Project

General

Profile

Paste
Statistics
| Branch: | Revision:

root / drupal7 / sites / all / modules / ldap / ldap_user @ b42754b9

Name Size Revision Age Author Comment
  tests 59ae487e about 7 years Assos Assos Weekly update of contrib modules
LdapUserConf.class.php 50.7 KB b42754b9 almost 7 years Assos Assos Weekly update of contrib modules
LdapUserConfAdmin.class.php 44.3 KB b42754b9 almost 7 years Assos Assos Weekly update of contrib modules
README.developers.txt 5.06 KB 7547bb19 over 7 years Assos Assos Weekly update of contrib modules
README.txt 1.4 KB f7a2490e over 10 years Assos Assos git mv htmltest drupal7
TODO.txt 2.43 KB f7a2490e over 10 years Assos Assos git mv htmltest drupal7
ldap_user.admin.inc 1.41 KB f7a2490e over 10 years Assos Assos git mv htmltest drupal7
ldap_user.api.php 3 KB f7a2490e over 10 years Assos Assos git mv htmltest drupal7
ldap_user.cron.inc 6.78 KB b42754b9 almost 7 years Assos Assos Weekly update of contrib modules
ldap_user.css 131 Bytes f7a2490e over 10 years Assos Assos git mv htmltest drupal7
ldap_user.info 1.01 KB b42754b9 almost 7 years Assos Assos Weekly update of contrib modules
ldap_user.install 14.1 KB b42754b9 almost 7 years Assos Assos Weekly update of contrib modules
ldap_user.module 46.6 KB b42754b9 almost 7 years Assos Assos Weekly update of contrib modules
ldap_user.test_form.inc 8.02 KB f7a2490e over 10 years Assos Assos git mv htmltest drupal7
ldap_user.theme.inc 4.72 KB f7a2490e over 10 years Assos Assos git mv htmltest drupal7
ldap_user.ws.inc 5.68 KB f7a2490e over 10 years Assos Assos git mv htmltest drupal7

Latest revisions

# Date Author Comment
b42754b9 08/31/2017 12:06 AM Assos Assos

Weekly update of contrib modules

05237dd8 06/01/2017 12:09 AM Assos Assos

Weekly update of contrib modules

59ae487e 05/25/2017 12:10 AM Assos Assos

Weekly update of contrib modules

be58a50c 03/23/2017 12:06 AM Assos Assos

Weekly update of contrib modules

7547bb19 02/23/2017 12:12 AM Assos Assos

Weekly update of contrib modules

5136ce55 08/10/2016 10:49 PM Assos Assos

Weekly update of contrib modules

f7a2490e 02/13/2014 03:56 PM Assos Assos

git mv htmltest drupal7

View revisions

README


provisioning = creating or synching ... to drupal or to ldap

==========================================

LDAP User Data Structures in Drupal User Object

'data' =>
array (
'ldap_user' =>
array (
'init' =>
array (
'sid' => 'activedirectory1',
'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
'mail' => 'hpotter@hogwarts.edu',
),
),
'ldap_authorizations' =>
array (
'drupal_role' =>
array (
'cn=gryffindor,ou=groups,dc=hogwarts,dc=edu' =>
array (
'date_granted' => 1351194052,
),
'cn=honors students,ou=groups,dc=hogwarts,dc=edu' =>
array (
'date_granted' => 1351194052,
),
'students' =>
array (
'date_granted' => 1351194052,
),
),
),
),

'ldap_user_puid_sid' =>
array (
LANGUAGE_NONE =>
array (
0 =>
array (
'value' => 'activedirectory1',
'format' => NULL,
'safe_value' => 'activedirectory1',
),
),
),
'ldap_user_puid' =>
array (
LANGUAGE_NONE =>
array (
0 =>
array (
'value' => '101',
'format' => NULL,
'safe_value' => '101',
),
),
),
'ldap_user_puid_property' =>
array (
LANGUAGE_NONE =>
array (
0 =>
array (
'value' => 'guid',
'format' => NULL,
'safe_value' => 'guid',
),
),
),
'ldap_user_current_dn' =>
array (
LANGUAGE_NONE =>
array (
0 =>
array (
'value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
'format' => NULL,
'safe_value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
),
),
),
'ldap_user_prov_entries' =>
array (
),
'ldap_user_last_checked' =>
array (
),
'ldap_authorizations' =>
array (
),

==========================================

Rough Summary of provisioning configuration and controls

  1. configured triggers (admin/config/people/ldap/user) or configuration of other modules determine when provisioning happens.

// configurable drupal acct provision triggers
LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE
LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE
LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE

// configurable ldap entry provision triggers
LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE
LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE
LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE

  1. hook_user_* functions (and elsewere such as ldap_authentication) will check if appropriate triggers are enabled and initiate calls to ldapUserConf methods:

ldapUserConf::provisionDrupalAccount()
ldapUserConf::synchToDrupalAccount()
ldapUserConf::ldapAssociateDrupalAccount()
ldapUserConf::deleteDrupalAccount()

ldapUserConf::provisionLdapEntry()
ldapUserConf::synchToLdapEntry()
ldapUserConf::deleteProvisionedLdapEntries()

  1. to get mappings and determine which attributes are needed "ldap_contexts" and "prov_events" are passed into
    ldap_servers_get_user_ldap_data()
    ldapUserConf::drupalUserToLdapEntry()

  2. Should provisioning happen?


4.A. Server Level: Does an ldap server configuration support provisioning?
ldapUserConf::drupalAcctProvisionServer = | LDAP_USER_NO_SERVER_SID; // servers used for to drupal acct provisioning
ldapUserConf::ldapEntryProvisionServer = | LDAP_USER_NO_SERVER_SID; // servers used for provisioning to ldap

This is directly configured at config/people/ldap/user


4.B. Trigger Level: Does provisioning occur for a given trigger?
ldapUserConf::provisionEnabled($direction, $provision_trigger)

This method is based on the configuration of two sets of checkboxes at config/people/ldap/user

ldapUserConf::drupalAcctProvisionTriggers (see "LDAP Entry Provisioning Options"), contains:
LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE
LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE
LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE

ldapUserConf::ldapEntryProvisionTriggers (see "Drupal Account Provisioning Options"), contains:
LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE
LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE
LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE

@todo. A hook to allow other modules to intervene here


4.C Field Level: Does provisioning occur for a given field and ldap server for a given "prov_event" and "ldap _context"?

ldapUserConf::isSynched($field, $prov_event, $direction)

This depends on:
ldapUserConf::synchMapping[$direction][$field]['prov_events']
which is populated by various ldap and possibly other modules.

"ldap_contexts" (any module can provide its own context which is just a string)
ldap_user_insert_drupal_user
ldap_user_update_drupal_user
ldap_authentication_authenticate
ldap_user_delete_drupal_user
ldap_user_disable_drupal_user
all

"prov_events"
LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER
LDAP_USER_EVENT_CREATE_DRUPAL_USER
LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY
LDAP_USER_EVENT_CREATE_LDAP_ENTRY
LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT

Also available in: Atom