/** * Util to fetch attributes required for this user conf, not other modules. * * @param enum $direction LDAP_USER_PROV_DIRECTION_* constants * @param string $ldap_context * */ public function getLdapUserRequiredAttributes($direction = LDAP_USER_PROV_DIRECTION_ALL, $ldap_context = NULL) { $attributes_map = array(); $required_attributes = array(); if ($this->drupalAcctProvisionServer) { $prov_events = $this->ldapContextToProvEvents($ldap_context); $attributes_map = $this->getSynchMappings($direction, $prov_events); $required_attributes = array(); foreach ($attributes_map as $detail) { if (count(array_intersect($prov_events, $detail['prov_events']))) { // Add the attribute to our array. if ($detail['ldap_attr']) { ldap_servers_token_extract_attributes($required_attributes, $detail['ldap_attr']); } } } } return $required_attributes; }
/** * Perform alterations of ldap attributes before query is made. * * To avoid excessive attributes in an ldap query, modules should * alter attributes needed based on $op parameter * * @param array $attributes * array of attributes to be returned from ldap queries where: * - each key is ldap attribute name (e.g. mail, cn) * - each value is associative array of form: * - 'conversion' => NULL, * - 'values' => array(0 => 'john', 1 => 'johnny')) * * @param array $params context array with some or all of the following key/values * 'sid' => drupal account object, * 'ldap_context' => , * 'direction' => * */ function hook_ldap_attributes_needed_alter(&$attributes, $params) { $attributes['dn'] = ldap_servers_set_attribute_map(@$attributes['dn'], 'ldap_dn'); if ($params['sid']) { // puid attributes are server specific $ldap_server = is_object($params['sid']) ? $params['sid'] : ldap_servers_get_servers($params['sid'], 'enabled', TRUE); switch ($op) { case 'user_insert': case 'user_update': if (!isset($attributes[$ldap_server->user_attr])) { // don't provide attribute if it exists, unless you are adding data_type or value information // in that case, don't overwrite the whole array (see $ldap_server->mail_attr example below) $attributes[$ldap_server->user_attr] = ldap_servers_set_attribute_map(); } if (!isset($attributes[$ldap_server->mail_attr])) { $attributes[$ldap_server->mail_attr] = ldap_servers_set_attribute_map(); // set default values for an attribute, force data_type } ldap_servers_token_extract_attributes($attributes, $ldap_server_obj->mail_template); $attributes[$ldap_server->unique_persistent_attr] = ldap_servers_set_attribute_map(@$attributes[$ldap_server->unique_persistent_attr]); break; } } }
/** * validate object, not form * @param array $values as $form_state['values'] from drupal form api * @return array in form array($errors, $warnings)to be thrown by form api * * @todo validate that a user field exists, such as field.field_user_lname * */ public function validate($values) { $errors = array(); $warnings = array(); $tokens = array(); $has_drupal_acct_prov_servers = (bool) $this->drupalAcctProvisionServer; $has_drupal_acct_prov_settings_options = count(array_filter($this->drupalAcctProvisionTriggers)) > 0; if (!$has_drupal_acct_prov_servers && $has_drupal_acct_prov_settings_options) { $warnings['drupalAcctProvisionServer'] = t('No Servers are enabled to provide provisioning to Drupal, but Drupal Account Provisioning Options are selected.', $tokens); } if ($has_drupal_acct_prov_servers && !$has_drupal_acct_prov_settings_options) { $warnings['drupalAcctProvisionTriggers'] = t('Servers are enabled to provide provisioning to Drupal, but no Drupal Account Provisioning Options are selected. This will result in no synching happening.', $tokens); } $has_ldap_prov_servers = (bool) $this->ldapEntryProvisionServer; $has_ldap_prov_settings_options = count(array_filter($this->ldapEntryProvisionTriggers)) > 0; if (!$has_ldap_prov_servers && $has_ldap_prov_settings_options) { $warnings['ldapEntryProvisionServer'] = t('No Servers are enabled to provide provisioning to ldap, but LDAP Entry Options are selected.', $tokens); } if ($has_ldap_prov_servers && !$has_ldap_prov_settings_options) { $warnings['ldapEntryProvisionTriggers'] = t('Servers are enabled to provide provisioning to ldap, but no LDAP Entry Options are selected. This will result in no synching happening.', $tokens); } if (isset($this->ldapUserSynchMappings)) { $to_ldap_entries_mappings_exist = FALSE; foreach ($this->ldapUserSynchMappings as $synch_direction => $mappings) { $map_index = array(); $tokens = array(); // array('%sid' => $sid); $to_drupal_user_mappings_exist = FALSE; $to_ldap_entries_mappings_exist = FALSE; foreach ($mappings as $target_attr => $mapping) { if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) { $attr_value = $mapping['user_attr']; $attr_name = 'user_attr'; } if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { $attr_value = $mapping['ldap_attr']; $attr_name = 'ldap_attr'; } foreach ($values as $field => $value) { $parts = explode('__', $field); if (count($parts) == 4 && $parts[2] == $attr_name && $value == $attr_value) { $map_index[$attr_value] = $parts[3]; } } } foreach ($mappings as $target_attr => $mapping) { foreach ($mapping as $key => $value) { if (is_scalar($value)) { $tokens['%' . $key] = $value; } } $row_descriptor = t("server %sid row mapping to ldap attribute %ldap_attr", $tokens); $tokens['!row_descriptor'] = $row_descriptor; $ldap_attribute_maps_in_token = array(); // debug('calling ldap_servers_token_extract_attributes from validate, mapping='); debug($mapping['ldap_attr']); ldap_servers_token_extract_attributes($ldap_attribute_maps_in_token, $mapping['ldap_attr']); if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) { $row_id = $map_index[$mapping['user_attr']]; $to_drupal_user_mappings_exist = TRUE; // if (!$is_drupal_user_prov_server) { // $errors['mappings__'. $sid] = t('Mapping rows exist for provisioning to drupal user, but server %sid is not enabled for provisioning // to drupal users.', $tokens); // } } if ($mapping['direction'] == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) { $row_id = $map_index[$mapping['ldap_attr']]; $to_ldap_entries_mappings_exist = TRUE; // if (!$is_ldap_entry_prov_server) { // $errors['mappings__'. $sid] = t('Mapping rows exist for provisioning to ldap entries, // but server %sid is not enabled for provisioning // to ldap entries.', $tokens); // } if (count(array_keys($ldap_attribute_maps_in_token)) != 1) { $token_field_id = join('__', array('sm', 'user_tokens', $row_id)); $errors[$token_field_id] = t('When provisioning to ldap, ldap attribute column must be singular token such as [cn]. %ldap_attr is not. Do not use compound tokens such as "[displayName] [sn]" or literals such as "physics". Location: !row_descriptor', $tokens); } } $ldap_attr_field_id = join('__', array('sm', 'ldap_attr', $row_id)); $user_attr_field_id = join('__', array('sm', 'user_attr', $row_id)); $first_context_field_id = join('__', array('sm', 1, $row_id)); $user_tokens_field_id = join('__', array('sm', 'user_tokens', $row_id)); if (!$mapping['ldap_attr']) { $errors[$ldap_attr_field_id] = t('No LDAP Attribute given in !row_descriptor', $tokens); } if ($mapping['user_attr'] == 'user_tokens' && !$mapping['user_tokens']) { $errors[$user_tokens_field_id] = t('User tokens selected in !row_descriptor, but user tokens column empty.', $tokens); } if (isset($mapping['prov_events']) && count($mapping['prov_events']) == 0) { $warnings[$first_context_field_id] = t('No synchronization events checked in !row_descriptor. This field will not be synchronized until some are checked.', $tokens); } } } if ($to_ldap_entries_mappings_exist && !isset($mappings['[dn]'])) { $errors['mappings__' . $synch_direction] = t('Mapping rows exist for provisioning to ldap, but no ldap attribute is targetted for [dn]. One row must map to [dn]. This row will have a user token like cn=[property.name],ou=users,dc=ldap,dc=mycompany,dc=com'); } } return array($errors, $warnings); }