You are here

Home » API reference » LDAP integration 5.2 » ldapauth.module

function ldapauth_admin_options in LDAP integration 5.2

Same name and namespace in other branches
  1. 5 ldapauth.module \ldapauth_admin_options()
1 string reference to 'ldapauth_admin_options'
ldapauth_menu in ./ldapauth.module
Implements hook_menu()

File

./ldapauth.module, line 207

Code

function ldapauth_admin_options() {
  $script = '
		$(document).ready( function(){
			$("input#edit-ldap-disable-request-new-password").click( function(){	
				$("textarea#edit-ldap-user-pass-form").attr("disabled", (! $(this).attr("checked")));
			});
			$("input#ldap-restore-defaults").click(function(){
				$("form")[0].submit();
			});
		})';
  drupal_add_js($script, 'inline');
  $options_login_process = array(
    LDAP_FIRST_DRUPAL => t('Drupal\'s DB first, then LDAP directory'),
    //LDAP_OR_DRUPAL => t('If LDAP user, LDAP only; otherwise Drupal DB'),
    LDAP_FIRST_LDAP => t('LDAP directory only'),
  );
  $form['system-options'] = array(
    '#type' => 'fieldset',
    '#title' => t('Authentication mode'),
    '#description' => t('<p><strong>NOTE: These settings have no effect on Drupal user with uid 1. The admin account never uses LDAP.</p>'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  );
  $form['system-options']['ldap_login_process'] = array(
    '#type' => 'radios',
    '#title' => t('Choose authentication mode'),
    //    '#description' => t('<p>Pick the mode based on the types of user accounts and other configuration decisions.  For example the first and second modes both support LDAP and Drupal users simultaneously. The difference has to do with whether the LDAP user can login on the "stub" account, if say the original LDAP account were removed. While the third option only supports LDAP users. Please see the online docs for more info on advanced configurations.</p>'),
    '#description' => t('<p>Pick the mode based on the types of user accounts and other configuration decisions...</p>'),
    '#default_value' => variable_get('ldap_login_process', LDAP_FIRST_DRUPAL),
    '#options' => $options_login_process,
    '#required' => true,
  );
  $form['security-options'] = array(
    '#type' => 'fieldset',
    '#title' => t('Security Options'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  );
  $form['security-options']['ldap_forget_passwords'] = array(
    '#type' => 'checkbox',
    '#title' => t('Do not store users\' passwords during sessions'),
    '#return_value' => true,
    '#default_value' => variable_get('ldap_forget_passwords', true),
    '#description' => t('<p>If you use the <strong>ldapdata</strong> module and want to allow users to modify their LDAP attributes, you have two options:</p><ul><li>Setup a special ldap manager DN that has (limited) permissions to edit the requisite LDAP records - using this method means Drupal\'s built in password reset will work;</li> <li>or allow this module to store the user\'s LDAP password, in clear text, during the session;</li></ul><p>Physically, these passwords are stored in the Drupal\'s session table in clear text. This is not ideal and is not the recomended configuration.</p><p>Unless you need to use the latter configuration, leave this checked.</p>'),
  );
  $form['ui-options'] = array(
    '#type' => 'fieldset',
    '#title' => t('User Interface Options'),
    '#description' => t('<p>Only effects ldap authenticated users, by altering some Drupal user interface forms. This has no effect on reading or writing LDAP attributes.'),
    '#collapsible' => TRUE,
    '#collapsed' => FALSE,
  );
  $form['ui-options']['ldap_disable_request_new_password'] = array(
    '#type' => 'checkbox',
    '#title' => t('Disable access to <em>Request new password</em> form'),
    '#return_value' => TRUE,
    '#default_value' => variable_get('ldap_disable_request_new_password', FALSE),
    '#description' => t('Disable link to Drupal\'s built-in "Request new password" form from user login block. If this is checked, users can still access the "Request new password" form directly or from the user login form. This option effects the UI for anonymous users.'),
  );
  $form['ui-options']['ldap_user_pass_form'] = array(
    '#type' => 'textarea',
    '#title' => t('New password reset message'),
    '#default_value' => variable_get('ldap_user_pass_form', '<h2>Form disabled by administrator.<h2>'),
    '#cols' => 45,
    '#rows' => 3,
    '#maxlength' => 250,
    '#disabled' => !variable_get('ldap_disable_request_new_password', FALSE),
    '#description' => t('<p>Because the form is still accessible, enter substitute instructions for "Request new password" form page. Ideally there should be some instructions or a link on how to replace passwords. If this is left empty, the default Drupal form WILL BE USED.</p>'),
  );
  $form['ui-options']['ldap_disable_user_request_password'] = array(
    '#type' => 'checkbox',
    '#title' => t('Disable access password reset fields'),
    '#default_value' => variable_get('ldap_disable_user_request_password', FALSE),
    '#description' => t('<p>Disable Drupal\'s built in password change text boxes on the user edit form. If checked, the password change fields will disappear for LDAP authenticated users.</p>'),
  );
  $form['ldap_restore_defaults'] = array(
    '#type' => 'checkbox',
    '#title' => t('Reset to default values'),
    '#default_value' => variable_get('ldap_restore_defaults', FALSE),
  );
  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => 'Save configuration',
  );
  return $form;
}