You are here

function ldaphelp_get_ldap_server in LDAP integration 6

Use the LDAP server info to create the status array for theme_status_report

Parameters

Array $info:

int $sid The server definition id:

Array $ldap Array of server configuration info:

Array $test Results of the _ldaphelp_testldap function:

String $edit_ldap The link to edit this configuration.:

1 call to ldaphelp_get_ldap_server()
ldaphelp_status in ldaphelp/ldaphelp_status.inc

File

ldaphelp/ldaphelp_status.inc, line 227
status file for ldaphelp module

Code

function ldaphelp_get_ldap_server(&$info, $sid, &$ldap, &$test, $edit_ldap) {
  $description = "server: " . $ldap['server'] . "<br/>port: " . $ldap['port'] . "<br/>tls: " . $ldap['tls'] . "<br/>encrypted: " . $ldap['encrypted'];
  $status[] = array(
    'title' => 'Server Settings ' . $edit_ldap,
    'value' => $description,
    'severity' => "0",
  );

  // login procedure
  $description = "user_attr:<code> " . $ldap['user_attr'] . "</code><br/>mail_attr: <code>" . $ldap['mail_attr'] . "</code>";
  $status[] = array(
    'title' => 'Login Procedure ' . $edit_ldap,
    'value' => $description,
    'severity' => "0",
  );

  // advanced configuration
  $description = "binddn: <code>" . $ldap['binddn'] . "</code><br/>bindpw: " . $ldap['bindpw'];
  $status[] = array(
    'title' => 'Advanced Configuration ' . $edit_ldap,
    'value' => $description,
    'severity' => "0",
  );

  // bind test
  $description = "Bind Type: " . $test['bind_type'] . "<br/>Bind Result?: " . $test['bind_result_text'];
  if (!$test['bind_success']) {
    $description .= ldaphelp_arraytohtml(array(
      'LDAP Error' => $test['bind_result_error'],
      'LDAP Error Number' => $test['bind_result_errno'],
    ));

    // 49: invalid credentials.
    if ($test['bind_result_errno'] === 49) {
      $suggestions = "<ul>";
      if ($test['bind_type'] == 'anon') {
        $suggestions .= "<li>This LDAP server does not appear to allow anonymous connections.  You will need to supply a dn and password in the advanced settings that can search the LDAP server.</li>";
      }
      else {
        $suggestions .= "<li>The dn and/or password supplied in the advanced configuration section does not seem to be valid for this server.</li>";
      }
      $suggestions .= "</ul>";
      $description .= ldaphelp_arraytohtml(array(
        'Suggestions' => $suggestions,
      ));
    }
  }
  $severity = $test['bind_success'] === TRUE ? "0" : "2";
  $status[] = array(
    'title' => 'Server Bind Test',
    'value' => $description,
    'severity' => $severity,
  );
  if ($test['bind_success'] === TRUE) {
    foreach ($test['basedns'] as $basedn) {
      if (isset($basedn['result']['base_dn_error'])) {
        $usersfound = FALSE;
        $usersfoundtext = "No";
        $validbasedn = $basedn['basedn'];
        $severity = 2;
        $error = array(
          'mal_formed_dn' => "<br/>This Base DN is incorrect: <br/><code>" . $basedn['basedn'] . "</code><br/>Test error was: " . $basedn['result']['base_dn_error'],
        );
        $suggestions = "<br/>Suggestions: <ul>";
        $suggestions .= "<li>Make sure this DN does exists on the server.</li>";
        $suggestions .= "<li>Verify the spelling and capitalization of the DN</li>";
        $suggestions .= "<li>Make sure there are no extra spaces in the DN, e.g. after commas</li>";
        $suggestions .= "</ul>";
        $error['mal_formed_dn'] .= $suggestions;
      }
      elseif (isset($basedn['result']['count'])) {
        $usersfound = TRUE;
        $usersfoundtext = "Yes";
        $severity = 0;
        $error = '';
      }
      else {
        $usersfound = FALSE;
        $usersfoundtext = "No";
        $validbasedn = $basedn['basedn'];
        $severity = 2;
        $error = array();
        $result = ldaphelp_baddn($basedn['basedn'], 'Base DN');
        if (!$result['boolean']) {
          $error['mal_formed_dn'] = $result['text'];
        }
        $error['bind_success_search_failed'] = "<br/>Successfully bound to server <code>" . $ldap['server'] . "</code>, but found" . " no users in generic search (" . $ldap['user_attr'] . "=*)  Suggestions: <ul>";
        if ($basedn['result']['no_user_attr_success'] && !$data['result']['with_user_attr_success']) {
          $error['bind_success_search_failed'] .= "<li> User attribute name <code>" . $ldap['user_attr'] . " </code> may be wrong. Found LDAP entries with search filter <code>CN=*</code>, " . " but not with search filter <code>" . $ldap['user_attr'] . "=*</code>.</li>";
        }

        // no results in either search and anonymous search
        // you are not allowed to perform an anonymous search of your ldap
        // or you meant to perform a non-anonymouse search but left the password empty.
        if ($tests['bind_type'] == 'anon') {
          $error['bind_success_search_failed'] .= "<li>Anonymous searches of your LDAP or the Base DN <code>" . $basedn['basedn'] . " </code> may not be allowed.  Perhaps you need to create or use a service account to query the ldap.</li>";
        }
        else {
          $error['bind_success_search_failed'] .= "<li>The DN and password supplied in the advanced settings area may not have the rights to search your LDAP server and/or the Base DN <code>" . $basedn['basedn'] . " </code>. Check with your LDAP administrator to see that this user can search all your Base DNs.</li>";
        }
        $error['bind_success_search_failed'] .= "<li>Perhaps Base DN is incorrect: <code>" . $basedn['basedn'] . "</code></li>";
        $error['bind_success_search_failed'] .= "<li>Perhaps this Base DN does not have any entries and/or users defined under it.</li>";
        $error['bind_success_search_failed'] .= "</ul>";
      }
      $header = 'Base DN:<br/><code>' . $basedn['basedn'] . '</code>';
      $value = "<br/>Found Users in search of base DN?: <strong>" . $usersfoundtext . "</strong>" . $error['bind_success_search_failed'] . $error['mal_formed_dn'];
      $status[] = array(
        'title' => $header . ' ' . $edit_ldap,
        'value' => $value,
        'severity' => $severity,
      );
    }
  }
  return $status;
}