You are here

Home » API reference » LDAP integration 6 » ldapauth.admin.inc

function ldapauth_admin_settings in LDAP integration 6

Implements the settings page.

Return value

The form structure.

1 call to ldapauth_admin_settings()
_ldaphelp_get_configuration in ldaphelp/ldaphelp.module
Get config information for general config and each ldap server defined.
2 string references to 'ldapauth_admin_settings'
ldapauth_menu in ./ldapauth.module
Implements hook_menu().
ldapdata_form_alter in ./ldapdata.module
Implementation of hook_form_alter().

File

./ldapauth.admin.inc, line 17
Module admin page callbacks.

Code

function ldapauth_admin_settings() {
  $options_login_process = array(
    LDAPAUTH_AUTH_MIXED => t('Mixed mode. The LDAP authentication is performed only if Drupal authentication fails'),
    LDAPAUTH_AUTH_EXCLUSIVED => t('LDAP directory only'),
  );
  $options_login_conflict = array(
    LDAPAUTH_CONFLICT_LOG => t('Disallow login and log the conflict'),
    LDAPAUTH_CONFLICT_RESOLVE => t('Associate local account with the LDAP entry'),
  );
  $options_username_field = array(
    LDAPAUTH_USERNAME_FIELD_NO => t('Do nothing'),
    LDAPAUTH_USERNAME_FIELD_REMOVE => t('Remove username field from form'),
    LDAPAUTH_USERNAME_FIELD_DISABLE => t('Disable username field on form'),
  );
  $form['system-options'] = array(
    '#type' => 'fieldset',
    '#title' => t('Authentication mode'),
    '#description' => t('<strong>NOTE:</strong> These settings have no effect on Drupal user with uid 1. The admin account never uses LDAP.'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  );
  $form['system-options']['ldapauth_login_process'] = array(
    '#type' => 'radios',
    '#title' => t('Choose authentication mode'),
    '#description' => t('Pick the mode based on the types of user accounts and other configuration decisions. If <i>LDAP directory only</i> option is activated some UI modifications will be applied.'),
    '#default_value' => LDAPAUTH_LOGIN_PROCESS,
    '#options' => $options_login_process,
    '#required' => TRUE,
  );
  $form['system-options']['ldapauth_login_conflict'] = array(
    '#type' => 'radios',
    '#title' => t('Choose user conflict resolve procedure'),
    '#description' => t('Pick what should be done if the local Drupal account already exists with the same login name.'),
    '#default_value' => LDAPAUTH_LOGIN_CONFLICT,
    '#options' => $options_login_conflict,
    '#required' => TRUE,
  );
  $form['system-options']['ldapauth_debug'] = array(
    '#type' => 'checkbox',
    '#title' => t('Turn on extra Watchdog logging'),
    '#default_value' => variable_get('ldapauth_debug', FALSE),
    '#description' => t('<p>If checked, extra information will be logged to the Watchdog table when each user logs in.  This is intended to give administrator a "debugging log" to solve configuration or user access problems.  It should be off for stable production sites.</p>'),
  );
  $form['security-options'] = array(
    '#type' => 'fieldset',
    '#title' => t('Security Options'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['security-options']['ldapauth_forget_passwords'] = array(
    '#type' => 'checkbox',
    '#title' => t('Do not store users\' passwords during sessions'),
    '#default_value' => LDAPAUTH_FORGET_PASSWORDS,
    '#description' => t('<p>If you use the <strong>ldapdata</strong> module and want to allow users to modify their LDAP attributes, you have two options:</p><ul><li>Setup a special ldap manager DN that has (limited) permissions to edit the requisite LDAP records - using this method means Drupal\'s built in password reset will work;</li> <li>or allow this module to store the user\'s LDAP password, in clear text, during the session;</li></ul><p>Physically, these passwords are stored in the Drupal\'s session table in clear text. This is not ideal and is not the recomended configuration.</p><p>Unless you need to use the latter configuration, leave this checked.</p>'),
  );
  $form['security-options']['ldapauth_sync_passwords'] = array(
    '#type' => 'checkbox',
    '#title' => t('Sync LDAP password with the Drupal password'),
    '#default_value' => LDAPAUTH_SYNC_PASSWORDS,
    '#description' => t('If checked, then LDAP and Drupal passwords will be syncronized. This might be useful if some other modules need to authenticate against the user password hash stored in Drupal and works only in Mixed mode. It might introduce security issues in the Mixed mode since after the deletion of the LDAP account, the Drupal user will still exist and may be able to login to Drupal with his password if ldapauth is disabled. If unsure, leave this unchecked.'),
  );
  $form['security-options']['ldapauth_create_users'] = array(
    '#type' => 'checkbox',
    '#title' => t('Create new Drupal user if not present'),
    '#default_value' => variable_get('ldapauth_create_users', TRUE),
    '#description' => t('If checked, then LDAP will create a new Drupal user against the user information supplied by the user authenticated by LDAP. If not checked only the already available users will be authenticated.'),
  );
  $form['ldap-ui'] = array(
    '#type' => 'fieldset',
    '#title' => t('LDAP UI Options'),
    '#description' => t('<p>Alters LDAP users\' interface only, though admin accounts can still access email and password fields of LDAP users regardless of selections. Does not effect non-LDAP authenticated accounts. </p>'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['ldap-ui']['ldapauth_alter_username_field'] = array(
    '#type' => 'radios',
    '#title' => t('Alter username field on user edit form'),
    '#description' => t('Remove or disable username field from user edit form for LDAP authenticated users, even admin users.'),
    '#default_value' => LDAPAUTH_ALTER_USERNAME_FIELD,
    '#options' => $options_username_field,
    '#required' => TRUE,
  );
  $form['ldap-ui']['ldapauth_disable_pass_change'] = array(
    '#type' => 'checkbox',
    '#title' => t('Remove password change fields from user edit form'),
    '#default_value' => LDAPAUTH_DISABLE_PASS_CHANGE,
    '#description' => t('If left unchecked, ldap users will receive warning that they may not request new password here.  <strong>NOTE:</strong> Request new password feature will be disabled for all users even for the user with uid 1.'),
  );
  $options_email_field = array(
    LDAPAUTH_EMAIL_FIELD_NO => t('Do nothing'),
    LDAPAUTH_EMAIL_FIELD_REMOVE => t('Remove email field from form'),
    LDAPAUTH_EMAIL_FIELD_DISABLE => t('Disable email field on form'),
  );
  $form['ldap-ui']['ldapauth_alter_email_field'] = array(
    '#type' => 'radios',
    '#title' => t('Alter email field on user edit form'),
    '#description' => t('Remove or disable email field from user edit form for LDAP authenticated users.'),
    '#default_value' => LDAPAUTH_ALTER_EMAIL_FIELD,
    '#options' => $options_email_field,
    '#required' => TRUE,
  );
  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Save configuration'),
  );
  $form['reset'] = array(
    '#type' => 'submit',
    '#value' => t('Reset to defaults'),
  );
  return $form;
}