ldapgroups.module in LDAP integration 6
Same filename and directory in other branches
ldapgroups integrates ldap groups with drupal roles.
File
ldapgroups.moduleView source
<?php
/**
* @file
* ldapgroups integrates ldap groups with drupal roles.
*/
//////////////////////////////////////////////////////////////////////////////
define('LDAPGROUPS_DEFAULT_DN_ATTRIBUTE', 'ou');
define('LDAPGROUPS_DEFAULT_ENTRIES_ATTRIBUTE', 'member');
define('LDAPGROUPS_RULE_TYPE_ALLOW', 'ALLOW');
define('LDAPGROUPS_RULE_TYPE_DENY', 'DENY');
define('LDAPGROUPS_RULE_TYPE_ALLOW_X', 'ALLOW-X');
define('LDAPGROUPS_RULE_TYPE_DENY_X', 'DENY-X');
define('LDAPGROUPS_GROUP_ALL', 'ALL');
define('LDAPGROUPS_GROUP_EXISTING', 'EXISTING');
define('LDAPGROUPS_ROLE_MODE_DISABLED', 2);
define('LDAPGROUPS_ROLE_MODE_USE_MAP', 1);
define('LDAPGROUPS_ROLE_MODE_AUTO', 0);
//////////////////////////////////////////////////////////////////////////////
// Core API hooks
/**
* Implementation of hook_menu().
*/
function ldapgroups_menu() {
return array(
'admin/settings/ldap/ldapgroups' => array(
'title' => 'Groups',
'description' => 'Configure LDAP groups to Drupal roles mapping settings.',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'ldapgroups_admin_settings',
),
'access arguments' => array(
'administer ldap modules',
),
'file' => 'ldapgroups.admin.inc',
),
'admin/settings/ldap/ldapgroups/configure' => array(
'title' => 'Settings',
'type' => MENU_DEFAULT_LOCAL_TASK,
),
'admin/settings/ldap/ldapgroups/test' => array(
'title' => 'Test Group Settings',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'ldapgroups_user_test',
),
'access arguments' => array(
'administer ldap modules',
),
'file' => 'ldapgroups.admin.inc',
'type' => MENU_LOCAL_TASK,
'weight' => 1,
),
'admin/settings/ldap/ldapgroups/edit' => array(
'title' => 'Groups',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'ldapgroups_admin_edit',
4,
5,
),
'type' => MENU_CALLBACK,
'access arguments' => array(
'administer ldap modules',
),
'file' => 'ldapgroups.admin.inc',
),
'admin/settings/ldap/ldapgroups/reset' => array(
'title' => 'Groups',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'ldapgroups_admin_edit',
4,
5,
),
'type' => MENU_CALLBACK,
'weight' => 1,
'access arguments' => array(
'administer ldap modules',
),
'file' => 'ldapgroups.admin.inc',
),
);
}
/**
* Implements hook_user().
*/
function ldapgroups_user($op, &$edit, &$account, $category = NULL) {
// Only care about ldap authenticated users.
if (!isset($account->ldap_authentified)) {
return;
}
switch ($op) {
case 'login':
module_load_include('inc', 'ldapauth', 'includes/ldap.core');
module_load_include('inc', 'ldapauth', 'includes/LDAPInterface');
module_load_include('inc', 'ldapgroups', 'ldapgroups');
ldapgroups_user_login($account);
break;
}
}
/**
* Implementation of hook_schema_alter().
*
* @param &$schema Nested array describing the schemas for all modules.
*/
function ldapgroups_schema_alter($schema) {
$schema['ldapauth']['fields']['ldapgroups_in_dn'] = array(
'type' => 'int',
'size' => 'tiny',
'not null' => TRUE,
'default' => '0',
);
$schema['ldapauth']['fields']['ldapgroups_dn_attribute'] = array(
'type' => 'varchar',
'length' => 255,
);
$schema['ldapauth']['fields']['ldapgroups_attr'] = array(
'type' => 'varchar',
'length' => 255,
);
$schema['ldapauth']['fields']['ldapgroups_in_attr'] = array(
'type' => 'int',
'size' => 'tiny',
'not null' => TRUE,
'default' => '0',
);
$schema['ldapauth']['fields']['ldapgroups_as_entries'] = array(
'type' => 'int',
'size' => 'tiny',
'not null' => TRUE,
'default' => '0',
);
$schema['ldapauth']['fields']['ldapgroups_entries'] = array(
'type' => 'text',
);
$schema['ldapauth']['fields']['ldapgroups_entries_attribute'] = array(
'type' => 'varchar',
'length' => 255,
);
$schema['ldapauth']['fields']['ldapgroups_mappings'] = array(
'type' => 'text',
'not null' => FALSE,
);
$schema['ldapauth']['fields']['ldapgroups_mappings_filter'] = array(
'type' => 'int',
'size' => 'tiny',
'not null' => TRUE,
'default' => '0',
);
$schema['ldapauth']['fields']['ldapgroups_filter_php'] = array(
'type' => 'text',
'not null' => FALSE,
);
$schema['ldapauth']['fields']['ldapgroups_groups'] = array(
'type' => 'text',
'not null' => FALSE,
);
}
/**
* Implementation of hook_ldap_user_deny_alter.
*
* User denied if server access limited by group(s) and user is not in one.
*/
function ldapgroups_ldap_user_deny_alter(&$denied, $ldap, $name, $dn, $account) {
module_load_include('inc', 'ldapgroups', 'ldapgroups');
$sid = $ldap
->getOption('sid');
$groups_allowed = _ldapgroups_ldap_info($sid, 'ldapgroups_groups');
if (!ldapgroups_is_configured($sid) || empty($groups_allowed)) {
return;
// Nothing to do here.
}
$user_groups = ldapgroups_groups_load($ldap, $dn, $name);
if ($user_groups === FALSE) {
// Problem getting groups!
$denied = TRUE;
ldapauth_debug_msg(t("groups_deny: User, @name, denied because ldapgroups module is configured but the user's groups load failed", array(
'@name' => $name,
)));
return;
}
$access_rules = ldapgroups_access_rules($ldap
->getOption('sid'));
$allowed = FALSE;
foreach ($access_rules as $rule) {
$type = $rule[0];
$rule_group = drupal_strtoupper($rule[1]);
// See if the rule group matches the user.
$matched = FALSE;
switch ($rule_group) {
case LDAPGROUPS_GROUP_ALL:
$matched = TRUE;
break;
case LDAPGROUPS_GROUP_EXISTING:
if ($account->ldap_authentified) {
$matched = TRUE;
}
break;
default:
foreach ($user_groups as $group) {
if (drupal_strtoupper($group) == $rule_group) {
$matched = TRUE;
break;
}
}
}
// Rule matched, apply action.
if ($matched) {
// Handle the match results according to rule type.
switch ($type) {
case LDAPGROUPS_RULE_TYPE_ALLOW:
$allowed = TRUE;
break;
case LDAPGROUPS_RULE_TYPE_ALLOW_X:
return;
// Found Allowed exit rule - hook says do nothing
case LDAPGROUPS_RULE_TYPE_DENY:
$allowed = FALSE;
break;
case LDAPGROUPS_RULE_TYPE_DENY_X:
ldapauth_debug_msg(t("groups_deny: User, @name, denied by DENY_X group access rule.", array(
'@name' => $name,
)));
$denied = TRUE;
// Found DENIED exit rule, deny and exit.
return;
break;
default:
drupal_set_message(t("Invalid rule type, @type, found in ldapgroups access rules for server, @server!", array(
'@type' => $type,
'@server' => $ldap
->getOption('name'),
)));
}
}
}
if (!$allowed) {
ldapauth_debug_msg(t("groups_deny: User, @name, denied by group access rules.", array(
'@name' => $name,
)));
$denied = TRUE;
}
}
/**
* Implementation of hook_ldap_convert_to_local_alter().
*
* Remove ldap_drupal_roles property when user is convert back to a local user.
*
* @param Array $data
* @param User $account
*/
function ldapgroups_ldap_convert_to_local_alter(&$data, $account) {
$data['ldap_drupal_roles'] = NULL;
}
Functions
Name | Description |
---|---|
ldapgroups_ldap_convert_to_local_alter | Implementation of hook_ldap_convert_to_local_alter(). |
ldapgroups_ldap_user_deny_alter | Implementation of hook_ldap_user_deny_alter. |
ldapgroups_menu | Implementation of hook_menu(). |
ldapgroups_schema_alter | Implementation of hook_schema_alter(). |
ldapgroups_user | Implements hook_user(). |