You are here

Home » API reference » Simple LDAP 7.2 » simple_ldap_role.admin.inc

function simple_ldap_role_admin in Simple LDAP 7.2

Same name and namespace in other branches
  1. 7 simple_ldap_role/simple_ldap_role.admin.inc \simple_ldap_role_admin()

Simple LDAP Role configuration form.

2 string references to 'simple_ldap_role_admin'
simple_ldap_active_group_form_alter in contrib/simple_ldap_active_group/simple_ldap_active_group.module
Implements hook_form_alter().
simple_ldap_role_menu in simple_ldap_role/simple_ldap_role.module
Implements hook_menu().

File

simple_ldap_role/simple_ldap_role.admin.inc, line 10
Functions for Simple LDAP Role admin interface.

Code

function simple_ldap_role_admin($form, &$form_state) {
  $form = array();

  // Get an LDAP server object.
  $server = SimpleLdapServer::singleton();

  // Verify LDAP server connectivity.
  if (!$server
    ->bind()) {
    drupal_set_message(t('Unable to bind to the LDAP server.  Please check the <a href="@url">server configuration.</a>', array(
      '@url',
      url('admin/config/people/simple_ldap'),
    )), 'warning');
    return $form;
  }

  // String to append to items disabled by $server->readonly.
  $readonly_note = $server->readonly ? ' (' . t('Disabled by LDAP Server configuration.') . ')' : '';

  // Generate a list of object classes supported by the server.
  $objectclasses = $server->schema
    ->get('objectclasses');
  foreach ($objectclasses as $key => $objectclass) {
    $objectclasses[$key] = $objectclass['name'];
  }
  asort($objectclasses);

  // Derive directory-specific values to use in the form.
  switch ($server->type) {
    case 'Active Directory':
      $readonly = TRUE;
      $objectclass_selected = simple_ldap_role_variable_get('simple_ldap_role_objectclass', NULL, TRUE);
      $attribute_name_selected = simple_ldap_role_variable_get('simple_ldap_role_attribute_name', NULL, TRUE);
      $attribute_member_selected = simple_ldap_role_variable_get('simple_ldap_role_attribute_member', NULL, TRUE);
      $attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format', NULL, TRUE);

      // Generate a list of attributes for the selected objectclass.
      $attributes = array(
        $attribute_name_selected => $attribute_name_selected,
        $attribute_member_selected => $attribute_member_selected,
      );
      break;
    case 'OpenLDAP':
    default:
      $readonly = FALSE;
      $objectclass_selected = isset($form_state['values']['simple_ldap_role_objectclass']) ? $form_state['values']['simple_ldap_role_objectclass'] : simple_ldap_role_variable_get('simple_ldap_role_objectclass');
      $attribute_name_selected = isset($form_state['values']['simple_ldap_role_attribute_name']) ? $form_state['values']['simple_ldap_role_attribute_name'] : simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
      $attribute_member_selected = isset($form_state['values']['simple_ldap_role_attribute_member']) ? $form_state['values']['simple_ldap_role_attribute_member'] : simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
      $attribute_member_format = simple_ldap_role_variable_get('simple_ldap_role_attribute_member_format');

      // Generate a list of attributes for the selected objectclass.
      $attributes = array();
      foreach ($objectclass_selected as $objectclass) {
        try {
          $result = $server->schema
            ->attributes($objectclass, TRUE);
          foreach ($result as $attribute) {
            $attributes[strtolower($attribute)] = $attribute;
          }
        } catch (SimpleLdapException $e) {

          // Just absorb the exception. This means that an objectclass was
          // specified that does not exist on the server. Just don't add any
          // attributes to the list in this case.
        }
      }
      asort($attributes);
  }
  $form['role'] = array(
    '#type' => 'fieldset',
    '#title' => t('LDAP Roles'),
  );
  $form['role']['simple_ldap_role_basedn'] = array(
    '#type' => 'textfield',
    '#title' => t('Base DN'),
    '#default_value' => simple_ldap_role_variable_get('simple_ldap_role_basedn'),
    '#required' => TRUE,
    '#description' => t('The Base DN that will be searched for roles.'),
  );
  $form['role']['simple_ldap_role_scope'] = array(
    '#type' => 'radios',
    '#title' => t('Search scope'),
    '#options' => array(
      'sub' => t('Subtree - Search the base DN and all of its children for roles.'),
      'one' => t('One-level - Do not include children of the base DN while searching for roles.'),
    ),
    '#required' => TRUE,
    '#default_value' => simple_ldap_role_variable_get('simple_ldap_role_scope'),
  );
  $form['role']['simple_ldap_role_objectclass'] = array(
    '#type' => 'select',
    '#title' => t('Role objectClass'),
    '#options' => $objectclasses,
    '#default_value' => $objectclass_selected,
    '#required' => TRUE,
    '#multiple' => TRUE,
    '#size' => 10,
    '#description' => t('Which LDAP objectClass should be used when searching for a role.'),
    '#disabled' => $readonly,
    '#ajax' => array(
      'callback' => 'simple_ldap_role_objectclass_ajax',
      'wrapper' => 'simple-ldap-role-attributes',
    ),
  );
  $form['role']['simple_ldap_role_attribute_name'] = array(
    '#type' => 'select',
    '#title' => t('Role name attribute'),
    '#prefix' => '<div id="simple-ldap-role-attributes">',
    '#options' => $attributes,
    '#required' => TRUE,
    '#description' => t('Which LDAP attribute should be mapped to a Drupal role name.  This is commonly "cn".'),
    '#disabled' => $readonly,
  );

  // Set default value if it exists in the list of attributes. If a default
  // value is not set, the empty option is selected.
  if (array_key_exists($attribute_name_selected, $attributes)) {
    $form['role']['simple_ldap_role_attribute_name']['#default_value'] = $attribute_name_selected;
  }
  $form['role']['simple_ldap_role_attribute_member'] = array(
    '#type' => 'select',
    '#title' => t('Role member attribute'),
    '#suffix' => '</div>',
    '#options' => $attributes,
    '#required' => TRUE,
    '#description' => t('Which LDAP attribute defines the members of the role.  This is commonly "member".'),
    '#disabled' => $readonly,
    '#ajax' => array(
      'callback' => 'simple_ldap_role_attribute_member_ajax',
      'wrapper' => 'simple-ldap-role-attribute-member-default',
    ),
  );

  // Set default value if it exists in the list of attributes. If a default
  // value is not set, the empty option is selected.
  if (array_key_exists($attribute_member_selected, $attributes)) {
    $form['role']['simple_ldap_role_attribute_member']['#default_value'] = $attribute_member_selected;
  }
  $form['advanced'] = array(
    '#type' => 'fieldset',
    '#title' => t('Advanced'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['advanced']['simple_ldap_role_filter'] = array(
    '#type' => 'textfield',
    '#title' => t('Search filter'),
    '#default_value' => simple_ldap_role_variable_get('simple_ldap_role_filter'),
    '#description' => t('This filter will be combined with the normal search filter to find groups.  This can be used to require a certain attribute be present, for example.'),
  );
  $form['advanced']['simple_ldap_role_source'] = array(
    '#type' => 'radios',
    '#title' => t('Authoritative data source') . $readonly_note,
    '#options' => array(
      'ldap' => t('LDAP'),
      'drupal' => t('Drupal'),
    ),
    '#default_value' => simple_ldap_role_variable_get('simple_ldap_role_source'),
    '#disabled' => $server->readonly,
    '#description' => t('This determines the behavior of the data sync in the event of a conflict between LDAP and Drupal.'),
  );
  $form['advanced']['simple_ldap_role_sync'] = array(
    '#type' => 'radios',
    '#title' => t('Synchronization trigger'),
    '#options' => array(
      'hook_user_load' => t('Every time a user object is loaded from the database. (More real-time, best if there are frequent changes.)'),
      'hook_user_login' => t('Every time a user logs in. (Less LDAP traffic, best if changes are rare.)'),
    ),
    '#default_value' => simple_ldap_role_variable_get('simple_ldap_role_sync'),
  );
  $form['advanced']['simple_ldap_role_attribute_member_format'] = array(
    '#type' => 'radios',
    '#title' => t('Group member format'),
    '#options' => array(
      'dn' => t('DN'),
      'name' => t('Name'),
    ),
    '#default_value' => $attribute_member_format,
    '#disabled' => $readonly,
  );
  $required = FALSE;
  foreach ($objectclass_selected as $objectclass) {
    $must = $server->schema
      ->must($objectclass, TRUE);
    $required = $required || in_array($attribute_member_selected, $must);
  }
  $note = $required ? '' : ' (' . t('@attribute is not a required attribute of the selected objectclasses', array(
    '@attribute' => $attributes[$attribute_member_selected],
  )) . ')';
  $form['advanced']['simple_ldap_role_attribute_member_default'] = array(
    '#type' => 'textfield',
    '#title' => t('Default group member') . $note . $readonly_note,
    '#default_value' => simple_ldap_role_variable_get('simple_ldap_role_attribute_member_default'),
    '#disabled' => $server->readonly,
    '#description' => t('If the selected member attribute is a required attribute of the selected objectclass, then every LDAP group must have at least one member.  The value here will be used as that default member in the event that the group would otherwise be empty.  Leave this blank if the group should be deleted instead.'),
    '#prefix' => '<div id="simple-ldap-role-attribute-member-default">',
    '#suffix' => '</div>',
  );
  return system_settings_form($form);
}