You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7.2

README.developers.txt in Lightweight Directory Access Protocol (LDAP) 7.2

Same filename in this branch
  1. 7.2 README.developers.txt
  2. 7.2 ldap_user/README.developers.txt
Same filename and directory in other branches
  1. 8.2 ldap_user/README.developers.txt
provisioning = creating or synching ... to drupal or to ldap



==========================================
LDAP User Data Structures in Drupal User Object
==========================================


'data' => 
  array (
    'ldap_user' => 
    array (
      'init' => 
      array (
        'sid' => 'activedirectory1',
        'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
        'mail' => 'hpotter@hogwarts.edu',
      ),
    ),
    'ldap_authorizations' => 
    array (
      'drupal_role' => 
      array (
        'cn=gryffindor,ou=groups,dc=hogwarts,dc=edu' => 
        array (
          'date_granted' => 1351194052,
        ),
        'cn=honors students,ou=groups,dc=hogwarts,dc=edu' => 
        array (
          'date_granted' => 1351194052,
        ),
        'students' => 
        array (
          'date_granted' => 1351194052,
        ),
      ),
    ),
  ),

 'ldap_user_puid_sid' => 
  array (
    LANGUAGE_NONE =>
    array (
      0 => 
      array (
        'value' => 'activedirectory1',
        'format' => NULL,
        'safe_value' => 'activedirectory1',
      ),
    ),
  ),
   'ldap_user_puid' => 
  array (
    LANGUAGE_NONE =>
    array (
      0 => 
      array (
        'value' => '101',
        'format' => NULL,
        'safe_value' => '101',
      ),
    ),
  ),
   'ldap_user_puid_property' => 
  array (
    LANGUAGE_NONE =>
    array (
      0 => 
      array (
        'value' => 'guid',
        'format' => NULL,
        'safe_value' => 'guid',
      ),
    ),
  ),
   'ldap_user_current_dn' => 
  array (
    LANGUAGE_NONE =>
    array (
      0 => 
      array (
        'value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
        'format' => NULL,
        'safe_value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',
      ),
    ),
  ),
   'ldap_user_prov_entries' => 
  array (
  ),
   'ldap_user_last_checked' => 
  array (
  ),
   'ldap_authorizations' => 
  array (
  ),




==========================================
Rough Summary of provisioning configuration and controls
==========================================

1. configured triggers (admin/config/people/ldap/user) or configuration of other modules
determine when provisioning happens.

// configurable drupal acct provision triggers
LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE
LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE
LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE

// configurable ldap entry provision triggers 
LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE
LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE
LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE


2. hook_user_* functions (and elsewere such as ldap_authentication) will check if appropriate triggers are enabled and initiate calls to ldapUserConf methods:

ldapUserConf::provisionDrupalAccount()
ldapUserConf::synchToDrupalAccount()
ldapUserConf::ldapAssociateDrupalAccount()
ldapUserConf::deleteDrupalAccount()

ldapUserConf::provisionLdapEntry()
ldapUserConf::synchToLdapEntry()
ldapUserConf::deleteProvisionedLdapEntries()

3. to get mappings and determine which attributes are needed "ldap_contexts" and "prov_events" are passed into 
ldap_servers_get_user_ldap_data()
ldapUserConf::drupalUserToLdapEntry()


4.  Should provisioning happen?

------------
4.A.  Server Level: Does an ldap server configuration support provisioning?
ldapUserConf::drupalAcctProvisionServer = <sid> | LDAP_USER_NO_SERVER_SID;  // servers used for to drupal acct provisioning
ldapUserConf::ldapEntryProvisionServer =  <sid> | LDAP_USER_NO_SERVER_SID;  // servers used for provisioning to ldap

This is directly configured at config/people/ldap/user

------------
4.B.  Trigger Level: Does provisioning occur for a given trigger?
ldapUserConf::provisionEnabled($direction, $provision_trigger)
    
This method is based on the configuration of two sets of checkboxes at config/people/ldap/user

ldapUserConf::drupalAcctProvisionTriggers (see "LDAP Entry Provisioning Options"), contains:
  LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE
  LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE
  LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE

ldapUserConf::ldapEntryProvisionTriggers (see "Drupal Account Provisioning Options"), contains:
  LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE
  LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE
  LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE

@todo.  A hook to allow other modules to intervene here 

------------
4.C  Field Level: Does provisioning occur for a given field and ldap server for a given "prov_event" and "ldap _context"?

ldapUserConf::isSynched($field, $prov_event, $direction)

This depends on: 
ldapUserConf::synchMapping[$direction][$field]['prov_events']
which is populated by various ldap and possibly other modules.

"ldap_contexts" (any module can provide its own context which is just a string)
  ldap_user_insert_drupal_user
  ldap_user_update_drupal_user
  ldap_authentication_authenticate
  ldap_user_delete_drupal_user
  ldap_user_disable_drupal_user
  all

"prov_events"
  LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER
  LDAP_USER_EVENT_CREATE_DRUPAL_USER
  LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY
  LDAP_USER_EVENT_CREATE_LDAP_ENTRY
  LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT

File

ldap_user/README.developers.txt
View source 
  1. 

  2. provisioning = creating or synching ... to drupal or to ldap

  3. 

  4. 

  5. 

  6. ==========================================

  7. LDAP User Data Structures in Drupal User Object

  8. ==========================================

  9. 

  10. 

  11. 'data' => 

  12.   array (

  13.     'ldap_user' => 

  14.     array (

  15.       'init' => 

  16.       array (

  17.         'sid' => 'activedirectory1',

  18.         'dn' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',

  19.         'mail' => 'hpotter@hogwarts.edu',

  20.       ),

  21.     ),

  22.     'ldap_authorizations' => 

  23.     array (

  24.       'drupal_role' => 

  25.       array (

  26.         'cn=gryffindor,ou=groups,dc=hogwarts,dc=edu' => 

  27.         array (

  28.           'date_granted' => 1351194052,

  29.         ),

  30.         'cn=honors students,ou=groups,dc=hogwarts,dc=edu' => 

  31.         array (

  32.           'date_granted' => 1351194052,

  33.         ),

  34.         'students' => 

  35.         array (

  36.           'date_granted' => 1351194052,

  37.         ),

  38.       ),

  39.     ),

  40.   ),

  41. 

  42.  'ldap_user_puid_sid' => 

  43.   array (

  44.     LANGUAGE_NONE =>

  45.     array (

  46.       0 => 

  47.       array (

  48.         'value' => 'activedirectory1',

  49.         'format' => NULL,

  50.         'safe_value' => 'activedirectory1',

  51.       ),

  52.     ),

  53.   ),

  54.    'ldap_user_puid' => 

  55.   array (

  56.     LANGUAGE_NONE =>

  57.     array (

  58.       0 => 

  59.       array (

  60.         'value' => '101',

  61.         'format' => NULL,

  62.         'safe_value' => '101',

  63.       ),

  64.     ),

  65.   ),

  66.    'ldap_user_puid_property' => 

  67.   array (

  68.     LANGUAGE_NONE =>

  69.     array (

  70.       0 => 

  71.       array (

  72.         'value' => 'guid',

  73.         'format' => NULL,

  74.         'safe_value' => 'guid',

  75.       ),

  76.     ),

  77.   ),

  78.    'ldap_user_current_dn' => 

  79.   array (

  80.     LANGUAGE_NONE =>

  81.     array (

  82.       0 => 

  83.       array (

  84.         'value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',

  85.         'format' => NULL,

  86.         'safe_value' => 'cn=hpotter,ou=people,dc=hogwarts,dc=edu',

  87.       ),

  88.     ),

  89.   ),

  90.    'ldap_user_prov_entries' => 

  91.   array (

  92.   ),

  93.    'ldap_user_last_checked' => 

  94.   array (

  95.   ),

  96.    'ldap_authorizations' => 

  97.   array (

  98.   ),

  99. 

  100. 

  101. 

  102. 

  103. ==========================================

  104. Rough Summary of provisioning configuration and controls

  105. ==========================================

  106. 

  107. 1. configured triggers (admin/config/people/ldap/user) or configuration of other modules

  108. determine when provisioning happens.

  109. 

  110. // configurable drupal acct provision triggers

  111. LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE

  112. LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE

  113. LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE

  114. 

  115. // configurable ldap entry provision triggers 

  116. LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE

  117. LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE

  118. LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE

  119. 

  120. 

  121. 2. hook_user_* functions (and elsewere such as ldap_authentication) will check if appropriate triggers are enabled and initiate calls to ldapUserConf methods:

  122. 

  123. ldapUserConf::provisionDrupalAccount()

  124. ldapUserConf::synchToDrupalAccount()

  125. ldapUserConf::ldapAssociateDrupalAccount()

  126. ldapUserConf::deleteDrupalAccount()

  127. 

  128. ldapUserConf::provisionLdapEntry()

  129. ldapUserConf::synchToLdapEntry()

  130. ldapUserConf::deleteProvisionedLdapEntries()

  131. 

  132. 3. to get mappings and determine which attributes are needed "ldap_contexts" and "prov_events" are passed into 

  133. ldap_servers_get_user_ldap_data()

  134. ldapUserConf::drupalUserToLdapEntry()

  135. 

  136. 

  137. 4.  Should provisioning happen?

  138. 

  139. ------------

  140. 4.A.  Server Level: Does an ldap server configuration support provisioning?

  141. ldapUserConf::drupalAcctProvisionServer =  | LDAP_USER_NO_SERVER_SID;  // servers used for to drupal acct provisioning

  142. ldapUserConf::ldapEntryProvisionServer =   | LDAP_USER_NO_SERVER_SID;  // servers used for provisioning to ldap

  143. 

  144. This is directly configured at config/people/ldap/user

  145. 

  146. ------------

  147. 4.B.  Trigger Level: Does provisioning occur for a given trigger?

  148. ldapUserConf::provisionEnabled($direction, $provision_trigger)

  149.     

  150. This method is based on the configuration of two sets of checkboxes at config/people/ldap/user

  151. 

  152. ldapUserConf::drupalAcctProvisionTriggers (see "LDAP Entry Provisioning Options"), contains:

  153.   LDAP_USER_DRUPAL_USER_PROV_ON_AUTHENTICATE

  154.   LDAP_USER_DRUPAL_USER_PROV_ON_USER_UPDATE_CREATE

  155.   LDAP_USER_DRUPAL_USER_PROV_ON_ALLOW_MANUAL_CREATE

  156. 

  157. ldapUserConf::ldapEntryProvisionTriggers (see "Drupal Account Provisioning Options"), contains:

  158.   LDAP_USER_LDAP_ENTRY_PROV_ON_USER_UPDATE_CREATE

  159.   LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE

  160.   LDAP_USER_LDAP_ENTRY_PROV_ON_AUTHENTICATE

  161. 

  162. @todo.  A hook to allow other modules to intervene here 

  163. 

  164. ------------

  165. 4.C  Field Level: Does provisioning occur for a given field and ldap server for a given "prov_event" and "ldap _context"?

  166. 

  167. ldapUserConf::isSynched($field, $prov_event, $direction)

  168. 

  169. This depends on: 

  170. ldapUserConf::synchMapping[$direction][$field]['prov_events']

  171. which is populated by various ldap and possibly other modules.

  172. 

  173. "ldap_contexts" (any module can provide its own context which is just a string)

  174.   ldap_user_insert_drupal_user

  175.   ldap_user_update_drupal_user

  176.   ldap_authentication_authenticate

  177.   ldap_user_delete_drupal_user

  178.   ldap_user_disable_drupal_user

  179.   all

  180. 

  181. "prov_events"

  182.   LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER

  183.   LDAP_USER_EVENT_CREATE_DRUPAL_USER

  184.   LDAP_USER_EVENT_SYNCH_TO_LDAP_ENTRY

  185.   LDAP_USER_EVENT_CREATE_LDAP_ENTRY

  186.   LDAP_USER_EVENT_LDAP_ASSOCIATE_DRUPAL_ACCT