|
1
|
<?php
|
|
2
|
|
|
3
|
module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
|
4
|
|
|
5
|
/**
|
|
6
|
* @file
|
|
7
|
*/
|
|
8
|
|
|
9
|
/**
|
|
10
|
* Implements the LDAP server test page.
|
|
11
|
*
|
|
12
|
* @param $form_state
|
|
13
|
* A form state array.
|
|
14
|
* @param $op
|
|
15
|
* An operatin - add or edit.
|
|
16
|
* @param $sid
|
|
17
|
* A LDAP server ID.
|
|
18
|
*
|
|
19
|
* @return
|
|
20
|
* The form structure.
|
|
21
|
*/
|
|
22
|
|
|
23
|
function ldap_servers_test_form($form, &$form_state, $op = NULL, $sid = NULL) {
|
|
24
|
|
|
25
|
$ldap_server = ldap_servers_get_servers($sid, 'all', TRUE);
|
|
26
|
|
|
27
|
drupal_set_title(t('Test LDAP Server Configuration: !server', array('!server' => $ldap_server->name)));
|
|
28
|
|
|
29
|
$form['#prefix'] = t('This form tests an LDAP configuration to see if
|
|
30
|
it can bind and basic user and group functions. It also shows token examples
|
|
31
|
and a sample user. The only data this function will modify is the test LDAP group, which will be deleted and added');
|
|
32
|
|
|
33
|
$variables = array(
|
|
34
|
'ldap_server' => $ldap_server, 'actions' => FALSE, 'type' => 'detail'
|
|
35
|
);
|
|
36
|
|
|
37
|
$form['server_variables'] = array(
|
|
38
|
'#markup' => theme('ldap_servers_server', $variables),
|
|
39
|
);
|
|
40
|
|
|
41
|
$form['sid'] = array(
|
|
42
|
'#type' => 'hidden',
|
|
43
|
'#default_value' => $sid,
|
|
44
|
);
|
|
45
|
|
|
46
|
$form['binding']['bindpw'] = array(
|
|
47
|
'#type' => 'password',
|
|
48
|
'#title' => t('Password for non-anonymous search'),
|
|
49
|
'#size' => 20,
|
|
50
|
'#maxlength' => 255,
|
|
51
|
'#description' => t('Leave empty to test with currently stored password.'),
|
|
52
|
);
|
|
53
|
|
|
54
|
$form['testing_drupal_username'] = array(
|
|
55
|
'#type' => 'textfield',
|
|
56
|
'#title' => t('Testing Drupal Username'),
|
|
57
|
'#default_value' => $ldap_server->testingDrupalUsername,
|
|
58
|
'#size' => 30,
|
|
59
|
'#maxlength' => 255,
|
|
60
|
'#description' => t('This is optional and used for testing this server\'s configuration against an actual username. The user need not exist in Drupal and testing will not affect the user\'s LDAP or Drupal Account.'),
|
|
61
|
);
|
|
62
|
|
|
63
|
$form['testingDrupalUserDn'] = array(
|
|
64
|
'#type' => 'textfield',
|
|
65
|
'#title' => t('Testing Drupal DN'),
|
|
66
|
'#default_value' => $ldap_server->testingDrupalUserDn,
|
|
67
|
'#size' => 120,
|
|
68
|
'#maxlength' => 255,
|
|
69
|
'#description' => t('This is optional and used for testing this server\'s configuration against an actual username. The user need not exist in Drupal and testing will not affect the user\'s LDAP or Drupal Account.'),
|
|
70
|
);
|
|
71
|
|
|
72
|
$form['grp_test_grp_dn'] = array(
|
|
73
|
'#type' => 'textfield',
|
|
74
|
'#title' => t('Testing Group DN'),
|
|
75
|
'#default_value' => $ldap_server->groupTestGroupDn,
|
|
76
|
'#size' => 120,
|
|
77
|
'#maxlength' => 255,
|
|
78
|
'#description' => t('This is optional and used for testing this server\'s group configuration.'),
|
|
79
|
);
|
|
80
|
|
|
81
|
$form['grp_test_grp_dn_writeable'] = array(
|
|
82
|
'#type' => 'textfield',
|
|
83
|
'#title' => t('Testing Group DN that is writeable. Warning! In test, this group will be deleted, created, have members added to it!'),
|
|
84
|
'#default_value' => $ldap_server->groupTestGroupDnWriteable,
|
|
85
|
'#size' => 120,
|
|
86
|
'#maxlength' => 255,
|
|
87
|
'#description' => t('This is optional and used for testing this server\'s group configuration.'),
|
|
88
|
);
|
|
89
|
|
|
90
|
if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
|
|
91
|
$form['testing_drupal_userpw'] = array(
|
|
92
|
'#type' => 'password',
|
|
93
|
'#title' => t('Testing Drupal User Password'),
|
|
94
|
'#size' => 30,
|
|
95
|
'#maxlength' => 255,
|
|
96
|
'#description' => t('This is optional and used for testing this server\'s configuration against the username above.'),
|
|
97
|
);
|
|
98
|
}
|
|
99
|
|
|
100
|
$form['submit'] = array(
|
|
101
|
'#type' => 'submit',
|
|
102
|
'#value' => 'Test',
|
|
103
|
'#weight' => 100,
|
|
104
|
);
|
|
105
|
|
|
106
|
if (!empty($form_state['ldap_server_test_data'])) {
|
|
107
|
$test_data = $form_state['ldap_server_test_data'];
|
|
108
|
|
|
109
|
if (isset($test_data['username']) && isset($test_data['ldap_user'])) {
|
|
110
|
$form['#prefix'] = theme('ldap_server_ldap_entry_table',
|
|
111
|
array(
|
|
112
|
'entry' => $test_data['ldap_user']['attr'],
|
|
113
|
'username' => $test_data['username'],
|
|
114
|
'dn' => $test_data['ldap_user']['dn'],
|
|
115
|
));
|
|
116
|
}
|
|
117
|
|
|
118
|
$titles = array(
|
|
119
|
'basic' => 'Test Results',
|
|
120
|
'group1' => 'Group Create, Delete, Add Member, Remove Member Tests',
|
|
121
|
'group2' => 'User Group Membership Functions Test',
|
|
122
|
'tokens' => 'User Token Samples',
|
|
123
|
'groupfromDN' => 'Groups Derived From User DN',
|
|
124
|
);
|
|
125
|
foreach ($test_data['results_tables'] as $table_name => $table_data) {
|
|
126
|
$form['#prefix'] .= '<h2>' . $titles[$table_name] . '</h2>' . theme('table', array('header' => array('Test', 'Result'), 'rows' => $table_data));
|
|
127
|
}
|
|
128
|
|
|
129
|
if (function_exists('dpm') && !empty($test_data['username'])) {
|
|
130
|
$user_name = $test_data['username'];
|
|
131
|
if ($user = user_load_by_name($user_name)) {
|
|
132
|
dpm("Corresponding Drupal user object for: $user_name");
|
|
133
|
dpm($user);
|
|
134
|
if (function_exists('entity_load_single')) {
|
|
135
|
$user_entity = entity_load_single('user', $user->uid);
|
|
136
|
dpm("Drupal user entity for: $user_name");
|
|
137
|
dpm($user_entity);
|
|
138
|
}
|
|
139
|
dpm("Test Group LDAP Entry");
|
|
140
|
dpm($test_data['group_entry'][0]);
|
|
141
|
}
|
|
142
|
}
|
|
143
|
}
|
|
144
|
return $form;
|
|
145
|
}
|
|
146
|
|
|
147
|
/**
|
|
148
|
* Validate hook for the LDAP server form.
|
|
149
|
*/
|
|
150
|
function ldap_servers_test_form_validate($form, &$form_state) {
|
|
151
|
$values = $form_state['values'];
|
|
152
|
if (!$values['sid']) {
|
|
153
|
form_set_error(NULL, t('No server id found in form'));
|
|
154
|
}
|
|
155
|
elseif (!$ldap_server = ldap_servers_get_servers($values['sid'], 'all', TRUE)) {
|
|
156
|
form_set_error(NULL, t('Failed to create server object for server with server id=%sid', array('%sid' => $values['sid'])));
|
|
157
|
}
|
|
158
|
}
|
|
159
|
|
|
160
|
/**
|
|
161
|
* Submit hook for the LDAP server form.
|
|
162
|
*/
|
|
163
|
function ldap_servers_test_form_submit($form, &$form_state) {
|
|
164
|
|
|
165
|
//Pass data back to form builder
|
|
166
|
$form_state['rebuild'] = TRUE;
|
|
167
|
|
|
168
|
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
|
|
169
|
$errors = FALSE;
|
|
170
|
$has_errors = FALSE;
|
|
171
|
$values = $form_state['values'];
|
|
172
|
$sid = $values['sid'];
|
|
173
|
$ldap_server = ldap_servers_get_servers($sid, 'all', TRUE);
|
|
174
|
|
|
175
|
//$result = t('<h1>Test of name </h2>',$server_conf);
|
|
176
|
$results = array();
|
|
177
|
$results_tables = array();
|
|
178
|
if ($values['bindpw']) {
|
|
179
|
$bindpw = $values['bindpw'];
|
|
180
|
$bindpw_type = t('entered in form.');
|
|
181
|
}
|
|
182
|
else {
|
|
183
|
$bindpw = NULL;
|
|
184
|
$bindpw_type = t('stored in configuration');
|
|
185
|
}
|
|
186
|
|
|
187
|
if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT) {
|
|
188
|
$results_tables['basic'][] = array(t('Binding with DN for non-anonymous search (%bind_dn). Using password ',
|
|
189
|
array('%bind_dn' => $ldap_server->binddn)) . ' ' . $bindpw_type);
|
|
190
|
}
|
|
191
|
else {
|
|
192
|
$results_tables['basic'][] = array(t('Binding with null DN for anonymous search.'));
|
|
193
|
}
|
|
194
|
|
|
195
|
if (@$values['grp_test_grp_dn_writeable'] && @$values['grp_test_grp_dn']) {
|
|
196
|
$user_test_dn = @$values['grp_test_grp_dn'];
|
|
197
|
$group_create_test_dn = $values['grp_test_grp_dn_writeable'];
|
|
198
|
$group_create_test_attr = array(
|
|
199
|
'objectClass' => array($ldap_server->groupObjectClass, 'top'),
|
|
200
|
);
|
|
201
|
|
|
202
|
// 1. delete test group if it exists
|
|
203
|
if ($ldap_server->dnExists($group_create_test_dn, 'ldap_entry', array('cn', 'member'))) {
|
|
204
|
$result = $ldap_server->groupRemoveGroup($group_create_test_dn, FALSE);
|
|
205
|
}
|
|
206
|
|
|
207
|
$group_exists = $ldap_server->dnExists($group_create_test_dn, 'ldap_entry', array('cn', 'member'));
|
|
208
|
$result = ($group_exists === FALSE) ? "PASS" : "FAIL";
|
|
209
|
$results_tables['group1'][] = array("Starting test without group: $group_create_test_dn ", $result);
|
|
210
|
|
|
211
|
// 2. make sure call to members in empty group returns false
|
|
212
|
$result = $ldap_server->groupAllMembers($group_create_test_dn);
|
|
213
|
$result = ($result === FALSE) ? "PASS" : 'FAIL';
|
|
214
|
$results_tables['group1'][] = array("LdapServer::groupAllMembers($group_create_test_dn) call on nonexistent group returns FALSE", $result);
|
|
215
|
|
|
216
|
// 3. add group
|
|
217
|
$result = $ldap_server->groupAddGroup($group_create_test_dn, $group_create_test_attr);
|
|
218
|
$result = ($result) ? "PASS" : 'FAIL';
|
|
219
|
$attr = serialize($group_create_test_attr);
|
|
220
|
$results_tables['group1'][] = array("LdapServer::groupAddGroup($group_create_test_dn, $attr)", $result);
|
|
221
|
|
|
222
|
// 4. call to all members in an empty group returns emtpy array, not FALSE
|
|
223
|
$result = $ldap_server->groupAllMembers($group_create_test_dn);
|
|
224
|
$result = (is_array($result) && count($result) == 0) ? 'PASS' : 'FAIL';
|
|
225
|
$results_tables['group1'][] = array("LdapServer::groupAllMembers($group_create_test_dn) returns empty array for empty group ", $result);
|
|
226
|
|
|
227
|
// 5. add member to group
|
|
228
|
$result = $ldap_server->groupAddMember($group_create_test_dn, $user_test_dn);
|
|
229
|
$result = is_array($ldap_server->groupAllMembers($group_create_test_dn)) ? 'PASS' : 'FAIL';
|
|
230
|
$results_tables['group1'][] = array("LdapServer::groupAddMember($group_create_test_dn, $user_test_dn)", $result);
|
|
231
|
|
|
232
|
// 6. try to remove group with member in it
|
|
233
|
$only_if_group_empty = TRUE;
|
|
234
|
$result = $ldap_server->groupRemoveGroup($group_create_test_dn, $only_if_group_empty);
|
|
235
|
$result = ($result) ? 'FAIL' : 'PASS';
|
|
236
|
$results_tables['group1'][] = array("LdapServer::groupRemoveGroup($group_create_test_dn, $only_if_group_empty)", $result);
|
|
237
|
|
|
238
|
// 7. remove group member
|
|
239
|
$result = $ldap_server->groupRemoveMember($group_create_test_dn, $user_test_dn);
|
|
240
|
$result = $ldap_server->groupAllMembers($group_create_test_dn);
|
|
241
|
$result = (is_array($result) && count($result) == 0) ? 'PASS' : 'FAIL';
|
|
242
|
$results_tables['group1'][] = array("LdapServer::groupRemoveMember($group_create_test_dn, $user_test_dn)", $result);
|
|
243
|
|
|
244
|
$only_if_group_empty = TRUE;
|
|
245
|
$result = $ldap_server->groupRemoveGroup($group_create_test_dn, $only_if_group_empty);
|
|
246
|
$result = ($ldap_server->dnExists($group_create_test_dn, 'ldap_entry', array('cn', 'member'))) ? "FAIL" : 'PASS';
|
|
247
|
$results_tables['group1'][] = array("LdapServer::groupRemoveGroup($group_create_test_dn, $only_if_group_empty)", $result);
|
|
248
|
}
|
|
249
|
|
|
250
|
// connect to ldap
|
|
251
|
list($has_errors, $more_results) = ldap_servers_test_binding_credentials($ldap_server, $bindpw, $results_tables);
|
|
252
|
$results = array_merge($results, $more_results);
|
|
253
|
if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
|
|
254
|
list($has_errors, $more_results, $ldap_user) = ldap_servers_test_user_mapping($values['testing_drupal_username'], $ldap_server);
|
|
255
|
$results = array_merge($results, $more_results);
|
|
256
|
if (!$has_errors) {
|
|
257
|
$mapping[] = "dn = " . $ldap_user['dn'];
|
|
258
|
foreach ($ldap_user['attr'] as $key => $value) {
|
|
259
|
if (is_array($value)) {
|
|
260
|
$mapping[] = "$key = " . $value[0];
|
|
261
|
}
|
|
262
|
}
|
|
263
|
$results_tables['basic'][] = array(theme_item_list(array('items' => $mapping, 'title' => t('Attributes available to anonymous search', array('%bind_dn' => $ldap_server->binddn)) , 'type' => 'ul', 'attributes' => array())));
|
|
264
|
}
|
|
265
|
$results_tables['basic'][] = array(t('Binding with DN (%bind_dn). Using supplied password ',
|
|
266
|
array('%bind_dn' => $ldap_user['dn'])));
|
|
267
|
$result = $ldap_server->bind($ldap_user['dn'], $values['testing_drupal_userpw'], FALSE);
|
|
268
|
if ($result == LDAP_SUCCESS) {
|
|
269
|
$results_tables['basic'][] = array(t('Successfully bound to server'), 'PASS');
|
|
270
|
}
|
|
271
|
else {
|
|
272
|
$results_tables['basic'][] = array(t('Failed to bind to server. ldap error #') . $result . ' ' . $ldap_server->errorMsg('ldap'), 'FAIL') ;
|
|
273
|
}
|
|
274
|
}
|
|
275
|
|
|
276
|
if (!$has_errors && isset($values['grp_test_grp_dn'])) {
|
|
277
|
$group_dn = $values['grp_test_grp_dn'];
|
|
278
|
|
|
279
|
$result = @ldap_read($ldap_server->connection, $group_dn, 'objectClass=*');
|
|
280
|
if (is_array($result)) {
|
|
281
|
$group_entry = ldap_get_entries($ldap_server->connection, $result);
|
|
282
|
}
|
|
283
|
$user = isset($values['testing_drupal_username']) ? $values['testing_drupal_username'] : NULL;
|
|
284
|
|
|
285
|
foreach (array(FALSE, TRUE) as $nested) { //FALSE
|
|
286
|
$nested_display = ($nested) ? 'Yes' : 'No';
|
|
287
|
if ($user) {
|
|
288
|
// this is the parent function that will call FromUserAttr or FromEntry
|
|
289
|
$memberships = $ldap_server->groupMembershipsFromUser($user, 'group_dns', $nested);
|
|
290
|
$result = theme('item_list', array('items' => $memberships, 'type' => 'ul'));
|
|
291
|
$results_tables['group2'][] = array("ldap_server->groupMembershipsFromUser($user, 'group_dns', nested=$nested_display)<br/>count=" . count($memberships), $result);
|
|
292
|
|
|
293
|
$result = ($ldap_server->groupIsMember($group_dn, $user, $nested)) ? 'Yes' : 'No';
|
|
294
|
$group_results[] = array("ldap_server->groupIsMember($group_dn, $user, nested=$nested_display)", $result);
|
|
295
|
|
|
296
|
if ($ldap_server->groupUserMembershipsConfigured) {
|
|
297
|
$groupusermembershipsfromuserattr = $ldap_server->groupUserMembershipsFromUserAttr($user, $nested);
|
|
298
|
$count = count($groupusermembershipsfromuserattr);
|
|
299
|
$result = theme('item_list', array('items' => $groupusermembershipsfromuserattr, 'type' => 'ul'));
|
|
300
|
}
|
|
301
|
else {
|
|
302
|
$groupusermembershipsfromuserattr = array();
|
|
303
|
$result = "'A user LDAP attribute such as memberOf exists that contains a list of their group' is not configured.";
|
|
304
|
}
|
|
305
|
$results_tables['group2'][] = array("ldap_server->groupUserMembershipsFromUserAttr($user, nested=$nested_display)<br/> count=" .
|
|
306
|
count($groupusermembershipsfromuserattr) , $result);
|
|
307
|
|
|
308
|
if ($ldap_server->groupGroupEntryMembershipsConfigured) {
|
|
309
|
$groupusermembershipsfromentry = $ldap_server->groupUserMembershipsFromEntry($user, $nested);
|
|
310
|
$result = theme('item_list', array('items' => $groupusermembershipsfromentry, 'type' => 'ul'));
|
|
311
|
}
|
|
312
|
else {
|
|
313
|
$groupusermembershipsfromentry = array();
|
|
314
|
$result = "Groups by entry not configured.";
|
|
315
|
}
|
|
316
|
$results_tables['group2'][] = array("ldap_server->groupUserMembershipsFromEntry($user, nested=$nested_display)<br/>count=" .
|
|
317
|
count($groupusermembershipsfromentry) , $result);
|
|
318
|
|
|
319
|
if (count($groupusermembershipsfromentry) && count($groupusermembershipsfromuserattr)) {
|
|
320
|
$diff1 = array_diff($groupusermembershipsfromuserattr, $groupusermembershipsfromentry);
|
|
321
|
$diff2 = array_diff($groupusermembershipsfromentry, $groupusermembershipsfromuserattr);
|
|
322
|
$result1 = theme('item_list', array('items' => $diff1, 'type' => 'ul'));
|
|
323
|
$result2 = theme('item_list', array('items' => $diff2, 'type' => 'ul'));
|
|
324
|
$results_tables['group2'][] = array("groupUserMembershipsFromEntry and FromUserAttr Diff)", $result1);
|
|
325
|
$results_tables['group2'][] = array("FromUserAttr and groupUserMembershipsFromEntry Diff)", $result2);
|
|
326
|
}
|
|
327
|
}
|
|
328
|
}
|
|
329
|
|
|
330
|
|
|
331
|
if ($groups_from_dn = $ldap_server->groupUserMembershipsFromDn($user)) {
|
|
332
|
$results_tables['groupfromDN'][] = array("Groups from DN", theme('item_list', array('items' => $groups_from_dn, 'type' => 'ul')));
|
|
333
|
}
|
|
334
|
|
|
335
|
}
|
|
336
|
|
|
337
|
list($has_errors, $more_results, $ldap_user) = ldap_servers_test_user_mapping($values['testing_drupal_username'], $ldap_server);
|
|
338
|
|
|
339
|
$tokens = ($ldap_user && isset($ldap_user['attr'])) ? ldap_servers_token_tokenize_entry($ldap_user['attr'], 'all') : array();
|
|
340
|
foreach ($tokens as $key => $value) {
|
|
341
|
$results_tables['tokens'][] = array($key, $value);
|
|
342
|
}
|
|
343
|
$form_state['ldap_server_test_data'] = array(
|
|
344
|
'username' => $values['testing_drupal_username'],
|
|
345
|
'results_tables' => $results_tables,
|
|
346
|
);
|
|
347
|
|
|
348
|
if (isset($ldap_user)) {
|
|
349
|
$form_state['ldap_server_test_data']['ldap_user'] = $ldap_user;
|
|
350
|
}
|
|
351
|
|
|
352
|
if (isset($group_entry) ) {
|
|
353
|
$form_state['ldap_server_test_data']['group_entry'] = $group_entry;
|
|
354
|
}
|
|
355
|
|
|
356
|
}
|
|
357
|
|
|
358
|
/**
|
|
359
|
* Submit hook for the LDAP server form.
|
|
360
|
*/
|
|
361
|
|
|
362
|
|
|
363
|
function ldap_servers_test_binding_credentials(&$ldap_server, $bindpw, &$results_tables) {
|
|
364
|
|
|
365
|
$errors = FALSE;
|
|
366
|
$results = array();
|
|
367
|
|
|
368
|
$ldap_result = $ldap_server->connect();
|
|
369
|
if ($ldap_result != LDAP_SUCCESS) {
|
|
370
|
$results_tables['basic'][] = array(t('Failed to connect to LDAP server. See watchdog error logs for details.') .
|
|
371
|
$ldap_server->errorMsg('ldap'));
|
|
372
|
$errors = TRUE;
|
|
373
|
}
|
|
374
|
|
|
375
|
if (!$errors) {
|
|
376
|
$bind_result = $ldap_server->bind($ldap_server->binddn, $bindpw, FALSE);
|
|
377
|
if ($bind_result == LDAP_SUCCESS) {
|
|
378
|
$results_tables['basic'][] = array(t('Successfully bound to server'));
|
|
379
|
}
|
|
380
|
else {
|
|
381
|
$results_tables['basic'][] = array(t('Failed to bind to server. ldap error #') . $bind_result . ' ' . $ldap_server->errorMsg('ldap')) ;
|
|
382
|
$errors = TRUE;
|
|
383
|
}
|
|
384
|
}
|
|
385
|
return array($errors, $results);
|
|
386
|
}
|
|
387
|
|
|
388
|
function ldap_servers_test_user_mapping($drupal_username, &$ldap_server, $ldap_context = NULL) {
|
|
389
|
|
|
390
|
$ldap_user = $ldap_server->userUserNameToExistingLdapEntry($drupal_username, $ldap_context);
|
|
391
|
$errors = FALSE;
|
|
392
|
if (!$ldap_user ) {
|
|
393
|
$results[] = t('Failed to find test user %username by searching on %user_attr = %username.',
|
|
394
|
array(
|
|
395
|
'%username' => $drupal_username,
|
|
396
|
'%user_attr' => $ldap_server->user_attr )
|
|
397
|
)
|
|
398
|
. ' ' . t('Error Message:') . ' ' . $ldap_server->errorMsg('ldap');
|
|
399
|
$errors = TRUE;
|
|
400
|
}
|
|
401
|
else {
|
|
402
|
$results[] = t('Found test user %username by searching on %user_attr = %username.',
|
|
403
|
array('%username' => $drupal_username, '%user_attr' => $ldap_server->user_attr ));
|
|
404
|
}
|
|
405
|
return array($errors, $results, $ldap_user);
|
|
406
|
}
|
