function _ldap_authorization_ldap_authorization_maps_alter in Lightweight Directory Access Protocol (LDAP) 7
Same name and namespace in other branches
- 8.2 ldap_authorization/ldap_authorization.inc \_ldap_authorization_ldap_authorization_maps_alter()
- 7.2 ldap_authorization/ldap_authorization.inc \_ldap_authorization_ldap_authorization_maps_alter()
1 call to _ldap_authorization_ldap_authorization_maps_alter()
- ldap_authorization_ldap_authorization_maps_alter in ldap_authorization/ldap_authorization.module
- Implements hook_ldap_authorization_maps_alter().
File
- ldap_authorization/ldap_authorization.inc, line 406
- bulk of authorization code executed to determine a users authorizations
Code
function _ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) {
$detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
$watchdog_tokens = array();
$derive_from_dn_authorizations = array();
if ($consumer_conf->deriveFromDn) {
$pairs = ldap_explode_dn($user_ldap_entry['dn'], 0);
$count = array_shift($pairs);
foreach ($pairs as $p) {
$pair = explode('=', $p);
if (drupal_strtolower(trim($pair[0])) == drupal_strtolower($consumer_conf->deriveFromDnAttr)) {
$authorization_id = ldap_pear_unescape_dn_value(trim($pair[1]));
$derive_from_dn_authorizations[drupal_strtolower($authorization_id)] = (string) $authorization_id;
}
}
}
if ($op == 'test_query') {
$_SESSION['ldap_authorization_test_query']['maps']['Strategy 1. Derive from DN'] = $consumer_conf->deriveFromDn ? $derive_from_dn_authorizations : t('disabled');
}
$derive_from_attr_authorizations = array();
if ($consumer_conf->deriveFromAttr) {
foreach ($consumer_conf->deriveFromAttrAttr as $derive_from_attribute_name) {
$authorizations = $ldap_server
->deriveFromAttrGroups($derive_from_attribute_name, $user_ldap_entry, $consumer_conf->deriveFromAttrNested);
foreach ($authorizations as $id => $authorization) {
if ($consumer_conf->deriveFromAttrUseFirstAttr) {
$attr_parts = ldap_explode_dn($authorization, 0);
$first_part = explode('=', $attr_parts[0]);
$authorization_id = ldap_pear_unescape_filter_value(trim($first_part[1]));
}
else {
$authorization_id = $authorization;
}
$derive_from_attr_authorizations[drupal_strtolower($authorization_id)] = $authorization_id;
}
}
}
if ($op == 'test_query') {
$_SESSION['ldap_authorization_test_query']['maps']['Strategy 2. Groups in User Attributes'] = $consumer_conf->deriveFromAttr ? $derive_from_attr_authorizations : t('disabled');
}
$derive_from_entry_authorizations = array();
if ($consumer_conf->deriveFromEntry) {
if ($consumer_conf->deriveFromEntryAttrMatchingUserAttrUndefined) {
foreach ($consumer_conf->deriveFromEntryEntries as $branch) {
$filter = '(' . $consumer_conf->deriveFromEntryMembershipAttr . '=' . $user_ldap_entry['dn'] . ')';
$entries = $ldap_server
->search($branch, $filter, array(
'cn',
));
if ($entries === FALSE || empty($entries) || $entries['count'] == 0) {
$filter = '(' . $consumer_conf->deriveFromEntryMembershipAttr . '=' . $user->name . ')';
$entries = $ldap_server
->search($branch, $filter, array(
'cn',
));
}
if ($entries !== FALSE) {
unset($entries['count']);
foreach ($entries as $entry) {
if (isset($entry['cn'])) {
$authorization_id = $entry['cn'][0];
}
elseif (isset($entry['dn'])) {
$authorization_id = (string) $entry['dn'];
}
$derive_from_entry_authorizations[drupal_strtolower($authorization_id)] = $authorization_id;
}
}
}
}
elseif (isset($user_ldap_entry[$consumer_conf->deriveFromEntryAttrMatchingUserAttr]) || isset($user_ldap_entry['attr'][ldap_server_massage_text($consumer_conf->deriveFromEntryAttrMatchingUserAttr, 'attr_name', LDAP_SERVER_MASSAGE_QUERY_ARRAY)])) {
$derive_from_entry_authorizations = $ldap_server
->deriveFromEntryGroups($consumer_conf->deriveFromEntryEntries, $consumer_conf->deriveFromEntryEntriesAttr, $consumer_conf->deriveFromEntryMembershipAttr, $consumer_conf->deriveFromEntryAttrMatchingUserAttr, $user_ldap_entry, $consumer_conf->deriveFromEntryNested);
if (count($derive_from_entry_authorizations)) {
foreach ($derive_from_entry_authorizations as $i => $authorization) {
if ($consumer_conf->deriveFromEntryUseFirstAttr) {
$attr_parts = ldap_explode_dn($authorization, 0);
$first_part = explode('=', $attr_parts[0]);
$authorization_id = ldap_pear_unescape_dn_value(trim($first_part[1]));
}
else {
$authorization_id = $authorization;
}
$derive_from_entry_authorizations[drupal_strtolower($authorization_id)] = $authorization_id;
}
}
}
}
if ($op == 'test_query') {
$_SESSION['ldap_authorization_test_query']['maps']['Strategy 3. groups as entries'] = $consumer_conf->deriveFromEntry ? $derive_from_entry_authorizations : t('disabled');
}
$values = array_merge(array_values($derive_from_dn_authorizations), array_values($derive_from_attr_authorizations), array_values($derive_from_entry_authorizations));
$values = array_unique($values);
$authz_ids = count($values) ? array_combine($values, $values) : array();
if ($detailed_watchdog_log) {
$watchdog_tokens['%username'] = $user->name;
$watchdog_tokens['%ldap_server'] = $ldap_server->sid;
$watchdog_tokens['%deriveFromDn'] = join(', ', array_keys($derive_from_dn_authorizations));
$watchdog_tokens['%deriveFromAttr'] = join(', ', array_keys($derive_from_attr_authorizations));
$watchdog_tokens['%deriveFromEntry'] = 'authorizations: ' . join(', ', array_keys($derive_from_entry_authorizations));
$watchdog_tokens['%authz_ids'] = join(', ', array_keys($authz_ids));
watchdog('ldap_authorization', '%username :_ldap_authorization_ldap_authorization_maps_alter:
<hr/>deriveFromDn authorization ids: %deriveFromDn
<hr/>deriveFromAttr authorization ids: %deriveFromAttr
<hr/>deriveFromEntry authorization ids: %deriveFromEntry
<hr/>merged authz_ids authorization ids: %authz_ids
', $watchdog_tokens, WATCHDOG_DEBUG);
}
}
