You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.2 » ldap_authorization.inc

function _ldap_authorization_ldap_authorization_maps_alter in Lightweight Directory Access Protocol (LDAP) 8.2

Same name and namespace in other branches
  1. 7.2 ldap_authorization/ldap_authorization.inc \_ldap_authorization_ldap_authorization_maps_alter()
  2. 7 ldap_authorization/ldap_authorization.inc \_ldap_authorization_ldap_authorization_maps_alter()
1 call to _ldap_authorization_ldap_authorization_maps_alter()
ldap_authorization_ldap_authorization_maps_alter in ldap_authorization/ldap_authorization.module
Implements hook_ldap_authorization_maps_alter().

File

ldap_authorization/ldap_authorization.inc, line 463
bulk of authorization code executed to determine a users authorizations

Code

function _ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) {
  $detailed_watchdog_log = config('ldap_help.settings')
    ->get('watchdog_detail');
  $watchdog_tokens = array();

  // groups extracted from user's DN. such as ou=IT => group = "IT"
  $derive_from_dn_authorizations = array();
  if ($rdn_values = $consumer_conf->server
    ->groupUserMembershipsFromDn($user)) {
    $derive_from_dn_authorizations = array_combine($rdn_values, $rdn_values);
  }
  else {
    $derive_from_dn_authorizations = array();
  }
  if ($op == 'test_query' || $op == 'test_query_set') {
    $_SESSION['ldap_authorization_test_query']['maps']['Derive from DN'] = $rdn_values ? $derive_from_dn_authorizations : t('disabled');
  }

  // traditional groups (dns)
  $group_dns = $consumer_conf->server
    ->groupMembershipsFromUser($user, 'group_dns');

  // debug("groupMembershipsFromUser, group_dns"); debug($group_dns);
  if (!$group_dns) {
    $group_dns = array();
  }
  elseif (count($group_dns)) {
    $group_dns = array_unique($group_dns);
  }
  if ($op == 'test_query' || $op == 'test_query_set') {
    $_SESSION['ldap_authorization_test_query']['maps']['Groups DNs'] = $group_dns;
  }
  $values = array_merge($derive_from_dn_authorizations, $group_dns);
  $values = array_unique($values);
  $authz_ids = count($values) ? array_combine($values, $values) : array();
  if ($detailed_watchdog_log) {
    $watchdog_tokens['%username'] = $user->name;
    $watchdog_tokens['%ldap_server'] = $ldap_server->sid;
    $watchdog_tokens['%deriveFromDn'] = join(', ', $derive_from_dn_authorizations);
    $watchdog_tokens['%deriveFromGroups'] = join(', ', $group_dns);
    $watchdog_tokens['%authz_ids'] = join(', ', array_keys($authz_ids));
    watchdog('ldap_authorization', '%username :_ldap_authorization_ldap_authorization_maps_alter:
      <hr/>deriveFromDn authorization ids: %deriveFromDn
      <hr/>deriveFromAttr authorization ids: %deriveFromGroups
      <hr/>merged authz_ids authorization ids: %authz_ids
      ', $watchdog_tokens, WATCHDOG_DEBUG);
  }
}