ldap_user.ws.inc in Lightweight Directory Access Protocol (LDAP) 8.2
Same filename and directory in other branches
functions related to REST webservices for LDAP User module
ldap/user/ws/<action>/<direction_tag>/<drupal username|dn>/<api_key>
action = 'create', 'synch', 'query', 'disable', or 'delete' direction_tag = 'todrupal', 'toldap', or '', or 'none' drupal_user_name = drupal user. if direction is toldap, its the ldap associatied drupal user name. key = user entered api key
e.g. https://intranet.mycompany.com/ldap/user/ws/create/todrupal/jdoe/dsfew32... https://intranet.mycompany.com/ldap/user/ws/synch/todrupal/jdoe/dsfew324...
File
ldap_user/ldap_user.ws.incView source
<?php
/**
* @file
* functions related to REST webservices for LDAP User module
*
* ldap/user/ws/<action>/<direction_tag>/<drupal username|dn>/<api_key>
*
* action = 'create', 'synch', 'query', 'disable', or 'delete'
* direction_tag = 'todrupal', 'toldap', or '', or 'none'
* drupal_user_name = drupal user. if direction is toldap, its the ldap associatied drupal user name.
* key = user entered api key
*
* e.g.
* https://intranet.mycompany.com/ldap/user/ws/create/todrupal/jdoe/dsfew32423rewr3224243
* https://intranet.mycompany.com/ldap/user/ws/synch/todrupal/jdoe/dsfew32423rewr3224243
*
*/
function _ldap_user_ws_urls_item_list() {
global $base_url;
$base = '<br/>' . $base_url . '/' . LDAP_USER_WS_USER_PATH;
$ldap_user_conf = new LdapUserConf();
$key = $ldap_user_conf->wsKey;
$item_list = array(
'Create: Drupal User based on LDAP Entry: ' . $base . "/create/todrupal/[username]|[dn]/{$key}",
'Synch: LDAP Entry to Drupal User: ' . $base . "/synch/todrupal/[username]|[dn]/{$key}",
'Disable: Drupal User: ' . $base . "/disable/todrupal/[username]|[dn]/{$key}",
'Delete: Drupal User: ' . $base . "/delete/todrupal/[username]|[dn]/{$key}",
'Create: LDAP Entry based on Drupal User: ' . $base . "/create/toldap/[username]/{$key}",
'Synch: Drupal User to LDAP Entry: ' . $base . "/synch/toldap/[username]/{$key}",
'Query: LDAP Associated Drupal User Exists: ' . $base . "/query/none/[username]|[dn]/{$key}",
);
return $item_list;
}
/**
* @todo: this needs work in a few areas:
* - urls shoudl follow REST conventions
* - returns should also follow REST conventions
* - more error catching and $out should be an array that is output in a REST format
*/
function ldap_user_ws($action, $direction_tag, $drupal_user_name_or_dn, $key) {
$action = check_plain($action);
$key = urldecode($key);
if (!$ldap_user_conf->wsEnabled) {
return ldap_user_ws_out(array(
0,
t('Webservice Not Enabled'),
));
}
elseif ($key != $ldap_user_conf->wsKey) {
// ldap_servers_encrypt($ldap_user_conf->wsKey, LDAP_SERVERS_ENC_TYPE_BLOWFISH)
return ldap_user_ws_out(array(
0,
t('Bad Webservice Key'),
));
}
elseif (!in_array($_SERVER['REMOTE_ADDR'], array_values($ldap_user_conf->wsUserIps))) {
return ldap_user_ws_out(array(
0,
t('Request from non-allowed IP Address'),
));
}
if ($direction_tag == 'todrupal') {
$direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER;
$sid = $ldap_user_conf->drupalAcctProvisionServer;
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
}
if ($direction_tag == 'toldap') {
$direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY;
$sid = $ldap_user_conf->ldapEntryProvisionServer;
$ldap_server = ldap_servers_get_servers($sid, NULL, TRUE);
}
else {
$direction = LDAP_USER_PROV_DIRECTION_NONE;
$sid = LDAP_USER_NO_SERVER_SID;
$ldap_server = FALSE;
}
if (strpos($drupal_user_name_or_dn, '=') === FALSE) {
$drupal_user_name = check_plain($drupal_user_name_or_dn);
}
else {
$drupal_user_name = $ldap_server ? $ldap_server
->userUsernameFromDn($drupal_user_name_or_dn) : FALSE;
}
ldap_servers_module_load_include('php', 'ldap_user', 'LdapUserConfAdmin.class');
$ldap_user_conf = new LdapUserConf();
$drupal_user = $action == 'create' || $drupal_user_name === FALSE ? FALSE : user_load_by_name($drupal_user_name);
$user_edit = array();
$account = array();
switch ($action) {
case 'create':
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
$user_edit['name'] = $drupal_user_name;
$new_account = $ldap_user_conf
->provisionDrupalAccount($account, $user_edit, $ldap_user, TRUE);
// @todo return boolean on first line, not human readable message
$text = $new_account ? 'Created Account ' . $drupal_user_name : 'Fails to Create Account ' . $drupal_user_name;
return ldap_user_ws_out(array(
(bool) $new_account,
$text,
));
}
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
$provision_result = $ldap_user_conf
->provisionLdapEntry($drupal_user_name);
// no need for ldap_user_ldap_provision_semaphore call with webservice since not tied to single user like logon process
// @todo turn result array into response
}
break;
case 'synch':
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
$saved_account = $ldap_user_conf
->synchToDrupalAccount($drupal_user, $user_edit, LDAP_USER_EVENT_SYNCH_TO_DRUPAL_USER, $ldap_user, TRUE);
$text = $saved_account ? 'Updated Account ' . $drupal_user_name : 'Failed to Update Account ' . $drupal_user_name;
return ldap_user_ws_out(array(
(bool) $saved_account,
$text,
));
}
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
$boolean_result = $ldap_user_conf
->synchToLdapEntry($drupal_user_name);
// @todo turn result array into response
}
break;
case 'disable':
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
$drupal_user->status = 0;
$edit = array(
'status' => 0,
);
$saved_account = user_save($drupal_user, array(
'status' => 0,
));
return ldap_user_ws_out(array(
(bool) $saved_account,
'Disabled Account ' . $drupal_user_name,
));
}
break;
case 'delete':
if ($direction = LDAP_USER_PROV_DIRECTION_TO_DRUPAL_USER) {
user_delete($drupal_user->uid);
return ldap_user_ws_out(array(
1,
'Deleted Account ' . $drupal_user_name,
));
}
elseif ($direction = LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY) {
// @todo implement delete ldap record and call ldap_user event handler for delete account
}
break;
}
return $out;
}
function ldap_user_ws_out($response) {
return join("\n", $response);
}
Functions
Name | Description |
---|---|
ldap_user_ws | @todo: this needs work in a few areas: |
ldap_user_ws_out | |
_ldap_user_ws_urls_item_list | @file functions related to REST webservices for LDAP User module |