simple_ldap_active_group.module in Simple LDAP 7
Same filename and directory in other branches
Main simple_ldap_active_group module file.
File
contrib/simple_ldap_active_group/simple_ldap_active_group.moduleView source
<?php
/**
* @file
* Main simple_ldap_active_group module file.
*/
/**
* Implements hook_form_alter().
*/
function simple_ldap_active_group_form_alter(&$form, &$form_state, $form_id) {
switch ($form_id) {
// Add a "Default LDAP group" option to the simple_ldap_role admin form.
case 'simple_ldap_role_admin':
$form['role']['simple_ldap_active_group_group'] = array(
'#type' => 'textfield',
'#title' => t('Default LDAP group'),
'#default_value' => variable_get('simple_ldap_active_group_group'),
'#required' => TRUE,
'#description' => t('This is the group that a user is added to or removed from when the account status is set to active or blocked, respectively.'),
);
break;
// Add an option to disregard the search filter when deleting an user on the
// simple_ldap_user admin form.
case 'simple_ldap_user_admin':
$advanced = array();
foreach ($form['advanced'] as $key => $value) {
$advanced[$key] = $value;
if ($key == 'simple_ldap_user_filter') {
$advanced['simple_ldap_active_group_delete_filtered'] = array(
'#type' => 'checkbox',
'#title' => t('Delete LDAP entries, even if they do not match the filter'),
'#default_value' => variable_get('simple_ldap_active_group_delete_filtered', FALSE),
'#description' => t("If this is enabled, a user will be deleted from LDAP when deleted from Drupal, even if the user's DN does not match the specified search filter."),
);
}
}
$form['advanced'] = $advanced;
break;
}
}
/**
* Implements hook_user_insert().
*
* @throw SimpleLdapException
*/
function simple_ldap_active_group_user_insert(&$edit, $account, $category) {
if ($account->uid != 1) {
if ($account->status) {
simple_ldap_active_group_active($account);
}
else {
simple_ldap_active_group_blocked($account);
}
}
}
/**
* Implements hook_user_update().
*
* @throw SimpleLdapException
*/
function simple_ldap_active_group_user_update(&$edit, $account, $category) {
if ($account->uid != 1) {
if ($account->status) {
simple_ldap_active_group_active($account);
}
else {
simple_ldap_active_group_blocked($account);
}
}
}
/**
* Implements hook_user_delete().
*
* @throw SimpleLdapException
*/
function simple_ldap_active_group_user_delete($account) {
// Delete an LDAP entry, overriding the search filter imposed by
// simple_ldap_user.
if (variable_get('simple_ldap_active_group_delete_filtered', FALSE)) {
$user_basedn = variable_get('simple_ldap_user_basedn');
$user_scope = variable_get('simple_ldap_user_scope');
$user_attribute_name = variable_get('simple_ldap_user_attribute_name');
$user_filter = '(&(' . $user_attribute_name . '=' . $account->name . ')' . simple_ldap_active_group_filter() . ')';
// Search for the LDAP user.
$server = SimpleLdapServer::singleton();
$ldap_user = $server
->search($user_basedn, $user_filter, $user_scope);
// Delete the LDAP user.
if ($ldap_user['count'] > 0) {
$server
->delete($ldap_user[0]['dn']);
}
}
}
/**
* Removes a user from the configured default LDAP group.
*
* @throw SimpleLdapException
*/
function simple_ldap_active_group_blocked($account) {
$user_basedn = variable_get('simple_ldap_user_basedn');
$user_scope = variable_get('simple_ldap_user_scope');
$user_attribute_name = variable_get('simple_ldap_user_attribute_name');
$user_filter = '(&(' . $user_attribute_name . '=' . $account->name . ')' . simple_ldap_active_group_filter() . ')';
$group_dn = variable_get('simple_ldap_active_group_group');
// Search for the LDAP user and group.
$server = SimpleLdapServer::singleton();
$ldap_user = $server
->search($user_basedn, $user_filter, $user_scope);
$ldap_group = $server
->search($group_dn, 'objectclass=*', 'base');
// Verify that a user and group were both found in LDAP.
if ($ldap_group['count'] > 0 && $ldap_user['count'] > 0) {
$user_dn = $ldap_user[0]['dn'];
// Check if the user is in the group.
if (in_array($user_dn, $ldap_group[0]['member'])) {
// Check if the user is the last member of the group.
if ($ldap_group[0]['member']['count'] == 1) {
$server
->modify($group_dn, array(
'member' => variable_get('simple_ldap_role_attribute_member_default'),
), 'add');
}
// Delete the user from the group.
$server
->modify($group_dn, array(
'member' => $user_dn,
), 'del');
}
}
}
/**
* Adds a user to the configured default LDAP group.
*
* @throw SimpleLdapException
*/
function simple_ldap_active_group_active($account) {
$user_basedn = variable_get('simple_ldap_user_basedn');
$user_scope = variable_get('simple_ldap_user_scope');
$user_attribute_name = variable_get('simple_ldap_user_attribute_name');
$user_filter = '(&(' . $user_attribute_name . '=' . $account->name . ')' . simple_ldap_active_group_filter() . ')';
$group_dn = variable_get('simple_ldap_active_group_group');
// Search for the LDAP user and group.
$server = SimpleLdapServer::singleton();
$ldap_user = $server
->search($user_basedn, $user_filter, $user_scope);
$ldap_group = $server
->search($group_dn, 'objectclass=*', 'base');
// Verify that a user and group were both found in LDAP.
if ($ldap_group['count'] > 0 && $ldap_user['count'] > 0) {
$user_dn = $ldap_user[0]['dn'];
// Check if the user is in the group.
if (!in_array($user_dn, $ldap_group[0]['member'])) {
// Add the user to the group.
$attributes = array(
'member' => $user_dn,
);
$server
->modify($group_dn, $attributes, 'add');
}
}
}
/**
* Creates a search filter based on the simple_ldap_user configuration.
*/
function simple_ldap_active_group_filter() {
$objectclass = variable_get('simple_ldap_user_objectclass', array(
'*',
));
$filter = '(&(objectclass=' . implode(')(objectclass=', $objectclass) . '))';
return $filter;
}Functions
Name |
Description |
|---|---|
| simple_ldap_active_group_active | Adds a user to the configured default LDAP group. |
| simple_ldap_active_group_blocked | Removes a user from the configured default LDAP group. |
| simple_ldap_active_group_filter | Creates a search filter based on the simple_ldap_user configuration. |
| simple_ldap_active_group_form_alter | Implements hook_form_alter(). |
| simple_ldap_active_group_user_delete | Implements hook_user_delete(). |
| simple_ldap_active_group_user_insert | Implements hook_user_insert(). |
| simple_ldap_active_group_user_update | Implements hook_user_update(). |