/**
* Util to fetch attributes required for this user conf, not other modules.
*
* @param enum $direction LDAP_USER_PROV_DIRECTION_* constants
* @param string $ldap_context
*
*/
public function getLdapUserRequiredAttributes($direction = LDAP_USER_PROV_DIRECTION_ALL, $ldap_context = NULL)
{
$attributes_map = array();
$required_attributes = array();
if ($this->drupalAcctProvisionServer) {
$prov_events = $this->ldapContextToProvEvents($ldap_context);
$attributes_map = $this->getSynchMappings($direction, $prov_events);
$required_attributes = array();
foreach ($attributes_map as $detail) {
if (count(array_intersect($prov_events, $detail['prov_events']))) {
// Add the attribute to our array.
if ($detail['ldap_attr']) {
ldap_servers_token_extract_attributes($required_attributes, $detail['ldap_attr']);
}
}
}
}
return $required_attributes;
}
/**
* Perform alterations of ldap attributes before query is made.
*
* To avoid excessive attributes in an ldap query, modules should
* alter attributes needed based on $op parameter
*
* @param array $attributes
* array of attributes to be returned from ldap queries where:
* - each key is ldap attribute name (e.g. mail, cn)
* - each value is associative array of form:
* - 'conversion' => NULL,
* - 'values' => array(0 => 'john', 1 => 'johnny'))
*
* @param array $params context array with some or all of the following key/values
* 'sid' => drupal account object,
* 'ldap_context' => ,
* 'direction' =>
*
*/
function hook_ldap_attributes_needed_alter(&$attributes, $params)
{
$attributes['dn'] = ldap_servers_set_attribute_map(@$attributes['dn'], 'ldap_dn');
if ($params['sid']) {
// puid attributes are server specific
$ldap_server = is_object($params['sid']) ? $params['sid'] : ldap_servers_get_servers($params['sid'], 'enabled', TRUE);
switch ($op) {
case 'user_insert':
case 'user_update':
if (!isset($attributes[$ldap_server->user_attr])) {
// don't provide attribute if it exists, unless you are adding data_type or value information
// in that case, don't overwrite the whole array (see $ldap_server->mail_attr example below)
$attributes[$ldap_server->user_attr] = ldap_servers_set_attribute_map();
}
if (!isset($attributes[$ldap_server->mail_attr])) {
$attributes[$ldap_server->mail_attr] = ldap_servers_set_attribute_map();
// set default values for an attribute, force data_type
}
ldap_servers_token_extract_attributes($attributes, $ldap_server_obj->mail_template);
$attributes[$ldap_server->unique_persistent_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->unique_persistent_attr]);
break;
}
}
}
/**
* validate object, not form
* @param array $values as $form_state['values'] from drupal form api
* @return array in form array($errors, $warnings)to be thrown by form api
*
* @todo validate that a user field exists, such as field.field_user_lname
*
*/
public function validate($values)
{
$errors = array();
$warnings = array();
$tokens = array();
$has_drupal_acct_prov_servers = (bool) $this->drupalAcctProvisionServer;
$has_drupal_acct_prov_settings_options = count(array_filter($this->drupalAcctProvisionTriggers)) > 0;
if (!$has_drupal_acct_prov_servers && $has_drupal_acct_prov_settings_options) {
$warnings['drupalAcctProvisionServer'] = t('No Servers are enabled to provide provisioning to Drupal, but Drupal Account Provisioning Options are selected.', $tokens);
}
if ($has_drupal_acct_prov_servers && !$has_drupal_acct_prov_settings_options) {
$warnings['drupalAcctProvisionTriggers'] = t('Servers are enabled to provide provisioning to Drupal, but no Drupal Account Provisioning Options are selected. This will result in no synching happening.', $tokens);
}
$has_ldap_prov_servers = (bool) $this->ldapEntryProvisionServer;
$has_ldap_prov_settings_options = count(array_filter($this->ldapEntryProvisionTriggers)) > 0;
if (!$has_ldap_prov_servers && $has_ldap_prov_settings_options) {
$warnings['ldapEntryProvisionServer'] = t('No Servers are enabled to provide provisioning to ldap, but LDAP Entry Options are selected.', $tokens);
}
if ($has_ldap_prov_servers && !$has_ldap_prov_settings_options) {
$warnings['ldapEntryProvisionTriggers'] = t('Servers are enabled to provide provisioning to ldap, but no LDAP Entry Options are selected. This will result in no synching happening.', $tokens);
}
if (isset($this->ldapUserSynchMappings)) {
$to_ldap_entries_mappings_exist = FALSE;
foreach ($this->ldapUserSynchMappings as $synch_direction => $mappings) {
$map_index = array();
$tokens = array();
// array('%sid' => $sid);
$to_drupal_user_mappings_exist = FALSE;
$to_ldap_entries_mappings_exist = FALSE;
foreach ($mappings as $target_attr => $mapping) {
if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
$attr_value = $mapping['user_attr'];
$attr_name = 'user_attr';
}
if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
$attr_value = $mapping['ldap_attr'];
$attr_name = 'ldap_attr';
}
foreach ($values as $field => $value) {
$parts = explode('__', $field);
if (count($parts) == 4 && $parts[2] == $attr_name && $value == $attr_value) {
$map_index[$attr_value] = $parts[3];
}
}
}
foreach ($mappings as $target_attr => $mapping) {
foreach ($mapping as $key => $value) {
if (is_scalar($value)) {
$tokens['%' . $key] = $value;
}
}
$row_descriptor = t("server %sid row mapping to ldap attribute %ldap_attr", $tokens);
$tokens['!row_descriptor'] = $row_descriptor;
$ldap_attribute_maps_in_token = array();
// debug('calling ldap_servers_token_extract_attributes from validate, mapping='); debug($mapping['ldap_attr']);
ldap_servers_token_extract_attributes($ldap_attribute_maps_in_token, $mapping['ldap_attr']);
if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
$row_id = $map_index[$mapping['user_attr']];
$to_drupal_user_mappings_exist = TRUE;
// if (!$is_drupal_user_prov_server) {
// $errors['mappings__'. $sid] = t('Mapping rows exist for provisioning to drupal user, but server %sid is not enabled for provisioning
// to drupal users.', $tokens);
// }
}
if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
$row_id = $map_index[$mapping['ldap_attr']];
$to_ldap_entries_mappings_exist = TRUE;
// if (!$is_ldap_entry_prov_server) {
// $errors['mappings__'. $sid] = t('Mapping rows exist for provisioning to ldap entries,
// but server %sid is not enabled for provisioning
// to ldap entries.', $tokens);
// }
if (count(array_keys($ldap_attribute_maps_in_token)) != 1) {
$token_field_id = join('__', array('sm', 'user_tokens', $row_id));
$errors[$token_field_id] = t('When provisioning to ldap, ldap attribute column must be singular token such as [cn]. %ldap_attr is not.
Do not use compound tokens such as "[displayName] [sn]" or literals such as "physics". Location: !row_descriptor', $tokens);
}
}
$ldap_attr_field_id = join('__', array('sm', 'ldap_attr', $row_id));
$user_attr_field_id = join('__', array('sm', 'user_attr', $row_id));
$first_context_field_id = join('__', array('sm', 1, $row_id));
$user_tokens_field_id = join('__', array('sm', 'user_tokens', $row_id));
if (!$mapping['ldap_attr']) {
$errors[$ldap_attr_field_id] = t('No LDAP Attribute given in !row_descriptor', $tokens);
}
if ($mapping['user_attr'] == 'user_tokens' && !$mapping['user_tokens']) {
$errors[$user_tokens_field_id] = t('User tokens selected in !row_descriptor, but user tokens column empty.', $tokens);
}
if (isset($mapping['prov_events']) && count($mapping['prov_events']) == 0) {
$warnings[$first_context_field_id] = t('No synchronization events checked in !row_descriptor.
This field will not be synchronized until some are checked.', $tokens);
}
}
}
if ($to_ldap_entries_mappings_exist && !isset($mappings['[dn]'])) {
$errors['mappings__' . $synch_direction] = t('Mapping rows exist for provisioning to ldap, but no ldap attribute is targetted for [dn].
One row must map to [dn]. This row will have a user token like cn=[property.name],ou=users,dc=ldap,dc=mycompany,dc=com');
}
}
return array($errors, $warnings);
}
