function simple_ldap_user_admin in Simple LDAP 7.2
Same name and namespace in other branches
- 7 simple_ldap_user/simple_ldap_user.admin.inc \simple_ldap_user_admin()
Simple LDAP User configuration form.
2 string references to 'simple_ldap_user_admin'
- simple_ldap_active_group_form_alter in contrib/
simple_ldap_active_group/ simple_ldap_active_group.module - Implements hook_form_alter().
- simple_ldap_user_menu in simple_ldap_user/
simple_ldap_user.module - Implements hook_menu().
File
- simple_ldap_user/
simple_ldap_user.admin.inc, line 10 - Functions for Simple LDAP User admin interface.
Code
function simple_ldap_user_admin($form, &$form_state) {
// If we're the one's doing password management, we have a hook_form_FORM_ID_alter() to include.
require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
$form = array();
// Get an LDAP server object.
$server = SimpleLdapServer::singleton();
// Verify LDAP server connectivity.
if (!$server
->bind()) {
drupal_set_message(t('Unable to bind to the LDAP server. Check the <a href="@url">server configuration.</a>', array(
'@url' => url('admin/config/people/simple_ldap'),
)), 'warning');
return $form;
}
// String to append to items disabled by $server->readonly.
$disabled_note = $server->readonly ? t('(Disabled by LDAP Server configuration.)') : '';
// Generate a list of structural and auxiliary object classes supported by
// the server.
$auxiliary_classes_options = $server->schema
->auxiliary('name');
$object_classes_options = $server->schema
->structural('name');
asort($auxiliary_classes_options);
asort($object_classes_options);
$object_class_selected = isset($form_state['values']['simple_ldap_user_objectclass']) ? $form_state['values']['simple_ldap_user_objectclass'] : simple_ldap_user_variable_get('simple_ldap_user_objectclass');
$auxiliary_classes_selected = isset($form_state['values']['simple_ldap_user_auxiliaryclasses']) ? $form_state['values']['simple_ldap_user_auxiliaryclasses'] : simple_ldap_user_variable_get('simple_ldap_user_auxiliaryclasses');
$attribute_name_selected = isset($form_state['values']['simple_ldap_user_attribute_name']) ? $form_state['values']['simple_ldap_user_attribute_name'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
$attribute_mail_selected = isset($form_state['values']['simple_ldap_user_attribute_mail']) ? $form_state['values']['simple_ldap_user_attribute_mail'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_mail');
$attribute_pass_selected = isset($form_state['values']['simple_ldap_user_attribute_pass']) ? $form_state['values']['simple_ldap_user_attribute_pass'] : simple_ldap_user_variable_get('simple_ldap_user_attribute_pass');
$password_hash_selected = simple_ldap_user_variable_get('simple_ldap_user_password_hash');
$attribute_rdn_selected = simple_ldap_user_variable_get('simple_ldap_user_attribute_rdn');
// Get the list of selected classes, pull all valid attributes for them.
$classes = simple_ldap_user_parent_objectclasses($object_class_selected);
$classes = array_merge($classes, simple_ldap_user_parent_objectclasses($auxiliary_classes_selected));
$attributes = simple_ldap_user_class_attrs_as_options($classes);
$form['user'] = array(
'#type' => 'fieldset',
'#title' => t('LDAP Users'),
);
$form['user']['simple_ldap_user_basedn'] = array(
'#type' => 'textfield',
'#title' => t('Base DN'),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_basedn'),
'#required' => TRUE,
'#description' => t('The Base DN that will be searched for user accounts.'),
);
$form['user']['simple_ldap_user_scope'] = array(
'#type' => 'radios',
'#title' => t('Search scope'),
'#options' => array(
'sub' => t('Subtree - Search the base DN and all of its children for user accounts.'),
'one' => t('One-level - Do not include children of the base DN while searching for user accounts.'),
),
'#required' => TRUE,
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_scope'),
);
$form['user']['simple_ldap_user_objectclass'] = array(
'#type' => 'select',
'#title' => t('User objectClass'),
'#options' => $object_classes_options,
'#default_value' => $object_class_selected,
'#required' => TRUE,
'#multiple' => FALSE,
'#description' => t('Which LDAP structural objectClass should be used when searching for, or creating, a user.'),
'#ajax' => array(
'callback' => 'simple_ldap_user_objectclass_ajax',
'wrapper' => 'simple-ldap-user-attributes',
),
);
$form['user']['simple_ldap_user_auxiliaryclasses'] = array(
'#type' => 'select',
'#title' => t('User Auxiliary Classes'),
'#options' => $auxiliary_classes_options,
'#default_value' => $auxiliary_classes_selected,
'#required' => FALSE,
'#multiple' => TRUE,
'#size' => 10,
'#description' => t('Which LDAP auxiliary object classes, if any, should be used when searching for, or creating, a user.'),
'#ajax' => array(
'callback' => 'simple_ldap_user_objectclass_ajax',
'wrapper' => 'simple-ldap-user-attributes',
),
);
$form['user']['simple_ldap_user_attribute_name'] = array(
'#type' => 'select',
'#title' => t('Username attribute'),
'#prefix' => '<div id="simple-ldap-user-attributes">',
'#options' => $attributes,
'#required' => TRUE,
'#description' => t('Which LDAP attribute should be mapped to a Drupal username. This is commonly "cn" or "uid".'),
'#default_value' => $attribute_name_selected,
);
$form['user']['simple_ldap_user_attribute_mail'] = array(
'#type' => 'select',
'#title' => t('Email attribute'),
'#options' => $attributes,
'#required' => TRUE,
'#description' => t('Which LDAP attribute should be mapped to a Drupal user\'s email address. This is commonly "mail".'),
'#default_value' => $attribute_mail_selected,
);
$form['user']['simple_ldap_user_attribute_pass'] = array(
'#type' => 'select',
'#title' => t('Password attribute') . $disabled_note,
'#suffix' => '</div>',
'#options' => $attributes,
'#description' => t('Which LDAP attribute should be mapped to a Drupal user\'s password. This is only used for password resets, not for authentication, and is commonly "userPassword".'),
'#empty_value' => FALSE,
'#default_value' => $attribute_pass_selected,
);
$form['user']['simple_ldap_user_password_hash'] = array(
'#type' => 'select',
'#title' => t('Password hashing algorithm') . $disabled_note,
'#options' => SimpleLdap::hashes(),
'#description' => t('Which encryption algorithm should be used to encrypt passwords when writing to LDAP.'),
'#default_value' => $password_hash_selected,
'#empty_value' => 'none',
);
// LDAP user admin advanced form.
$form['advanced'] = array(
'#type' => 'fieldset',
'#title' => t('Advanced'),
'#collapsible' => TRUE,
'#collapsed' => TRUE,
);
$form['advanced']['simple_ldap_user_filter'] = array(
'#type' => 'textfield',
'#title' => t('Search filter'),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_filter'),
'#description' => t('This filter will be combined with the normal search filter to find users. This can be used to require a certain attribute be present, for example.'),
);
$form['advanced']['simple_ldap_user_source'] = array(
'#type' => 'radios',
'#title' => t('Authoritative data source') . $disabled_note,
'#options' => array(
'ldap' => t('LDAP'),
'drupal' => t('Drupal'),
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_source'),
'#disabled' => $server->readonly,
'#description' => t('This determines the behavior of the data sync in the event of a conflict between LDAP and Drupal.'),
);
$form['advanced']['simple_ldap_user_sync'] = array(
'#type' => 'radios',
'#title' => t('Synchronization trigger'),
'#options' => array(
'hook_user_load' => t('Every time a user object is loaded from the database. (More real-time, best if there are frequent changes.)'),
'hook_user_login' => t('Every time a user logs in. (Less LDAP traffic, best if changes are rare.)'),
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_sync'),
);
$form['advanced']['simple_ldap_user_delete_from_ldap'] = array(
'#type' => 'radios',
'#title' => t('Delete from LDAP on user delete?'),
'#options' => array(
'0' => t('Never'),
'1' => t('Always'),
),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_delete_from_ldap'),
);
// Generate a table to display the attribute map if one is configured.
$table = '';
$attribute_map = simple_ldap_user_variable_get('simple_ldap_user_attribute_map');
if (!empty($attribute_map)) {
$table = '<table>';
$table .= '<thead><tr><th>' . t('LDAP attribute') . '</th><th>' . t('Drupal attribute') . '</th></tr></thead>';
$table .= '<tbody>';
$class = 'odd';
foreach ($attribute_map as $ldap_item => $item) {
$table .= '<tr class="' . $class . '">';
$table .= '<td>' . $ldap_item . '</td>';
$table .= '<td>' . implode(' ', $item) . '</td>';
$table .= '</tr>';
$class = $class == 'odd' ? 'even' : 'odd';
}
$table .= '</tbody></table>';
}
$form['advanced']['simple_ldap_user_attribute_map'] = array(
'#type' => 'item',
'#title' => t('Attribute map'),
'#weight' => 10,
'#description' => $table . t('Additional attribute maps can be specified in settings.php using $conf[\'simple_ldap_user_attribute_map\']. See README.txt for more details.'),
);
$attribute_map = simple_ldap_user_variable_get('simple_ldap_user_attribute_map');
if (!empty($attribute_map)) {
// Generate a list of attribute names from the attribute map. This pulls
// from the schema to make the human-readable version have the right case.
$options = array();
foreach ($attribute_map as $ldap_attr => $drupal_field) {
$attribute_type = $server->schema
->get('attributeTypes', $ldap_attr);
$options[$ldap_attr] = $attribute_type['name'];
}
asort($options);
$form['advanced']['simple_ldap_user_attribute_rdn'] = array(
'#type' => 'select',
'#title' => t('Relative Distinguished Name (RDN) attribute'),
'#options' => $options,
'#empty_value' => '',
'#default_value' => $attribute_rdn_selected,
'#description' => t('Any of the mapped attributes can be used as the RDN value when provisioning a new LDAP user entry. If set to "None", the Username attribute specified above will be used.'),
'#disabled' => $server->readonly,
);
$form['advanced']['simple_ldap_user_unique_attribute'] = array(
'#type' => 'textfield',
'#title' => t('UUID Attribute (PUID)'),
'#description' => t('Enter the name of the attribute that remains persistant even through name changes. Active Directory uses "objectGUID". OpenLDAP, Apache DS and most others use "entryUUID".'),
'#default_value' => simple_ldap_user_variable_get('simple_ldap_user_unique_attribute'),
);
}
return system_settings_form($form);
}