561
            if (count(array_keys($ldap_attribute_maps_in_token)) != 1) {
562
              $token_field_id = join('__', array('sm', 'user_tokens', $row_id));
563
              $errors[$token_field_id] =  t('When provisioning to ldap, ldap attribute column must be singular token such as [cn]. %ldap_attr is not.
564
                Do not use compound tokens such as "[displayName] [sn]" or literals such as "physics". Location: !row_descriptor', $tokens);
565
            }
566

    
567
          }
568
          $ldap_attr_field_id = join('__', array('sm', 'ldap_attr', $row_id));
569
          $user_attr_field_id = join('__', array('sm', 'user_attr', $row_id));
570
          $first_context_field_id = join('__', array('sm', 1, $row_id));
571
          $user_tokens_field_id = join('__', array('sm', 'user_tokens', $row_id));
572

    
573
          if (!$mapping['ldap_attr']) {
574
            $errors[$ldap_attr_field_id] =  t('No LDAP Attribute given in !row_descriptor', $tokens);
575
          }
576
          if ($mapping['user_attr'] == 'user_tokens' && !$mapping['user_tokens']) {
577
            $errors[$user_tokens_field_id] =  t('User tokens selected in !row_descriptor, but user tokens column empty.', $tokens);
578
          }
579

    
580
          if (isset($mapping['prov_events']) && count($mapping['prov_events']) == 0) {
581
            $warnings[$first_context_field_id] =  t('No synchronization events checked in !row_descriptor.
582
              This field will not be synchronized until some are checked.', $tokens);
583
          }
584
        }
585
      }
586
      if ($to_ldap_entries_mappings_exist && !isset($mappings['[dn]'])) {
587
        $errors['mappings__' . $synch_direction] =  t('Mapping rows exist for provisioning to ldap, but no ldap attribute is targetted for [dn].
588
          One row must map to [dn].  This row will have a user token like cn=[property.name],ou=users,dc=ldap,dc=mycompany,dc=com');
589
      }
590
    }
591
    return array($errors, $warnings);
592
  }
593

    
594
  /**
595
   * populate object with data from form values
596
   *
597
   * @param array $values as $form_state['values'] from drupal form api
598
   * @param array $storage as $form_state['storage'] from drupal form api
599
   */
600
  protected function populateFromDrupalForm($values, $storage) {
601
    $this->drupalAcctProvisionServer = ($values['drupalAcctProvisionServer'] == 'none') ? 0 : $values['drupalAcctProvisionServer'];
602
    $this->ldapEntryProvisionServer = ($values['ldapEntryProvisionServer']  == 'none') ? 0 : $values['ldapEntryProvisionServer'];
603

    
604
    $this->drupalAcctProvisionTriggers = $values['drupalAcctProvisionTriggers'];
605
    $this->ldapEntryProvisionTriggers = $values['ldapEntryProvisionTriggers'];
606
    $this->orphanedDrupalAcctBehavior = $values['orphanedDrupalAcctBehavior'];
607
    $this->orphanedCheckQty = $values['orphanedCheckQty'];
608

    
609
    $this->manualAccountConflict = $values['manualAccountConflict'];
610
    $this->userConflictResolve  = ($values['userConflictResolve']) ? (int)$values['userConflictResolve'] : NULL;
611
    $this->accountsWithSameEmail = ($values['accountsWithSameEmail']) ? (int)$values['accountsWithSameEmail'] : NULL;
612
    $this->acctCreation  = ($values['acctCreation']) ? (int)$values['acctCreation'] : NULL;
613
    $this->disableAdminPasswordField = $values['disableAdminPasswordField'];
614
   // $this->wsKey  = ($values['wsKey']) ? $values['wsKey'] : NULL;
615

    
616
   // $this->wsUserIps  = ($values['wsUserIps']) ? explode("\n", $values['wsUserIps']) : array();
617
  //  foreach ($this->wsUserIps as $i => $ip) {
618
  //    $this->wsUserIps[$i] = trim($ip);
619
  //  }
620
   // $this->wsEnabled  = ($values['wsEnabled']) ? (int)$values['wsEnabled'] : 0;
621

    
622
    $this->ldapUserSynchMappings = $this->synchMappingsFromForm($values, $storage);
623

    
624
  }
625

    
626

    
627

    
628
/**
629
 *  Extract synch mappings array from mapping table in admin form.
630
 *
631
 * @param array $values as $form_state['values'] from drupal form api
632
 * @param array $storage as $form_state['storage'] from drupal form api
633
 *
634
 * $values input names in form:
635
 *   1__sm__configurable__5,
636
 *   1__sm__remove__5,
637
 *   1__sm__ldap_attr__5,
638
 *   1__sm__convert__5,
639
 *   1__sm__direction__5,
640
 *   1__sm__user_attr__5,
641
 *   1__sm__user_tokens__5
642
 *   1__sm__1__5,
643
 *   1__sm__2__5,
644
    ...where
645
      -- first arg is direction, eg 1 or 2 LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY
646
      -- second arg is discarded ('sm')
647
      -- third part is field, e.g. user_attr
648
      -- fourth is the row in the configuration form, e.g. 5
649

650
   where additiond data is in $form['#storage'][<direction>]['synch_mapping_fields'][N]
651
    $form['#storage']['synch_mapping_fields'][<direction>][N] = array(
652
      'sid' => $sid,
653
      'action' => 'add',
654
    );
655
 */
656
  private function synchMappingsFromForm($values, $storage) {
657

    
658
    $mappings = array();
659
    foreach ($values as $field => $value) {
660

    
661
      $parts = explode('__', $field);
662
      // since synch mapping fields are in n-tuples, process entire n-tuple at once
663
      if (count($parts) != 4 || $parts[1] !== 'sm') {
664
        continue;
665
      }
666

    
667
      list($direction, $discard, $column_name, $i) = $parts;
668
      $action = $storage['synch_mapping_fields'][$direction][$i]['action'];
669

    
670
      $row_mappings = array();
671
      foreach (array('remove', 'configurable_to_drupal', 'configurable_to_ldap', 'convert', 'ldap_attr', 'user_attr', 'user_tokens') as $column_name) {
672
        $input_name = join('__', array($direction, 'sm', $column_name, $i));
673
        $row_mappings[$column_name] = isset($values[$input_name]) ? $values[$input_name] : NULL;
674
      }
675

    
676
      if ($row_mappings['remove']) {
677
        continue;
678
      }
679

    
680
      $key = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? $row_mappings['user_attr'] : $row_mappings['ldap_attr'];
681
      if ($row_mappings['configurable_to_drupal'] && $row_mappings['ldap_attr'] && $row_mappings['user_attr']) {
682
        $mappings[$direction][$key] = array(
683
          'ldap_attr' => $row_mappings['ldap_attr'],
684
          'user_attr' => $row_mappings['user_attr'],
685
          'convert' => $row_mappings['convert'],
686
          'direction' => $direction,
687
          'user_tokens' => $row_mappings['user_tokens'],
688
          'config_module' => 'ldap_user',
689
          'prov_module' => 'ldap_user',
690
          'enabled' => 1,
691
          );
692

    
693
        $synchEvents = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? $this->provisionsDrupalEvents : $this->provisionsLdapEvents;
694
        foreach ($synchEvents as $prov_event => $discard) {
695
          $input_name = join('__', array($direction, 'sm', $prov_event, $i));
696
          if (isset($values[$input_name]) && $values[$input_name]) {
697
            $mappings[$direction][$key]['prov_events'][] = $prov_event;
698
          }
699
        }
700
      }
701
    }
702

    
703
    return $mappings;
704
  }
705

    
706
  /**
707
   * method to respond to successfully validated form submit.
708
   *
709
   * @param array $values as $form_state['values'] from drupal form api
710
   * @param array $storage as $form_state['storage'] from drupal form api
711
   *
712
   * @return by reference to $form array
713
   */
714
  public function drupalFormSubmit($values, $storage) {
715

    
716
    $this->populateFromDrupalForm($values, $storage);
717

    
718
    try {
719
      $save_result = $this->save();
720
    }
721
    catch (Exception $e) {
722
      $this->errorName = 'Save Error';
723
      $this->errorMsg = t('Failed to save object.  Your form data was not saved.');
724
      $this->hasError = TRUE;
725
    }
726

    
727
  }
728

    
729
  /**
730
   * add existing mappings to ldap user provisioning mapping admin form table
731
   *
732
   * @param drupal form array $form
733
   * @param enum $direction LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY
734
   *
735
   * @return by reference to $form array
736
   */
737

    
738
  private function addServerMappingFields(&$form, $direction) {
739

    
740
    if ($direction == LDAP_USER_PROV_DIRECTION_NONE) {
741
      return;
742
    }
743

    
744
    $text = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 'target' : 'source';
745
    $user_attr_options = array('0' => t('Select') . ' ' . $text);
746

    
747
    if (!empty($this->synchMapping[$direction])) {
748
      foreach ($this->synchMapping[$direction] as $target_id => $mapping) {
749
        if (!isset($mapping['name']) || isset($mapping['exclude_from_mapping_ui']) && $mapping['exclude_from_mapping_ui']) {
750
          continue;
751
        }
752
        if (
753
          (isset($mapping['configurable_to_drupal']) && $mapping['configurable_to_drupal'] && $direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER)
754
          ||
755
          (isset($mapping['configurable_to_ldap']) && $mapping['configurable_to_ldap']  && $direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY)
756
          ) {
757
          $user_attr_options[$target_id] = substr($target_id, 1, -1);
758
        }
759
      }
760
    }
761

    
762
    if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
763
      $user_attr_options['user_tokens'] = '-- user tokens --';
764
    }
765

    
766
    $row = 0;
767

    
768
    // 1. non configurable mapping rows
769
    foreach ($this->synchMapping[$direction] as $target_id => $mapping) {
770
      if (isset($mapping['exclude_from_mapping_ui']) && $mapping['exclude_from_mapping_ui']) {
771
        continue;
772
      }
773
      if ( !$this->isMappingConfigurable($mapping, 'ldap_user') && ($mapping['direction'] == $direction || $mapping['direction'] == LDAP_USER_PROV_DIRECTION_ALL)) { // is configurable by ldap_user module (not direction to ldap_user)
774
        $this->addSynchFormRow($form, 'nonconfigurable', $direction, $mapping, $user_attr_options, $row);
775
        $row++;
776
      }
777
    }
778

    
779
    // 2. existing configurable mappings rows
780
    if (!empty($this->ldapUserSynchMappings[$direction])) {
781
      foreach ($this->ldapUserSynchMappings[$direction] as $target_attr_token => $mapping) {  // key could be ldap attribute name or user attribute name
782
        if (isset($mapping['enabled']) && $mapping['enabled'] && $this->isMappingConfigurable($this->synchMapping[$direction][$target_attr_token], 'ldap_user')) {
783
          $this->addSynchFormRow($form, 'update', $direction, $mapping, $user_attr_options, $row);
784
          $row++;
785
        }
786
      }
787
    }
788

    
789
    // 3. leave 4 rows for adding more mappings
790
    for ($i=0; $i<4; $i++) {
791
      $this->addSynchFormRow($form, 'add', $direction, NULL, $user_attr_options, $row);
792
      $row++;
793
    }
794

    
795
  }
796

    
797
  /**
798
   * add mapping form row to ldap user provisioning mapping admin form table
799
   *
800
   * @param drupal form array $form
801
   * @param string $action is 'add', 'update', or 'nonconfigurable'
802
   * @param enum $direction LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER or LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY
803
   * @param array $mapping is current setting for updates or nonconfigurable items
804
   * @param array $user_attr_options of drupal user target options
805
   * @param int $row is current row in table
806

807
   *
808
   * @return by reference to $form
809
   */
810
  private function addSynchFormRow(&$form, $action, $direction, $mapping, $user_attr_options, $row) {
811

    
812
    $id_prefix = $direction . '__';
813

    
814
    $id = $id_prefix . 'sm__remove__' . $row;
815
    $form[$id] = array(
816
      '#id' => $id,
817
      '#row' => $row,
818
      '#col' => 0,
819
      '#type' => 'checkbox',
820
      '#default_value' => NULL,
821
      '#disabled' => ($action == 'add' || $action == 'nonconfigurable'),
822
    );
823

    
824
    $id =  $id_prefix . 'sm__convert__' . $row;
825
    $form[$id] = array(
826
      '#id' => $id,
827
      '#row' => $row,
828
      '#col' => ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 2 : 3,
829
      '#type' => 'checkbox',
830
      '#default_value' =>  isset($mapping['convert']) ? $mapping['convert'] : '',
831
      '#disabled' => ($action == 'nonconfigurable'),
832
      '#attributes' => array('class' => array('convert')),
833
    );
834

    
835
    $id =  $id_prefix . 'sm__ldap_attr__' . $row;
836
    $col = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 1 : 4;
837
    if ($action == 'nonconfigurable') {
838
      $form[$id] = array(
839
        '#id' => $id,
840
        '#row' => $row,
841
        '#col' => $col,
842
        '#type' => 'item',
843
        '#markup' => isset($mapping['source']) ? $mapping['source'] : '?',
844
        '#attributes' => array('class' => array('source')),
845
      );
846
    }
847
    else {
848
      $form[$id] = array(
849
        '#id' => $id,
850
        '#row' => $row,
851
        '#col' => $col,
852
        '#type' => 'textfield',
853
        '#default_value' => isset($mapping['ldap_attr']) ? $mapping['ldap_attr'] : '',
854
        '#size' => 20,
855
        '#maxlength' => 255,
856
        '#attributes' => array('class' => array('ldap-attr')),
857
      );
858
    }
859

    
860
    $user_attr_input_id =  $id_prefix . 'sm__user_attr__' . $row;
861
    $col = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 3 : 1;
862
    if ($action == 'nonconfigurable') {
863
      $form[$user_attr_input_id] = array(
864
        '#id' => $user_attr_input_id,
865
        '#row' => $row,
866
        '#col' => $col,
867
        '#type' => 'item',
868
        '#markup' => isset($mapping['name']) ? $mapping['name'] : '?',
869
      );
870
    }
871
    else {
872
      $form[$user_attr_input_id] = array(
873
        '#id' => $user_attr_input_id,
874
        '#row' => $row,
875
        '#col' => $col,
876
        '#type' => 'select',
877
        '#default_value' => isset($mapping['user_attr']) ? $mapping['user_attr'] : '',
878
        '#options' => $user_attr_options,
879
      );
880
    }
881

    
882
    if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
883
      $id =  $id_prefix . 'sm__user_tokens__' . $row;
884
      $form[$id] = array(
885
        '#id' => $id,
886
        '#row' => $row,
887
        '#col' =>  2,
888
        '#type' => 'textfield',
889
        '#default_value' => isset($mapping['user_tokens']) ? $mapping['user_tokens'] : '',
890
        '#size' => 40,
891
        '#maxlength' => 255,
892
        '#disabled' => ($action == 'nonconfigurable'),
893
        '#states' => array(
894
          'visible' => array(   // action to take.
895
            ':input[name="' . $user_attr_input_id . '"]' => array('value' => 'user_tokens'),
896
          )
897
        ),
898
        '#attributes' => array('class' => array('tokens')),
899
      );
900
    }
901

    
902
    $form['#storage']['synch_mapping_fields'][$direction][$row] = array(
903
      'action' => $action,
904
      'direction' => $direction,
905
    );
906

    
907
    $id = $id_prefix . 'sm__configurable_to_drupal__' . $row;
908
    $form[$id] = array(
909
      '#id' => $id,
910
      '#type' => 'hidden',
911
      '#default_value' => ($action != 'nonconfigurable'),
912
    );
913

    
914

    
915
    $col = ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) ? 5 : 4;
916
    $synchEvents = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? $this->provisionsDrupalEvents : $this->provisionsLdapEvents;
917

    
918
    foreach ($synchEvents as $prov_event => $prov_event_name) {
919
      $col++;
920
      $id =  $id_prefix . join('__', array('sm', $prov_event, $row));
921
      $form[$id] = array(
922
        '#id' => $id ,
923
        '#type' => 'checkbox',
924
        '#default_value' => isset($mapping['prov_events']) ? (int)(in_array($prov_event, $mapping['prov_events'])) : '',
925
        '#row' => $row,
926
        '#col' => $col,
927
        '#disabled' => (!$this->provisionEventConfigurable($prov_event, $mapping) || ($action == 'nonconfigurable')),
928
        '#attributes' => array('class' => array('synch-method')),
929
      );
930
    }
931
  }
932

    
933
  /**
934
   * Is a mapping configurable by a given module?
935
   *
936
   * @param array $mapping as mapping configuration for field, attribute, property, etc.
937
   * @param string $module machine name such as ldap_user
938
   *
939
   * @return boolean
940
   */
941
  private function isMappingConfigurable($mapping = NULL, $module = 'ldap_user') {
942
    $configurable = (
943
      (
944
        (!isset($mapping['configurable_to_drupal']) && !isset($mapping['configurable_to_ldap'])) ||
945
        (isset($mapping['configurable_to_drupal']) && $mapping['configurable_to_drupal']) ||
946
        (isset($mapping['configurable_to_ldap']) && $mapping['configurable_to_ldap'])
947
      )
948
      &&
949
      (
950
        !isset($mapping['config_module']) ||
951
        (isset($mapping['config_module']) && $mapping['config_module'] == $module)
952
      )
953
    );
954
    return $configurable;
955
  }
956

    
957

    
958
  /**
959
   * Is a particular synch method viable for a given mapping?
960
   * That is, Can it be enabled in the UI by admins?
961
   *
962
   * @param int $prov_event
963
   * @param array $mapping is array of mapping configuration.
964
   *
965
   * @return boolean
966
   */
967

    
968
  private function provisionEventConfigurable($prov_event, $mapping = NULL) {
969

    
970
    if ($mapping) {
971
      if ($prov_event == LDAP_USER_EVENT_CREATE_LDAP_ENTRY || $prov_event == LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY) {
972
        $configurable = (boolean)(!isset($mapping['configurable_to_ldap']) || $mapping['configurable_to_ldap']);
973
      }
974
      elseif ($prov_event == LDAP_USER_EVENT_CREATE_DRUPAL_USER || $prov_event == LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER) {
975
        $configurable = (boolean)(!isset($mapping['configurable_to_drupal']) || $mapping['configurable_to_drupal']);
976
      }
977
    }
978
    else {
979
      $configurable = TRUE;
980
    }
981

    
982
    return $configurable;
983
  }
984

    
985
  protected function setTranslatableProperties() {
986

    
987
    $values['drupalAcctProvisionServerDescription'] = t('Check ONE LDAP server configuration to use
988
      in provisioning Drupal users and their user fields.');
989
    $values['ldapEntryProvisionServerDescription'] = t('Check ONE LDAP server configuration to create ldap entries on.');
990

    
991
    $values['drupalAccountProvisionEventsDescription'] = t('Which user fields and properties are synched on create or synch is determined in the
992
      "Provisioning from LDAP to Drupal mappings" table below in the right two columns. If you are synching only from LDAP to Drupal, and not 
993
      retrieving the user password from LDAP into their Drupal account, a 20 character random password will be generated automatically for
994
      the user\'s Drupal account since Drupal requires a password for the "users" table. Check the watchdog at /admin/reports/dblog to
995
      confirm that a random password was generated when the user account was created.');
996

    
997
    $values['drupalAccountProvisionEventsOptions'] = array(
998
      LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE => t('Create or Synch to Drupal user on successful authentication with LDAP
999
        credentials. (Requires LDAP Authentication module).'),
1000
      LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE => t('Create or Synch to Drupal user anytime a Drupal user account
1001
        is created or updated. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind".'),
1002
      );
1003

    
1004
    $values['ldapEntryProvisionTriggersDescription'] = t('Which LDAP attributes are synched on create or synch is determined in the
1005
      "Provisioning from Drupal to LDAP mappings" table below in the right two columns.');
1006

    
1007
    $values['ldapEntryProvisionTriggersOptions'] = array(
1008
      LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE => t('Create or Synch to LDAP entry when a Drupal account is created or updated.
1009
        Only applied to accounts with a status of approved.'),
1010
      LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE => t('Create or Synch to LDAP entry when a user authenticates.'),
1011
      LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE => t('Delete LDAP entry when the corresponding Drupal Account is deleted.  This only applies when the LDAP entry was provisioned by Drupal by the LDAP User module.'),
1012
      LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE => t('Provide option on admin/people/create to create corresponding LDAP Entry.'),
1013

    
1014
    );
1015

    
1016
    $values['orphanedDrupalAcctBehaviorDescription'] = t('It is highly recommended to use the "Perform no action, but email list of orphaned accounts" for some time before considering switching to "Disable the account" options.');
1017

    
1018

    
1019
    $values['manualAccountConflictOptions'] =  array(
1020
      LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT => t('Reject manual creation of Drupal accounts that conflict with LDAP Accounts. This only applies to accounts created on user logon;  Account conflicts can still be generated by manually creating users that conflict with ldap users and these users will have their data synched with LDAP data.'),
1021
      LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE => t('Associate manually created Drupal accounts with related LDAP Account if one exists.'),
1022
      LDAP_USER_MANUAL_ACCT_CONFLICT_SHOW_OPTION_ON_FORM => t('Show option on user create form to determine how account conflict is resolved.'),
1023
    );
1024

    
1025
    /**
1026
    *  Drupal Account Provisioning and Synching
1027
    */
1028
    $values['userConflictResolveDescription'] = t('What should be done if a local Drupal or other external
1029
      user account already exists with the same login name.');
1030
    $values['userConflictOptions'] = array(
1031
      LDAP_USER_CONFLICT_LOG => t('Don\'t associate Drupal account with LDAP.  Require user to use Drupal password. Log the conflict'),
1032
      LDAP_USER_CONFLICT_RESOLVE => t('Associate Drupal account with the LDAP entry.  This option
1033
      is useful for creating accounts and assigning roles before an LDAP user authenticates.'),
1034
      );
1035
    $values['accountsWithSameEmailDescription'] = t('Allows provisioning a Drupal user account from LDAP regardless of whether another Drupal user account has the same email address. This setting depends on the "sharedemail" contrib module being enabled. ');
1036
    if (!module_exists('sharedemail')) {
1037
      $values['accountsWithSameEmailDescription'] .= t('The module is not currently enabled; you must install/enable it if you want to use this setting.');
1038
    }
1039
    $values['accountsWithSameEmailOptions'] = array(
1040
      LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_DISABLED => t('Prevent provisioning a user account if an existing account has the same email address.'),
1041
      LDAP_USER_ACCOUNTS_WITH_SAME_EMAIL_ENABLED => t('Allow provisioning a user account that has the same email address as another user account.'),
1042
      );
1043
    $values['acctCreationOptions'] = array(
1044
      LDAP_USER_ACCT_CREATION_LDAP_BEHAVIOR => t('Account creation settings at
1045
        /admin/config/people/accounts/settings do not affect "LDAP Associated" Drupal accounts.'),
1046
      LDAP_USER_ACCT_CREATION_USER_SETTINGS_FOR_LDAP => t('Account creation policy
1047
         at /admin/config/people/accounts/settings applies to both Drupal and LDAP Authenticated users.
1048
         "Visitors" option automatically creates and account when they successfully LDAP authenticate.
1049
         "Admin" and "Admin with approval" do not allow user to authenticate until the account is approved.'),
1050

    
1051
      );
1052

    
1053
      foreach ($values as $property => $default_value) {
1054
        $this->$property = $default_value;
1055
      }
1056
    }
1057

    
1058
}