function load()
{
if ($saved = variable_get("ldap_authentication_conf", FALSE)) {
$this->inDatabase = TRUE;
foreach ($this->saveable as $property) {
if (isset($saved[$property])) {
$this->{$property} = $saved[$property];
}
}
foreach ($this->sids as $sid => $is_enabled) {
if ($is_enabled) {
$this->servers[$sid] = ldap_servers_get_servers($sid, 'enabled', TRUE);
}
}
} else {
$this->inDatabase = FALSE;
}
$this->ssoEnabled = module_exists('ldap_sso');
$this->apiPrefs['requireHttps'] = variable_get('ldap_servers_require_ssl_for_credentails', 1);
$this->apiPrefs['encryption'] = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
// determine account creation configuration
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
if ($this->acctCreation == LDAP_AUTHENTICATION_ACCT_CREATION_DEFAULT || $user_register == USER_REGISTER_VISITORS) {
$this->createLDAPAccounts = TRUE;
$this->createLDAPAccountsAdminApproval = FALSE;
} elseif ($user_register == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) {
$this->createLDAPAccounts = FALSE;
$this->createLDAPAccountsAdminApproval = TRUE;
} else {
$this->createLDAPAccounts = FALSE;
$this->createLDAPAccountsAdminApproval = FALSE;
}
}
function setFakeServerUserAttribute($sid, $dn, $attr_name, $attr_value, $i = 0)
{
$test_data = variable_get('ldap_test_server__' . $sid, array());
$test_data['entries'][$dn][$attr_name][$i] = $attr_value;
$test_data['ldap'][$dn][$attr_name][$i] = $attr_value;
variable_set('ldap_test_server__' . $sid, $test_data);
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE, TRUE);
// clear server cache;
}
public function __construct()
{
parent::__construct();
$this->setTranslatableProperties();
if ($servers = ldap_servers_get_servers(NULL, 'enabled')) {
foreach ($servers as $sid => $ldap_server) {
$enabled = $ldap_server->status ? 'Enabled' : 'Disabled';
$this->provisionServerOptions[$sid] = $ldap_server->name . ' (' . $ldap_server->address . ') Status: ' . $enabled;
}
}
$this->provisionServerOptions[LDAP_USER_NO_SERVER_SID] = t('None');
}
function setFakeServerUserAttribute($sid, $dn, $attr_name, $attr_value, $i = 0)
{
$attr_name = drupal_strtolower($attr_name);
$test_data = variable_get('ldap_test_server__' . $sid, array());
$test_data['entries'][$dn][$attr_name][$i] = $attr_value;
$count_set = (int) isset($test_data['entries'][$dn][$attr_name]['count']);
$test_data['entries'][$dn][$attr_name]['count'] = count($test_data['entries'][$dn][$attr_name]) - $count_set;
// don't count the 'count'
$test_data['ldap'][$dn][$attr_name][$i] = $attr_value;
$count_set = (int) isset($test_data['ldap'][$dn][$attr_name]['count']);
$test_data['ldap'][$dn][$attr_name]['count'] = count($test_data['ldap'][$dn][$attr_name]) - $count_set;
// don't count the 'count'
variable_set('ldap_test_server__' . $sid, $test_data);
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE, TRUE);
// clear server cache;
}
function load()
{
if ($saved = variable_get("ldap_group_conf", FALSE)) {
$this->inDatabase = TRUE;
foreach ($this->saveable as $property) {
if (isset($saved[$property])) {
$this->{$property} = $saved[$property];
}
}
} else {
$this->inDatabase = FALSE;
}
if ($this->ldapProvisionSid) {
$this->ldapProvisionServer = ldap_servers_get_servers($this->ldapProvisionSid, NULL, TRUE);
$this->groupObjectClass = $this->ldapProvisionServer->groupObjectClass;
}
}
function load()
{
if ($saved = variable_get("ldap_authentication_conf", FALSE)) {
$this->inDatabase = TRUE;
foreach ($this->saveable as $property) {
if (isset($saved[$property])) {
$this->{$property} = $saved[$property];
}
}
$this->enabledAuthenticationServers = array();
// reset in case reloading instantiated object
$enabled_ldap_servers = ldap_servers_get_servers(NULL, 'enabled');
foreach ($this->sids as $sid => $enabled) {
if ($enabled && isset($enabled_ldap_servers[$sid])) {
$this->enabledAuthenticationServers[$sid] = $enabled_ldap_servers[$sid];
}
}
} else {
$this->inDatabase = FALSE;
}
$this->ldapUser = new LdapUserConf();
$this->ssoEnabled = module_exists('ldap_sso');
$this->apiPrefs['requireHttps'] = variable_get('ldap_servers_require_ssl_for_credentails', 0);
$this->apiPrefs['encryption'] = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
}
/**
* Perform alterations of ldap attributes before query is made.
*
* To avoid excessive attributes in an ldap query, modules should
* alter attributes needed based on $op parameter
*
* @param array $attributes
* array of attributes to be returned from ldap queries where:
* - each key is ldap attribute name (e.g. mail, cn)
* - each value is associative array of form:
* - 'conversion' => NULL,
* - 'values' => array(0 => 'john', 1 => 'johnny'))
*
* @param array $params context array with some or all of the following key/values
* 'sid' => drupal account object,
* 'ldap_context' => ,
* 'direction' =>
*
*/
function hook_ldap_attributes_needed_alter(&$attributes, $params)
{
$attributes['dn'] = ldap_servers_set_attribute_map(@$attributes['dn'], 'ldap_dn');
if ($params['sid']) {
// puid attributes are server specific
$ldap_server = is_object($params['sid']) ? $params['sid'] : ldap_servers_get_servers($params['sid'], 'enabled', TRUE);
switch ($op) {
case 'user_insert':
case 'user_update':
if (!isset($attributes[$ldap_server->user_attr])) {
// don't provide attribute if it exists, unless you are adding data_type or value information
// in that case, don't overwrite the whole array (see $ldap_server->mail_attr example below)
$attributes[$ldap_server->user_attr] = ldap_servers_set_attribute_map();
}
if (!isset($attributes[$ldap_server->mail_attr])) {
$attributes[$ldap_server->mail_attr] = ldap_servers_set_attribute_map();
// set default values for an attribute, force data_type
}
ldap_servers_token_extract_attributes($attributes, $ldap_server_obj->mail_template);
$attributes[$ldap_server->unique_persistent_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->unique_persistent_attr]);
break;
}
}
}
public function drupalForm($op)
{
$form['#prefix'] = t('<p>Setup an LDAP query to be used by other modules such as LDAP Feeds, LDAP Provision, etc.</p>');
$form['basic'] = array('#type' => 'fieldset', '#title' => t('Basic LDAP Query Settings'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['query'] = array('#type' => 'fieldset', '#title' => t('Query'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['query_advanced'] = array('#type' => 'fieldset', '#title' => t('Advanced Query Settings'), '#collapsible' => TRUE, '#collapsed' => TRUE);
foreach ($this->fields() as $field_id => $field) {
$field_group = isset($field['form']['field_group']) ? $field['form']['field_group'] : FALSE;
if (isset($field['form'])) {
$form_item = $field['form'];
$form_item['#default_value'] = $this->{$field['property_name']};
if ($field_group) {
$form[$field_group][$field_id] = $form_item;
unset($form[$field_group][$field_id]['field_group']);
// sirrelevant to form api
} else {
$form[$field_id] = $form_item;
}
}
}
$form['basic']['qid']['#disabled'] = $op == 'edit';
$servers = ldap_servers_get_servers(NULL, 'enabled');
if (count($servers) == 0) {
drupal_set_message(t('No ldap servers configured. Please configure a server before an ldap query.'), 'error');
}
foreach ($servers as $sid => $server) {
$server_options[$sid] = $server->name;
}
$form['basic']['sid']['#options'] = $server_options;
$form['submit'] = array('#type' => 'submit', '#value' => t('Save Query'));
$action = $op == 'add' ? 'Add' : 'Update';
$form['submit'] = array('#type' => 'submit', '#value' => $action, '#weight' => 100);
return $form;
}
/**
* set ldap associations of a drupal account by altering user fields
*
* @param string $drupal_username
*
* @return boolean TRUE on success, FALSE on error or failure because of invalid user or ldap accounts
*
*/
function ldapAssociateDrupalAccount($drupal_username)
{
if ($this->drupalAcctProvisionServer) {
$prov_events = array(LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT);
$ldap_server = ldap_servers_get_servers($this->drupalAcctProvisionServer, 'enabled', TRUE);
// $ldap_user['sid']
$account = user_load_by_name($drupal_username);
$ldap_user = ldap_servers_get_user_ldap_data($drupal_username, $this->drupalAcctProvisionServer, 'ldap_user_prov_to_drupal');
if (!$account) {
watchdog('ldap_user', 'Failed to LDAP associate drupal account %drupal_username because account not found', array('%drupal_username' => $drupal_username), WATCHDOG_ERROR);
return FALSE;
} elseif (!$ldap_user) {
watchdog('ldap_user', 'Failed to LDAP associate drupal account %drupal_username because corresponding LDAP entry not found', array('%drupal_username' => $drupal_username), WATCHDOG_ERROR);
return FALSE;
} else {
$user_edit = array();
$user_edit['data']['ldap_user']['init'] = array('sid' => $ldap_user['sid'], 'dn' => $ldap_user['dn'], 'mail' => $account->mail);
$ldap_user_puid = $ldap_server->userPuidFromLdapEntry($ldap_user['attr']);
if ($ldap_user_puid) {
$user_edit['ldap_user_puid'][LANGUAGE_NONE][0]['value'] = $ldap_user_puid;
//
}
$user_edit['ldap_user_puid_property'][LANGUAGE_NONE][0]['value'] = $ldap_server->unique_persistent_attr;
$user_edit['ldap_user_puid_sid'][LANGUAGE_NONE][0]['value'] = $ldap_server->sid;
$user_edit['ldap_user_current_dn'][LANGUAGE_NONE][0]['value'] = $ldap_user['dn'];
$account = user_save($account, $user_edit, 'ldap_user');
return (bool) $account;
}
} else {
return FALSE;
}
}
/**
* validate object, not form
*/
public function validate()
{
$errors = array();
$enabled_servers = ldap_servers_get_servers(NULL, 'enabled');
if ($this->ssoEnabled) {
foreach ($this->sids as $sid) {
if ($enabled_servers[$sid]->bind_method == LDAP_SERVERS_BIND_METHOD_USER || $enabled_servers[$sid]->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
$methods = array(LDAP_SERVERS_BIND_METHOD_USER => 'Bind with Users Credentials', LDAP_SERVERS_BIND_METHOD_ANON_USER => 'Anonymous Bind for search, then Bind with Users Credentials');
$tokens = array('!edit' => l($enabled_servers[$sid]->name, LDAP_SERVERS_INDEX_BASE_PATH . '/edit/' . $sid), '%sid' => $sid, '%bind_method' => $methods[$enabled_servers[$sid]->bind_method]);
$errors['ssoEnabled'] = t('Single Sign On is not valid with the server !edit (id=%sid) because that server configuration uses %bind_method. Since the user\'s credentials are never available to this module with single sign on enabled, there is no way for the ldap module to bind to the ldap server with credentials.', $tokens);
}
}
}
return $errors;
}
/**
* generate admin form for ldapUserConf object
*
* @return array $form as drupal form api form array
*/
public function drupalForm()
{
if (count($this->drupalAcctProvisionServerOptions) == 0) {
$message = ldap_servers_no_enabled_servers_msg('configure LDAP User');
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP User Settings</h1>') . $message);
return $form;
}
$form['#storage'] = array();
$form['#theme'] = 'ldap_user_conf_form';
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP User Settings</h1>'));
$form['manual_drupal_account_editing'] = array('#type' => 'fieldset', '#title' => t('Manual Drupal Account Creation and Updates'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['manual_drupal_account_editing']['manualAccountConflict'] = array('#type' => 'radios', '#options' => $this->manualAccountConflictOptions, '#title' => t('How to resolve LDAP conflicts with manually created Drupal accounts.'), '#description' => t('This applies only to accounts created manually through admin/people/create
for which an LDAP entry can be found on the LDAP server selected in "LDAP Servers Providing Provisioning Data"'), '#default_value' => $this->manualAccountConflict);
$form['basic_to_drupal'] = array('#type' => 'fieldset', '#title' => t('Basic Provisioning to Drupal Account Settings'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$default_value = $this->drupalAcctProvisionServer ? $this->drupalAcctProvisionServer : 'none';
$form['basic_to_drupal']['drupalAcctProvisionServer'] = array('#type' => 'radios', '#title' => t('LDAP Servers Providing Provisioning Data'), '#required' => 1, '#default_value' => $default_value, '#options' => $this->drupalAcctProvisionServerOptions, '#description' => $this->drupalAcctProvisionServerDescription, '#states' => array('enabled' => array(':input[name=drupalAcctProvisionTriggers]' => array('value' => LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE))));
$form['basic_to_drupal']['drupalAcctProvisionTriggers'] = array('#type' => 'checkboxes', '#title' => t('Drupal Account Provisioning Events'), '#required' => FALSE, '#default_value' => $this->drupalAcctProvisionTriggers, '#options' => $this->drupalAccountProvisionEventsOptions, '#description' => $this->drupalAccountProvisionEventsDescription);
$form['basic_to_drupal']['disableAdminPasswordField'] = array('#type' => 'checkbox', '#title' => t('Disable the password fields at /admin/create/people since the password is going to be randomly generated anyway. This is useful if you are synching data to Drupal from LDAP, and not bringing the user password from LDAP.'), '#default_value' => $this->disableAdminPasswordField);
$form['basic_to_drupal']['userConflictResolve'] = array('#type' => 'radios', '#title' => t('Existing Drupal User Account Conflict'), '#required' => 1, '#default_value' => $this->userConflictResolve, '#options' => $this->userConflictOptions, '#description' => t($this->userConflictResolveDescription));
$form['basic_to_drupal']['acctCreation'] = array('#type' => 'radios', '#title' => t('Application of Drupal Account settings to LDAP Authenticated Users'), '#required' => 1, '#default_value' => $this->acctCreation, '#options' => $this->acctCreationOptions, '#description' => t($this->acctCreationDescription));
$account_options = array();
$account_options['ldap_user_orphan_do_not_check'] = t('Do not check for orphaned Drupal accounts.');
$account_options['ldap_user_orphan_email'] = t('Perform no action, but email list of orphaned accounts. (All the other options will send email summaries also.)');
foreach (user_cancel_methods() as $option_name => $option) {
$account_options[$option_name] = $option['#title'];
}
//@todo these 2 options are removed until this feature is better tested in
// actual production environments; it has potentially disastrous effects
unset($account_options['user_cancel_reassign']);
unset($account_options['user_cancel_delete']);
$form['basic_to_drupal']['orphanedDrupalAcctBehavior'] = array('#type' => 'radios', '#title' => t('Action to perform on Drupal account that no longer have a
corresponding LDAP entry'), '#required' => 0, '#default_value' => $this->orphanedDrupalAcctBehavior, '#options' => $account_options, '#description' => t($this->orphanedDrupalAcctBehaviorDescription));
$form['basic_to_drupal']['orphanedCheckQty'] = array('#type' => 'textfield', '#size' => 10, '#title' => t('Number of users to check each cron run.'), '#description' => t(''), '#default_value' => $this->orphanedCheckQty, '#required' => FALSE);
$form['basic_to_ldap'] = array('#type' => 'fieldset', '#title' => t('Basic Provisioning to LDAP Settings'), '#collapsible' => TRUE, '#collapsed' => !$this->ldapEntryProvisionServer);
$default_value = $this->ldapEntryProvisionServer ? $this->ldapEntryProvisionServer : 'none';
$form['basic_to_ldap']['ldapEntryProvisionServer'] = array('#type' => 'radios', '#title' => t('LDAP Servers to Provision LDAP Entries on'), '#required' => 1, '#default_value' => $default_value, '#options' => $this->ldapEntryProvisionServerOptions, '#description' => $this->ldapEntryProvisionServerDescription);
$form['basic_to_ldap']['ldapEntryProvisionTriggers'] = array('#type' => 'checkboxes', '#title' => t('LDAP Entry Provisioning Events'), '#required' => FALSE, '#default_value' => $this->ldapEntryProvisionTriggers, '#options' => $this->ldapEntryProvisionTriggersOptions, '#description' => $this->ldapEntryProvisionTriggersDescription);
/**
$form['ws'] = array(
'#type' => 'fieldset',
'#title' => t('[Untested and Unfinished Code] REST Webservice for Provisioning and Synching.'),
'#collapsible' => TRUE,
'#collapsed' => !$this->wsEnabled,
'#description' => t('Once configured, this webservice can be used to trigger creation, synching, deletion, etc of an LDAP associated Drupal account.'),
);
$form['ws']['wsEnabled'] = array(
'#type' => 'checkbox',
'#title' => t('Enable REST Webservice'),
'#required' => FALSE,
'#default_value' => $this->wsEnabled,
);
$form['ws']['wsUserIps'] = array(
'#type' => 'textarea',
'#title' => t('Allowed IP Addresses to request webservice.'),
'#required' => FALSE,
'#default_value' => join("\n", $this->wsUserIps),
'#description' => t('One Per Line. The current server address is LOCAL_ADDR and the client ip requesting this page is REMOTE_ADDR .', $_SERVER),
'#cols' => 20,
'#rows' => 2,
'#states' => array(
'visible' => array( // action to take.
':input[name="wsEnabled"]' => array('checked' => TRUE),
),
),
);
if (!$this->wsKey) {
$urls = t('URLs are not available until a key is create a key and urls will be generated');
}
else {
$urls = theme('item_list',
array(
'items' => ldap_user_ws_urls_item_list(),
'title' => 'REST urls',
'type' => 'ul',
));
}
$form['ws']['wsKey'] = array(
'#type' => 'textfield',
'#title' => t('Key for webservice'),
'#required' => FALSE,
'#default_value' => $this->wsKey,
'#description' => t('Any random string of characters.') . $urls,
'#states' => array(
'visible' => array( // action to take.
':input[name="wsEnabled"]' => array('checked' => TRUE),
),
),
);
*/
$form['server_mapping_preamble'] = array('#type' => 'markup', '#markup' => t('
The relationship between a Drupal user and an LDAP entry is defined within the LDAP server configurations.
The mappings below are for user fields, properties, and profile2 data that are not automatically mapped elsewhere.
Mappings such as username or email address that are configured elsewhere are shown at the top for clarity.
When more than one ldap server is enabled for provisioning data (or simply more than one configuration for the same ldap server),
mappings need to be setup for each server. If no tables are listed below, you have not enabled any provisioning servers at
the top of this form.
'));
foreach (array(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) as $direction) {
$sid = $this->provisionSidFromDirection[$direction];
$ldap_server = $sid ? ldap_servers_get_servers($sid, NULL, TRUE) : FALSE;
$ldap_server_selected = (bool) $ldap_server;
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
$parent_fieldset = 'basic_to_drupal';
$description = t('Provisioning from LDAP to Drupal Mappings:');
} elseif ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
$parent_fieldset = 'basic_to_ldap';
$description = t('Provisioning from Drupal to LDAP Mappings:');
}
$form[$parent_fieldset]['mappings__' . $direction] = array('#type' => 'fieldset', '#title' => $description, '#collapsible' => TRUE, '#collapsed' => FALSE, '#description' => '', 'table__' . $direction => array('#type' => 'markup', '#markup' => '[replace_with_table__' . $direction . ']'));
$password_notes = '<h3>' . t('Password Tokens') . '</h3><ul>' . '<li>' . t('Pwd: Random -- Uses a random Drupal generated password') . '</li>' . '<li>' . t('Pwd: User or Random -- Uses password supplied on user forms.
If none available uses random password.') . '</li></ul>' . '<h3>' . t('Password Concerns') . '</h3>' . '<ul>' . '<li>' . t('Provisioning passwords to LDAP means passwords must meet the LDAP\'s
password requirements. Password Policy module can be used to add requirements.') . '</li>' . '<li>' . t('Some LDAPs require a user to reset their password if it has been changed
by someone other that user. Consider this when provisioning LDAP passwords.') . '</li>' . '</ul></p>';
$source_drupal_token_notes = <<<EOT
<p>Examples in form: Source Drupal User token => Target LDAP Token (notes)</p>
<ul>
<li>Source Drupal User token => Target LDAP Token</li>
<li>cn=[property.name],ou=test,dc=ad,dc=mycollege,dc=edu => [dn] (example of token and constants)</li>
<li>top => [objectclass:0] (example of constants mapped to multivalued attribute)</li>
<li>person => [objectclass:1] (example of constants mapped to multivalued attribute)</li>
<li>organizationalPerson => [objectclass:2] (example of constants mapped to multivalued attribute)</li>
<li>user => [objectclass:3] (example of constants mapped to multivalued attribute)</li>
<li>Drupal Provisioned LDAP Account => [description] (example of constant)</li>
<li>[field.field_lname] => [sn]</li>
</ul>
EOT;
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
// add some password notes
$form[$parent_fieldset]['password_notes'] = array('#type' => 'fieldset', '#title' => t('Password Notes'), '#collapsible' => TRUE, '#collapsed' => TRUE, 'directions' => array('#type' => 'markup', '#markup' => $password_notes));
$form[$parent_fieldset]['source_drupal_token_notes'] = array('#type' => 'fieldset', '#title' => t('Source Drupal User Tokens and Corresponding Target LDAP Tokens'), '#collapsible' => TRUE, '#collapsed' => TRUE, 'directions' => array('#type' => 'markup', '#markup' => $source_drupal_token_notes));
}
$this->addServerMappingFields($form, $direction);
}
foreach (array('orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) as $input_name) {
$form['basic_to_drupal'][$input_name]['#states']['invisible'] = array(':input[name=drupalAcctProvisionServer]' => array('value' => 'none'));
}
foreach (array('ldapEntryProvisionTriggers', 'password_notes', 'source_drupal_token_notes', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) as $input_name) {
$form['basic_to_ldap'][$input_name]['#states']['invisible'] = array(':input[name=ldapEntryProvisionServer]' => array('value' => 'none'));
}
$form['submit'] = array('#type' => 'submit', '#value' => 'Save');
return $form;
}
protected function loadFromDb()
{
if (module_exists('ctools')) {
ctools_include('export');
$result = ctools_export_load_object('ldap_authorization', 'names', array($this->consumerType));
// @todo, this is technically wrong, but I don't quite grok what we're doing in the non-ctools case - justintime
$consumer_conf = array_pop($result);
// There's no ctools api call to get the reserved properties, so instead of hardcoding a list of them
// here, we just grab everything. Basically, we sacrifice a few bytes of RAM for forward-compatibility.
} else {
$select = db_select('ldap_authorization', 'ldap_authorization');
$select->fields('ldap_authorization');
$select->condition('ldap_authorization.consumer_type', $this->consumerType);
$consumer_conf = $select->execute()->fetchObject();
}
if (!$consumer_conf) {
$this->inDatabase = FALSE;
return;
}
$this->sid = $consumer_conf->sid;
$this->consumerType = $consumer_conf->consumer_type;
$this->numericConsumerConfId = isset($consumer_conf->numeric_consumer_conf_id) ? $consumer_conf->numeric_consumer_conf_id : NULL;
$this->status = $consumer_conf->status ? 1 : 0;
$this->onlyApplyToLdapAuthenticated = (bool) @$consumer_conf->only_ldap_authenticated;
$this->useFirstAttrAsGroupId = (bool) @$consumer_conf->useFirstAttrAsGroupId;
$this->searchAll = (bool) @$consumer_conf->searchAll;
$this->mappings = $this->pipeListToArray($consumer_conf->mappings, FALSE);
$this->useMappingsAsFilter = (bool) @$consumer_conf->use_filter;
$this->synchToLdap = (bool) @$consumer_conf->synch_to_ldap;
$this->synchOnLogon = (bool) @$consumer_conf->synch_on_logon;
$this->regrantLdapProvisioned = (bool) @$consumer_conf->regrant_ldap_provisioned;
$this->revokeLdapProvisioned = (bool) @$consumer_conf->revoke_ldap_provisioned;
$this->createConsumers = (bool) @$consumer_conf->create_consumers;
$this->server = ldap_servers_get_servers($this->sid, NULL, TRUE);
}
protected function loadFromDb()
{
if (module_exists('ctools')) {
ctools_include('export');
$result = ctools_export_load_object('ldap_authorization', 'names', array($this->consumerType));
// @todo, this is technically wrong, but I don't quite grok what we're doing in the non-ctools case - justintime
$server_record = array_pop($result);
// There's no ctools api call to get the reserved properties, so instead of hardcoding a list of them
// here, we just grab everything. Basically, we sacrifice a few bytes of RAM for forward-compatibility.
} else {
$select = db_select('ldap_authorization', 'ldap_authorization');
$select->fields('ldap_authorization');
$select->condition('ldap_authorization.consumer_type', $this->consumerType);
$server_record = $select->execute()->fetchObject();
}
if (!$server_record) {
$this->inDatabase = FALSE;
return FALSE;
}
foreach ($this->field_to_properties_map() as $db_field_name => $property_name) {
if (isset($server_record->{$db_field_name})) {
if (in_array($db_field_name, $this->field_to_properties_serialized())) {
$this->{$property_name} = unserialize($server_record->{$db_field_name});
} else {
$this->{$property_name} = $server_record->{$db_field_name};
}
}
}
$this->numericConsumerConfId = isset($server_record->numeric_consumer_conf_id) ? $server_record->numeric_consumer_conf_id : NULL;
$this->server = ldap_servers_get_servers($this->sid, NULL, TRUE);
return TRUE;
// $this->sid = $consumer_conf->sid;
// $this->consumerType = $consumer_conf->consumer_type;
// $this->status = ($consumer_conf->status) ? 1 : 0;
// $this->onlyApplyToLdapAuthenticated = (@$consumer_conf->only_ldap_authenticated);
// $this->useFirstAttrAsGroupId = (@$consumer_conf->use_first_attr_as_groupid);
// $this->mappings = unserialize($consumer_conf->mappings);
// dpm($this->mappings); dpm($consumer_conf->mappings);
// $this->useMappingsAsFilter = (@$consumer_conf->use_filter);
// $this->synchToLdap = (@$consumer_conf->synch_to_ldap);
// $this->synchOnLogon = (@$consumer_conf->synch_on_logon);
// $this->regrantLdapProvisioned = (@$consumer_conf->regrant_ldap_provisioned);
// $this->revokeLdapProvisioned = (@$consumer_conf->revoke_ldap_provisioned);
// $this->createConsumers = (@$consumer_conf->create_consumers);
}
protected function loadFromDb()
{
if (module_exists('ctools')) {
ctools_include('export');
$result = ctools_export_load_object('ldap_authorization', 'names', array($this->consumerType));
// @todo, this is technically wrong, but I don't quite grok what we're doing in the non-ctools case - justintime
$server_record = array_pop($result);
// There's no ctools api call to get the reserved properties, so instead of hardcoding a list of them
// here, we just grab everything. Basically, we sacrifice a few bytes of RAM for forward-compatibility.
} else {
$select = db_select('ldap_authorization', 'ldap_authorization');
$select->fields('ldap_authorization');
$select->condition('ldap_authorization.consumer_type', $this->consumerType);
$server_record = $select->execute()->fetchObject();
}
if (!$server_record) {
$this->inDatabase = FALSE;
return FALSE;
}
foreach ($this->field_to_properties_map() as $db_field_name => $property_name) {
if (isset($server_record->{$db_field_name})) {
if (in_array($db_field_name, $this->field_to_properties_serialized())) {
$this->{$property_name} = unserialize($server_record->{$db_field_name});
} else {
$this->{$property_name} = $server_record->{$db_field_name};
}
}
}
$this->numericConsumerConfId = isset($server_record->numeric_consumer_conf_id) ? $server_record->numeric_consumer_conf_id : NULL;
$this->server = ldap_servers_get_servers($this->sid, NULL, TRUE);
return TRUE;
}
public function drupalForm($accounts = array())
{
if (count($this->servers) == 0) {
$message = ldap_servers_no_enabled_servers_msg('configure LDAP Profiles');
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Profile Settings</h1>') . $message);
return $form;
}
// grabs field information for a user account
$fields = field_info_instances('user', 'user');
$profileFields = array();
foreach ($fields as $key => $field) {
$profileFields[$key] = $field['label'];
}
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Profile Settings</h1>'));
$form['defaultMaps'] = array('#type' => 'fieldset', '#title' => 'Profile Fields Already Mapped to Ldap Fields', '#collapsible' => FALSE, '#collapsed' => false, '#tree' => true);
$user_attr = array();
$mail_attr = array();
$servers = ldap_servers_get_servers('', 'enabled');
foreach ($servers as $key => $server) {
$user_attr[] = $server->user_attr;
$mail_attr[] = $server->mail_attr;
}
$user_attr_display = count($user_attr) ? join(', ', $user_attr) : 'No Value Set';
$mail_attr_display = count($mail_attr) ? join(', ', $mail_attr) : 'No Value Set';
$form['defaultMaps']['username'] = array('#type' => 'textfield', '#title' => 'UserName', '#default_value' => $user_attr_display, '#disabled' => true, '#description' => 'This must be altered in the ldap server configuration page');
$form['defaultMaps']['mail'] = array('#type' => 'textfield', '#title' => 'Email', '#default_value' => $mail_attr_display, '#disabled' => true, '#description' => 'This must be altered in the ldap server configuration page');
if (count($this->servers)) {
$form['tokens'] = array('#type' => 'fieldset', '#title' => 'Sample User Values and Tokens', '#collapsible' => TRUE, '#collapsed' => TRUE, '#description' => t('Below is a list of attributes for sample users for a given server.
These may be used in the mappings below. Singular attributes such as cn can be expressed
as [cn] or cn. This will be empty if the server does not have a sample user or
uses a binding method other than service account or anonymous.'));
require_once drupal_get_path('module', 'ldap_servers') . '/ldap_servers.functions.inc';
foreach ($this->servers as $sid => $server) {
if ($markup = ldap_servers_show_sample_user_tokens($sid)) {
$form['tokens'][$sid] = array('#type' => 'item', '#markup' => $markup);
}
}
}
$form['mapping'] = array('#type' => 'fieldset', '#title' => t('Profile Fields that need Mapped to Ldap Fields'), '#collapsible' => FALSE, '#collapsed' => FALSE, '#tree' => true);
if (count($profileFields) == 0) {
$form['mapping']['no_mappings'] = array('#type' => 'item', '#title' => t('No custom User Fields Available'), '#markup' => t('Additional fields must be created on the user
for mapping to work. User fields are managed at: ') . l('admin/config/people/accounts/fields', 'admin/config/people/accounts/fields'));
} else {
foreach ($profileFields as $field => $label) {
$mapping = $this->mapping;
$derivedMapping = $this->derivedMapping;
if (!empty($mapping) && array_key_exists($field, $mapping)) {
$default = $mapping[$field];
} else {
$default = '';
}
$form['mapping'][$field] = array('#type' => 'fieldset', '#title' => $label . t(' Profile Field to LDAP Field Mapping'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['mapping'][$field]['ldap'] = array('#type' => 'textfield', '#title' => $label, '#default_value' => $default);
if (!empty($derivedMapping) && array_key_exists($field, $derivedMapping) && array_key_exists('derive', $derivedMapping[$field])) {
$default = $derivedMapping[$field]['derive'];
} else {
$default = '';
}
$form['mapping'][$field]['derive'] = array('#type' => 'checkbox', '#title' => t('Derive from DN Search'), '#default_value' => $default);
if (!empty($derivedMapping) && array_key_exists($field, $derivedMapping) && array_key_exists('derive_value', $derivedMapping[$field])) {
$default = $derivedMapping[$field]['derive_value'];
} else {
$default = '';
}
$form['mapping'][$field]['derive_value'] = array('#type' => 'textfield', '#title' => t('LDAP Field to Derive from'), '#default_value' => $default);
}
}
$form['submit'] = array('#type' => 'submit', '#value' => 'Update');
return $form;
}
function __construct()
{
$this->servers = ldap_servers_get_servers(NULL, 'enabled');
$this->load();
}
