1 |
85ad3d82
|
Assos Assos
|
|
2 |
|
|
Vocubulary of LDAP Authorization and its Code
|
3 |
|
|
|
4 |
|
|
----------------------
|
5 |
|
|
"Consumer"
|
6 |
|
|
----------------------
|
7 |
|
|
The "consumer" or entity that authorization is being granted.
|
8 |
|
|
|
9 |
|
|
Examples: Drupal role, Organic Group group
|
10 |
|
|
|
11 |
|
|
----------------------
|
12 |
|
|
"Consumer Type"
|
13 |
|
|
----------------------
|
14 |
|
|
Machine ID of a consumer. This is used in naming conventionss.
|
15 |
|
|
|
16 |
|
|
Examples: drupal_role, og_group
|
17 |
|
|
|
18 |
|
|
----------------------
|
19 |
|
|
"Consumer Module"
|
20 |
|
|
----------------------
|
21 |
|
|
The module that bridges ldap_authorization and the consumer.
|
22 |
|
|
It needs to (1) provide a class: LdapAuthorizationConsumer<consumer_type>
|
23 |
|
|
and (2) implement hook_ldap_authorization_consumer.
|
24 |
|
|
|
25 |
|
|
Examples: ldap_authorization_drupal_role
|
26 |
|
|
|
27 |
|
|
|
28 |
|
|
----------------------
|
29 |
|
|
"Authorization ID" aka "Consumer ID"
|
30 |
|
|
----------------------
|
31 |
|
|
The id of an individual authorization such as a drupal role or organic group.
|
32 |
|
|
|
33 |
|
|
Examples: "authenticated user", "admin" (for drupal roles)
|
34 |
|
|
Examples: "knitters on skates", "vacationing programmers" (og group names for organic groups)
|
35 |
|
|
|
36 |
|
|
|
37 |
|
|
----------------------
|
38 |
|
|
"Consumer Configuration"
|
39 |
|
|
----------------------
|
40 |
|
|
Configuration of how a users ldap attributes will
|
41 |
|
|
determine a set of Consumer ids the user should be granted.
|
42 |
|
|
Represented by LdapAuthorizationConsumerConf and LdapAuthorizationConsumerConfAdmin classes
|
43 |
|
|
and managed at /admin/config/people/ldap/authorization. Stored in ldap_authorization database table.
|
44 |
|
|
|
45 |
|
|
---------------------
|
46 |
|
|
LDAP Server Configuration
|
47 |
|
|
---------------------
|
48 |
|
|
Each Consumer Configuration will use a single ldap server configuration to bind
|
49 |
|
|
and query ldap. The ldap server configuration is also used to map the drupal
|
50 |
|
|
username to an ldap user entry.
|
51 |
|
|
|
52 |
|
|
|
53 |
|
|
----------------------
|
54 |
|
|
LDAP Authorization data storage:
|
55 |
|
|
---------------------
|
56 |
|
|
|
57 |
|
|
Authorization data is stored in user->data array
|
58 |
|
|
|
59 |
|
|
such as:
|
60 |
|
|
|
61 |
|
|
$user->data = array(
|
62 |
|
|
'ldap_authorizations' => array(
|
63 |
|
|
'og_group' => array (
|
64 |
|
|
'3-2' => array (
|
65 |
|
|
'date_granted' => 1329105152,
|
66 |
|
|
),
|
67 |
|
|
'2-3' => array (
|
68 |
|
|
'date_granted' => 1329105152,
|
69 |
|
|
),
|
70 |
|
|
),
|
71 |
|
|
'drupal_role' => array (
|
72 |
|
|
'7' => array (
|
73 |
|
|
'date_granted' => 1329105152,
|
74 |
|
|
),
|
75 |
|
|
'5' => array (
|
76 |
|
|
'date_granted' => 1329105152,
|
77 |
|
|
),
|
78 |
|
|
),
|
79 |
|
|
); |