You are here

simple_ldap_active_group.module in Simple LDAP 7

Same filename and directory in other branches
  1. 7.2 contrib/simple_ldap_active_group/simple_ldap_active_group.module

Main simple_ldap_active_group module file.

File

contrib/simple_ldap_active_group/simple_ldap_active_group.module
View source
<?php

/**
 * @file
 * Main simple_ldap_active_group module file.
 */

/**
 * Implements hook_form_alter().
 */
function simple_ldap_active_group_form_alter(&$form, &$form_state, $form_id) {
  switch ($form_id) {

    // Add a "Default LDAP group" option to the simple_ldap_role admin form.
    case 'simple_ldap_role_admin':
      $form['role']['simple_ldap_active_group_group'] = array(
        '#type' => 'textfield',
        '#title' => t('Default LDAP group'),
        '#default_value' => variable_get('simple_ldap_active_group_group'),
        '#required' => TRUE,
        '#description' => t('This is the group that a user is added to or removed from when the account status is set to active or blocked, respectively.'),
      );
      break;

    // Add an option to disregard the search filter when deleting an user on the
    // simple_ldap_user admin form.
    case 'simple_ldap_user_admin':
      $advanced = array();
      foreach ($form['advanced'] as $key => $value) {
        $advanced[$key] = $value;
        if ($key == 'simple_ldap_user_filter') {
          $advanced['simple_ldap_active_group_delete_filtered'] = array(
            '#type' => 'checkbox',
            '#title' => t('Delete LDAP entries, even if they do not match the filter'),
            '#default_value' => variable_get('simple_ldap_active_group_delete_filtered', FALSE),
            '#description' => t("If this is enabled, a user will be deleted from LDAP when deleted from Drupal, even if the user's DN does not match the specified search filter."),
          );
        }
      }
      $form['advanced'] = $advanced;
      break;
  }
}

/**
 * Implements hook_user_insert().
 *
 * @throw SimpleLdapException
 */
function simple_ldap_active_group_user_insert(&$edit, $account, $category) {
  if ($account->uid != 1) {
    if ($account->status) {
      simple_ldap_active_group_active($account);
    }
    else {
      simple_ldap_active_group_blocked($account);
    }
  }
}

/**
 * Implements hook_user_update().
 *
 * @throw SimpleLdapException
 */
function simple_ldap_active_group_user_update(&$edit, $account, $category) {
  if ($account->uid != 1) {
    if ($account->status) {
      simple_ldap_active_group_active($account);
    }
    else {
      simple_ldap_active_group_blocked($account);
    }
  }
}

/**
 * Implements hook_user_delete().
 *
 * @throw SimpleLdapException
 */
function simple_ldap_active_group_user_delete($account) {

  // Delete an LDAP entry, overriding the search filter imposed by
  // simple_ldap_user.
  if (variable_get('simple_ldap_active_group_delete_filtered', FALSE)) {
    $user_basedn = variable_get('simple_ldap_user_basedn');
    $user_scope = variable_get('simple_ldap_user_scope');
    $user_attribute_name = variable_get('simple_ldap_user_attribute_name');
    $user_filter = '(&(' . $user_attribute_name . '=' . $account->name . ')' . simple_ldap_active_group_filter() . ')';

    // Search for the LDAP user.
    $server = SimpleLdapServer::singleton();
    $ldap_user = $server
      ->search($user_basedn, $user_filter, $user_scope);

    // Delete the LDAP user.
    if ($ldap_user['count'] > 0) {
      $server
        ->delete($ldap_user[0]['dn']);
    }
  }
}

/**
 * Removes a user from the configured default LDAP group.
 *
 * @throw SimpleLdapException
 */
function simple_ldap_active_group_blocked($account) {
  $user_basedn = variable_get('simple_ldap_user_basedn');
  $user_scope = variable_get('simple_ldap_user_scope');
  $user_attribute_name = variable_get('simple_ldap_user_attribute_name');
  $user_filter = '(&(' . $user_attribute_name . '=' . $account->name . ')' . simple_ldap_active_group_filter() . ')';
  $group_dn = variable_get('simple_ldap_active_group_group');

  // Search for the LDAP user and group.
  $server = SimpleLdapServer::singleton();
  $ldap_user = $server
    ->search($user_basedn, $user_filter, $user_scope);
  $ldap_group = $server
    ->search($group_dn, 'objectclass=*', 'base');

  // Verify that a user and group were both found in LDAP.
  if ($ldap_group['count'] > 0 && $ldap_user['count'] > 0) {
    $user_dn = $ldap_user[0]['dn'];

    // Check if the user is in the group.
    if (in_array($user_dn, $ldap_group[0]['member'])) {

      // Check if the user is the last member of the group.
      if ($ldap_group[0]['member']['count'] == 1) {
        $server
          ->modify($group_dn, array(
          'member' => variable_get('simple_ldap_role_attribute_member_default'),
        ), 'add');
      }

      // Delete the user from the group.
      $server
        ->modify($group_dn, array(
        'member' => $user_dn,
      ), 'del');
    }
  }
}

/**
 * Adds a user to the configured default LDAP group.
 *
 * @throw SimpleLdapException
 */
function simple_ldap_active_group_active($account) {
  $user_basedn = variable_get('simple_ldap_user_basedn');
  $user_scope = variable_get('simple_ldap_user_scope');
  $user_attribute_name = variable_get('simple_ldap_user_attribute_name');
  $user_filter = '(&(' . $user_attribute_name . '=' . $account->name . ')' . simple_ldap_active_group_filter() . ')';
  $group_dn = variable_get('simple_ldap_active_group_group');

  // Search for the LDAP user and group.
  $server = SimpleLdapServer::singleton();
  $ldap_user = $server
    ->search($user_basedn, $user_filter, $user_scope);
  $ldap_group = $server
    ->search($group_dn, 'objectclass=*', 'base');

  // Verify that a user and group were both found in LDAP.
  if ($ldap_group['count'] > 0 && $ldap_user['count'] > 0) {
    $user_dn = $ldap_user[0]['dn'];

    // Check if the user is in the group.
    if (!in_array($user_dn, $ldap_group[0]['member'])) {

      // Add the user to the group.
      $attributes = array(
        'member' => $user_dn,
      );
      $server
        ->modify($group_dn, $attributes, 'add');
    }
  }
}

/**
 * Creates a search filter based on the simple_ldap_user configuration.
 */
function simple_ldap_active_group_filter() {
  $objectclass = variable_get('simple_ldap_user_objectclass', array(
    '*',
  ));
  $filter = '(&(objectclass=' . implode(')(objectclass=', $objectclass) . '))';
  return $filter;
}

Functions

Namesort descending Description
simple_ldap_active_group_active Adds a user to the configured default LDAP group.
simple_ldap_active_group_blocked Removes a user from the configured default LDAP group.
simple_ldap_active_group_filter Creates a search filter based on the simple_ldap_user configuration.
simple_ldap_active_group_form_alter Implements hook_form_alter().
simple_ldap_active_group_user_delete Implements hook_user_delete().
simple_ldap_active_group_user_insert Implements hook_user_insert().
simple_ldap_active_group_user_update Implements hook_user_update().