You are here

Home » API reference » LDAP integration 5.2 » ldapauth.module

function ldapauth_admin_form in LDAP integration 5.2

Same name and namespace in other branches
  1. 5 ldapauth.module \ldapauth_admin_form()
  2. 6 ldapauth.admin.inc \ldapauth_admin_form()
1 string reference to 'ldapauth_admin_form'
ldapauth_menu in ./ldapauth.module
Implements hook_menu()

File

./ldapauth.module, line 328

Code

function ldapauth_admin_form() {
  $ldap_name = arg(4);
  if (arg(3) == "edit" && $ldap_name != NULL) {
    $edit = db_fetch_array(db_query("SELECT * FROM {ldapauth} WHERE name = '%s'", $ldap_name));
    $form['old-name'] = array(
      '#type' => 'hidden',
      '#value' => $ldap_name,
    );
  }
  $form['server-settings'] = array(
    '#type' => 'fieldset',
    '#title' => t('Server settings'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  );
  $form['server-settings']['name'] = array(
    '#type' => 'textfield',
    '#title' => t('Name'),
    '#default_value' => $edit['name'],
    '#description' => t('Choose a <em><strong>unique</strong></em> name for this server configuration.'),
    '#size' => 50,
    '#maxlength' => 255,
    '#required' => TRUE,
  );
  $form['server-settings']['server'] = array(
    '#type' => 'textfield',
    '#title' => t('LDAP server'),
    '#default_value' => $edit['server'],
    '#size' => 50,
    '#maxlength' => 255,
    '#description' => t('<p>The domain name or IP address of your LDAP Server.</p>'),
    '#required' => TRUE,
  );

  // workaround for a db schema screwup. If port is left blank, then next time the config is edited,
  // it will stick a 0 in it. -- not good.
  $_port = $edit['port'] == '0' ? "389" : $edit['port'];
  $form['server-settings']['port'] = array(
    '#type' => 'textfield',
    '#title' => t('LDAP port'),
    '#default_value' => $_port,
    '#size' => 50,
    '#maxlength' => 255,
    '#description' => t('<p>The TCP/IP port on the above server which accepts LDAP connections. Must be an integer.</p>'),
  );
  $form['server-settings']['tls'] = array(
    '#type' => 'checkbox',
    '#title' => t('Use Start-TLS'),
    '#return_value' => 1,
    '#default_value' => $edit['tls'],
    '#description' => t('<p>Secure the connection between the Drupal and the LDAP servers using TLS.<br /><em>Note: To use START-TLS, you must set the LDAP Port to 389.</em></p>'),
  );
  $form['server-settings']['encrypted'] = array(
    '#type' => 'checkbox',
    '#title' => t('Store passwords in encrypted form'),
    '#return_value' => 1,
    '#default_value' => $edit['encrypted'],
    '#description' => t('<p>Secure the password in LDAP by storing it MD5 encrypted (use with care, as some LDAP directories may do this automatically, what would cause logins problems).</p>'),
  );
  $form['login-procedure'] = array(
    '#type' => 'fieldset',
    '#title' => 'Login procedure',
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['login-procedure']['basedn'] = array(
    '#type' => 'textarea',
    '#title' => t('Base DNs'),
    '#default_value' => $edit['basedn'],
    '#cols' => 50,
    '#rows' => 6,
    '#description' => t('<p>Base DNs for users. Enter one per line in case you need several of them.</p>'),
  );
  $form['login-procedure']['user_attr'] = array(
    '#type' => 'textfield',
    '#title' => t('UserName attribute'),
    '#default_value' => $edit['user_attr'],
    '#size' => 50,
    '#maxlength' => 255,
    '#description' => t('<p>The attribute that holds the users\' login name. (eg. <em style="font-style: normal; padding: 1px 3px; border: 1px solid #8888CC; background-color: #DDDDFF">cn</em> for eDir or <em style="font-style: normal; padding: 1px 3px; border: 1px solid #8888CC; background-color: #DDDDFF">sAMAccountName</em> for Active Directory).</p>'),
  );
  $form['login-procedure']['mail_attr'] = array(
    '#type' => 'textfield',
    '#title' => t('Email attribute'),
    '#default_value' => $edit['mail_attr'],
    '#size' => 50,
    '#maxlength' => 255,
    '#description' => t('<p>The attribute that holds the users\' email address. (eg. <em style="font-style: normal; padding: 1px 3px; border: 1px solid #8888CC; background-color: #DDDDFF">mail</em>).</p>'),
  );
  $form['advanced'] = array(
    '#type' => 'fieldset',
    '#title' => 'Advanced configuration',
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['advanced']['ldap-note'] = array(
    '#value' => '<p>The process of authentication starts by establishing an anonymous connection to the LDAP directory and looking up for the user on it. Once this user is found, LDAP authentication is performed on them.</p><p>However, some LDAP configurations (specially common in <strong>Active Directory</strong> setups) restrict anonymous searches.</p><p>If your LDAP setup does not allow anonymous searches, or these are restricted in such a way that login names for users cannot be retrieved as a result of them, then you have to specify here a DN//password pair that will be used for these searches.</p><p>For security reasons, this pair should belong to an LDAP account with stripped down permissions.</p>',
  );
  $form['advanced']['binddn'] = array(
    '#type' => 'textfield',
    '#title' => t('DN for non-anonymous search'),
    '#default_value' => $edit['binddn'],
    '#size' => 50,
    '#maxlength' => 255,
  );
  if ($edit['bindpw_clear'] || !$edit['bindpw']) {
    $form['advanced']['bindpw'] = array(
      '#type' => 'password',
      '#title' => t('Password for non-anonymous search'),
      '#size' => 50,
      '#maxlength' => 255,
    );
  }
  else {

    // give an option to clear the password
    $form['advanced']['bindpw_clear'] = array(
      '#type' => 'checkbox',
      '#title' => t('Clear current password'),
      '#default_value' => false,
    );
  }
  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => 'Save configuration',
  );
  return $form;
}