NOTE: These settings have no effect on Drupal user with uid 1. The admin account never uses LDAP.
'), - '#collapsible' => TRUE, + '#description' => t('NOTE: These settings have no effect on Drupal user with uid 1. The admin account never uses LDAP.
'), + '#collapsible' => TRUE, '#collapsed' => TRUE, ); - $form['system-options']['ldap_login_process'] = array( - '#type' => 'radios', + $form['system-options']['ldap_login_process'] = array( + '#type' => 'radios', '#title' => t('Choose authentication mode'), - '#description' => t('Pick the mode based on the types of user accounts and other configuration decisions...
'), + '#description' => t('Pick the mode based on the types of user accounts and other configuration decisions...
'), '#default_value' => variable_get('ldap_login_process', LDAP_FIRST_DRUPAL), - '#options' => $options_login_process, + '#options' => $options_login_process, '#required' => true, ); - $form['security-options'] = array( + $form['security-options'] = array( '#type' => 'fieldset', '#title' => t('Security Options'), - '#collapsible' => TRUE, + '#collapsible' => TRUE, '#description' => t('If you use the ldapdata module and want to allow users to modify their LDAP attributes, you have two options:
Physically, these passwords are stored in the Drupal\'s session table in clear text. This is not ideal and is not the recomended configuration.
Unless you need to use the latter configuration, leave this checked.
'), '#collapsed' => TRUE, ); - + $form['security-options']['ldap_forget_passwords'] = array( - '#type' => 'checkbox', - '#title' => t('Do not store users\' passwords during sessions'), - '#return_value' => true, + '#type' => 'checkbox', + '#title' => t('Do not store users\' passwords during sessions'), + '#return_value' => TRUE, '#default_value' => variable_get('ldap_forget_passwords', true), ); - $form['anonymous-ui'] = array( - '#type' => 'fieldset', + $form['anonymous-ui'] = array( + '#type' => 'fieldset', '#title' => t('Anonymous UI Options'), - '#description' => t('Effects the interface for all non-authenticated users.
'), - '#collapsible' => TRUE, + '#description' => t('Effects the interface for all non-authenticated users.
'), + '#collapsible' => TRUE, '#collapsed' => TRUE, ); - + $form['anonymous-ui']['ldap_disable_request_new_password'] = array( - '#type' => 'checkbox', + '#type' => 'checkbox', '#title' => t('Remove Request new password link from login block'), - '#return_value' => TRUE, + '#return_value' => TRUE, '#default_value' => variable_get('ldap_disable_request_new_password', FALSE), ); - $options_reset_form = array( + $options_reset_form = array( LDAP_RESET_FORM_NO => t('Do nothing'), LDAP_RESET_FORM_OVERWRITE => t('Overwrite form with HTML in textfield'), LDAP_RESET_FORM_MERGE => t('Prepend HTML to form') ); - + $form['anonymous-ui']['ldap_alter_reset_form'] = array( - '#type' => 'radios', + '#type' => 'radios', '#title' => t('Alter Request New Password form'), '#default_value' => variable_get('ldap_alter_reset_form', LDAP_RESET_FORM_NO), - '#options' => $options_reset_form, + '#options' => $options_reset_form, '#required' => true, ); - - $form['anonymous-ui']['ldap_user_pass_form'] = array( - '#type' => 'textarea', - '#title' => t('New password reset message'), - '#default_value' => variable_get('ldap_user_pass_form','The Request New Password form cannot be removed, but it can be altered. Pick the mode based on the types of user accounts and other configuration decisions.
'), - ); + ); - $form['ldap-ui'] = array( - '#type' => 'fieldset', + $form['ldap-ui'] = array( + '#type' => 'fieldset', '#title' => t('LDAP UI Options'), - '#description' => t('Alters LDAP users\' interface only, though admin accounts can still access email and password fields of LDAP users regardless of selections. Does not effect non-LDAP authenticated accounts.
'), - '#collapsible' => TRUE, + '#description' => t('Alters LDAP users\' interface only, though admin accounts can still access email and password fields of LDAP users regardless of selections. Does not effect non-LDAP authenticated accounts.
'), + '#collapsible' => TRUE, '#collapsed' => TRUE, ); - - $form['ldap-ui']['ldap_disable_user_request_password'] = array( + + $form['ldap-ui']['ldap_disable_user_request_password'] = array( '#type' => 'checkbox', '#title' => t('Remove password change fields from user edit form'), - '#default_value' => variable_get('ldap_disable_user_request_password',FALSE), + '#default_value' => variable_get('ldap_disable_user_request_password', FALSE), ); - $options_email_field = array( + $options_email_field = array( LDAP_EMAIL_FIELD_NO => t('Do nothing'), LDAP_EMAIL_FIELD_REMOVE => t('Remove email field from form'), LDAP_EMAIL_FIELD_DISABLE => t('Disable email field on form') ); - + $form['ldap-ui']['ldap_alter_email_field'] = array( - '#type' => 'radios', + '#type' => 'radios', '#title' => t('Alter email field on user edit form'), - '#description' => t('Remove or disable email field from user edit form for LDAP authenticated users.
'), + '#description' => t('Remove or disable email field from user edit form for LDAP authenticated users.
'), '#default_value' => variable_get('ldap_alter_email_field', LDAP_EMAIL_FIELD_NO), - '#options' => $options_email_field, + '#options' => $options_email_field, '#required' => true, ); - - - $form['ldap_restore_defaults'] = array( + + $form['ldap_restore_defaults'] = array( '#type' => 'checkbox', '#title' => t('Reset to default values'), - '#default_value' => variable_get('ldap_restore_defaults',FALSE), + '#default_value' => variable_get('ldap_restore_defaults', FALSE), ); - + $form['submit'] = array( '#type' => 'submit', '#value' => 'Save configuration' ); - return $form; } -function ldapauth_admin_options_submit($form_id, $form_values) { - - if ($form_values['ldap_restore_defaults']) { +function ldapauth_admin_options_submit($form, &$form_state) { + if ($form_state['values']['ldap_restore_defaults']) { variable_del('ldap_disable_request_new_password'); variable_del('ldap_alter_reset_form'); variable_del('ldap_alter_email_field'); @@ -345,24 +320,24 @@ variable_del('ldap_forget_passwords'); variable_del('ldap_login_process'); $msg = 'System wide LDAP settings reset to defaults'; - } else { - variable_set('ldap_user_pass_form', $form_values['ldap_user_pass_form']); - variable_set('ldap_disable_request_new_password', $form_values['ldap_disable_request_new_password']); - variable_set('ldap_forget_passwords', $form_values['ldap_forget_passwords']); - variable_set('ldap_login_process', $form_values['ldap_login_process']); - variable_set('ldap_disable_user_request_password', $form_values['ldap_disable_user_request_password']); - variable_set('ldap_alter_reset_form', $form_values['ldap_alter_reset_form']); - variable_set('ldap_alter_email_field', $form_values['ldap_alter_email_field']); + } + else { + variable_set('ldap_user_pass_form', $form_state['values']['ldap_user_pass_form']); + variable_set('ldap_disable_request_new_password', $form_state['values']['ldap_disable_request_new_password']); + variable_set('ldap_forget_passwords', $form_state['values']['ldap_forget_passwords']); + variable_set('ldap_login_process', $form_state['values']['ldap_login_process']); + variable_set('ldap_disable_user_request_password', $form_state['values']['ldap_disable_user_request_password']); + variable_set('ldap_alter_reset_form', $form_state['values']['ldap_alter_reset_form']); + variable_set('ldap_alter_email_field', $form_state['values']['ldap_alter_email_field']); $msg = 'System wide LDAP settings saved'; } drupal_set_message($msg); - return 'admin/settings/ldapauth/options'; + $form_state['redirect'] = 'admin/settings/ldapauth/options'; } -function ldapauth_admin_form() { +function ldapauth_admin_form(&$form_state, $edit_action = false, $ldap_name = null) { - $ldap_name = arg(4); - if ((arg(3) == "edit") && ($ldap_name != NULL)) { + if ($edit_action && ($ldap_name != NULL)) { $edit = db_fetch_array(db_query("SELECT * FROM {ldapauth} WHERE name = '%s'", $ldap_name)); $form['old-name'] = array( '#type' => 'hidden', @@ -370,37 +345,46 @@ ); } - $form['server-settings'] = array( - '#type' => 'fieldset', - '#title' => t('Server settings'), - '#collapsible' => TRUE, + $form['action'] = array( + '#type' => 'value', + '#value' => $edit_action ? 'edit' : 'add', + ); + + $form['server-settings'] = array( + '#type' => 'fieldset', + '#title' => t('Server settings'), + '#collapsible' => TRUE, '#collapsed' => FALSE, ); $form['server-settings']['name'] = array( - '#type' => 'textfield', - '#title' => t('Name'), - '#default_value' => $edit['name'], + '#type' => 'textfield', + '#title' => t('Name'), + '#default_value' => $edit_action ? $edit['name'] : '', '#description' => t('Choose a unique name for this server configuration.'), - '#size' => 50, - '#maxlength' => 255, + '#size' => 50, + '#maxlength' => 255, '#required' => TRUE, ); - $form['server-settings']['server'] = array( - '#type' => 'textfield', - '#title' => t('LDAP server'), - '#default_value' => $edit['server'], - '#size' => 50, - '#maxlength' => 255, + $form['server-settings']['server'] = array( + '#type' => 'textfield', + '#title' => t('LDAP server'), + '#default_value' => $edit_action ? $edit['server'] : '', + '#size' => 50, + '#maxlength' => 255, '#description' => t('The domain name or IP address of your LDAP Server.
'), '#required' => TRUE, - ); - - // workaround for a db schema screwup. If port is left blank, then next time the config is edited, + ); + + // workaround for a db schema screwup. If port is left blank, then next time the config is edited, // it will stick a 0 in it. -- not good. - $_port = ($edit['port'] == '0') ? "389" : $edit['port']; - $form['server-settings']['port'] = array( + if ($edit_action) { + $_port = ($edit['port'] == '0') ? "389" : $edit['port']; + } else { + $_port = '389'; + } + $form['server-settings']['port'] = array( '#type' => 'textfield', '#title' => t('LDAP port'), '#default_value' => $_port, @@ -410,89 +394,93 @@ ); $form['server-settings']['tls'] = array( - '#type' => 'checkbox', - '#title' => t('Use Start-TLS'), - '#return_value' => 1, - '#default_value' => $edit['tls'], + '#type' => 'checkbox', + '#title' => t('Use Start-TLS'), + '#return_value' => 1, + '#default_value' => $edit_action ? $edit['tls'] : '', '#description' => t('Secure the connection between the Drupal and the LDAP servers using TLS.
Note: To use START-TLS, you must set the LDAP Port to 389.
Secure the password in LDAP by storing it MD5 encrypted (use with care, as some LDAP directories may do this automatically, what would cause logins problems).
'), ); $form['login-procedure'] = array( - '#type' => 'fieldset', - '#title' => 'Login procedure', - '#collapsible' => TRUE, + '#type' => 'fieldset', + '#title' => 'Login procedure', + '#collapsible' => TRUE, '#collapsed' => TRUE, ); - $form['login-procedure']['basedn'] = array( - '#type' => 'textarea', - '#title' => t('Base DNs'), - '#default_value' => $edit['basedn'], - '#cols' => 50, - '#rows' => 6, - '#description' => t('Base DNs for users. Enter one per line in case you need several of them.
') + $form['login-procedure']['basedn'] = array( + '#type' => 'textarea', + '#title' => t('Base DNs'), + '#default_value' => $edit_action ? $edit['basedn'] : '', + '#cols' => 50, + '#rows' => 6, + '#description' => t('Base DNs for users. Enter one per line in case you need several of them.
') ); - $form['login-procedure']['user_attr'] = array( - '#type' => 'textfield', - '#title' => t('UserName attribute'), - '#default_value' => $edit['user_attr'], - '#size' => 50, - '#maxlength' => 255, + $form['login-procedure']['user_attr'] = array( + '#type' => 'textfield', + '#title' => t('UserName attribute'), + '#default_value' => $edit_action ? $edit['user_attr'] : '', + '#size' => 50, + '#maxlength' => 255, '#description' => t('The attribute that holds the users\' login name. (eg. cn for eDir or sAMAccountName for Active Directory).
'), ); - $form['login-procedure']['mail_attr'] = array( - '#type' => 'textfield', - '#title' => t('Email attribute'), - '#default_value' => $edit['mail_attr'], - '#size' => 50, - '#maxlength' => 255, + $form['login-procedure']['mail_attr'] = array( + '#type' => 'textfield', + '#title' => t('Email attribute'), + '#default_value' => $edit_action ? $edit['mail_attr'] : '', + '#size' => 50, + '#maxlength' => 255, '#description' => t('The attribute that holds the users\' email address. (eg. mail).
'), ); - - $form['advanced'] = array( - '#type' => 'fieldset', - '#title' => 'Advanced configuration', - '#collapsible' => TRUE, + + $form['advanced'] = array( + '#type' => 'fieldset', + '#title' => 'Advanced configuration', + '#collapsible' => TRUE, '#collapsed' => TRUE ); - $form['advanced']['ldap-note'] = array( + $form['advanced']['ldap-note'] = array( '#value' => 'The process of authentication starts by establishing an anonymous connection to the LDAP directory and looking up for the user on it. Once this user is found, LDAP authentication is performed on them.
However, some LDAP configurations (specially common in Active Directory setups) restrict anonymous searches.
If your LDAP setup does not allow anonymous searches, or these are restricted in such a way that login names for users cannot be retrieved as a result of them, then you have to specify here a DN//password pair that will be used for these searches.
For security reasons, this pair should belong to an LDAP account with stripped down permissions.
' ); - $form['advanced']['binddn'] = array( - '#type' => 'textfield', - '#title' => t('DN for non-anonymous search'), - '#default_value' => $edit['binddn'], - '#size' => 50, + $form['advanced']['binddn'] = array( + '#type' => 'textfield', + '#title' => t('DN for non-anonymous search'), + '#default_value' => $edit_action ? $edit['binddn'] : '', + '#size' => 50, '#maxlength' => 255, ); - if ($edit['bindpw_clear'] || !$edit['bindpw']) { - $form['advanced']['bindpw'] = array( - '#type' => 'password', - '#title' => t('Password for non-anonymous search'), - '#size' => 50, + // show the pw field: + // - new server + // - edit server and (clear has been set or no pw has been configured) + if (!$edit_action || ($edit_action && ($edit['bindpw_clear'] || !$edit['bindpw']))) { + $form['advanced']['bindpw'] = array( + '#type' => 'password', + '#title' => t('Password for non-anonymous search'), + '#size' => 50, '#maxlength' => 255, - ); + ); + $form['advanced']['bindpw_clear'] = array('#type' => 'value', '#value' => false); } else { // give an option to clear the password - $form['advanced']['bindpw_clear'] = array( - '#type' => 'checkbox', - '#title' => t('Clear current password'), + $form['advanced']['bindpw_clear'] = array( + '#type' => 'checkbox', + '#title' => t('Clear current password'), '#default_value' => false, - ); + ); } $form['submit'] = array( @@ -503,52 +491,48 @@ return $form; } -/** - * Submit the contact category page for submission -**/ - -function ldapauth_admin_form_submit($form_id, $form_values) { - +/** + * Submit the contact category page for submission + */ +function ldapauth_admin_form_submit($form, &$form_state) { // set the checking order - if ((arg(3) == 'add')) { - if (db_fetch_object(db_query("SELECT name FROM {ldapauth} WHERE name = '%s'", $form_values['name']))) { + if ($form_state['values']['action'] == 'add') { + if (db_fetch_object(db_query("SELECT name FROM {ldapauth} WHERE name = '%s'", $form_state['values']['name']))) { form_set_error( 'name', t('An LDAP config with that name already exists.')); } - db_query("INSERT INTO {ldapauth} (name, status, server, port, tls, encrypted, basedn, user_attr, mail_attr, binddn, bindpw) VALUES ('%s', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '%s')", $form_values['name'], 1, $form_values['server'], $form_values['port'], $form_values['tls'], $form_values['encrypted'], $form_values['basedn'], trim($form_values['user_attr']), trim($form_values['mail_attr']), $form_values['binddn'], $form_values['bindpw']); - drupal_set_message(t('LDAP Configuration %config has been added.', array('%config' => $form_values['name']))); - watchdog('ldap', t('ldapauth: ldap config %config added.', array('%config' => $form_values['name']))); + db_query("INSERT INTO {ldapauth} (name, status, server, port, tls, encrypted, basedn, user_attr, mail_attr, binddn, bindpw) VALUES ('%s', '%d', '%s', '%d', '%d', '%d', '%s', '%s', '%s', '%s', '%s')", $form_state['values']['name'], 1, $form_state['values']['server'], $form_state['values']['port'], $form_state['values']['tls'], $form_state['values']['encrypted'], $form_state['values']['basedn'], trim($form_state['values']['user_attr']), trim($form_state['values']['mail_attr']), $form_state['values']['binddn'], $form_state['values']['bindpw']); + drupal_set_message(t('LDAP Configuration %config has been added.', array('%config' => $form_state['values']['name']))); + watchdog('ldap', 'ldapauth: ldap config %config added.', array('%config' => $form_state['values']['name'])); } else { - if ( !$form_values['bindpw_clear'] && $form_values['bindpw']) { - db_query("UPDATE {ldapauth} SET name = '%s', server = '%s', port = '%d', tls = '%d', encrypted = '%d', basedn = '%s', user_attr = '%s', mail_attr = '%s', binddn = '%s', bindpw = '%s', bindpw_clear = '%d' WHERE name = '%s'", $form_values['name'], $form_values['server'], $form_values['port'], $form_values['tls'], $form_values['encrypted'], $form_values['basedn'], trim($form_values['user_attr']), trim($form_values['mail_attr']), $form_values['binddn'], $form_values['bindpw'], $form_values['bindpw_clear'], $form_values['old-name']); + if ( !$form_state['values']['bindpw_clear'] && $form_state['values']['bindpw']) { + // set the password + db_query("UPDATE {ldapauth} SET name = '%s', server = '%s', port = '%d', tls = '%d', encrypted = '%d', basedn = '%s', user_attr = '%s', mail_attr = '%s', binddn = '%s', bindpw = '%s', bindpw_clear = '%d' WHERE name = '%s'", $form_state['values']['name'], $form_state['values']['server'], $form_state['values']['port'], $form_state['values']['tls'], $form_state['values']['encrypted'], $form_state['values']['basedn'], trim($form_state['values']['user_attr']), trim($form_state['values']['mail_attr']), $form_state['values']['binddn'], $form_state['values']['bindpw'], $form_state['values']['bindpw_clear'], $form_state['values']['old-name']); } else { // set the clear password switch - db_query("UPDATE {ldapauth} SET name = '%s', server = '%s', port = '%d', tls = '%d', encrypted = '%d', basedn = '%s', user_attr = '%s', mail_attr = '%s', binddn = '%s', bindpw_clear = '%d' WHERE name = '%s'", $form_values['name'], $form_values['server'], $form_values['port'], $form_values['tls'], $form_values['encrypted'], $form_values['basedn'], trim($form_values['user_attr']), trim($form_values['mail_attr']), $form_values['binddn'], $form_values['bindpw_clear'], $form_values['old-name']); + db_query("UPDATE {ldapauth} SET name = '%s', server = '%s', port = '%d', tls = '%d', encrypted = '%d', basedn = '%s', user_attr = '%s', mail_attr = '%s', binddn = '%s', bindpw_clear = '%d' WHERE name = '%s'", $form_state['values']['name'], $form_state['values']['server'], $form_state['values']['port'], $form_state['values']['tls'], $form_state['values']['encrypted'], $form_state['values']['basedn'], trim($form_state['values']['user_attr']), trim($form_state['values']['mail_attr']), $form_state['values']['binddn'], $form_state['values']['bindpw_clear'], $form_state['values']['old-name']); } - drupal_set_message(t('LDAP Configuration %config has been updated.', array('%config' => $form_values['name']))); - watchdog('ldap', t('ldapauth: ldap config %config updated.', array('%config' => $form_values['name']))); + drupal_set_message(t('LDAP Configuration %config has been updated.', array('%config' => $form_state['values']['name']))); + watchdog('ldap', 'ldapauth: ldap config %config updated.', array('%config' => $form_state['values']['name'])); } - - return 'admin/settings/ldapauth'; -} - -function ldapauth_admin_delete() { - $ldap_name = arg(4); + $form_state['redirect'] = 'admin/settings/ldapauth'; +} - if (!$ldap_name) { - drupal_goto('admin/settings/ldapauth'); +function ldapauth_admin_delete(&$form_state, $ldap_name) { + if (!$ldap_name) { + drupal_goto('admin/settings/ldapauth'); } if ($result = db_fetch_object(db_query("SELECT name FROM {ldapauth} WHERE name = '%s'", $ldap_name))) { - return confirm_form( - array(), - t('Are you sure you want to delete the ldap configration named %server?', array('%server'=>$ldap_name)), - 'admin/settings/ldapauth', - t('This action cannot be undone.
'), - t('Delete'), - t('Cancel') + $form = array('name' => array('#type' => 'value', '#value' => $ldap_name)); + return confirm_form($form, + t('Are you sure you want to delete the ldap configration named %server?', array('%server' => $ldap_name)), + 'admin/settings/ldapauth', + t('This action cannot be undone.
'), + t('Delete'), + t('Cancel') ); } else { @@ -557,17 +541,17 @@ } } -function ldapauth_admin_delete_submit($form_id, $form_values) { - if ($form_values['confirm']) { - db_query("DELETE FROM {ldapauth} WHERE name = '%s'", arg(4)); - drupal_set_message(t('LDAP Configuration %config has been deleted.', array('%config' => $form_values['name']))); - watchdog('ldap', t('ldapauth: ldap config %config deleted.', array('%config' => $form_values['name']))); +function ldapauth_admin_delete_submit($form, &$form_state) { + if ($form_state['values']['confirm']) { + db_query("DELETE FROM {ldapauth} WHERE name = '%s'", $form_state['values']['name']); + drupal_set_message(t('LDAP Configuration %config has been deleted.', array('%config' => $form_state['values']['name']))); + watchdog('ldap', 'ldapauth: ldap config %config deleted.', array('%config' => $form_state['values']['name'])); } - return 'admin/settings/ldapauth'; + $form_state['redirect'] = 'admin/settings/ldapauth'; } function ldapauth_auth($name, $pass, $server) { - global $ldapauth_ldap; + global $_ldapauth_ldap; // Don't allow empty passwords because they cause problems on some setups // http://drupal.org/node/87831 @@ -575,7 +559,7 @@ return false; } - $login_name = $server ? $name . '@' . $server : $name; + $login_name = $server ? $name .'@'. $server : $name; if (function_exists('ldapauth_transform_login_name')) { $login_name = call_user_func('ldapauth_transform_login_name', $login_name); } @@ -592,11 +576,11 @@ continue; } // Try to authenticate - if (!$ldapauth_ldap->connect($dn, $pass)) { + if (!$_ldapauth_ldap->connect($dn, $pass)) { continue; } if (function_exists('ldapauth_user_filter') - && !call_user_func('ldapauth_user_filter', $ldapauth_ldap->retrieveAttributes($dn))) { + && !call_user_func('ldapauth_user_filter', $_ldapauth_ldap->retrieveAttributes($dn))) { continue; } return true; @@ -614,8 +598,8 @@ function ldapauth_user($op, &$edit, &$edit_user, $category = NULL) { global $user; - - switch ($op) { + + switch ($op) { case 'login': // This is to convert from old ldap_integration to new ldapauth if ($user->ldap_authentified) { @@ -629,19 +613,19 @@ '#type' => 'fieldset', '#title' => 'LDAP authentication settings', '#collapsible' => TRUE, - ); + ); $form['ldap_settings']['ldap_authentified'] = array( '#type' => 'checkbox', '#title' => 'Authenticate via LDAP', '#default_value' => $edit_user->ldap_authentified, ); - + $form['ldap_settings']['ldap_dn'] = array( '#type' => 'textfield', '#title' => 'LDAP User DN', '#default_value' => $edit_user->ldap_dn, ); - + return $form; } break; @@ -651,28 +635,28 @@ /********************************* * 3. Auxiliary functions * - *********************************/ + * ***************************** */ function _ldapauth_init($config) { - global $ldapauth_ldap; + global $_ldapauth_ldap; - $row = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE name = '%s'", $config)); + $row = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE name = '%s'", $config)); - // $ldapauth_ldap = new LDAPInterface(); - $ldapauth_ldap->setOption('name', $row->name); - $ldapauth_ldap->setOption('server', $row->server); - $ldapauth_ldap->setOption('port', $row->port); - $ldapauth_ldap->setOption('tls', $row->tls); - $ldapauth_ldap->setOption('encrypted', $row->encrypted); - $ldapauth_ldap->setOption('basedn', $row->basedn); - $ldapauth_ldap->setOption('user_attr', $row->user_attr); - $ldapauth_ldap->setOption('mail_attr', $row->mail_attr); + $_ldapauth_ldap = new LDAPInterface(); + $_ldapauth_ldap->setOption('name', $row->name); + $_ldapauth_ldap->setOption('server', $row->server); + $_ldapauth_ldap->setOption('port', $row->port); + $_ldapauth_ldap->setOption('tls', $row->tls); + $_ldapauth_ldap->setOption('encrypted', $row->encrypted); + $_ldapauth_ldap->setOption('basedn', $row->basedn); + $_ldapauth_ldap->setOption('user_attr', $row->user_attr); + $_ldapauth_ldap->setOption('mail_attr', $row->mail_attr); return; } function _ldapauth_login2dn($login) { - global $ldapauth_ldap; + global $_ldapauth_ldap; $ret = ''; @@ -684,33 +668,33 @@ } function _ldapauth_user_lookup($name) { - global $ldapauth_ldap; + global $_ldapauth_ldap; $ret = null; - if (! $ldapauth_ldap) { + if (! $_ldapauth_ldap) { return; } - $row = db_fetch_object(db_query("SELECT binddn, bindpw FROM {ldapauth} WHERE name = '%s'", $ldapauth_ldap->getOption('name'))); + $row = db_fetch_object(db_query("SELECT binddn, bindpw FROM {ldapauth} WHERE name = '%s'", $_ldapauth_ldap->getOption('name'))); $dn = $row->binddn; $pass = $row->bindpw; // If there is no BINDDN and BINDPW -- the connect will be an anonymous connect - $ldapauth_ldap->connect($dn, $pass); - $possible_base_dns = explode("\r\n", $ldapauth_ldap->getOption('basedn')); + $_ldapauth_ldap->connect($dn, $pass); + $possible_base_dns = explode("\r\n", $_ldapauth_ldap->getOption('basedn')); foreach ($possible_base_dns as $base_dn) { - if( ! $base_dn) { + if (!$base_dn) { continue; } - $name_attr = $ldapauth_ldap->getOption('user_attr') ? $ldapauth_ldap->getOption('user_attr') : LDAP_DEFAULT_USER_ATTRIBUTE; + $name_attr = $_ldapauth_ldap->getOption('user_attr') ? $_ldapauth_ldap->getOption('user_attr') : LDAP_DEFAULT_USER_ATTRIBUTE; $filter = "$name_attr=$name"; - $result = $ldapauth_ldap->search($base_dn, $filter); + $result = $_ldapauth_ldap->search($base_dn, $filter); if ( ! $result) { continue; } $num_matches = $result['count']; - // must find exactly one user for authentication to + // must find exactly one user for authentication to if ($num_matches != 1) { - watchdog('user', "Error: $num_matches users found with $filter under $base_dn", WATCHDOG_ERROR); + watchdog('user', "Error: %num users found with %filter under %base_dn", array('%num' => $num_matches, '%filter' => $filter, '%base_dn' => $base_dn), WATCHDOG_ERROR); continue; } $match = $result[0]; @@ -721,7 +705,7 @@ // This was contributed by Dan "Gribnif" Wilga, and described // here: http://drupal.org/node/87833 if ( ! isset($match[$name_attr][0]) ) { - $name_attr = strtolower($name_attr); + $name_attr = drupal_strtolower($name_attr); if ( ! isset($match[$name_attr][0]) ) { continue; } @@ -736,7 +720,7 @@ // loop through all possible options. $ok = false; foreach ($match[$name_attr] as $value) { - if (strtolower($value) == strtolower($name)) { + if (strcasecmp($value, $name) == 0) { $ok = true; break; } @@ -753,16 +737,21 @@ /********************************* * 4. Login process hacks * - *********************************/ - function ldapauth_form_alter($form_id, &$form) { - global $user; + * ***************************** */ +function ldapauth_form_alter(&$form, $form_state, $form_id) { + global $user; - if (isset($form['#validate']['user_login_validate'])) { - $form['#validate'] = array('ldapauth_login_validate' => array()); + // replace the drupal authenticate function is it's used as validation + if (isset($form['#validate']) && is_array($form['#validate']) && in_array('user_login_authenticate_validate', $form['#validate'])) { + for ($i = 0; $i < count($form['#validate']); $i++) { + if ($form['#validate'][$i] == "user_login_authenticate_validate") { + $form['#validate'][$i] = 'ldapauth_login_validate'; + } + } } // Rewrite forms regarding user administration - switch($form_id) { + switch ($form_id) { case 'user_login_block': // Since form only available when not logged in, no need to check for admin? if (variable_get('ldap_disable_request_new_password', FALSE)) { @@ -772,11 +761,12 @@ case 'user_pass': $opt = variable_get('ldap_alter_reset_form', LDAP_RESET_FORM_NO); if ($opt <> LDAP_RESET_FORM_NO && variable_get('ldap_user_pass_form', FALSE)) { - if ($opt == LDAP_RESET_FORM_OVERWRITE){ + if ($opt == LDAP_RESET_FORM_OVERWRITE) { $form = array( '#value' => t(variable_get('ldap_user_pass_form', 'Users may be able to view their LDAP attributes\' values, as well as edit them. You can configure this feature here.
'), - ); - - foreach ($ldap_attributes as $key => $field) { + '#value' => t('Users may be able to view their LDAP attributes\' values, as well as edit them. You can configure this feature here.
'), + ); + + foreach ($_ldap_attributes as $key => $field) { $fields[$key] = $field[2]; } - foreach ($fields as $attr => $attr_name) { - - $ro_options[$attr] = ''; - $rw_options[$attr] = ''; - + $i = 0; + foreach ($fields as $attr => $attr_name) { + $ro_options[$attr] = $attr_name; + $rw_options[$attr] = $attr_name; + $ro_status[$i] = false; + $rw_status[$i] = false; + if (!empty($roattrs) && (in_array($attr, $roattrs))) { - $ro_status[] = $attr; + $ro_status[$i] = $attr; } if (!empty($rwattrs) && (in_array($attr, $rwattrs))) { - $rw_status[] = $attr; - } - + $rw_status[$i] = $attr; + } + $form['ldap_editable_attributes']['ldap_attr_table'][$attr] = array( - //'#type' => 'markup', + '#type' => 'markup', '#value' => $attr_name, ); - + $i++; } - + $form['ldap_editable_attributes']['ro_status'] = array( '#type' => 'checkboxes', '#options' => $ro_options, @@ -255,7 +269,7 @@ '#type' => 'checkboxes', '#options' => $rw_options, '#default_value' => $rw_status, - ); + ); $form['ldap_editable_attributes']['header'] = array( '#type' => 'value', @@ -265,7 +279,7 @@ array('data' => 'Editable by User?'), )); - // ADVANCED CONFIGURATION + // ADVANCED CONFIGURATION $form['advanced'] = array( '#type' => 'fieldset', @@ -273,11 +287,11 @@ '#collapsible' => TRUE, '#collapsed' => TRUE ); - + $form['advanced']['ldap-note'] = array( '#value' => t('When reading/editing attributes, this module logs on to the LDAP directory using the user\'s DN//pass pair. However, many LDAP setups do not allow their users to edit attributes.
If this is your case, but still you want users to edit their LDAP attributes via Drupal, you should set up an special user on your directory, with special access to edit your users\' attributes. Then this module will use it to log on and edit data.
') - ); - + ); + $form['advanced']['ldapdata_binddn'] = array( '#type' => 'textfield', '#title' => t('DN for reading/editing attributes'), @@ -285,8 +299,8 @@ '#size' => 50, '#maxlength' => 255, ); - - if ($ldapdata_bindpw_clear || !ldapdata_bindpw) { + + if ($ldapdata_bindpw_clear || !ldapdata_bindpw) { $form['advanced']['ldapdata_bindpw'] = array( '#type' => 'password', '#title' => t('Password for reading/editing attributes'), @@ -300,29 +314,29 @@ '#type' => 'checkbox', '#default_value' => false, '#title' => t('Clear current password'), - ); + ); } // SUBMIT $form['config_name'] = array( '#type' => 'hidden', '#value' => $ldap_name, - ); - + ); + $form['buttons']['submit'] = array( '#type' => 'submit', '#value' => 'Update' ); - - return $form; + + return $form; } else { - drupal_goto('admin/settings/ldapdata'); + $form_state['redirect'] = 'admin/settings/ldapdata'; } -} +} function theme_ldapdata_admin_edit($form) { - + $output = ''; $rows = array(); foreach (element_children($form) as $element) { @@ -330,13 +344,13 @@ foreach (element_children($form['ldap_editable_attributes']['ldap_attr_table']) as $key) { $row = array(); $row[] = drupal_render($form['ldap_editable_attributes']['ldap_attr_table'][$key]); - $row[] = drupal_render($form['ldap_editable_attributes']['ro_status'][$key]); - $row[] = drupal_render($form['ldap_editable_attributes']['rw_status'][$key]); - $rows[] = $row; + $row[] = drupal_render($form['ldap_editable_attributes']['ro_status'][$key]); + $row[] = drupal_render($form['ldap_editable_attributes']['rw_status'][$key]); + $rows[] = $row; } - $form['ldap_editable_attributes']['#children'] .= drupal_render($form['ldap_editable_attributes']['ldap_message']); + $form['ldap_editable_attributes']['#children'] .= drupal_render($form['ldap_editable_attributes']['ldap_message']); $form['ldap_editable_attributes']['#children'] .= theme('table', $form['ldap_editable_attributes']['header']['#value'], $rows); - $output .= drupal_render($form['ldap_editable_attributes']); + $output .= drupal_render($form['ldap_editable_attributes']); } else { $output .= drupal_render($form[$element]); @@ -344,103 +358,104 @@ } $output .= drupal_render($form); - + return $output; - -} -function ldapdata_admin_edit_submit($form_id, $form_values) { +} - $config_name = $form_values['config_name']; +function ldapdata_admin_edit_submit($form, &$form_state) { + $config_name = $form_state['values']['config_name']; // Attribute Mapping - $attr_mapping_access = $form_values['ldap_attr_mapping']; - + $attr_mapping_access = $form_state['values']['ldap_attr_mapping']; + $attr_mappings['access'] = $attr_mapping_access; - - if ($attr_mapping_access >=4 ) { - foreach (element_children($form_values) as $attr) { - if (preg_match("/ldap_amap/", $attr) && $form_values[$attr]) { + + if ($attr_mapping_access >=4 ) { + foreach (element_children($form_state['values']) as $attr) { + if (preg_match("/ldap_amap/", $attr) && $form_state['values'][$attr]) { // match found - $attr_mappings[$attr] = $form_values[$attr]; + $attr_mappings[$attr] = $form_state['values'][$attr]; } - } + } } $serialized_data = serialize($attr_mappings); // Attribute Access Control - $ro_tmp = array_filter($form_values['ldap_editable_attributes']['ro_status']); - + $ro_tmp = array_filter($form_state['values']['ldap_editable_attributes']['ro_status']); + if (!empty($ro_tmp)) { foreach ($ro_tmp as $ro_attr) { $ro_attrs[] = $ro_attr; } $serialized_ro_attrs = serialize($ro_attrs); } - - $rw_tmp = array_filter($form_values['ldap_editable_attributes']['rw_status']); + + $rw_tmp = array_filter($form_state['values']['ldap_editable_attributes']['rw_status']); if (!empty($rw_tmp)) { foreach ($rw_tmp as $rw_attr) { $rw_attrs[] = $rw_attr; } $serialized_rw_attrs = serialize($rw_attrs); } - - if ( !$form_values['ldapdata_bindpw_clear'] && $form_values['ldapdata_bindpw']) { - db_query("UPDATE {ldapauth} SET ldapdata_mappings = '%s', ldapdata_roattrs = '%s', ldapdata_rwattrs = '%s', ldapdata_binddn = '%s', ldapdata_bindpw = '%s', ldapdata_bindpw_clear = '%d' WHERE name = '%s'", $serialized_data, $serialized_ro_attrs, $serialized_rw_attrs, $form_values['ldapdata_binddn'], $form_values['ldapdata_bindpw'], $form_values['ldapdata_bindpw_clear'], $config_name); + + if ( !$form_state['values']['ldapdata_bindpw_clear'] && $form_state['values']['ldapdata_bindpw']) { + db_query("UPDATE {ldapauth} SET ldapdata_mappings = '%s', ldapdata_roattrs = '%s', ldapdata_rwattrs = '%s', ldapdata_binddn = '%s', ldapdata_bindpw = '%s', ldapdata_bindpw_clear = '%d' WHERE name = '%s'", $serialized_data, $serialized_ro_attrs, $serialized_rw_attrs, $form_state['values']['ldapdata_binddn'], $form_state['values']['ldapdata_bindpw'], $form_state['values']['ldapdata_bindpw_clear'], $config_name); } else { // set the clear password switch - db_query("UPDATE {ldapauth} SET ldapdata_mappings = '%s', ldapdata_roattrs = '%s', ldapdata_rwattrs = '%s', ldapdata_binddn = '%s', ldapdata_bindpw_clear = '%d' WHERE name = '%s'", $serialized_data, $serialized_ro_attrs, $serialized_rw_attrs, $form_values['ldapdata_binddn'], $form_values['ldapdata_bindpw_clear'], $config_name); + db_query("UPDATE {ldapauth} SET ldapdata_mappings = '%s', ldapdata_roattrs = '%s', ldapdata_rwattrs = '%s', ldapdata_binddn = '%s', ldapdata_bindpw_clear = '%d' WHERE name = '%s'", $serialized_data, $serialized_ro_attrs, $serialized_rw_attrs, $form_state['values']['ldapdata_binddn'], $form_state['values']['ldapdata_bindpw_clear'], $config_name); } - - return 'admin/settings/ldapdata/edit/'.$config_name; -} + + return 'admin/settings/ldapdata/edit/'. $config_name; +} /** * Implements hook_categories(); */ function ldapdata_user_categories(&$user) { $ret = null; - // we do this as opposed to calling _ldapdata_ldap_info() to save on the multiple sql queries - $result = db_fetch_array(db_query("SELECT ldapdata_mappings, ldapdata_rwattrs FROM {ldapauth} WHERE name = '%s'", $user->ldap_config)); - $mappings = unserialize($result['ldapdata_mappings']); - $mapping_type = $mappings['access']; - - $rwattrs = $result['ldapdata_rwattrs']; - - if (($mapping_type == LDAP_MAP_ATTRIBUTES) && (!empty($rwattrs)) && arg(2) == 'edit') { - $ret = array( - array( - 'name' => LDAP_CATEGORY_USER_DATA, - 'title' => LDAP_USER_DATA_EDIT_TAB, - 'weight' => 50 - ) - ); + if (property_exists($user, 'ldap_config')) { + // we do this as opposed to calling _ldapdata_ldap_info() to save on the multiple sql queries + $result = db_fetch_array(db_query("SELECT ldapdata_mappings, ldapdata_rwattrs FROM {ldapauth} WHERE name = '%s'", $user->ldap_config)); + $mappings = unserialize($result['ldapdata_mappings']); + $mapping_type = $mappings['access']; + + $rwattrs = $result['ldapdata_rwattrs']; + + if (($mapping_type == LDAP_MAP_ATTRIBUTES) && (!empty($rwattrs)) && arg(2) == 'edit') { + $ret = array( + array( + 'name' => LDAP_CATEGORY_USER_DATA, + 'title' => LDAP_USER_DATA_EDIT_TAB, + 'weight' => 50 + ) + ); + } } - return $ret; + return $ret; } /** * Only used for editable LDAP attributes with no Drupal equivalents */ function ldapdata_user_form(&$user, $category) { - global $ldap_attributes, $ldapdata_ldap; + global $_ldap_attributes, $_ldapdata_ldap; $mapping_type = _ldapdata_ldap_info($user, 'mapping_type'); $attributes = _ldapdata_ldap_info($user, 'ldapdata_rwattrs'); - if ((!$user->ldap_dn) || + if ((!$user->ldap_dn) || ($category != LDAP_CATEGORY_USER_DATA) || - ($mapping_type != LDAP_MAP_ATTRIBUTES) || + ($mapping_type != LDAP_MAP_ATTRIBUTES) || (!$attributes)) { - return null; + return null; } - - $bind_info = _ldapdata_edition($user); - if (!$ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { - watchdog('user', "User form: user $user->name's data could not be read in the LDAP directory", WATCHDOG_WARNING); + + $bind_info = _ldapdata_edition($user); + if (!$_ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { + watchdog('user', "User form: user @user data could not be read in the LDAP directory", array('@user' => $user->name), WATCHDOG_WARNING); return; } - - $entry = $ldapdata_ldap->retrieveAttributes($user->ldap_dn); + + $entry = $_ldapdata_ldap->retrieveAttributes($user->ldap_dn); $output = ''; $form['ldap_attributes'] = array( @@ -450,72 +465,70 @@ foreach ($attributes as $attribute) { - $attr_info = $ldap_attributes[$attribute]; + $attr_info = $_ldap_attributes[$attribute]; if ($attr_info) { array_shift($attr_info); $value = $entry[strtolower($attribute)][0]; $form['ldap_attributes'][$attribute] = _ldapdata_attribute_form($attribute, $value, $attr_info); } } - - $ldapdata_ldap->disconnect(); - - return $form; + + $_ldapdata_ldap->disconnect(); + + return $form; } function ldapdata_user_load(&$user) { - global $ldapdata_ldap; - + global $_ldapdata_ldap; + // setup the global $ldapdata_ldap object if (!_ldapdata_ldap_init($user)) { return; } - + $mapping_type = _ldapdata_ldap_info($user, 'mapping_type'); // See http://drupal.org/node/91786 about user_node() // User can be edited by the user or by other authorized users. - + if ((!$user->ldap_authentified) || ($mapping_type == LDAP_MAP_NOTHING)) { return; } - - $bind_info = _ldapdata_edition($user); - if (!$ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { - watchdog('user', "User load: user $user->name's data could not be read in the LDAP directory", WATCHDOG_WARNING); + + $bind_info = _ldapdata_edition($user); + if (!$_ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { + watchdog('user', "User load: user @user data could not be read in the LDAP directory", array('@user' => $user->name), WATCHDOG_WARNING); return; } - $entry = $ldapdata_ldap->retrieveAttributes($user->ldap_dn); - if ($entry) { + $entry = $_ldapdata_ldap->retrieveAttributes($user->ldap_dn); + if ($entry) { $ldap_drupal_mappings = array_flip(_ldapdata_reverse_mappings($user->ldap_config)); foreach ($ldap_drupal_mappings as $ldap_attr => $drupal_field) { - if (isset($user->$drupal_field) && $ldap_attr && $drupal_field != 'access') { + if (isset($user->$drupal_field) && $ldap_attr && $drupal_field != 'access') { if ($drupal_field != 'pass') { $user->$drupal_field = $entry[strtolower($ldap_attr)][0]; } } } - ldapdata_user_profile_load($user); + ldapdata_user_profile_load($user); } - $ldapdata_ldap->disconnect(); + $_ldapdata_ldap->disconnect(); } - - function ldapdata_user_profile_load(&$user) { - global $ldapdata_ldap; + global $_ldapdata_ldap; $ldap_drupal_reverse_mappings = _ldapdata_reverse_mappings($user->ldap_config); - $ldap_drupal_mappings = array_flip($ldap_drupal_reverse_mappings); + $ldap_drupal_mappings = array_flip($ldap_drupal_reverse_mappings); // Retrieve profile fields list $profile_fields = _ldapdata_retrieve_profile_fields(); // compare against mapped fields list $writeout = array(); - $entry = $ldapdata_ldap->retrieveAttributes($user->ldap_dn); + $entry = $_ldapdata_ldap->retrieveAttributes($user->ldap_dn); foreach ($profile_fields as $key => $field ) { if (in_array($key, $ldap_drupal_mappings)) { $writeout[$field] = $entry[strtolower($ldap_drupal_reverse_mappings[$key])][0]; @@ -538,32 +551,32 @@ } function ldapdata_user_login(&$user) { - global $ldapdata_ldap; - + global $_ldapdata_ldap; + // The whole point of implementing this hook is getting the // e-mail address written to the DB as soon as possible. // This is because it could not be written along with the rest // of the user info when the user was first created in // _ldapauth_ldap_login at the ldapauth module - - $mapping_type = _ldapdata_ldap_info($user, 'mapping_type'); - if ((!$user->ldap_authentified) || ($mapping_type = LDAP_MAP_NOTHING)) { + + $mapping_type = _ldapdata_ldap_info($user, 'mapping_type'); + if ((!$user->ldap_authentified) || ($mapping_type = LDAP_MAP_NOTHING)) { return; - } + } - $bind_info = _ldapdata_edition($user); - if (!$ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { - watchdog('user', "User login: user $user->name's data could not be read in the LDAP directory", WATCHDOG_WARNING); + $bind_info = _ldapdata_edition($user); + if (!$_ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { + watchdog('user', "User login: user @user data could not be read in the LDAP directory", array('@user' => $user->name), WATCHDOG_WARNING); return; } - $entry = $ldapdata_ldap->retrieveAttributes($user->ldap_dn); - $ldapdata_ldap->disconnect(); + $entry = $_ldapdata_ldap->retrieveAttributes($user->ldap_dn); + $_ldapdata_ldap->disconnect(); $d2l_mappings = _ldapdata_reverse_mappings($user->ldap_config); if (isset($d2l_mappings['mail'])) { - $mail_attr = strtolower($d2l_mappings['mail']); + $mail_attr = drupal_strtolower($d2l_mappings['mail']); $mail = $entry[$mail_attr][0]; if ($mail != $user->mail) { user_save($user, array('mail' => $mail)); @@ -572,8 +585,8 @@ } function ldapdata_user_update(&$edit, &$user, $category) { - global $ldapdata_ldap; - + global $_ldapdata_ldap; + if (!$user->ldap_authentified) { return; } @@ -586,7 +599,7 @@ $writeout = array(); // So, case 1 - $editables = _ldapdata_ldap_info($user, 'ldapdata_rwattrs'); + $editables = _ldapdata_ldap_info($user, 'ldapdata_rwattrs'); if ($category == LDAP_CATEGORY_USER_DATA && $editables) { $writeout = array_merge($writeout, ldapdata_user_update_ldap_attributes($edit, $user)); } @@ -598,24 +611,23 @@ // And now, case 4 $writeout = array_merge($writeout, ldapdata_user_update_profile($edit, $user)); if ($writeout) { - $bind_info = _ldapdata_edition($user); - if (!$ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { - watchdog('user', "User update: user $user->name's data could not be updated in the LDAP directory", WATCHDOG_NOTICE); + $bind_info = _ldapdata_edition($user); + if (!$_ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { + watchdog('user', "User update: user @user data could not be updated in the LDAP directory", array('@user' => $user->name), WATCHDOG_NOTICE); return; } - - $ldapdata_ldap->writeAttributes($user->ldap_dn, $writeout); - } - $ldapdata_ldap->disconnect(); + $_ldapdata_ldap->writeAttributes($user->ldap_dn, $writeout); + $_ldapdata_ldap->disconnect(); + } } function ldapdata_user_update_ldap_attributes(&$edit, &$user) { - global $ldapdata_ldap; + global $_ldapdata_ldap; $writeout = array(); - - $editables = _ldapdata_ldap_info($user, 'ldapdata_rwattrs'); - + + $editables = _ldapdata_ldap_info($user, 'ldapdata_rwattrs'); + foreach ($edit as $edit_attr => $edit_val) { // Preventing a POST data injection: we check allowance to write value. if (array_search($edit_attr, $editables) !== FALSE) { @@ -629,13 +641,13 @@ function ldapdata_user_update_drupal_account(&$edit, &$user) { $ldap_config_name = $user->ldap_config; - + // we do this as opposed to calling _ldapdata_ldap_info() to save on the multiple sql queries $result = db_fetch_array(db_query("SELECT ldapdata_mappings, encrypted FROM {ldapauth} WHERE name = '%s'", $ldap_config_name)); $mappings = unserialize($result['ldapdata_mappings']); $mapping_type = $mappings['access']; $encr = $result['encrypted']; - + $account_updated_in_ldap = ($mapping_type == LDAP_MAP_ATTRIBUTES); $writeout = array(); @@ -647,7 +659,7 @@ if ($ldap_attr) { if ($key == 'pass') { if ($value) { - $pw = $encr ? '{md5}' . base64_encode(pack('H*', md5($value))) : $value; + $pw = $encr ? '{md5}'. base64_encode(pack('H*', md5($value))) : $value; $writeout[$ldap_attr] = $pw; } @@ -657,7 +669,8 @@ if (variable_get('ldap_login_process', LDAP_FIRST_LDAP) == LDAP_FIRST_LDAP) { $edit['pass'] = null; } - } else { + } + else { $writeout[$ldap_attr] = $value; } } @@ -667,7 +680,7 @@ } function ldapdata_user_update_profile(&$edit, &$user) { - $mapping_type = _ldapdata_ldap_info($user, 'mapping_type'); + $mapping_type = _ldapdata_ldap_info($user, 'mapping_type'); if ($mapping_type != LDAP_MAP_ATTRIBUTES) { return array(); } @@ -688,33 +701,33 @@ } function ldapdata_user_view(&$user) { - global $ldapdata_ldap, $ldap_attributes; + global $_ldapdata_ldap, $_ldap_attributes; if (!$user->ldap_authentified) { return; } - $bind_info = _ldapdata_edition($user); - if (!$ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { - watchdog('user', "User view: user $user->name's data could not be read in the LDAP directory", WATCHDOG_WARNING); + $bind_info = _ldapdata_edition($user); + if (!$_ldapdata_ldap->connect($bind_info[0], $bind_info[1])) { + watchdog('user', "User view: user @user data could not be read in the LDAP directory", array('@user' => $user->name), WATCHDOG_WARNING); return; } - $entry = $ldapdata_ldap->retrieveAttributes($user->ldap_dn); + $entry = $_ldapdata_ldap->retrieveAttributes($user->ldap_dn); $ret = array(); - + $allowed_attrs = _ldapdata_ldap_info($user, 'ldapdata_roattrs'); if ($allowed_attrs) { - foreach($allowed_attrs as $attribute) { + foreach ($allowed_attrs as $attribute) { $item = array(); - $item['title'] = $ldap_attributes[$attribute][2]; - $item['value'] = theme('ldapdata_ldap_attribute', $entry[strtolower($attribute)][0], $ldap_attributes[$attribute][0]); + $item['title'] = $_ldap_attributes[$attribute][2]; + $item['value'] = theme('ldapdata_ldap_attribute', $entry[strtolower($attribute)][0], $_ldap_attributes[$attribute][0]); $item['class'] = 'attribute'; $ret[LDAP_SETTINGS_GROUP_STRING][] = $item; } } - $ldapdata_ldap->disconnect(); + $_ldapdata_ldap->disconnect(); return $ret; } @@ -722,12 +735,12 @@ /********************************* * 3. Auxiliary functions * - *********************************/ + * ***************************** */ -function _ldapdata_attribute_form($attrname, $value, $info) { +function _ldapdata_attribute_form($attrname, $value, $info) { $type = array_shift($info); - switch($type) { + switch ($type) { case 'textfield': $form = array( '#type' => 'textfield', @@ -768,12 +781,12 @@ function _ldapdata_retrieve_standard_user_fields() { - // pablom - + // pablom - // This commented code below would return all possible values, // but maybe that's not appropriate. // // $result = db_query('SHOW COLUMNS FROM {users}'); - // + // // $fields = array(); // while ($row = db_fetch_object($result)) { // $fields[] = $row->Field; @@ -785,15 +798,15 @@ $fields['pass'] = 'pass'; $fields['signature'] = 'signature'; - return $fields; + return $fields; } function _ldapdata_reverse_mappings($config) { - + $ret = array(); $result = db_fetch_array(db_query("SELECT ldapdata_mappings FROM {ldapauth} WHERE name = '%s'", $config)); $mappings = unserialize($result['ldapdata_mappings']); - + if (is_array($mappings)) { foreach ($mappings as $key => $value) { $drupal_key = preg_replace('/^ldap_amap-(.*)$/', '$1', $key); @@ -807,14 +820,14 @@ } -function _ldapdata_edition(&$user) { +function _ldapdata_edition(&$user) { $ldap_config_name = $user->ldap_config; - $ret[] = array('',''); - + $ret[] = array('', ''); + $result = db_fetch_array(db_query("SELECT ldapdata_binddn, ldapdata_bindpw FROM {ldapauth} WHERE name = '%s'", $ldap_config_name)); $dn = $result['ldapdata_binddn']; $pass = $result['ldapdata_bindpw']; - + if ($dn) { $ret[0] = $dn; } @@ -826,24 +839,24 @@ $ret[1] = $pass; } else { - $ret[1] = isset($_SESSION['ldap_login']['pass']) ? $_SESSION['ldap_login']['pass'] : ''; + $ret[1] = isset($_SESSION['ldap_login']['pass']) ? $_SESSION['ldap_login']['pass'] : ''; } - - return $ret; - + + return $ret; + } function _ldapdata_ldap_info(&$user, $req ) { $ldap_config_name = $user->ldap_config; $ret = null; - + if (!$ldap_config_name) { $ret = null; } - $result = db_fetch_array(db_query("SELECT * FROM {ldapauth} WHERE name = '%s'", $ldap_config_name)); - + $result = db_fetch_array(db_query("SELECT * FROM {ldapauth} WHERE name = '%s'", $ldap_config_name)); + switch ($req) { case 'mapping_type': $mappings = unserialize($result['ldapdata_mappings']); @@ -859,7 +872,7 @@ $ret = $result['ldapdata_binddn']; break; case 'ldapdata_bindpw': - $ret = $result['ldapdata_bindpw']; + $ret = $result['ldapdata_bindpw']; break; case 'encrypted': $ret = $result['encrypted']; @@ -868,36 +881,37 @@ $ret = null; break; } - + return $ret; } function _ldapdata_ldap_init(&$user) { - global $ldapdata_ldap; - if ($row = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE status = '%s' AND name = '%s'", 1, $user->ldap_config))) { - $ldapdata_ldap = new LDAPInterface(); - $ldapdata_ldap->setOption('name', $row->name); - $ldapdata_ldap->setOption('server', $row->server); - $ldapdata_ldap->setOption('port', $row->port); - $ldapdata_ldap->setOption('tls', $row->tls); - $ldapdata_ldap->setOption('encrypted', $row->encrypted); - $ldapdata_ldap->setOption('basedn', $row->basedn); - $ldapdata_ldap->setOption('user_attr', $row->user_attr); - return $ldapdata_ldap; + global $_ldapdata_ldap; + if (property_exists($user, "ldap_config") && + $row = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE status = '%s' AND name = '%s'", 1, $user->ldap_config))) { + $_ldapdata_ldap = new LDAPInterface(); + $_ldapdata_ldap->setOption('name', $row->name); + $_ldapdata_ldap->setOption('server', $row->server); + $_ldapdata_ldap->setOption('port', $row->port); + $_ldapdata_ldap->setOption('tls', $row->tls); + $_ldapdata_ldap->setOption('encrypted', $row->encrypted); + $_ldapdata_ldap->setOption('basedn', $row->basedn); + $_ldapdata_ldap->setOption('user_attr', $row->user_attr); + return $_ldapdata_ldap; } else { return; - } + } } /********************************* * 4. Themes * - *********************************/ + * ***************************** */ function theme_ldapdata_ldap_attribute($value, $type) { - switch($type) { + switch ($type) { case 'url': $ret = strpos($value, '://') ? $value : "http://$value"; $ret = "$ret"; @@ -911,5 +925,3 @@ return $ret; } - -?> \ No newline at end of file diff --exclude=.svn -urN ldap_integration.orig/ldapgroups.info ldap_integration/ldapgroups.info --- ldap_integration.orig/ldapgroups.info 2008-05-10 14:04:37.000000000 +0200 +++ ldap_integration/ldapgroups.info 2008-06-27 07:53:18.000000000 +0200 @@ -1,11 +1,12 @@ -; $Id: ldapgroups.info,v 1.1.2.3 2008/04/17 04:32:13 scafmac Exp $ +; $Id: ldapgroups.info,v 1.3 2007/02/11 01:28:03 kreaper Exp $ name = ldapgroups description = "Integrated LDAP Groups with Drupal Roles" package = Administration -dependencies = ldapauth +dependencies[] = ldapauth +core = 6.x -; Information added by drupal.org packaging script on 2008-05-10 -version = "5.x-1.x-dev" +; Information added by drupal.org packaging script on 2007-08-23 +version = "6.x-1.x-dev" project = "ldap_integration" -datestamp = "1210421077" +datestamp = "1187828108" diff --exclude=.svn -urN ldap_integration.orig/ldapgroups.install ldap_integration/ldapgroups.install --- ldap_integration.orig/ldapgroups.install 2007-05-20 03:28:25.000000000 +0200 +++ ldap_integration/ldapgroups.install 2008-06-27 08:43:39.000000000 +0200 @@ -1,48 +1,67 @@ 'int', + 'not null' => TRUE, + 'default' => '0')); + db_add_field($ret, 'ldapauth', 'ldap_groups_in_dn_desc', array( + 'type' => 'int', + 'not null' => TRUE, + 'default' => '0')); + db_add_field($ret, 'ldapauth', 'ldap_group_dn_attribute', array( + 'type' => 'varchar', + 'not null' => TRUE, + 'length' => 255, + 'default' => '')); + db_add_field($ret, 'ldapauth', 'ldap_group_attr', array( + 'type' => 'varchar', + 'not null' => TRUE, + 'length' => 255, + 'default' => '')); + db_add_field($ret, 'ldapauth', 'ldap_groups_in_attr', array( + 'type' => 'int', + 'not null' => TRUE, + 'default' => '0')); + db_add_field($ret, 'ldapauth', 'ldap_groups_as_entries', array( + 'type' => 'int', + 'not null' => TRUE, + 'default' => '0')); + db_add_field($ret, 'ldapauth', 'ldap_group_entries', array( + 'type' => 'varchar', + 'not null' => TRUE, + 'length' => 255, + 'default' => '')); + db_add_field($ret, 'ldapauth', 'ldap_group_entries_attribute', array( + 'type' => 'varchar', + 'not null' => TRUE, + 'length' => 255, + 'default' => '')); + + return $ret; } /** * Implementation of hook_uninstall(). */ function ldapgroups_uninstall() { - db_query("ALTER TABLE {ldapauth} DROP COLUMN ldap_groups_in_dn"); - db_query("ALTER TABLE {ldapauth} DROP COLUMN ldap_groups_in_dn_desc"); - db_query("ALTER TABLE {ldapauth} DROP COLUMN ldap_group_dn_attribute"); - db_query("ALTER TABLE {ldapauth} DROP COLUMN ldap_group_attr"); - db_query("ALTER TABLE {ldapauth} DROP COLUMN ldap_groups_in_attr"); - db_query("ALTER TABLE {ldapauth} DROP COLUMN ldap_groups_as_entries"); - db_query("ALTER TABLE {ldapauth} DROP COLUMN ldap_group_entries"); - db_query("ALTER TABLE {ldapauth} DROP COLUMN ldap_group_entries_attribute"); -} \ No newline at end of file + $ret = array(); + db_drop_field($ret, 'ldapauth', 'ldap_groups_in_dn'); + db_drop_field($ret, 'ldapauth', 'ldap_groups_in_dn_desc'); + db_drop_field($ret, 'ldapauth', 'ldap_group_dn_attribute'); + db_drop_field($ret, 'ldapauth', 'ldap_group_attr'); + db_drop_field($ret, 'ldapauth', 'ldap_groups_in_attr'); + db_drop_field($ret, 'ldapauth', 'ldap_groups_as_entries'); + db_drop_field($ret, 'ldapauth', 'ldap_group_entries'); + db_drop_field($ret, 'ldapauth', 'ldap_group_entries_attribute'); + return $ret; +} diff --exclude=.svn -urN ldap_integration.orig/ldapgroups.module ldap_integration/ldapgroups.module --- ldap_integration.orig/ldapgroups.module 2008-05-10 04:19:53.000000000 +0200 +++ ldap_integration/ldapgroups.module 2008-07-10 10:55:30.000000000 +0200 @@ -1,5 +1,10 @@ 'admin/settings/ldapgroups', - 'title' => t('LDAP Groups'), - 'description' => t('Configure LDAP Groups Settings'), - 'callback' => 'ldapgroups_admin_list', - 'access' => user_access('administer ldap modules'), - ); - $items[] = array( - 'path' => 'admin/settings/ldapgroups/edit', - 'title' => t('LDAP Groups'), - 'callback' => 'drupal_get_form', - 'callback arguments' => array('ldapgroups_admin_edit'), + $items['admin/settings/ldapgroups'] = array( + 'title' => 'LDAP Groups', + 'description' => 'Configure LDAP Groups Settings', + 'page callback' => 'ldapgroups_admin_list', + 'access arguments' => array('administer ldap modules'), + ); + $items['admin/settings/ldapgroups/edit'] = array( + 'title' => 'LDAP Groups', + 'page callback' => 'drupal_get_form', + 'page arguments' => array('ldapgroups_admin_edit', 3), 'type' => MENU_CALLBACK, 'weight' => 1, - 'access' => user_access('administer ldap modules'), + 'access arguments' => array('administer ldap modules'), ); - $items[] = array( - 'path' => 'admin/settings/ldapgroups/reset', - 'title' => t('LDAP Groups'), - 'callback' => 'drupal_get_form', - 'callback arguments' => array('ldapgroups_admin_edit'), + $items['admin/settings/ldapgroups/reset'] = array( + 'title' => 'LDAP Groups', + 'page callback' => 'drupal_get_form', + 'page arguments' => array('ldapgroups_admin_edit', 3), 'type' => MENU_CALLBACK, 'weight' => 1, - 'access' => user_access('administer ldap modules'), + 'access arguments' => array('administer ldap modules'), ); - } return $items; } -// ldapgroups admin pages - function ldapgroups_admin_list() { $result = db_query("SELECT sid, name FROM {ldapauth} WHERE status = '%s' ORDER BY sid", 1); $rows = array(); while ($row = db_fetch_object($result)) { - $rows[] = array($row->name, l(t('edit'), 'admin/settings/ldapgroups/edit/'.$row->name), l(t('reset'), 'admin/settings/ldapgroups/reset/'.$row->name)); + $rows[] = array($row->name, l(t('edit'), 'admin/settings/ldapgroups/edit/'. $row->name), l(t('reset'), 'admin/settings/ldapgroups/reset/'. $row->name)); } $header = array( @@ -98,12 +94,12 @@ 'data' => t('Operations'), 'colspan' => 2 ) - ); + ); return theme('table', $header, $rows); } -function ldapgroups_admin_edit($ldap_name) { - if ((arg(3) == 'reset') && ($ldap_name != NULL)) { +function ldapgroups_admin_edit($state, $action, $ldap_name) { + if (($action == 'reset') && ($ldap_name != NULL)) { $form['reset_ldap'] = array( '#type' => 'value', '#value' => $ldap_name, @@ -111,80 +107,80 @@ return confirm_form( $form, t('Are you sure you want to reset the groups mapping to defaults ?'), - 'admin/settings/ldapgroups', - t('This action cannot be undone.'), - t('Reset'), + 'admin/settings/ldapgroups', + t('This action cannot be undone.'), + t('Reset'), t('Cancel') ); } - elseif ((arg(3) == 'edit') && ($ldap_name != NULL)) { + elseif (($action == 'edit') && ($ldap_name != NULL)) { $edit = db_fetch_array(db_query("SELECT ldap_groups_in_dn, ldap_groups_in_dn_desc, ldap_group_dn_attribute, ldap_groups_in_attr, ldap_group_attr, ldap_groups_as_entries, ldap_group_entries, ldap_group_entries_attribute FROM {ldapauth} WHERE name = '%s'", $ldap_name)); - $form['server-settings']['ldap_groups_in_dn'] = array( - '#type' => 'checkbox', - '#title' => t('Group is specified in user\'s DN'), + $form['server-settings']['ldap_groups_in_dn'] = array( + '#type' => 'checkbox', + '#title' => t('Group is specified in user\'s DN'), '#default_value' => $edit['ldap_groups_in_dn'], - '#prefix' => '