function simple_ldap_user_admin in Simple LDAP 7
Same name and namespace in other branches
- 7.2 simple_ldap_user/simple_ldap_user.admin.inc \simple_ldap_user_admin()
Simple LDAP User configuration form.
2 string references to 'simple_ldap_user_admin'
- simple_ldap_active_group_form_alter in contrib/
simple_ldap_active_group/ simple_ldap_active_group.module - Implements hook_form_alter().
- simple_ldap_user_menu in simple_ldap_user/
simple_ldap_user.module - Implements hook_menu().
File
- simple_ldap_user/
simple_ldap_user.admin.inc, line 10 - Functions for Simple LDAP User admin interface.
Code
function simple_ldap_user_admin($form, &$form_state) {
$form = array();
// Get an LDAP server object.
$server = SimpleLdapServer::singleton();
// Verify LDAP server connectivity.
if (!$server
->bind()) {
drupal_set_message(t('Unable to bind to the LDAP server.') . ' ' . l(t('Check the server configuration.'), 'admin/config/people/simple_ldap'), 'warning');
return $form;
}
// String to append to items disabled by $server->readonly.
$disabled_note = $server->readonly ? ' (' . t('Disabled by LDAP Server configuration.') . ')' : '';
// Generate a list of object classes supported by the server.
$objectclasses = $server->schema
->get('objectclasses');
foreach ($objectclasses as $key => $objectclass) {
$objectclasses[$key] = $objectclass['name'];
}
asort($objectclasses);
// Derive directory-specific values to use in the form.
switch ($server->type) {
case 'Active Directory':
$readonly = TRUE;
$objectclass_selected = simple_ldap_user_variable_get('simple_ldap_user_objectclass', NULL, TRUE);
$attribute_name_selected = simple_ldap_user_variable_get('simple_ldap_user_attribute_name', NULL, TRUE);
$attribute_mail_selected = simple_ldap_user_variable_get('simple_ldap_user_attribute_mail', NULL, TRUE);
$attribute_pass_selected = simple_ldap_user_variable_get('simple_ldap_user_attribute_pass', NULL, TRUE);
$password_hash_selected = simple_ldap_user_variable_get('simple_ldap_user_password_hash', NULL, TRUE);
$attribute_rdn_selected = simple_ldap_user_variable_get('simple_ldap_user_attribute_rdn', NULL, TRUE);
// Generate a list of attributes for the selected objectclass.
$attributes = array(
$attribute_name_selected => $attribute_name_selected,
$attribute_mail_selected => $attribute_mail_selected,
$attribute_pass_selected => $attribute_pass_selected,
$attribute_rdn_selected => $attribute_rdn_selected,
);
break;
case 'OpenLDAP':
default:
$readonly = FALSE;
$objectclass_selected = isset($form_state['values']['simple_ldap_user_objectclass']) ? $form_state['values']['simple_ldap_user_objectclass'] : simple_ldap_user_variable_get('simple_ldap_user_objectclass');
$attribute_name_selected = isset($form_state['values']['simple_ldap_user_attribute_name']) ? $form_state['values']['simple_ldap_user_attribute_name'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
$attribute_mail_selected = isset($form_state['values']['simple_ldap_user_attribute_mail']) ? $form_state['values']['simple_ldap_user_attribute_mail'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_mail');
$attribute_pass_selected = isset($form_state['values']['simple_ldap_user_attribute_pass']) ? $form_state['values']['simple_ldap_user_attribute_pass'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_pass');
$password_hash_selected = simple_ldap_user_variable_get('simple_ldap_user_password_hash');
$attribute_rdn_selected = simple_ldap_user_variable_get('simple_ldap_user_attribute_rdn');
// Generate a list of attributes for the selected objectclass.
$attributes = array();
foreach ($objectclass_selected as $objectclass) {
try {
$result = $server->schema
->attributes($objectclass, TRUE);
foreach ($result as $attribute) {
$attributes[strtolower($attribute)] = $attribute;
}
} catch (SimpleLdapException $e) {
// Just absorb the exception. This means that an objectclass was
// specified that does not exist on the server. Just don't add any
// attributes to the list in this case.
}
}
asort($attributes);
}
$form['user'] = array(
'#type' => 'fieldset',
'#title' => t('LDAP Users'),
);
$form['user']['simple_ldap_user_basedn'] = array(
'#type' => 'textfield',
'#title' => t('Base DN'),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_basedn'),
'#required' => TRUE,
'#description' => t('The Base DN that will be searched for user accounts.'),
);
$form['user']['simple_ldap_user_scope'] = array(
'#type' => 'radios',
'#title' => t('Search scope'),
'#options' => array(
'sub' => t('Subtree') . ' - ' . t('Search the base DN and all of its children for user accounts.'),
'one' => t('One-level') . ' - ' . t('Do not include children of the base DN while searching for user accounts.'),
),
'#required' => TRUE,
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_scope'),
);
$form['user']['simple_ldap_user_objectclass'] = array(
'#type' => 'select',
'#title' => t('User objectClass'),
'#options' => $objectclasses,
'#default_value' => $objectclass_selected,
'#required' => TRUE,
'#multiple' => TRUE,
'#size' => 10,
'#description' => t('Which LDAP objectClass should be used when searching for, or creating, a user.'),
'#disabled' => $readonly,
'#ajax' => array(
'callback' => 'simple_ldap_user_objectclass_ajax',
'wrapper' => 'simple-ldap-user-attributes',
),
);
$form['user']['simple_ldap_user_attribute_name'] = array(
'#type' => 'select',
'#title' => t('Username attribute'),
'#prefix' => '<div id="simple-ldap-user-attributes">',
'#options' => $attributes,
'#required' => TRUE,
'#description' => t('Which LDAP attribute should be mapped to a Drupal username.') . ' ' . t('This is commonly "cn" or "uid".'),
'#disabled' => $readonly,
);
// Set default value if it exists in the list of attributes. If a default
// value is not set, the empty option is selected.
if (array_key_exists($attribute_name_selected, $attributes)) {
$form['user']['simple_ldap_user_attribute_name']['#default_value'] = $attribute_name_selected;
}
$form['user']['simple_ldap_user_attribute_mail'] = array(
'#type' => 'select',
'#title' => t('Email attribute'),
'#options' => $attributes,
'#required' => TRUE,
'#description' => t("Which LDAP attribute should be mapped to a Drupal user's email address.") . ' ' . t('This is commonly "mail".'),
'#disabled' => $readonly,
);
// Set default value if it exists in the list of attributes. If a default
// value is not set, the empty option is selected.
if (array_key_exists($attribute_mail_selected, $attributes)) {
$form['user']['simple_ldap_user_attribute_mail']['#default_value'] = $attribute_mail_selected;
}
$form['user']['simple_ldap_user_attribute_pass'] = array(
'#type' => 'select',
'#title' => t('Password attribute') . $disabled_note,
'#suffix' => '</div>',
'#options' => $attributes,
'#description' => t("Which LDAP attribute should be mapped to a Drupal user's password.") . ' ' . t('This is only used for password resets, not for authentication, and is commonly "userPassword".'),
'#disabled' => $readonly || $server->readonly,
'#empty_value' => FALSE,
);
// Set default value if it exists in the list of attributes. If a default
// value is not set, the empty option is selected.
if (array_key_exists($attribute_pass_selected, $attributes)) {
$form['user']['simple_ldap_user_attribute_pass']['#default_value'] = $attribute_pass_selected;
}
$form['user']['simple_ldap_user_password_hash'] = array(
'#type' => 'select',
'#title' => t('Password hashing algorithm') . $disabled_note,
'#options' => SimpleLdap::hashes(),
'#description' => t('Which encryption algorithm should be used to encrypt passwords when writing to LDAP.'),
'#disabled' => $readonly || $server->readonly,
'#default_value' => $password_hash_selected,
'#empty_value' => 'none',
);
// LDAP user admin advanced form.
$form['advanced'] = array(
'#type' => 'fieldset',
'#title' => t('Advanced'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
);
$form['advanced']['simple_ldap_user_filter'] = array(
'#type' => 'textfield',
'#title' => t('Search filter'),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_filter'),
'#description' => t('This filter will be combined with the normal search filter to find users.') . ' ' . t('This can be used to require a certain attribute be present, for example.'),
);
$form['advanced']['simple_ldap_user_source'] = array(
'#type' => 'radios',
'#title' => t('Authoritative data source') . $disabled_note,
'#options' => array(
'ldap' => t('LDAP'),
'drupal' => t('Drupal'),
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_source'),
'#disabled' => $server->readonly,
'#description' => t('This determines the behavior of the data sync in the event of a conflict between LDAP and Drupal.'),
);
$form['advanced']['simple_ldap_user_sync'] = array(
'#type' => 'radios',
'#title' => t('Synchronization trigger'),
'#options' => array(
'hook_user_load' => t('Every time a user object is loaded from the database.') . ' (' . t('More real-time, best if there are frequent changes.') . ')',
'hook_user_login' => t('Every time a user logs in.') . ' (' . t('Less LDAP traffic, best if changes are rare.') . ')',
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_sync'),
);
$form['advanced']['simple_ldap_user_delete_from_ldap'] = array(
'#type' => 'radios',
'#title' => t('Delete from LDAP on user delete?'),
'#options' => array(
'0' => t('Never'),
'1' => t('Always'),
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_delete_from_ldap'),
);
$map_object = SimpleLdapUserMap::singleton();
if ($attribute_map = $map_object->map) {
$table = '<table>';
$table .= '<thead><tr><th>' . t('LDAP attribute') . '</th><th>' . t('Drupal attribute') . '</th></tr></thead>';
$table .= '<tbody>';
$class = 'odd';
foreach ($attribute_map as $item) {
$table .= '<tr class="' . $class . '">';
$table .= '<td>' . $item['ldap'] . '</td>';
$table .= '<td>' . implode(' ', $item['drupal']) . '</td>';
$table .= '</tr>';
$class = $class == 'odd' ? 'even' : 'odd';
}
$table .= '</tbody></table>';
$t_args = array(
'@file' => 'settings.php',
'@variable' => '$conf[\'simple_ldap_user_attribute_map\']',
'@readme' => 'README.txt',
);
$form['advanced']['simple_ldap_user_attribute_map'] = array(
'#type' => 'item',
'#title' => t('Attribute map'),
'#description' => t('Additional attribute maps can be specified in @file using @variable. See @readme for more details', $t_args),
'#markup' => $table,
);
$form['advanced']['simple_ldap_user_attribute_rdn'] = array(
'#type' => 'select',
'#title' => t('Relative Distinguished Name (RDN) attribute'),
'#options' => $map_object
->getFormOptions(),
'#empty_value' => '',
'#default_value' => $attribute_rdn_selected,
'#description' => t('Any of the mapped attributes can be used as the RDN value when provisioning a new LDAP user entry.') . ' ' . t('If set to "None", the Username attribute specified above will be used.'),
'#disabled' => $readonly,
);
}
return system_settings_form($form);
}