You are here

function ldapauth_admin_options in LDAP integration 5

Same name and namespace in other branches
  1. 5.2 ldapauth.module \ldapauth_admin_options()
1 string reference to 'ldapauth_admin_options'
ldapauth_menu in ./ldapauth.module
Implements hook_menu()

File

./ldapauth.module, line 256

Code

function ldapauth_admin_options() {
  $options_login_process = array(
    LDAP_FIRST_DRUPAL => t('Drupal\'s DB first, then LDAP directory'),
    //LDAP_OR_DRUPAL => t('If LDAP user, LDAP only; otherwise Drupal DB'),
    LDAP_FIRST_LDAP => t('LDAP directory only'),
  );
  $form['system-options'] = array(
    '#type' => 'fieldset',
    '#title' => t('Authentication mode'),
    '#description' => t('<p><strong>NOTE:</strong> These settings have no effect on Drupal user with uid 1. The admin account never uses LDAP.</p>'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['system-options']['ldap_login_process'] = array(
    '#type' => 'radios',
    '#title' => t('Choose authentication mode'),
    '#description' => t('<p>Pick the mode based on the types of user accounts and other configuration decisions...</p>'),
    '#default_value' => variable_get('ldap_login_process', LDAP_FIRST_DRUPAL),
    '#options' => $options_login_process,
    '#required' => true,
  );
  $form['security-options'] = array(
    '#type' => 'fieldset',
    '#title' => t('Security Options'),
    '#collapsible' => TRUE,
    '#description' => t('<p>If you use the <strong>ldapdata</strong> module and want to allow users to modify their LDAP attributes, you have two options:</p><ul><li>Setup a special ldap manager DN that has (limited) permissions to edit the requisite LDAP records - using this method means Drupal\'s built in password reset will work;</li> <li>or allow this module to store the user\'s LDAP password, in clear text, during the session;</li></ul><p>Physically, these passwords are stored in the Drupal\'s session table in clear text. This is not ideal and is not the recomended configuration.</p><p>Unless you need to use the latter configuration, leave this checked.</p>'),
    '#collapsed' => TRUE,
  );
  $form['security-options']['ldap_forget_passwords'] = array(
    '#type' => 'checkbox',
    '#title' => t('Do not store users\' passwords during sessions'),
    '#return_value' => true,
    '#default_value' => variable_get('ldap_forget_passwords', true),
  );
  $form['anonymous-ui'] = array(
    '#type' => 'fieldset',
    '#title' => t('Anonymous UI Options'),
    '#description' => t('<p>Effects the interface for all non-authenticated users.</p>'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['anonymous-ui']['ldap_disable_request_new_password'] = array(
    '#type' => 'checkbox',
    '#title' => t('Remove <em>Request new password</em> link from login block'),
    '#return_value' => TRUE,
    '#default_value' => variable_get('ldap_disable_request_new_password', FALSE),
  );
  $options_reset_form = array(
    LDAP_RESET_FORM_NO => t('Do nothing'),
    LDAP_RESET_FORM_OVERWRITE => t('Overwrite form with HTML in textfield'),
    LDAP_RESET_FORM_MERGE => t('Prepend HTML to form'),
  );
  $form['anonymous-ui']['ldap_alter_reset_form'] = array(
    '#type' => 'radios',
    '#title' => t('Alter <em>Request New Password</em> form'),
    '#default_value' => variable_get('ldap_alter_reset_form', LDAP_RESET_FORM_NO),
    '#options' => $options_reset_form,
    '#required' => true,
  );
  $form['anonymous-ui']['ldap_user_pass_form'] = array(
    '#type' => 'textarea',
    '#title' => t('New password reset message'),
    '#default_value' => variable_get('ldap_user_pass_form', '<h2>Form disabled by administrator.<h2>'),
    '#cols' => 45,
    '#rows' => 3,
    '#maxlength' => 250,
    '#disabled' => variable_get('ldap_alter_reset_form', LDAP_RESET_FORM_NO) == LDAP_RESET_FORM_NO ? TRUE : FALSE,
    '#description' => t('<p>The <em>Request New Password</em> form cannot be removed, but it can be altered. Pick the mode based on the types of user accounts and other configuration decisions.</p>'),
  );
  $form['ldap-ui'] = array(
    '#type' => 'fieldset',
    '#title' => t('LDAP UI Options'),
    '#description' => t('<p>Alters LDAP users\' interface only, though admin accounts can still access email and password fields of LDAP users regardless of selections. Does not effect non-LDAP authenticated accounts. </p>'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['ldap-ui']['ldap_disable_user_request_password'] = array(
    '#type' => 'checkbox',
    '#title' => t('Remove password change fields from user edit form'),
    '#default_value' => variable_get('ldap_disable_user_request_password', FALSE),
  );
  $options_email_field = array(
    LDAP_EMAIL_FIELD_NO => t('Do nothing'),
    LDAP_EMAIL_FIELD_REMOVE => t('Remove email field from form'),
    LDAP_EMAIL_FIELD_DISABLE => t('Disable email field on form'),
  );
  $form['ldap-ui']['ldap_alter_email_field'] = array(
    '#type' => 'radios',
    '#title' => t('Alter email field on user edit form'),
    '#description' => t('<p>Remove or disable email field from user edit form for LDAP authenticated users.</p>'),
    '#default_value' => variable_get('ldap_alter_email_field', LDAP_EMAIL_FIELD_NO),
    '#options' => $options_email_field,
    '#required' => true,
  );
  $form['ldap_restore_defaults'] = array(
    '#type' => 'checkbox',
    '#title' => t('Reset to default values'),
    '#default_value' => variable_get('ldap_restore_defaults', FALSE),
  );
  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => 'Save configuration',
  );
  return $form;
}