Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
| drupal7/sites/all/modules/ldap/ldap_user/LdapUserConfAdmin.class.php | ||
|---|---|---|
| 321 | 321 |
|
| 322 | 322 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
|
| 323 | 323 |
$parent_fieldset = 'basic_to_drupal'; |
| 324 |
$description = t('Provisioning from LDAP to Drupal Mappings:');
|
|
| 324 |
$description = t('Provisioning from LDAP to Drupal Mappings:');
|
|
| 325 | 325 |
} |
| 326 | 326 |
elseif ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
|
| 327 | 327 |
$parent_fieldset = 'basic_to_ldap'; |
| 328 |
$description = t('Provisioning from Drupal to LDAP Mappings:');
|
|
| 328 |
$description = t('Provisioning from Drupal to LDAP Mappings:');
|
|
| 329 | 329 |
} |
| 330 | 330 |
|
| 331 | 331 |
$form[$parent_fieldset]['mappings__' . $direction] = array( |
| 332 | 332 |
'#type' => 'fieldset', |
| 333 |
'#title' => $description,
|
|
| 333 |
'#title' => $description, |
|
| 334 | 334 |
'#collapsible' => TRUE, |
| 335 | 335 |
'#collapsed' => FALSE, |
| 336 | 336 |
'#description' => '', |
| ... | ... | |
| 372 | 372 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { // add some password notes
|
| 373 | 373 |
$form[$parent_fieldset]['password_notes'] = array( |
| 374 | 374 |
'#type' => 'fieldset', |
| 375 |
'#title' => t('Password Notes'),
|
|
| 375 |
'#title' => t('Password Notes'),
|
|
| 376 | 376 |
'#collapsible' => TRUE, |
| 377 | 377 |
'#collapsed' => TRUE, |
| 378 | 378 |
'directions' => array( |
| ... | ... | |
| 382 | 382 |
); |
| 383 | 383 |
$form[$parent_fieldset]['source_drupal_token_notes'] = array( |
| 384 | 384 |
'#type' => 'fieldset', |
| 385 |
'#title' => t('Source Drupal User Tokens and Corresponding Target LDAP Tokens'),
|
|
| 385 |
'#title' => t('Source Drupal User Tokens and Corresponding Target LDAP Tokens'),
|
|
| 386 | 386 |
'#collapsible' => TRUE, |
| 387 | 387 |
'#collapsed' => TRUE, |
| 388 | 388 |
'directions' => array( |
| ... | ... | |
| 416 | 416 |
return $form; |
| 417 | 417 |
} |
| 418 | 418 |
|
| 419 |
|
|
| 419 |
/** |
|
| 420 |
* @param $sid |
|
| 421 |
* @param $orphan_handling |
|
| 422 |
*/ |
|
| 423 |
private function checkPuidOrphans($sid, $orphan_handling) {
|
|
| 424 |
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE); |
|
| 425 |
if ($ldap_server && empty($ldap_server->unique_persistent_attr) |
|
| 426 |
&& $orphan_handling != 'ldap_user_orphan_do_not_check') {
|
|
| 427 |
drupal_set_message(t('You\'ve configured the orphan check but are missing the required persistent user ID property.'), 'error');
|
|
| 428 |
} |
|
| 429 |
} |
|
| 420 | 430 |
|
| 421 | 431 |
/** |
| 422 | 432 |
* validate submitted form |
| ... | ... | |
| 430 | 440 |
$this->populateFromDrupalForm($values, $storage); |
| 431 | 441 |
list($errors, $warnings) = $this->validate($values); |
| 432 | 442 |
|
| 443 |
$this->checkPuidOrphans($values['drupalAcctProvisionServer'], $values['orphanedDrupalAcctBehavior']); |
|
| 444 |
|
|
| 433 | 445 |
// since failed mapping rows in form, don't populate ->ldapUserSynchMappings, need to validate these from values |
| 434 | 446 |
foreach ($values as $field => $value) {
|
| 435 | 447 |
$parts = explode('__', $field);
|
| ... | ... | |
| 457 | 469 |
} |
| 458 | 470 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER && $row_mappings['user_attr'] == 'user_tokens') {
|
| 459 | 471 |
$input_name = join('__', array('sm', 'user_attr', $i));
|
| 460 |
$errors[$input_name] = t('User tokens not allowed when mapping to Drupal user. Location: !row_descriptor', $tokens);
|
|
| 472 |
$errors[$input_name] = t('User tokens not allowed when mapping to Drupal user. Location: !row_descriptor', $tokens);
|
|
| 461 | 473 |
} |
| 462 | 474 |
if (!$row_mappings['ldap_attr']) {
|
| 463 | 475 |
$input_name = join('__', array('sm', 'ldap_attr', $i));
|
| ... | ... | |
| 490 | 502 |
$has_drupal_acct_prov_settings_options = (count(array_filter($this->drupalAcctProvisionTriggers)) > 0); |
| 491 | 503 |
|
| 492 | 504 |
if (!$has_drupal_acct_prov_servers && $has_drupal_acct_prov_settings_options) {
|
| 493 |
$warnings['drupalAcctProvisionServer'] = t('No Servers are enabled to provide provisioning to Drupal, but Drupal Account Provisioning Options are selected.', $tokens);
|
|
| 505 |
$warnings['drupalAcctProvisionServer'] = t('No Servers are enabled to provide provisioning to Drupal, but Drupal Account Provisioning Options are selected.', $tokens);
|
|
| 494 | 506 |
} |
| 495 | 507 |
if ($has_drupal_acct_prov_servers && !$has_drupal_acct_prov_settings_options) {
|
| 496 |
$warnings['drupalAcctProvisionTriggers'] = t('Servers are enabled to provide provisioning to Drupal, but no Drupal Account Provisioning Options are selected. This will result in no synching happening.', $tokens);
|
|
| 508 |
$warnings['drupalAcctProvisionTriggers'] = t('Servers are enabled to provide provisioning to Drupal, but no Drupal Account Provisioning Options are selected. This will result in no synching happening.', $tokens);
|
|
| 497 | 509 |
} |
| 498 | 510 |
|
| 499 | 511 |
$has_ldap_prov_servers = (boolean)($this->ldapEntryProvisionServer); |
| 500 | 512 |
$has_ldap_prov_settings_options = (count(array_filter($this->ldapEntryProvisionTriggers)) > 0); |
| 501 | 513 |
if (!$has_ldap_prov_servers && $has_ldap_prov_settings_options) {
|
| 502 |
$warnings['ldapEntryProvisionServer'] = t('No Servers are enabled to provide provisioning to ldap, but LDAP Entry Options are selected.', $tokens);
|
|
| 514 |
$warnings['ldapEntryProvisionServer'] = t('No Servers are enabled to provide provisioning to ldap, but LDAP Entry Options are selected.', $tokens);
|
|
| 503 | 515 |
} |
| 504 | 516 |
if ($has_ldap_prov_servers && !$has_ldap_prov_settings_options) {
|
| 505 |
$warnings['ldapEntryProvisionTriggers'] = t('Servers are enabled to provide provisioning to ldap, but no LDAP Entry Options are selected. This will result in no synching happening.', $tokens);
|
|
| 517 |
$warnings['ldapEntryProvisionTriggers'] = t('Servers are enabled to provide provisioning to ldap, but no LDAP Entry Options are selected. This will result in no synching happening.', $tokens);
|
|
| 506 | 518 |
} |
| 507 | 519 |
|
| 508 | 520 |
if (isset($this->ldapUserSynchMappings)) {
|
| ... | ... | |
| 560 | 572 |
|
| 561 | 573 |
if (count(array_keys($ldap_attribute_maps_in_token)) != 1) {
|
| 562 | 574 |
$token_field_id = join('__', array('sm', 'user_tokens', $row_id));
|
| 563 |
$errors[$token_field_id] = t('When provisioning to ldap, ldap attribute column must be singular token such as [cn]. %ldap_attr is not.
|
|
| 575 |
$errors[$token_field_id] = t('When provisioning to ldap, ldap attribute column must be singular token such as [cn]. %ldap_attr is not.
|
|
| 564 | 576 |
Do not use compound tokens such as "[displayName] [sn]" or literals such as "physics". Location: !row_descriptor', $tokens); |
| 565 | 577 |
} |
| 566 | 578 |
|
| ... | ... | |
| 571 | 583 |
$user_tokens_field_id = join('__', array('sm', 'user_tokens', $row_id));
|
| 572 | 584 |
|
| 573 | 585 |
if (!$mapping['ldap_attr']) {
|
| 574 |
$errors[$ldap_attr_field_id] = t('No LDAP Attribute given in !row_descriptor', $tokens);
|
|
| 586 |
$errors[$ldap_attr_field_id] = t('No LDAP Attribute given in !row_descriptor', $tokens);
|
|
| 575 | 587 |
} |
| 576 | 588 |
if ($mapping['user_attr'] == 'user_tokens' && !$mapping['user_tokens']) {
|
| 577 |
$errors[$user_tokens_field_id] = t('User tokens selected in !row_descriptor, but user tokens column empty.', $tokens);
|
|
| 589 |
$errors[$user_tokens_field_id] = t('User tokens selected in !row_descriptor, but user tokens column empty.', $tokens);
|
|
| 578 | 590 |
} |
| 579 | 591 |
|
| 580 | 592 |
if (isset($mapping['prov_events']) && count($mapping['prov_events']) == 0) {
|
| 581 |
$warnings[$first_context_field_id] = t('No synchronization events checked in !row_descriptor.
|
|
| 593 |
$warnings[$first_context_field_id] = t('No synchronization events checked in !row_descriptor.
|
|
| 582 | 594 |
This field will not be synchronized until some are checked.', $tokens); |
| 583 | 595 |
} |
| 584 | 596 |
} |
| 585 | 597 |
} |
| 586 | 598 |
if ($to_ldap_entries_mappings_exist && !isset($mappings['[dn]'])) {
|
| 587 |
$errors['mappings__' . $synch_direction] = t('Mapping rows exist for provisioning to ldap, but no ldap attribute is targetted for [dn].
|
|
| 599 |
$errors['mappings__' . $synch_direction] = t('Mapping rows exist for provisioning to ldap, but no ldap attribute is targetted for [dn].
|
|
| 588 | 600 |
One row must map to [dn]. This row will have a user token like cn=[property.name],ou=users,dc=ldap,dc=mycompany,dc=com'); |
| 589 | 601 |
} |
| 590 | 602 |
} |
| ... | ... | |
| 599 | 611 |
*/ |
| 600 | 612 |
protected function populateFromDrupalForm($values, $storage) {
|
| 601 | 613 |
$this->drupalAcctProvisionServer = ($values['drupalAcctProvisionServer'] == 'none') ? 0 : $values['drupalAcctProvisionServer']; |
| 602 |
$this->ldapEntryProvisionServer = ($values['ldapEntryProvisionServer'] == 'none') ? 0 : $values['ldapEntryProvisionServer'];
|
|
| 614 |
$this->ldapEntryProvisionServer = ($values['ldapEntryProvisionServer'] == 'none') ? 0 : $values['ldapEntryProvisionServer']; |
|
| 603 | 615 |
|
| 604 | 616 |
$this->drupalAcctProvisionTriggers = $values['drupalAcctProvisionTriggers']; |
| 605 | 617 |
$this->ldapEntryProvisionTriggers = $values['ldapEntryProvisionTriggers']; |
| ... | ... | |
| 787 | 799 |
} |
| 788 | 800 |
|
| 789 | 801 |
// 3. leave 4 rows for adding more mappings |
| 790 |
for ($i=0; $i<4; $i++) {
|
|
| 802 |
for ($i = 0; $i < 4; $i++) {
|
|
| 791 | 803 |
$this->addSynchFormRow($form, 'add', $direction, NULL, $user_attr_options, $row); |
| 792 | 804 |
$row++; |
| 793 | 805 |
} |
| ... | ... | |
| 821 | 833 |
'#disabled' => ($action == 'add' || $action == 'nonconfigurable'), |
| 822 | 834 |
); |
| 823 | 835 |
|
| 824 |
$id = $id_prefix . 'sm__convert__' . $row;
|
|
| 836 |
$id = $id_prefix . 'sm__convert__' . $row; |
|
| 825 | 837 |
$form[$id] = array( |
| 826 | 838 |
'#id' => $id, |
| 827 | 839 |
'#row' => $row, |
| 828 | 840 |
'#col' => ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 2 : 3, |
| 829 | 841 |
'#type' => 'checkbox', |
| 830 |
'#default_value' => isset($mapping['convert']) ? $mapping['convert'] : '',
|
|
| 842 |
'#default_value' => isset($mapping['convert']) ? $mapping['convert'] : '', |
|
| 831 | 843 |
'#disabled' => ($action == 'nonconfigurable'), |
| 832 | 844 |
'#attributes' => array('class' => array('convert')),
|
| 833 | 845 |
); |
| 834 | 846 |
|
| 835 |
$id = $id_prefix . 'sm__ldap_attr__' . $row;
|
|
| 847 |
$id = $id_prefix . 'sm__ldap_attr__' . $row; |
|
| 836 | 848 |
$col = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 1 : 4; |
| 837 | 849 |
if ($action == 'nonconfigurable') {
|
| 838 | 850 |
$form[$id] = array( |
| ... | ... | |
| 857 | 869 |
); |
| 858 | 870 |
} |
| 859 | 871 |
|
| 860 |
$user_attr_input_id = $id_prefix . 'sm__user_attr__' . $row;
|
|
| 872 |
$user_attr_input_id = $id_prefix . 'sm__user_attr__' . $row; |
|
| 861 | 873 |
$col = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 3 : 1; |
| 862 | 874 |
if ($action == 'nonconfigurable') {
|
| 863 | 875 |
$form[$user_attr_input_id] = array( |
| ... | ... | |
| 880 | 892 |
} |
| 881 | 893 |
|
| 882 | 894 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
|
| 883 |
$id = $id_prefix . 'sm__user_tokens__' . $row;
|
|
| 895 |
$id = $id_prefix . 'sm__user_tokens__' . $row; |
|
| 884 | 896 |
$form[$id] = array( |
| 885 | 897 |
'#id' => $id, |
| 886 | 898 |
'#row' => $row, |
| 887 |
'#col' => 2,
|
|
| 899 |
'#col' => 2, |
|
| 888 | 900 |
'#type' => 'textfield', |
| 889 | 901 |
'#default_value' => isset($mapping['user_tokens']) ? $mapping['user_tokens'] : '', |
| 890 | 902 |
'#size' => 40, |
| ... | ... | |
| 917 | 929 |
|
| 918 | 930 |
foreach ($synchEvents as $prov_event => $prov_event_name) {
|
| 919 | 931 |
$col++; |
| 920 |
$id = $id_prefix . join('__', array('sm', $prov_event, $row));
|
|
| 932 |
$id = $id_prefix . join('__', array('sm', $prov_event, $row));
|
|
| 921 | 933 |
$form[$id] = array( |
| 922 | 934 |
'#id' => $id , |
| 923 | 935 |
'#type' => 'checkbox', |
| ... | ... | |
| 1016 | 1028 |
$values['orphanedDrupalAcctBehaviorDescription'] = t('It is highly recommended to use the "Perform no action, but email list of orphaned accounts" for some time before considering switching to "Disable the account" options.');
|
| 1017 | 1029 |
|
| 1018 | 1030 |
|
| 1019 |
$values['manualAccountConflictOptions'] = array(
|
|
| 1031 |
$values['manualAccountConflictOptions'] = array( |
|
| 1020 | 1032 |
LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT => t('Reject manual creation of Drupal accounts that conflict with LDAP Accounts. This only applies to accounts created on user logon; Account conflicts can still be generated by manually creating users that conflict with ldap users and these users will have their data synched with LDAP data.'),
|
| 1021 | 1033 |
LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE => t('Associate manually created Drupal accounts with related LDAP Account if one exists.'),
|
| 1022 | 1034 |
LDAP_USER_MANUAL_ACCT_CONFLICT_SHOW_OPTION_ON_FORM => t('Show option on user create form to determine how account conflict is resolved.'),
|
Formats disponibles : Unified diff
Weekly update of contrib modules