Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/ldap/ldap_user/LdapUserConfAdmin.class.php | ||
---|---|---|
321 | 321 |
|
322 | 322 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) { |
323 | 323 |
$parent_fieldset = 'basic_to_drupal'; |
324 |
$description = t('Provisioning from LDAP to Drupal Mappings:');
|
|
324 |
$description = t('Provisioning from LDAP to Drupal Mappings:'); |
|
325 | 325 |
} |
326 | 326 |
elseif ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { |
327 | 327 |
$parent_fieldset = 'basic_to_ldap'; |
328 |
$description = t('Provisioning from Drupal to LDAP Mappings:');
|
|
328 |
$description = t('Provisioning from Drupal to LDAP Mappings:'); |
|
329 | 329 |
} |
330 | 330 |
|
331 | 331 |
$form[$parent_fieldset]['mappings__' . $direction] = array( |
332 | 332 |
'#type' => 'fieldset', |
333 |
'#title' => $description,
|
|
333 |
'#title' => $description, |
|
334 | 334 |
'#collapsible' => TRUE, |
335 | 335 |
'#collapsed' => FALSE, |
336 | 336 |
'#description' => '', |
... | ... | |
372 | 372 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { // add some password notes |
373 | 373 |
$form[$parent_fieldset]['password_notes'] = array( |
374 | 374 |
'#type' => 'fieldset', |
375 |
'#title' => t('Password Notes'),
|
|
375 |
'#title' => t('Password Notes'), |
|
376 | 376 |
'#collapsible' => TRUE, |
377 | 377 |
'#collapsed' => TRUE, |
378 | 378 |
'directions' => array( |
... | ... | |
382 | 382 |
); |
383 | 383 |
$form[$parent_fieldset]['source_drupal_token_notes'] = array( |
384 | 384 |
'#type' => 'fieldset', |
385 |
'#title' => t('Source Drupal User Tokens and Corresponding Target LDAP Tokens'),
|
|
385 |
'#title' => t('Source Drupal User Tokens and Corresponding Target LDAP Tokens'), |
|
386 | 386 |
'#collapsible' => TRUE, |
387 | 387 |
'#collapsed' => TRUE, |
388 | 388 |
'directions' => array( |
... | ... | |
416 | 416 |
return $form; |
417 | 417 |
} |
418 | 418 |
|
419 |
|
|
419 |
/** |
|
420 |
* @param $sid |
|
421 |
* @param $orphan_handling |
|
422 |
*/ |
|
423 |
private function checkPuidOrphans($sid, $orphan_handling) { |
|
424 |
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE); |
|
425 |
if ($ldap_server && empty($ldap_server->unique_persistent_attr) |
|
426 |
&& $orphan_handling != 'ldap_user_orphan_do_not_check') { |
|
427 |
drupal_set_message(t('You\'ve configured the orphan check but are missing the required persistent user ID property.'), 'error'); |
|
428 |
} |
|
429 |
} |
|
420 | 430 |
|
421 | 431 |
/** |
422 | 432 |
* validate submitted form |
... | ... | |
430 | 440 |
$this->populateFromDrupalForm($values, $storage); |
431 | 441 |
list($errors, $warnings) = $this->validate($values); |
432 | 442 |
|
443 |
$this->checkPuidOrphans($values['drupalAcctProvisionServer'], $values['orphanedDrupalAcctBehavior']); |
|
444 |
|
|
433 | 445 |
// since failed mapping rows in form, don't populate ->ldapUserSynchMappings, need to validate these from values |
434 | 446 |
foreach ($values as $field => $value) { |
435 | 447 |
$parts = explode('__', $field); |
... | ... | |
457 | 469 |
} |
458 | 470 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER && $row_mappings['user_attr'] == 'user_tokens') { |
459 | 471 |
$input_name = join('__', array('sm', 'user_attr', $i)); |
460 |
$errors[$input_name] = t('User tokens not allowed when mapping to Drupal user. Location: !row_descriptor', $tokens);
|
|
472 |
$errors[$input_name] = t('User tokens not allowed when mapping to Drupal user. Location: !row_descriptor', $tokens); |
|
461 | 473 |
} |
462 | 474 |
if (!$row_mappings['ldap_attr']) { |
463 | 475 |
$input_name = join('__', array('sm', 'ldap_attr', $i)); |
... | ... | |
490 | 502 |
$has_drupal_acct_prov_settings_options = (count(array_filter($this->drupalAcctProvisionTriggers)) > 0); |
491 | 503 |
|
492 | 504 |
if (!$has_drupal_acct_prov_servers && $has_drupal_acct_prov_settings_options) { |
493 |
$warnings['drupalAcctProvisionServer'] = t('No Servers are enabled to provide provisioning to Drupal, but Drupal Account Provisioning Options are selected.', $tokens);
|
|
505 |
$warnings['drupalAcctProvisionServer'] = t('No Servers are enabled to provide provisioning to Drupal, but Drupal Account Provisioning Options are selected.', $tokens); |
|
494 | 506 |
} |
495 | 507 |
if ($has_drupal_acct_prov_servers && !$has_drupal_acct_prov_settings_options) { |
496 |
$warnings['drupalAcctProvisionTriggers'] = t('Servers are enabled to provide provisioning to Drupal, but no Drupal Account Provisioning Options are selected. This will result in no synching happening.', $tokens);
|
|
508 |
$warnings['drupalAcctProvisionTriggers'] = t('Servers are enabled to provide provisioning to Drupal, but no Drupal Account Provisioning Options are selected. This will result in no synching happening.', $tokens); |
|
497 | 509 |
} |
498 | 510 |
|
499 | 511 |
$has_ldap_prov_servers = (boolean)($this->ldapEntryProvisionServer); |
500 | 512 |
$has_ldap_prov_settings_options = (count(array_filter($this->ldapEntryProvisionTriggers)) > 0); |
501 | 513 |
if (!$has_ldap_prov_servers && $has_ldap_prov_settings_options) { |
502 |
$warnings['ldapEntryProvisionServer'] = t('No Servers are enabled to provide provisioning to ldap, but LDAP Entry Options are selected.', $tokens);
|
|
514 |
$warnings['ldapEntryProvisionServer'] = t('No Servers are enabled to provide provisioning to ldap, but LDAP Entry Options are selected.', $tokens); |
|
503 | 515 |
} |
504 | 516 |
if ($has_ldap_prov_servers && !$has_ldap_prov_settings_options) { |
505 |
$warnings['ldapEntryProvisionTriggers'] = t('Servers are enabled to provide provisioning to ldap, but no LDAP Entry Options are selected. This will result in no synching happening.', $tokens);
|
|
517 |
$warnings['ldapEntryProvisionTriggers'] = t('Servers are enabled to provide provisioning to ldap, but no LDAP Entry Options are selected. This will result in no synching happening.', $tokens); |
|
506 | 518 |
} |
507 | 519 |
|
508 | 520 |
if (isset($this->ldapUserSynchMappings)) { |
... | ... | |
560 | 572 |
|
561 | 573 |
if (count(array_keys($ldap_attribute_maps_in_token)) != 1) { |
562 | 574 |
$token_field_id = join('__', array('sm', 'user_tokens', $row_id)); |
563 |
$errors[$token_field_id] = t('When provisioning to ldap, ldap attribute column must be singular token such as [cn]. %ldap_attr is not.
|
|
575 |
$errors[$token_field_id] = t('When provisioning to ldap, ldap attribute column must be singular token such as [cn]. %ldap_attr is not. |
|
564 | 576 |
Do not use compound tokens such as "[displayName] [sn]" or literals such as "physics". Location: !row_descriptor', $tokens); |
565 | 577 |
} |
566 | 578 |
|
... | ... | |
571 | 583 |
$user_tokens_field_id = join('__', array('sm', 'user_tokens', $row_id)); |
572 | 584 |
|
573 | 585 |
if (!$mapping['ldap_attr']) { |
574 |
$errors[$ldap_attr_field_id] = t('No LDAP Attribute given in !row_descriptor', $tokens);
|
|
586 |
$errors[$ldap_attr_field_id] = t('No LDAP Attribute given in !row_descriptor', $tokens); |
|
575 | 587 |
} |
576 | 588 |
if ($mapping['user_attr'] == 'user_tokens' && !$mapping['user_tokens']) { |
577 |
$errors[$user_tokens_field_id] = t('User tokens selected in !row_descriptor, but user tokens column empty.', $tokens);
|
|
589 |
$errors[$user_tokens_field_id] = t('User tokens selected in !row_descriptor, but user tokens column empty.', $tokens); |
|
578 | 590 |
} |
579 | 591 |
|
580 | 592 |
if (isset($mapping['prov_events']) && count($mapping['prov_events']) == 0) { |
581 |
$warnings[$first_context_field_id] = t('No synchronization events checked in !row_descriptor.
|
|
593 |
$warnings[$first_context_field_id] = t('No synchronization events checked in !row_descriptor. |
|
582 | 594 |
This field will not be synchronized until some are checked.', $tokens); |
583 | 595 |
} |
584 | 596 |
} |
585 | 597 |
} |
586 | 598 |
if ($to_ldap_entries_mappings_exist && !isset($mappings['[dn]'])) { |
587 |
$errors['mappings__' . $synch_direction] = t('Mapping rows exist for provisioning to ldap, but no ldap attribute is targetted for [dn].
|
|
599 |
$errors['mappings__' . $synch_direction] = t('Mapping rows exist for provisioning to ldap, but no ldap attribute is targetted for [dn]. |
|
588 | 600 |
One row must map to [dn]. This row will have a user token like cn=[property.name],ou=users,dc=ldap,dc=mycompany,dc=com'); |
589 | 601 |
} |
590 | 602 |
} |
... | ... | |
599 | 611 |
*/ |
600 | 612 |
protected function populateFromDrupalForm($values, $storage) { |
601 | 613 |
$this->drupalAcctProvisionServer = ($values['drupalAcctProvisionServer'] == 'none') ? 0 : $values['drupalAcctProvisionServer']; |
602 |
$this->ldapEntryProvisionServer = ($values['ldapEntryProvisionServer'] == 'none') ? 0 : $values['ldapEntryProvisionServer'];
|
|
614 |
$this->ldapEntryProvisionServer = ($values['ldapEntryProvisionServer'] == 'none') ? 0 : $values['ldapEntryProvisionServer']; |
|
603 | 615 |
|
604 | 616 |
$this->drupalAcctProvisionTriggers = $values['drupalAcctProvisionTriggers']; |
605 | 617 |
$this->ldapEntryProvisionTriggers = $values['ldapEntryProvisionTriggers']; |
... | ... | |
787 | 799 |
} |
788 | 800 |
|
789 | 801 |
// 3. leave 4 rows for adding more mappings |
790 |
for ($i=0; $i<4; $i++) {
|
|
802 |
for ($i = 0; $i < 4; $i++) {
|
|
791 | 803 |
$this->addSynchFormRow($form, 'add', $direction, NULL, $user_attr_options, $row); |
792 | 804 |
$row++; |
793 | 805 |
} |
... | ... | |
821 | 833 |
'#disabled' => ($action == 'add' || $action == 'nonconfigurable'), |
822 | 834 |
); |
823 | 835 |
|
824 |
$id = $id_prefix . 'sm__convert__' . $row;
|
|
836 |
$id = $id_prefix . 'sm__convert__' . $row; |
|
825 | 837 |
$form[$id] = array( |
826 | 838 |
'#id' => $id, |
827 | 839 |
'#row' => $row, |
828 | 840 |
'#col' => ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 2 : 3, |
829 | 841 |
'#type' => 'checkbox', |
830 |
'#default_value' => isset($mapping['convert']) ? $mapping['convert'] : '',
|
|
842 |
'#default_value' => isset($mapping['convert']) ? $mapping['convert'] : '', |
|
831 | 843 |
'#disabled' => ($action == 'nonconfigurable'), |
832 | 844 |
'#attributes' => array('class' => array('convert')), |
833 | 845 |
); |
834 | 846 |
|
835 |
$id = $id_prefix . 'sm__ldap_attr__' . $row;
|
|
847 |
$id = $id_prefix . 'sm__ldap_attr__' . $row; |
|
836 | 848 |
$col = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 1 : 4; |
837 | 849 |
if ($action == 'nonconfigurable') { |
838 | 850 |
$form[$id] = array( |
... | ... | |
857 | 869 |
); |
858 | 870 |
} |
859 | 871 |
|
860 |
$user_attr_input_id = $id_prefix . 'sm__user_attr__' . $row;
|
|
872 |
$user_attr_input_id = $id_prefix . 'sm__user_attr__' . $row; |
|
861 | 873 |
$col = ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) ? 3 : 1; |
862 | 874 |
if ($action == 'nonconfigurable') { |
863 | 875 |
$form[$user_attr_input_id] = array( |
... | ... | |
880 | 892 |
} |
881 | 893 |
|
882 | 894 |
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { |
883 |
$id = $id_prefix . 'sm__user_tokens__' . $row;
|
|
895 |
$id = $id_prefix . 'sm__user_tokens__' . $row; |
|
884 | 896 |
$form[$id] = array( |
885 | 897 |
'#id' => $id, |
886 | 898 |
'#row' => $row, |
887 |
'#col' => 2,
|
|
899 |
'#col' => 2, |
|
888 | 900 |
'#type' => 'textfield', |
889 | 901 |
'#default_value' => isset($mapping['user_tokens']) ? $mapping['user_tokens'] : '', |
890 | 902 |
'#size' => 40, |
... | ... | |
917 | 929 |
|
918 | 930 |
foreach ($synchEvents as $prov_event => $prov_event_name) { |
919 | 931 |
$col++; |
920 |
$id = $id_prefix . join('__', array('sm', $prov_event, $row));
|
|
932 |
$id = $id_prefix . join('__', array('sm', $prov_event, $row)); |
|
921 | 933 |
$form[$id] = array( |
922 | 934 |
'#id' => $id , |
923 | 935 |
'#type' => 'checkbox', |
... | ... | |
1016 | 1028 |
$values['orphanedDrupalAcctBehaviorDescription'] = t('It is highly recommended to use the "Perform no action, but email list of orphaned accounts" for some time before considering switching to "Disable the account" options.'); |
1017 | 1029 |
|
1018 | 1030 |
|
1019 |
$values['manualAccountConflictOptions'] = array(
|
|
1031 |
$values['manualAccountConflictOptions'] = array( |
|
1020 | 1032 |
LDAP_USER_MANUAL_ACCT_CONFLICT_REJECT => t('Reject manual creation of Drupal accounts that conflict with LDAP Accounts. This only applies to accounts created on user logon; Account conflicts can still be generated by manually creating users that conflict with ldap users and these users will have their data synched with LDAP data.'), |
1021 | 1033 |
LDAP_USER_MANUAL_ACCT_CONFLICT_LDAP_ASSOCIATE => t('Associate manually created Drupal accounts with related LDAP Account if one exists.'), |
1022 | 1034 |
LDAP_USER_MANUAL_ACCT_CONFLICT_SHOW_OPTION_ON_FORM => t('Show option on user create form to determine how account conflict is resolved.'), |
Formats disponibles : Unified diff
Weekly update of contrib modules