simple_ldap_user.admin.inc in Simple LDAP 7.2
Same filename and directory in other branches
Functions for Simple LDAP User admin interface.
File
simple_ldap_user/simple_ldap_user.admin.incView source
<?php
/**
* @file
* Functions for Simple LDAP User admin interface.
*/
/**
* Simple LDAP User configuration form.
*/
function simple_ldap_user_admin($form, &$form_state) {
// If we're the one's doing password management, we have a hook_form_FORM_ID_alter() to include.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$form = array();
// Get an LDAP server object.
$server = SimpleLdapServer::singleton();
// Verify LDAP server connectivity.
if (!$server
->bind()) {
drupal_set_message(t('Unable to bind to the LDAP server. Check the <a href="@url">server configuration.</a>', array(
'@url' => url('admin/config/people/simple_ldap'),
)), 'warning');
return $form;
}
// String to append to items disabled by $server->readonly.
$disabled_note = $server->readonly ? t('(Disabled by LDAP Server configuration.)') : '';
// Generate a list of structural and auxiliary object classes supported by
// the server.
$auxiliary_classes_options = $server->schema
->auxiliary('name');
$object_classes_options = $server->schema
->structural('name');
asort($auxiliary_classes_options);
asort($object_classes_options);
$object_class_selected = isset($form_state['values']['simple_ldap_user_objectclass']) ? $form_state['values']['simple_ldap_user_objectclass'] : simple_ldap_user_variable_get('simple_ldap_user_objectclass');
$auxiliary_classes_selected = isset($form_state['values']['simple_ldap_user_auxiliaryclasses']) ? $form_state['values']['simple_ldap_user_auxiliaryclasses'] : simple_ldap_user_variable_get('simple_ldap_user_auxiliaryclasses');
$attribute_name_selected = isset($form_state['values']['simple_ldap_user_attribute_name']) ? $form_state['values']['simple_ldap_user_attribute_name'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
$attribute_mail_selected = isset($form_state['values']['simple_ldap_user_attribute_mail']) ? $form_state['values']['simple_ldap_user_attribute_mail'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_mail');
$attribute_pass_selected = isset($form_state['values']['simple_ldap_user_attribute_pass']) ? $form_state['values']['simple_ldap_user_attribute_pass'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_pass');
$password_hash_selected = simple_ldap_user_variable_get('simple_ldap_user_password_hash');
$attribute_rdn_selected = simple_ldap_user_variable_get('simple_ldap_user_attribute_rdn');
// Get the list of selected classes, pull all valid attributes for them.
$classes = simple_ldap_user_parent_objectclasses($object_class_selected);
$classes = array_merge($classes, simple_ldap_user_parent_objectclasses($auxiliary_classes_selected));
$attributes = simple_ldap_user_class_attrs_as_options($classes);
$form['user'] = array(
'#type' => 'fieldset',
'#title' => t('LDAP Users'),
);
$form['user']['simple_ldap_user_basedn'] = array(
'#type' => 'textfield',
'#title' => t('Base DN'),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_basedn'),
'#required' => TRUE,
'#description' => t('The Base DN that will be searched for user accounts.'),
);
$form['user']['simple_ldap_user_scope'] = array(
'#type' => 'radios',
'#title' => t('Search scope'),
'#options' => array(
'sub' => t('Subtree - Search the base DN and all of its children for user accounts.'),
'one' => t('One-level - Do not include children of the base DN while searching for user accounts.'),
),
'#required' => TRUE,
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_scope'),
);
$form['user']['simple_ldap_user_objectclass'] = array(
'#type' => 'select',
'#title' => t('User objectClass'),
'#options' => $object_classes_options,
'#default_value' => $object_class_selected,
'#required' => TRUE,
'#multiple' => FALSE,
'#description' => t('Which LDAP structural objectClass should be used when searching for, or creating, a user.'),
'#ajax' => array(
'callback' => 'simple_ldap_user_objectclass_ajax',
'wrapper' => 'simple-ldap-user-attributes',
),
);
$form['user']['simple_ldap_user_auxiliaryclasses'] = array(
'#type' => 'select',
'#title' => t('User Auxiliary Classes'),
'#options' => $auxiliary_classes_options,
'#default_value' => $auxiliary_classes_selected,
'#required' => FALSE,
'#multiple' => TRUE,
'#size' => 10,
'#description' => t('Which LDAP auxiliary object classes, if any, should be used when searching for, or creating, a user.'),
'#ajax' => array(
'callback' => 'simple_ldap_user_objectclass_ajax',
'wrapper' => 'simple-ldap-user-attributes',
),
);
$form['user']['simple_ldap_user_attribute_name'] = array(
'#type' => 'select',
'#title' => t('Username attribute'),
'#prefix' => '<div id="simple-ldap-user-attributes">',
'#options' => $attributes,
'#required' => TRUE,
'#description' => t('Which LDAP attribute should be mapped to a Drupal username. This is commonly "cn" or "uid".'),
'#default_value' => $attribute_name_selected,
);
$form['user']['simple_ldap_user_attribute_mail'] = array(
'#type' => 'select',
'#title' => t('Email attribute'),
'#options' => $attributes,
'#required' => TRUE,
'#description' => t('Which LDAP attribute should be mapped to a Drupal user\'s email address. This is commonly "mail".'),
'#default_value' => $attribute_mail_selected,
);
$form['user']['simple_ldap_user_attribute_pass'] = array(
'#type' => 'select',
'#title' => t('Password attribute') . $disabled_note,
'#suffix' => '</div>',
'#options' => $attributes,
'#description' => t('Which LDAP attribute should be mapped to a Drupal user\'s password. This is only used for password resets, not for authentication, and is commonly "userPassword".'),
'#empty_value' => FALSE,
'#default_value' => $attribute_pass_selected,
);
$form['user']['simple_ldap_user_password_hash'] = array(
'#type' => 'select',
'#title' => t('Password hashing algorithm') . $disabled_note,
'#options' => SimpleLdap::hashes(),
'#description' => t('Which encryption algorithm should be used to encrypt passwords when writing to LDAP.'),
'#default_value' => $password_hash_selected,
'#empty_value' => 'none',
);
// LDAP user admin advanced form.
$form['advanced'] = array(
'#type' => 'fieldset',
'#title' => t('Advanced'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
);
$form['advanced']['simple_ldap_user_filter'] = array(
'#type' => 'textfield',
'#title' => t('Search filter'),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_filter'),
'#description' => t('This filter will be combined with the normal search filter to find users. This can be used to require a certain attribute be present, for example.'),
);
$form['advanced']['simple_ldap_user_source'] = array(
'#type' => 'radios',
'#title' => t('Authoritative data source') . $disabled_note,
'#options' => array(
'ldap' => t('LDAP'),
'drupal' => t('Drupal'),
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_source'),
'#disabled' => $server->readonly,
'#description' => t('This determines the behavior of the data sync in the event of a conflict between LDAP and Drupal.'),
);
$form['advanced']['simple_ldap_user_sync'] = array(
'#type' => 'radios',
'#title' => t('Synchronization trigger'),
'#options' => array(
'hook_user_load' => t('Every time a user object is loaded from the database. (More real-time, best if there are frequent changes.)'),
'hook_user_login' => t('Every time a user logs in. (Less LDAP traffic, best if changes are rare.)'),
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_sync'),
);
$form['advanced']['simple_ldap_user_delete_from_ldap'] = array(
'#type' => 'radios',
'#title' => t('Delete from LDAP on user delete?'),
'#options' => array(
'0' => t('Never'),
'1' => t('Always'),
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_delete_from_ldap'),
);
// Generate a table to display the attribute map if one is configured.
$table = '';
$attribute_map = simple_ldap_user_variable_get('simple_ldap_user_attribute_map');
if (!empty($attribute_map)) {
$table = '<table>';
$table .= '<thead><tr><th>' . t('LDAP attribute') . '</th><th>' . t('Drupal attribute') . '</th></tr></thead>';
$table .= '<tbody>';
$class = 'odd';
foreach ($attribute_map as $ldap_item => $item) {
$table .= '<tr class="' . $class . '">';
$table .= '<td>' . $ldap_item . '</td>';
$table .= '<td>' . implode(' ', $item) . '</td>';
$table .= '</tr>';
$class = $class == 'odd' ? 'even' : 'odd';
}
$table .= '</tbody></table>';
}
$form['advanced']['simple_ldap_user_attribute_map'] = array(
'#type' => 'item',
'#title' => t('Attribute map'),
'#weight' => 10,
'#description' => $table . t('Additional attribute maps can be specified in settings.php using $conf[\'simple_ldap_user_attribute_map\']. See README.txt for more details.'),
);
$attribute_map = simple_ldap_user_variable_get('simple_ldap_user_attribute_map');
if (!empty($attribute_map)) {
// Generate a list of attribute names from the attribute map. This pulls
// from the schema to make the human-readable version have the right case.
$options = array();
foreach ($attribute_map as $ldap_attr => $drupal_field) {
$attribute_type = $server->schema
->get('attributeTypes', $ldap_attr);
$options[$ldap_attr] = $attribute_type['name'];
}
asort($options);
$form['advanced']['simple_ldap_user_attribute_rdn'] = array(
'#type' => 'select',
'#title' => t('Relative Distinguished Name (RDN) attribute'),
'#options' => $options,
'#empty_value' => '',
'#default_value' => $attribute_rdn_selected,
'#description' => t('Any of the mapped attributes can be used as the RDN value when provisioning a new LDAP user entry. If set to "None", the Username attribute specified above will be used.'),
'#disabled' => $server->readonly,
);
$form['advanced']['simple_ldap_user_unique_attribute'] = array(
'#type' => 'textfield',
'#title' => t('UUID Attribute (PUID)'),
'#description' => t('Enter the name of the attribute that remains persistant even through name changes. Active Directory uses "objectGUID". OpenLDAP, Apache DS and most others use "entryUUID".'),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_unique_attribute'),
);
}
return system_settings_form($form);
}
/**
* Handle simple_ldap_user_objectclass ajax calls.
*/
function simple_ldap_user_objectclass_ajax($form, $form_state) {
return array(
$form['user']['simple_ldap_user_attribute_name'],
$form['user']['simple_ldap_user_attribute_mail'],
$form['user']['simple_ldap_user_attribute_pass'],
);
}
/**
* Admin form for mapping Drupal user attributes to LDAP attributes
*/
function simple_ldap_user_profile_map_form($form, $form_state) {
$form = array();
// Pull the fields defined for user profiles
// ToDo: Support user profile modules
$user_fields = simple_ldap_user_user_fields();
$unmapped_required = array();
$classes = simple_ldap_user_profile_classes();
$options = simple_ldap_user_class_attrs_as_options($classes);
// Finally, build the form
$form['header'] = array(
'#type' => 'markup',
'#markup' => '<p>' . t('Select LDAP attributes to map to the Drupal user fields below. LDAP attributes marked with an askterisk (*) are required by the LDAP schema and must be assigned to a Drupal fields. LDAP attributes should be mapped to at most one Drupal fields.</p><p>Username, Email and Password mappings are also done on the User tab.') . '</p>',
);
$form['attributes'] = array(
'#type' => 'fieldset',
'#title' => t('Drupal Fields to LDAP Attributes'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
'#weight' => 10,
);
foreach ($user_fields as $key => $field) {
// Removed mapped fields from the list of MUST attributes.
$mapped_attribute = simple_ldap_user_variable_get('simple_ldap_user_attribute_' . $key);
unset($unmapped_required[$mapped_attribute]);
// Add a form field.
$form['attributes']['simple_ldap_user_attribute_' . $key] = array(
'#type' => 'select',
'#title' => $field['label'],
'#description' => $field['description'],
'#options' => $options,
'#required' => $field['required'],
'#default_value' => $mapped_attribute,
);
}
// Give a warning about unmapped attributes.
if (!empty($unmapped_required)) {
drupal_set_message(t('The following attributes are required by the selected user object class(es), but are not mapped. They should be mapped here or given default values in <code>hook_simple_ldap_user_to_ldap_alter()</code>. If they are not set, writes to LDAP may fail with an <em>object class violation</em>. !list', array(
'!list' => theme('item_list', array(
'items' => $unmapped_required,
)),
)), 'warning');
}
$attribute_map = simple_ldap_user_variable_get('simple_ldap_user_attribute_map');
$delimiter_options = array(
'array' => t('Multivalue field (array)'),
'cr' => t('Multiline field (\\r)'),
'dollar' => t('Dollar sign ($)'),
);
foreach ($attribute_map as $key => $value) {
if (is_array($value) && count($value) > 1) {
$form['delimiters']['simple_ldap_user_delimiter_' . $key] = array(
'#type' => 'select',
'#title' => $key,
'#options' => $delimiter_options,
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_delimiter_' . $key),
);
}
}
if (!empty($form['delimiters'])) {
$form['delimiters'] += array(
'#type' => 'fieldset',
'#title' => t('Multiple Value Field Delimiters'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
'#weight' => 20,
);
}
$form['extra_attrs_fieldset'] = array(
'#type' => 'fieldset',
'#title' => t('Load Additional Attributes'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
'#weight' => 30,
);
$form['extra_attrs_fieldset']['simple_ldap_user_extra_attrs'] = array(
'#type' => 'select',
'#title' => t('Extra Attributes'),
'#description' => t('Select additional unmapped attributes to load.'),
'#options' => $options,
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_extra_attrs'),
'#multiple' => TRUE,
'#attached' => array(
'css' => array(
drupal_get_path('module', 'simple_ldap_user') . '/simple_ldap_user_admin.css',
),
),
);
$form = system_settings_form($form);
$form['#submit'][] = 'simple_ldap_user_profile_map_form_submit';
return $form;
}
function simple_ldap_user_profile_map_form_submit($form, &$form_state) {
$user_fields = array_keys(simple_ldap_user_user_fields());
$attribute_map = array();
foreach ($form_state['values'] as $key => $value) {
if (strpos($key, 'simple_ldap_user_attribute_') !== FALSE && !empty($value)) {
$field = substr($key, 27);
$attribute_map[$value][] = $field;
}
if (strpos($key, 'simple_ldap_user_delimiter_') !== FALSE && !empty($value)) {
$attr = substr($key, 27);
if ($value == 'array') {
unset($attribute_map[$attr]['#delimiter']);
}
else {
$attribute_map[$attr]["#delimiter"] = $value == 'cr' ? "\r" : '$';
}
}
}
// Remove #delimiter from singleton values
foreach ($attribute_map as $key => &$values) {
if (array_key_exists('#delimiter', $values)) {
if (count($values) == 2) {
unset($values['#delimiter']);
variable_del('simple_ldap_user_delimiter_' . $key);
}
}
}
variable_set('simple_ldap_user_attribute_map', $attribute_map);
}
/**
* Form to handle mass user import.
*/
function simple_ldap_user_import($form, &$form_state) {
$form = array();
// Get LDAP Configuration.
$server = SimpleLdapServer::singleton();
$basedn = simple_ldap_user_variable_get('simple_ldap_user_basedn');
$scope = simple_ldap_user_variable_get('simple_ldap_user_scope');
$attribute_name = strtolower(simple_ldap_user_variable_get('simple_ldap_user_attribute_name'));
$filter = '(&(' . $attribute_name . '=*)' . SimpleLdapUser::filter() . ')';
// Get a list of users that would be imported.
$ldap_users = SimpleLdap::clean($server
->search($basedn, $filter, $scope, array(
'dn',
$attribute_name,
)));
// Reformat the LDAP array.
$users = array();
foreach ($ldap_users as $dn => $entry) {
$users[$entry[$attribute_name][0]] = $entry[$attribute_name][0];
}
asort($users);
$form['users'] = array(
'#type' => 'checkboxes',
'#title' => t('Import these users (@count)', array(
'@count' => count($users),
)),
'#options' => $users,
'#default_value' => array_keys($users),
'#checkall' => TRUE,
);
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Import'),
);
return $form;
}
/**
* Submit handler for mass user import.
*/
function simple_ldap_user_import_submit($form, &$form_state) {
$operations = array();
foreach ($form_state['input']['users'] as $user) {
if (!empty($user)) {
$operations[] = array(
'simple_ldap_user_import_user',
array(
$user,
),
);
}
}
$form_state['redirect'] = 'admin/people';
$batch = array(
'operations' => $operations,
'finished' => 'simple_ldap_user_import_finished',
'file' => drupal_get_path('module', 'simple_ldap_user') . '/simple_ldap_user.admin.inc',
);
batch_set($batch);
}
/**
* Batch process function for mass user import.
*/
function simple_ldap_user_import_user($name, &$context) {
$drupal_user = simple_ldap_user_load_or_create_by_name($name);
$context['message'] = 'Importing ' . $name;
$context['results'][$name] = !empty($drupal_user);
}
/**
* Called when the mass user import batch is finished.
*/
function simple_ldap_user_import_finished($success, $results, $operations) {
if ($success) {
drupal_set_message(t('Imported @count users from LDAP.', array(
'@count' => count($results),
)));
}
else {
drupal_set_message(t('A problem occurred while importing the users from LDAP.'));
}
}Functions
Name |
Description |
|---|---|
| simple_ldap_user_admin | Simple LDAP User configuration form. |
| simple_ldap_user_import | Form to handle mass user import. |
| simple_ldap_user_import_finished | Called when the mass user import batch is finished. |
| simple_ldap_user_import_submit | Submit handler for mass user import. |
| simple_ldap_user_import_user | Batch process function for mass user import. |
| simple_ldap_user_objectclass_ajax | Handle simple_ldap_user_objectclass ajax calls. |
| simple_ldap_user_profile_map_form | Admin form for mapping Drupal user attributes to LDAP attributes |
| simple_ldap_user_profile_map_form_submit |