function ldapauth_admin_form in LDAP integration 6
Same name and namespace in other branches
- 5.2 ldapauth.module \ldapauth_admin_form()
- 5 ldapauth.module \ldapauth_admin_form()
Implements the LDAP server edit page.
Parameters
$form_state: A form state array.
$op: An operatin - add or edit.
$sid: A LDAP server ID.
Return value
The form structure.
2 calls to ldapauth_admin_form()
- ldaphelp_wizard_form in ldaphelp/
ldaphelp_wizard.inc - @file wizard file for ldaphelp module
- _ldaphelp_get_configuration in ldaphelp/
ldaphelp.module - Get config information for general config and each ldap server defined.
1 string reference to 'ldapauth_admin_form'
- ldapauth_menu in ./
ldapauth.module - Implements hook_menu().
File
- ./
ldapauth.admin.inc, line 231 - Module admin page callbacks.
Code
function ldapauth_admin_form(&$form_state, $op = NULL, $sid = NULL) {
drupal_add_js(drupal_get_path('module', 'ldapauth') . '/ldapauth.admin.js');
if ($op == "edit" && $sid) {
$edit = (array) ldapauth_server_load($sid);
$form['sid'] = array(
'#type' => 'hidden',
'#value' => $sid,
);
$form['original_server'] = array(
'#type' => 'value',
'#value' => ldapauth_server_load($sid),
);
$name_classes = "ldapauth-name-update";
}
else {
$edit = array(
'name' => '',
'machine_name' => '',
'server' => '',
'port' => '389',
'tls' => 0,
'enc_type' => 0,
'basedn' => '',
'user_attr' => LDAPAUTH_DEFAULT_USER_ATTR,
'mail_attr' => LDAPAUTH_DEFAULT_MAIL_ATTR,
'puid_attr' => '',
'binary_puid' => 0,
'binddn' => '',
'bindpw' => FALSE,
'login_php' => '',
'filter_php' => '',
);
$name_classes = "ldapauth-name";
}
$form['server-settings'] = array(
'#type' => 'fieldset',
'#title' => t('Server settings'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
);
$form['server-settings']['name'] = array(
'#type' => 'textfield',
'#title' => t('Name'),
'#default_value' => $edit['name'],
'#description' => t('Choose a <em><strong>unique</strong></em> name for this server configuration.'),
'#size' => 50,
'#maxlength' => 255,
'#required' => TRUE,
'#attributes' => array(
'class' => $name_classes,
),
);
$form['server-settings']['machine_name'] = array(
'#type' => 'textfield',
'#title' => t('Machine-readable name'),
'#description' => t('Example: primary_domain_server') . '<br/>' . t('May only contain lowercase letters, numbers and underscores. <strong>Try to avoid conflicts with the names of existing Drupal projects.</strong>'),
'#required' => TRUE,
'#default_value' => $edit['machine_name'],
'#attributes' => array(
'class' => 'ldapauth-machine-name',
),
'#element_validate' => array(
'ldapauth_admin_form_validate_field',
),
);
$form['server-settings']['server'] = array(
'#type' => 'textfield',
'#title' => t('LDAP server'),
'#default_value' => $edit['server'],
'#size' => 50,
'#maxlength' => 255,
'#description' => t('The domain name or IP address of your LDAP Server. Prefix the hostname or IP address with ldaps:// if the LDAP server connection uses SSL.'),
'#required' => TRUE,
);
$form['server-settings']['port'] = array(
'#type' => 'textfield',
'#title' => t('LDAP port'),
'#default_value' => $edit['port'],
'#size' => 5,
'#maxlength' => 5,
'#description' => t('The TCP/IP port on the above server which accepts LDAP connections. Must be an integer. Standard ports are 389 and 636(SSL).'),
);
$form['server-settings']['tls'] = array(
'#type' => 'checkbox',
'#title' => t('Use Start-TLS'),
'#default_value' => $edit['tls'],
'#description' => t('Secure the connection between the Drupal and the LDAP servers using TLS.<br /><em>Note: To use START-TLS, you must set the LDAP Port to 389.</em>'),
);
$form['server-settings']['enc_type'] = array(
'#type' => 'select',
'#options' => valid_enc_types(),
'#title' => t('LDAP password encryption type'),
'#default_value' => $edit['enc_type'],
'#description' => t('This lists which type of Standard LDAP encryption should be used. Use with care as some LDAP directories may do this automatically, what would cause login issues. If unsure, use cleartext.'),
);
$form['login-procedure'] = array(
'#type' => 'fieldset',
'#title' => t('Login procedure'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
);
$form['login-procedure']['basedn'] = array(
'#type' => 'textarea',
'#title' => t('Base DNs'),
'#default_value' => $edit['basedn'],
'#cols' => 50,
'#rows' => 6,
'#description' => t('Base DNs for users. Enter one per line in case you need several of them.'),
);
$form['login-procedure']['user_attr'] = array(
'#type' => 'textfield',
'#title' => t('UserName attribute'),
'#default_value' => $edit['user_attr'],
'#size' => 30,
'#maxlength' => 255,
'#description' => t('The attribute that holds the users\' login name. (eg. <em style="font-style: normal; padding: 1px 3px; border: 1px solid #8888CC; background-color: #DDDDFF">cn</em> for eDir or <em style="font-style: normal; padding: 1px 3px; border: 1px solid #8888CC; background-color: #DDDDFF">sAMAccountName</em> for Active Directory).'),
);
$form['login-procedure']['mail_attr'] = array(
'#type' => 'textfield',
'#title' => t('Email attribute'),
'#default_value' => $edit['mail_attr'],
'#size' => 30,
'#maxlength' => 255,
'#description' => t('The attribute that holds the users\' email address. (eg. <em style="font-style: normal; padding: 1px 3px; border: 1px solid #8888CC; background-color: #DDDDFF">mail</em>).'),
);
$form['login-procedure']['puid_attr'] = array(
'#type' => 'textfield',
'#title' => t('Persistent and Unique User Id attribute'),
'#default_value' => $edit['puid_attr'],
'#size' => 30,
'#maxlength' => 255,
'#description' => t("In some LDAPs, a user's DN, CN, or mail may change when a user's name changes or for other reasons. In order to avoid creation of multiple accounts and definitively map ldap entries to Drupal users, you can enter an attribute that will be persistent and unique across LDAP changes, e.g. employeeNumber, entryUUID, objectGUID, and the like. If no such attribute exists, just leave blank."),
);
$form['login-procedure']['binary_puid'] = array(
'#type' => 'checkbox',
'#title' => t('PUID is binary'),
'#default_value' => $edit['binary_puid'],
'#description' => t("Some attributes that can be used for PUIDs are binary and require special handing, e.g. objectGUID. Check this if the puid attribute is binary."),
);
$form['login-procedure']['login_php'] = array(
'#type' => 'textarea',
'#title' => t('PHP to transform login name'),
'#default_value' => $edit['login_php'],
'#cols' => 25,
'#rows' => 5,
'#description' => check_plain(t('Enter PHP to transform login name before it is sent to LDAP for authentication. Careful, bad PHP code here will break your site. If left empty, no name transformation will be done. Change following example code to enable transformation:<br /><code>return $name;</code>')),
);
$form['login-procedure']['filter_php'] = array(
'#type' => 'textarea',
'#title' => t('PHP to filter users based on their LDAP data'),
'#default_value' => $edit['filter_php'],
'#cols' => 25,
'#rows' => 5,
'#description' => check_plain(t('Enter PHP to filter users which are allowed to login based on their LDAP data. Careful, bad PHP code here will break your site. If left empty, no filtering will be done. The code should return TRUE to allow authentication. Following example shows how to disallow users without their homeDirectory set:<br /><code>return isset($ldap[\'homeDirectory\']) && isset($ldap[\'homedirectory\'][0]);</code>')),
);
$form['advanced'] = array(
'#type' => 'fieldset',
'#title' => t('Advanced configuration'),
'#description' => t('<p>The process of authentication starts by establishing an anonymous connection to the LDAP directory and looking up for the user on it. Once this user is found, LDAP authentication is performed on them.</p><p>However, some LDAP configurations (specially common in <strong>Active Directory</strong> setups) restrict anonymous searches.</p><p>If your LDAP setup does not allow anonymous searches, or these are restricted in such a way that login names for users cannot be retrieved as a result of them, then you have to specify here a DN//password pair that will be used for these searches.</p><p>For security reasons, this pair should belong to an LDAP account with stripped down permissions.</p>'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
);
if (!$edit['bindpw']) {
$form['advanced']['binddn'] = array(
'#type' => 'textfield',
'#title' => t('DN for non-anonymous search'),
'#default_value' => $edit['binddn'],
'#size' => 50,
'#maxlength' => 255,
);
$form['advanced']['bindpw'] = array(
'#type' => 'password',
'#title' => t('Password for non-anonymous search'),
'#size' => 12,
'#maxlength' => 255,
);
}
else {
$form['advanced']['binddn'] = array(
'#type' => 'item',
'#title' => t('DN for non-anonymous search'),
'#value' => $edit['binddn'],
);
// Give an option to clear the password.
$form['advanced']['bindpw_clear'] = array(
'#type' => 'checkbox',
'#title' => t('Clear current password and change DN'),
'#default_value' => FALSE,
);
}
$form['advanced']['test'] = array(
'#type' => 'submit',
'#value' => t('Test'),
'#suffix' => '<div id="test-spinner" style="display: none;">' . theme_image(drupal_get_path('module', 'ldapauth') . '/images/spinner.gif') . '</div><div id="test-message" class="messages" style="display: none;"></div>',
);
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Save configuration'),
);
return $form;
}