If I chose that the drupal account fields should be mapped the same as the LDAP attributes, BUT as read-only,
the profile fields should be shown as disabled.

Why?
I have users who sign in with the drupal authentication, they should have the possibility to fill in the profile fields themselves.
The LDAP authenticated users have these fields filled in with LDAP data and may not have the possibility to edit those fields (this is possible now, and it uses the manually filled in values as long he is logged in)

Where can/should I change this in order to disable the fields for the LDAP authenticated users?

thx in advance.

CommentFileSizeAuthor
#3 ldapdata_disable_profile_fields.patch1.92 KBmsonnabaum

Comments

thierry.beeckmans’s picture

thierry.beeckmans commented

I changed some code within the ldapdata.module in order to disable the profiles fields for users who authenticate with LDAP.
The code could use some cleaning, but it works (didn't bump into any problems yet).
Please try it and maybe implement it ;-)

/**
 * Only used for editable LDAP attributes with no Drupal equivalents
 */
function ldapdata_user_form(&$user, $category) {
  global $ldap_attributes, $ldapdata_ldap;
  $mapping_type = _ldapdata_ldap_info($user, 'mapping_type');
  $attributes = _ldapdata_ldap_info($user, 'ldapdata_rwattrs');
  
  if ($user->ldap_dn) {
  	 switch ($mapping_type) {
  	 	case LDAP_MAP_ATTRIBUTES_READ_ONLY:
		   $result = _profile_get_fields($category, $register);
		   while ($field = db_fetch_object($result)) {
		     $category = $field->category;
		     switch ($field->type) {
		       default:
		         $form[$category][$field->name] = array(
		           '#disabled' => TRUE,
		           '#required' => FALSE,
		         );
		         break;
		     }
		   }
  	 		return $form;
  	 		break;
  	 	case LDAP_MAP_ATTRIBUTES:
  	 		if ($category != LDAP_CATEGORY_USER_DATA || !$attributes) {
		     break;
		   } else {
			  $bind_info = _ldapdata_edition($user);  
			  if (!$ldapdata_ldap->connect($bind_info[0], $bind_info[1])) {
			    watchdog('user', "User form: user $user->name's data could not be read in the LDAP directory", WATCHDOG_WARNING);
			    return;
			  }
			  
			  $entry = $ldapdata_ldap->retrieveAttributes($user->ldap_dn);
			
			  $output = '';
			  $form['ldap_attributes'] = array(
			    '#title' => LDAP_SETTINGS_GROUP_STRING,
			    '#type' => 'fieldset',
			    );
			
			  foreach ($attributes as $attribute) {
			
			    $attr_info = $ldap_attributes[$attribute];
			    if ($attr_info) {
			      array_shift($attr_info);
			      $value = $entry[strtolower($attribute)][0];
			      $form['ldap_attributes'][$attribute] = _ldapdata_attribute_form($attribute, $value, $attr_info);
			    }
			  }
			  
			  $ldapdata_ldap->disconnect();
		   }
		   return $form;
  	 		break;
  	 	default:
  	 		break;
  	 }
  }
  return null;
}
thierry.beeckmans’s picture

thierry.beeckmans commented
Status: Active » Needs review
msonnabaum’s picture

msonnabaum commented
Category: support » feature
StatusFileSize
new ldapdata_disable_profile_fields.patch1.92 KB

I'm also having this problem. If you've got some profile fields that are being mapped (in read only mode), and some that are not, its very confusing to the user since it looks like all of them are editable.

I've created a patch that disables these fields using hook_form_alter rather than the method above.

Working well so far for me.

megan_m’s picture

megan_m commented

Subscribing... would the above patch work in Drupal 6 ? Any chance that someone would be able to create a patch for 6?

johnbarclay’s picture

johnbarclay commented
Status: Needs review » Closed (won't fix)

Closing 5.x issues to clean out issue queue.