public function drupalForm()
{
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Group Settings</h1>'));
if (count($this->provisionServerOptions) == 0) {
$form['intro']['#markup'] .= ldap_servers_no_enabled_servers_msg('configure LDAP Groups');
return $form;
}
$form['#theme'] = 'ldap_group_conf_form';
$form['provisioning_to_ldap_settings'] = array('#type' => 'fieldset', '#title' => t('Settings for Provisioning to LDAP Group Entries'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['provisioning_to_ldap_settings']['ldapProvisionSid'] = array('#type' => 'radios', '#title' => t('LDAP Servers Providing Provisioning Data'), '#required' => 1, '#default_value' => $this->ldapProvisionSid, '#options' => $this->provisionServerOptions, '#description' => $this->ldapProvisionSidDescription);
$form['provisioning_to_ldap_settings']['ldapProvisionGroupsBaseDn'] = array('#type' => 'textfield', '#size' => 40, '#title' => t('Base DN groups will be provisioned into'), '#description' => t('e.g. ou=groups,dc=ldap,dc=myuniversity,DC=edu'), '#default_value' => $this->ldapProvisionGroupsBaseDn, '#required' => FALSE);
$form['provisioning_to_ldap_settings']['ldapProvisionGroupsRoleAttribute'] = array('#type' => 'textfield', '#size' => 40, '#title' => t('Attribute drupal role will be associated with'), '#description' => t('e.g if the group for the Drupal role "admins" is: "cn=admin,ou=groups,dc=ldap,dc=myuniversity,dc=edu", this will be "cn"'), '#default_value' => $this->ldapProvisionGroupsRoleAttribute, '#required' => FALSE);
$form['provisioning_to_ldap_settings']['provisionGroupEntryEvents'] = array('#type' => 'checkboxes', '#title' => t('When should creation of LDAP group entries and members added to LDAP group entries occur?'), '#required' => FALSE, '#default_value' => $this->provisionGroupEntryEvents, '#options' => $this->provisionGroupEntryEventsOptions, '#description' => $this->provisionGroupEntryEventsDescription);
$form['provisioning_to_ldap_settings']['provisionOptions'] = array('#type' => 'checkboxes', '#title' => t('Check the special cases you would like to enable.'), '#required' => 0, '#default_value' => $this->provisionOptions, '#options' => $this->provisionOptionsOptions, '#description' => t($this->provisionOptionsDescription));
$form['submit'] = array('#type' => 'submit', '#value' => 'Save');
return $form;
}
public function drupalForm()
{
if (count($this->authenticationServersOptions) == 0) {
$message = ldap_servers_no_enabled_servers_msg('configure LDAP Authentication');
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Authentication Settings</h1>') . $message);
return $form;
}
$tokens = array();
// not sure what the tokens would be for this form?
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Authentication Settings</h1>'));
$form['logon'] = array('#type' => 'fieldset', '#title' => t('Logon Options'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['logon']['authenticationMode'] = array('#type' => 'radios', '#title' => t('Allowable Authentications'), '#required' => 1, '#default_value' => $this->authenticationMode, '#options' => $this->authenticationModeOptions);
$form['logon']['authenticationServers'] = array('#type' => 'checkboxes', '#title' => t('Authentication LDAP Server Configurations'), '#required' => FALSE, '#default_value' => $this->sids, '#options' => $this->authenticationServersOptions, '#description' => $this->authenticationServersDescription);
$form['login_UI'] = array('#type' => 'fieldset', '#title' => t('User Login Interface'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['login_UI']['loginUIUsernameTxt'] = array('#type' => 'textfield', '#title' => t('Username Description Text'), '#required' => 0, '#default_value' => $this->loginUIUsernameTxt, '#description' => $this->loginUIUsernameTxtDescription);
$form['login_UI']['loginUIPasswordTxt'] = array('#type' => 'textfield', '#title' => t('Password Description Text'), '#required' => 0, '#default_value' => $this->loginUIPasswordTxt, '#description' => $this->loginUIPasswordTxtDescription);
$form['login_UI']['ldapUserHelpLinkUrl'] = array('#type' => 'textfield', '#title' => t('LDAP Account User Help URL'), '#required' => 0, '#default_value' => $this->ldapUserHelpLinkUrl, '#description' => $this->ldapUserHelpLinkUrlDescription);
$form['login_UI']['ldapUserHelpLinkText'] = array('#type' => 'textfield', '#title' => t('LDAP Account User Help Link Text'), '#required' => 0, '#default_value' => $this->ldapUserHelpLinkText, '#description' => $this->ldapUserHelpLinkTextDescription);
$form['restrictions'] = array('#type' => 'fieldset', '#title' => t('LDAP User "Whitelists" and Restrictions'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['restrictions']['allowOnlyIfTextInDn'] = array('#type' => 'textarea', '#title' => t('Allow Only Text Test'), '#default_value' => $this->arrayToLines($this->allowOnlyIfTextInDn), '#cols' => 50, '#rows' => 3, '#description' => t($this->allowOnlyIfTextInDnDescription, $tokens));
$form['restrictions']['excludeIfTextInDn'] = array('#type' => 'textarea', '#title' => t('Excluded Text Test'), '#default_value' => $this->arrayToLines($this->excludeIfTextInDn), '#cols' => 50, '#rows' => 3, '#description' => t($this->excludeIfTextInDnDescription, $tokens));
$form['restrictions']['allowTestPhp'] = array('#type' => 'textarea', '#title' => t('PHP to Test for Allowed LDAP Users'), '#default_value' => $this->allowTestPhp, '#cols' => 50, '#rows' => 3, '#description' => t($this->allowTestPhpDescription, $tokens), '#disabled' => (bool) (!module_exists('php')));
if (!module_exists('php')) {
$form['restrictions']['allowTestPhp']['#title'] .= ' <em>' . t('php module currently disabled') . '</em>';
}
$form['restrictions']['excludeIfNoAuthorizations'] = array('#type' => 'checkbox', '#title' => t('New and lightly tested feature. Use with caution! Requires LDAP Authorization to be enabled and configured. Deny access to users without Ldap Authorization Module authorization mappings such as Drupal roles.'), '#default_value' => $this->excludeIfNoAuthorizations, '#description' => t($this->excludeIfNoAuthorizationsDescription, $tokens), '#disabled' => (bool) (!module_exists('ldap_authorization')));
$form['drupal_accounts'] = array('#type' => 'fieldset', '#title' => t('Drupal User Account Creation'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['drupal_accounts']['loginConflictResolve'] = array('#type' => 'radios', '#title' => t('Existing Drupal User Account Conflict'), '#required' => 1, '#default_value' => $this->loginConflictResolve, '#options' => $this->loginConflictOptions, '#description' => t($this->loginConflictResolveDescription));
$form['drupal_accounts']['acctCreation'] = array('#type' => 'radios', '#title' => t('Account Creation for LDAP Authenticated Users'), '#required' => 1, '#default_value' => $this->acctCreation, '#options' => $this->acctCreationOptions, '#description' => t($this->acctCreationDescription));
$form['email'] = array('#type' => 'fieldset', '#title' => t('Email'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['email']['emailOption'] = array('#type' => 'radios', '#title' => t('Email Behavior'), '#required' => 1, '#default_value' => $this->emailOption, '#options' => $this->emailOptionOptions);
$form['email']['emailUpdate'] = array('#type' => 'radios', '#title' => t('Email Update'), '#required' => 1, '#default_value' => $this->emailUpdate, '#options' => $this->emailUpdateOptions);
/**
* Begin single sign-on settings
*/
$form['sso'] = array('#type' => 'fieldset', '#title' => t('Single Sign-On'), '#collapsible' => TRUE, '#collapsed' => (bool) (!$this->ssoEnabled));
/**
$form['sso']['ssoEnabled'] = array(
'#type' => 'checkbox',
'#title' => t('Enable Single Sign-On'),
'#description' => t($this->ssoEnabledDescription),
'#default_value' => $this->ssoEnabled,
'#disabled' => (boolean)(!module_exists('ldap_sso')),
);
**/
if ($this->ssoEnabled) {
$form['sso']['enabled'] = array('#type' => 'markup', '#markup' => $this->ssoEnabledDescription);
} else {
$form['sso']['disabled'] = array('#type' => 'markup', '#markup' => '<p><em>' . t('LDAP Single Sign-On module must be enabled for options below to work.') . ' ' . t('It is currently disabled.') . ' ' . l('Modules Form', 'admin/modules') . '</p></em>');
}
$form['sso']['ssoRemoteUserStripDomainName'] = array('#type' => 'checkbox', '#title' => t('Strip REMOTE_USER domain name'), '#description' => t($this->ssoRemoteUserStripDomainNameDescription), '#default_value' => $this->ssoRemoteUserStripDomainName, '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['seamlessLogin'] = array('#type' => 'checkbox', '#title' => t('Turn on automated single sign-on'), '#description' => t($this->seamlessLogInDescription), '#default_value' => $this->seamlessLogin, '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['cookieExpire'] = array('#type' => 'select', '#title' => t('Cookie Lifetime'), '#description' => t($this->cookieExpireDescription), '#default_value' => $this->cookieExpire, '#options' => $this->cookieExpirePeriod, '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['ldapImplementation'] = array('#type' => 'select', '#title' => t('Authentication Mechanism'), '#description' => t($this->ldapImplementationDescription), '#default_value' => $this->ldapImplementation, '#options' => $this->ldapImplementationOptions, '#disabled' => (bool) (!$this->ssoEnabled));
$form['submit'] = array('#type' => 'submit', '#value' => 'Save');
return $form;
}
/**
* generate admin form for ldapUserConf object
*
* @return array $form as drupal form api form array
*/
public function drupalForm()
{
if (count($this->drupalAcctProvisionServerOptions) == 0) {
$message = ldap_servers_no_enabled_servers_msg('configure LDAP User');
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP User Settings</h1>') . $message);
return $form;
}
$form['#storage'] = array();
$form['#theme'] = 'ldap_user_conf_form';
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP User Settings</h1>'));
$form['manual_drupal_account_editing'] = array('#type' => 'fieldset', '#title' => t('Manual Drupal Account Creation and Updates'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['manual_drupal_account_editing']['manualAccountConflict'] = array('#type' => 'radios', '#options' => $this->manualAccountConflictOptions, '#title' => t('How to resolve LDAP conflicts with manually created Drupal accounts.'), '#description' => t('This applies only to accounts created manually through admin/people/create
for which an LDAP entry can be found on the LDAP server selected in "LDAP Servers Providing Provisioning Data"'), '#default_value' => $this->manualAccountConflict);
$form['basic_to_drupal'] = array('#type' => 'fieldset', '#title' => t('Basic Provisioning to Drupal Account Settings'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$default_value = $this->drupalAcctProvisionServer ? $this->drupalAcctProvisionServer : 'none';
$form['basic_to_drupal']['drupalAcctProvisionServer'] = array('#type' => 'radios', '#title' => t('LDAP Servers Providing Provisioning Data'), '#required' => 1, '#default_value' => $default_value, '#options' => $this->drupalAcctProvisionServerOptions, '#description' => $this->drupalAcctProvisionServerDescription, '#states' => array('enabled' => array(':input[name=drupalAcctProvisionTriggers]' => array('value' => LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE))));
$form['basic_to_drupal']['drupalAcctProvisionTriggers'] = array('#type' => 'checkboxes', '#title' => t('Drupal Account Provisioning Events'), '#required' => FALSE, '#default_value' => $this->drupalAcctProvisionTriggers, '#options' => $this->drupalAccountProvisionEventsOptions, '#description' => $this->drupalAccountProvisionEventsDescription);
$form['basic_to_drupal']['disableAdminPasswordField'] = array('#type' => 'checkbox', '#title' => t('Disable the password fields at /admin/create/people since the password is going to be randomly generated anyway. This is useful if you are synching data to Drupal from LDAP, and not bringing the user password from LDAP.'), '#default_value' => $this->disableAdminPasswordField);
$form['basic_to_drupal']['userConflictResolve'] = array('#type' => 'radios', '#title' => t('Existing Drupal User Account Conflict'), '#required' => 1, '#default_value' => $this->userConflictResolve, '#options' => $this->userConflictOptions, '#description' => t($this->userConflictResolveDescription));
$form['basic_to_drupal']['acctCreation'] = array('#type' => 'radios', '#title' => t('Application of Drupal Account settings to LDAP Authenticated Users'), '#required' => 1, '#default_value' => $this->acctCreation, '#options' => $this->acctCreationOptions, '#description' => t($this->acctCreationDescription));
$account_options = array();
$account_options['ldap_user_orphan_do_not_check'] = t('Do not check for orphaned Drupal accounts.');
$account_options['ldap_user_orphan_email'] = t('Perform no action, but email list of orphaned accounts. (All the other options will send email summaries also.)');
foreach (user_cancel_methods() as $option_name => $option) {
$account_options[$option_name] = $option['#title'];
}
//@todo these 2 options are removed until this feature is better tested in
// actual production environments; it has potentially disastrous effects
unset($account_options['user_cancel_reassign']);
unset($account_options['user_cancel_delete']);
$form['basic_to_drupal']['orphanedDrupalAcctBehavior'] = array('#type' => 'radios', '#title' => t('Action to perform on Drupal account that no longer have a
corresponding LDAP entry'), '#required' => 0, '#default_value' => $this->orphanedDrupalAcctBehavior, '#options' => $account_options, '#description' => t($this->orphanedDrupalAcctBehaviorDescription));
$form['basic_to_drupal']['orphanedCheckQty'] = array('#type' => 'textfield', '#size' => 10, '#title' => t('Number of users to check each cron run.'), '#description' => t(''), '#default_value' => $this->orphanedCheckQty, '#required' => FALSE);
$form['basic_to_ldap'] = array('#type' => 'fieldset', '#title' => t('Basic Provisioning to LDAP Settings'), '#collapsible' => TRUE, '#collapsed' => !$this->ldapEntryProvisionServer);
$default_value = $this->ldapEntryProvisionServer ? $this->ldapEntryProvisionServer : 'none';
$form['basic_to_ldap']['ldapEntryProvisionServer'] = array('#type' => 'radios', '#title' => t('LDAP Servers to Provision LDAP Entries on'), '#required' => 1, '#default_value' => $default_value, '#options' => $this->ldapEntryProvisionServerOptions, '#description' => $this->ldapEntryProvisionServerDescription);
$form['basic_to_ldap']['ldapEntryProvisionTriggers'] = array('#type' => 'checkboxes', '#title' => t('LDAP Entry Provisioning Events'), '#required' => FALSE, '#default_value' => $this->ldapEntryProvisionTriggers, '#options' => $this->ldapEntryProvisionTriggersOptions, '#description' => $this->ldapEntryProvisionTriggersDescription);
/**
$form['ws'] = array(
'#type' => 'fieldset',
'#title' => t('[Untested and Unfinished Code] REST Webservice for Provisioning and Synching.'),
'#collapsible' => TRUE,
'#collapsed' => !$this->wsEnabled,
'#description' => t('Once configured, this webservice can be used to trigger creation, synching, deletion, etc of an LDAP associated Drupal account.'),
);
$form['ws']['wsEnabled'] = array(
'#type' => 'checkbox',
'#title' => t('Enable REST Webservice'),
'#required' => FALSE,
'#default_value' => $this->wsEnabled,
);
$form['ws']['wsUserIps'] = array(
'#type' => 'textarea',
'#title' => t('Allowed IP Addresses to request webservice.'),
'#required' => FALSE,
'#default_value' => join("\n", $this->wsUserIps),
'#description' => t('One Per Line. The current server address is LOCAL_ADDR and the client ip requesting this page is REMOTE_ADDR .', $_SERVER),
'#cols' => 20,
'#rows' => 2,
'#states' => array(
'visible' => array( // action to take.
':input[name="wsEnabled"]' => array('checked' => TRUE),
),
),
);
if (!$this->wsKey) {
$urls = t('URLs are not available until a key is create a key and urls will be generated');
}
else {
$urls = theme('item_list',
array(
'items' => ldap_user_ws_urls_item_list(),
'title' => 'REST urls',
'type' => 'ul',
));
}
$form['ws']['wsKey'] = array(
'#type' => 'textfield',
'#title' => t('Key for webservice'),
'#required' => FALSE,
'#default_value' => $this->wsKey,
'#description' => t('Any random string of characters.') . $urls,
'#states' => array(
'visible' => array( // action to take.
':input[name="wsEnabled"]' => array('checked' => TRUE),
),
),
);
*/
$form['server_mapping_preamble'] = array('#type' => 'markup', '#markup' => t('
The relationship between a Drupal user and an LDAP entry is defined within the LDAP server configurations.
The mappings below are for user fields, properties, and profile2 data that are not automatically mapped elsewhere.
Mappings such as username or email address that are configured elsewhere are shown at the top for clarity.
When more than one ldap server is enabled for provisioning data (or simply more than one configuration for the same ldap server),
mappings need to be setup for each server. If no tables are listed below, you have not enabled any provisioning servers at
the top of this form.
'));
foreach (array(LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER, LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) as $direction) {
$sid = $this->provisionSidFromDirection[$direction];
$ldap_server = $sid ? ldap_servers_get_servers($sid, NULL, TRUE) : FALSE;
$ldap_server_selected = (bool) $ldap_server;
if ($direction == LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
$parent_fieldset = 'basic_to_drupal';
$description = t('Provisioning from LDAP to Drupal Mappings:');
} elseif ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
$parent_fieldset = 'basic_to_ldap';
$description = t('Provisioning from Drupal to LDAP Mappings:');
}
$form[$parent_fieldset]['mappings__' . $direction] = array('#type' => 'fieldset', '#title' => $description, '#collapsible' => TRUE, '#collapsed' => FALSE, '#description' => '', 'table__' . $direction => array('#type' => 'markup', '#markup' => '[replace_with_table__' . $direction . ']'));
$password_notes = '<h3>' . t('Password Tokens') . '</h3><ul>' . '<li>' . t('Pwd: Random -- Uses a random Drupal generated password') . '</li>' . '<li>' . t('Pwd: User or Random -- Uses password supplied on user forms.
If none available uses random password.') . '</li></ul>' . '<h3>' . t('Password Concerns') . '</h3>' . '<ul>' . '<li>' . t('Provisioning passwords to LDAP means passwords must meet the LDAP\'s
password requirements. Password Policy module can be used to add requirements.') . '</li>' . '<li>' . t('Some LDAPs require a user to reset their password if it has been changed
by someone other that user. Consider this when provisioning LDAP passwords.') . '</li>' . '</ul></p>';
$source_drupal_token_notes = <<<EOT
<p>Examples in form: Source Drupal User token => Target LDAP Token (notes)</p>
<ul>
<li>Source Drupal User token => Target LDAP Token</li>
<li>cn=[property.name],ou=test,dc=ad,dc=mycollege,dc=edu => [dn] (example of token and constants)</li>
<li>top => [objectclass:0] (example of constants mapped to multivalued attribute)</li>
<li>person => [objectclass:1] (example of constants mapped to multivalued attribute)</li>
<li>organizationalPerson => [objectclass:2] (example of constants mapped to multivalued attribute)</li>
<li>user => [objectclass:3] (example of constants mapped to multivalued attribute)</li>
<li>Drupal Provisioned LDAP Account => [description] (example of constant)</li>
<li>[field.field_lname] => [sn]</li>
</ul>
EOT;
if ($direction == LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
// add some password notes
$form[$parent_fieldset]['password_notes'] = array('#type' => 'fieldset', '#title' => t('Password Notes'), '#collapsible' => TRUE, '#collapsed' => TRUE, 'directions' => array('#type' => 'markup', '#markup' => $password_notes));
$form[$parent_fieldset]['source_drupal_token_notes'] = array('#type' => 'fieldset', '#title' => t('Source Drupal User Tokens and Corresponding Target LDAP Tokens'), '#collapsible' => TRUE, '#collapsed' => TRUE, 'directions' => array('#type' => 'markup', '#markup' => $source_drupal_token_notes));
}
$this->addServerMappingFields($form, $direction);
}
foreach (array('orphanedCheckQty', 'orphanedDrupalAcctBehavior', 'acctCreation', 'userConflictResolve', 'drupalAcctProvisionTriggers', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) as $input_name) {
$form['basic_to_drupal'][$input_name]['#states']['invisible'] = array(':input[name=drupalAcctProvisionServer]' => array('value' => 'none'));
}
foreach (array('ldapEntryProvisionTriggers', 'password_notes', 'source_drupal_token_notes', 'mappings__' . LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) as $input_name) {
$form['basic_to_ldap'][$input_name]['#states']['invisible'] = array(':input[name=ldapEntryProvisionServer]' => array('value' => 'none'));
}
$form['submit'] = array('#type' => 'submit', '#value' => 'Save');
return $form;
}
public function drupalForm()
{
if (count($this->authenticationServersOptions) == 0) {
$message = ldap_servers_no_enabled_servers_msg('configure LDAP Authentication');
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Authentication Settings</h1>') . $message);
return $form;
}
$tokens = array();
// not sure what the tokens would be for this form?
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Authentication Settings</h1>'));
$form['logon'] = array('#type' => 'fieldset', '#title' => t('Logon Options'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['logon']['authenticationMode'] = array('#type' => 'radios', '#title' => t('Allowable Authentications'), '#required' => 1, '#default_value' => $this->authenticationMode, '#options' => $this->authenticationModeOptions);
$form['logon']['authenticationServers'] = array('#type' => 'checkboxes', '#title' => t('Authentication LDAP Server Configurations'), '#required' => FALSE, '#default_value' => $this->sids, '#options' => $this->authenticationServersOptions, '#description' => $this->authenticationServersDescription);
$form['login_UI'] = array('#type' => 'fieldset', '#title' => t('User Login Interface'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['login_UI']['loginUIUsernameTxt'] = array('#type' => 'textfield', '#title' => t('Username Description Text'), '#required' => 0, '#default_value' => $this->loginUIUsernameTxt, '#description' => $this->loginUIUsernameTxtDescription);
$form['login_UI']['loginUIPasswordTxt'] = array('#type' => 'textfield', '#title' => t('Password Description Text'), '#required' => 0, '#default_value' => $this->loginUIPasswordTxt, '#description' => $this->loginUIPasswordTxtDescription);
$form['login_UI']['ldapUserHelpLinkUrl'] = array('#type' => 'textfield', '#title' => t('LDAP Account User Help URL'), '#required' => 0, '#default_value' => $this->ldapUserHelpLinkUrl, '#description' => $this->ldapUserHelpLinkUrlDescription);
$form['login_UI']['ldapUserHelpLinkText'] = array('#type' => 'textfield', '#title' => t('LDAP Account User Help Link Text'), '#required' => 0, '#default_value' => $this->ldapUserHelpLinkText, '#description' => $this->ldapUserHelpLinkTextDescription);
$form['restrictions'] = array('#type' => 'fieldset', '#title' => t('LDAP User "Whitelists" and Restrictions'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['restrictions']['allowOnlyIfTextInDn'] = array('#type' => 'textarea', '#title' => t('Allow Only Text Test'), '#default_value' => $this->arrayToLines($this->allowOnlyIfTextInDn), '#cols' => 50, '#rows' => 3, '#description' => t($this->allowOnlyIfTextInDnDescription, $tokens));
$form['restrictions']['excludeIfTextInDn'] = array('#type' => 'textarea', '#title' => t('Excluded Text Test'), '#default_value' => $this->arrayToLines($this->excludeIfTextInDn), '#cols' => 50, '#rows' => 3, '#description' => t($this->excludeIfTextInDnDescription, $tokens));
$form['restrictions']['allowTestPhp'] = array('#type' => 'textarea', '#title' => t('PHP to Test for Allowed LDAP Users'), '#default_value' => $this->allowTestPhp, '#cols' => 50, '#rows' => 3, '#description' => t($this->allowTestPhpDescription, $tokens), '#disabled' => (bool) (!module_exists('php')));
if (!module_exists('php')) {
$form['restrictions']['allowTestPhp']['#title'] .= ' <em>' . t('php module currently disabled') . '</em>';
}
$form['restrictions']['excludeIfNoAuthorizations'] = array('#type' => 'checkbox', '#title' => t('Deny access to users without Ldap Authorization Module
authorization mappings such as Drupal roles.
Requires LDAP Authorization to be enabled and configured!'), '#default_value' => $this->excludeIfNoAuthorizations, '#description' => t($this->excludeIfNoAuthorizationsDescription, $tokens), '#disabled' => (bool) (!module_exists('ldap_authorization')));
$form['email'] = array('#type' => 'fieldset', '#title' => t('Email'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['email']['emailOption'] = array('#type' => 'radios', '#title' => t('Email Behavior'), '#required' => 1, '#default_value' => $this->emailOption, '#options' => $this->emailOptionOptions);
$form['email']['emailUpdate'] = array('#type' => 'radios', '#title' => t('Email Update'), '#required' => 1, '#default_value' => $this->emailUpdate, '#options' => $this->emailUpdateOptions);
$form['email']['template'] = array('#type' => 'fieldset', '#collapsible' => TRUE, '#title' => t('Email Templates'));
$form['email']['template']['emailTemplateHandling'] = array('#type' => 'radios', '#title' => t('Email Template Handling'), '#required' => 1, '#default_value' => $this->emailTemplateHandling, '#options' => $this->emailTemplateHandlingOptions);
$form['email']['template']['emailTemplate'] = array('#type' => 'textfield', '#title' => t('Email Template'), '#required' => 0, '#default_value' => $this->emailTemplate);
$form['email']['template']['templateUsageResolveConflict'] = array('#type' => 'checkbox', '#title' => t('If a Drupal account already exists with the same email, but different account name, use the email template instead of the LDAP email.'), '#default_value' => $this->templateUsageResolveConflict);
$form['email']['template']['templateUsageNeverUpdate'] = array('#type' => 'checkbox', '#title' => t('Ignore the Email Update settings and never update the stored email if the template is used.'), '#default_value' => $this->templateUsageNeverUpdate);
$form['email']['prompts'] = array('#type' => 'fieldset', '#collapsible' => TRUE, '#title' => t('User Email Prompt'), '#description' => t('These settings allow the user to fill in their email address after logging in if the template was used to generate their email address.'));
$form['email']['prompts']['templateUsagePromptUser'] = array('#type' => 'checkbox', '#title' => t('Prompt user for email on every page load.'), '#default_value' => $this->templateUsagePromptUser);
$form['email']['prompts']['templateUsageRedirectOnLogin'] = array('#type' => 'checkbox', '#title' => t('Redirect the user to the form after logging in.'), '#default_value' => $this->templateUsageRedirectOnLogin);
$form['email']['prompts']['templateUsagePromptRegex'] = array('#type' => 'textfield', '#default_value' => $this->templateUsagePromptRegex, '#title' => t('Template Regex'), '#description' => t('This regex will be used to determine if the template was used to create an account.'));
$form['password'] = array('#type' => 'fieldset', '#title' => t('Password'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['password']['passwordOption'] = array('#type' => 'radios', '#title' => t('Password Behavior'), '#required' => 1, '#default_value' => $this->passwordOption, '#options' => $this->passwordUpdateOptions);
/**
* Begin single sign-on settings
*/
$form['sso'] = array('#type' => 'fieldset', '#title' => t('Single Sign-On'), '#collapsible' => TRUE, '#collapsed' => (bool) (!$this->ssoEnabled));
if ($this->ssoEnabled) {
$form['sso']['enabled'] = array('#type' => 'markup', '#markup' => $this->ssoEnabledDescription);
} else {
$form['sso']['disabled'] = array('#type' => 'markup', '#markup' => '<p><em>' . t('LDAP Single Sign-On module must be enabled for options below to work.') . ' ' . t('It is currently disabled.') . ' ' . l(t('See modules form'), 'admin/modules') . '</p></em>');
}
$form['sso']['ssoRemoteUserStripDomainName'] = array('#type' => 'checkbox', '#title' => t('Strip REMOTE_USER domain name'), '#description' => t($this->ssoRemoteUserStripDomainNameDescription), '#default_value' => $this->ssoRemoteUserStripDomainName, '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['seamlessLogin'] = array('#type' => 'checkbox', '#title' => t('Turn on automated/seamless single sign-on'), '#description' => t($this->seamlessLogInDescription), '#default_value' => $this->seamlessLogin, '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['ssoNotifyAuthentication'] = array('#type' => 'checkbox', '#title' => t('Notify user of successful authentication'), '#description' => t($this->ssoNotifyAuthenticationDescription), '#default_value' => $this->ssoNotifyAuthentication, '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['cookieExpire'] = array('#type' => 'select', '#title' => t('Cookie Lifetime'), '#description' => t($this->cookieExpireDescription), '#default_value' => $this->cookieExpire, '#options' => $this->cookieExpirePeriod, '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['ldapImplementation'] = array('#type' => 'select', '#title' => t('Authentication Mechanism'), '#description' => t($this->ldapImplementationDescription), '#default_value' => $this->ldapImplementation, '#options' => $this->ldapImplementationOptions, '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['ssoExcludedPaths'] = array('#type' => 'textarea', '#title' => t('SSO Excluded Paths'), '#description' => t($this->ssoExcludedPathsDescription), '#default_value' => $this->arrayToLines($this->ssoExcludedPaths), '#disabled' => (bool) (!$this->ssoEnabled));
$form['sso']['ssoExcludedHosts'] = array('#type' => 'textarea', '#title' => t('SSO Excluded Hosts'), '#description' => t($this->ssoExcludedHostsDescription), '#default_value' => $this->arrayToLines($this->ssoExcludedHosts), '#disabled' => (bool) (!$this->ssoEnabled));
$form['submit'] = array('#type' => 'submit', '#value' => 'Save');
return $form;
}
public function drupalForm($accounts = array())
{
if (count($this->servers) == 0) {
$message = ldap_servers_no_enabled_servers_msg('configure LDAP Profiles');
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Profile Settings</h1>') . $message);
return $form;
}
// grabs field information for a user account
$fields = field_info_instances('user', 'user');
$profileFields = array();
foreach ($fields as $key => $field) {
$profileFields[$key] = $field['label'];
}
$form['intro'] = array('#type' => 'item', '#markup' => t('<h1>LDAP Profile Settings</h1>'));
$form['defaultMaps'] = array('#type' => 'fieldset', '#title' => 'Profile Fields Already Mapped to Ldap Fields', '#collapsible' => FALSE, '#collapsed' => false, '#tree' => true);
$user_attr = array();
$mail_attr = array();
$servers = ldap_servers_get_servers('', 'enabled');
foreach ($servers as $key => $server) {
$user_attr[] = $server->user_attr;
$mail_attr[] = $server->mail_attr;
}
$user_attr_display = count($user_attr) ? join(', ', $user_attr) : 'No Value Set';
$mail_attr_display = count($mail_attr) ? join(', ', $mail_attr) : 'No Value Set';
$form['defaultMaps']['username'] = array('#type' => 'textfield', '#title' => 'UserName', '#default_value' => $user_attr_display, '#disabled' => true, '#description' => 'This must be altered in the ldap server configuration page');
$form['defaultMaps']['mail'] = array('#type' => 'textfield', '#title' => 'Email', '#default_value' => $mail_attr_display, '#disabled' => true, '#description' => 'This must be altered in the ldap server configuration page');
if (count($this->servers)) {
$form['tokens'] = array('#type' => 'fieldset', '#title' => 'Sample User Values and Tokens', '#collapsible' => TRUE, '#collapsed' => TRUE, '#description' => t('Below is a list of attributes for sample users for a given server.
These may be used in the mappings below. Singular attributes such as cn can be expressed
as [cn] or cn. This will be empty if the server does not have a sample user or
uses a binding method other than service account or anonymous.'));
require_once drupal_get_path('module', 'ldap_servers') . '/ldap_servers.functions.inc';
foreach ($this->servers as $sid => $server) {
if ($markup = ldap_servers_show_sample_user_tokens($sid)) {
$form['tokens'][$sid] = array('#type' => 'item', '#markup' => $markup);
}
}
}
$form['mapping'] = array('#type' => 'fieldset', '#title' => t('Profile Fields that need Mapped to Ldap Fields'), '#collapsible' => FALSE, '#collapsed' => FALSE, '#tree' => true);
if (count($profileFields) == 0) {
$form['mapping']['no_mappings'] = array('#type' => 'item', '#title' => t('No custom User Fields Available'), '#markup' => t('Additional fields must be created on the user
for mapping to work. User fields are managed at: ') . l('admin/config/people/accounts/fields', 'admin/config/people/accounts/fields'));
} else {
foreach ($profileFields as $field => $label) {
$mapping = $this->mapping;
$derivedMapping = $this->derivedMapping;
if (!empty($mapping) && array_key_exists($field, $mapping)) {
$default = $mapping[$field];
} else {
$default = '';
}
$form['mapping'][$field] = array('#type' => 'fieldset', '#title' => $label . t(' Profile Field to LDAP Field Mapping'), '#collapsible' => TRUE, '#collapsed' => FALSE);
$form['mapping'][$field]['ldap'] = array('#type' => 'textfield', '#title' => $label, '#default_value' => $default);
if (!empty($derivedMapping) && array_key_exists($field, $derivedMapping) && array_key_exists('derive', $derivedMapping[$field])) {
$default = $derivedMapping[$field]['derive'];
} else {
$default = '';
}
$form['mapping'][$field]['derive'] = array('#type' => 'checkbox', '#title' => t('Derive from DN Search'), '#default_value' => $default);
if (!empty($derivedMapping) && array_key_exists($field, $derivedMapping) && array_key_exists('derive_value', $derivedMapping[$field])) {
$default = $derivedMapping[$field]['derive_value'];
} else {
$default = '';
}
$form['mapping'][$field]['derive_value'] = array('#type' => 'textfield', '#title' => t('LDAP Field to Derive from'), '#default_value' => $default);
}
}
$form['submit'] = array('#type' => 'submit', '#value' => 'Update');
return $form;
}
