Skip to content
Snippets Groups Projects
Commit 1b70c333 authored by John Barclay's avatar John Barclay
Browse files

no message

parent df52d9ce
No related branches found
No related tags found
No related merge requests found
<?php
// $Id$
/**
......@@ -98,7 +98,7 @@ function ldap_developer_clean_slate($op = 'repopulate', $redirect = NULL) {
}
function ldap_developer_modules() {
return array('ldap_api_temp', 'ldap_servers', 'ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role');
return array('ldap_servers', 'ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role');
}
function ldap_developer_reset_config($op = NULL, $redirect = NULL) {
......@@ -125,6 +125,118 @@ function ldap_developer_reset_config($op = NULL, $redirect = NULL) {
*
*/
function ldap_developer_populate_config($module, $op = NULL) {
drupal_set_message('Populated Config Data: '. $module .", op=$op", 'status');
switch ($module) {
case 'ldap_servers':
require_once(drupal_get_path('module', 'ldap_servers').'/ldap_servers.module');
variable_set('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_BLOWFISH);
variable_set('ldap_servers_require_ssl_for_credentails', TRUE);
require_once(drupal_get_path('module', 'ldap_servers').'/ldap_servers.module');
require_once(drupal_get_path('module', 'ldap_servers') .'/LdapServerAdmin.class.php');
$ldap_server = new LdapServerAdmin('uiuc_ad');
// print $ldap_server->inDatabase; die;
if ((!$ldap_server->inDatabase) || $op == 'overwrite') {
$ldap_server->name = 'UIUC AD';
$ldap_server->type = 'ad';
$ldap_server->status = 1;
$ldap_server->address ='ad.uiuc.edu';
$ldap_server->port = 389;
$ldap_server->tls = FALSE;
$ldap_server->basedn = array('ou=campus accounts,dc=ad,dc=uiuc,dc=edu','ou=education,dc=ad,dc=uiuc,dc=edu');
$ldap_server->binddn = NULL;
$ldap_server->bindpw_new = NULL;
$ldap_server->user_attr = 'sAMAccountName';
$ldap_server->mail_attr = 'mail';
$ldap_server->ldapToDrupalUserPhp = NULL;
$ldap_server->testingDrupalUsername = 'jbarclay';
$op = ($ldap_server->inDatabase) ? 'update' : 'insert';
$ldap_server->save($op);
}
break;
case 'ldap_authentication':
require_once(drupal_get_path('module', 'ldap_authentication').'/ldap_authentication.module');
require_once(drupal_get_path('module', 'ldap_authentication') .'/LdapAuthenticationConfAdmin.class.php');
$ldap_authentication_conf = new LdapAuthenticationConfAdmin();
if ((! $ldap_authentication_conf->inDatabase) || $op == 'overwrite') { // only populate if already uninstalled
$ldap_authentication_conf->sids = array('uiuc_ad');
$ldap_authentication_conf->authenticationMode = LDAP_AUTHENTICATION_MIXED; // LDAP_AUTHENTICATION_MIXED or LDAP_AUTHENTICATION_EXCLUSIVE
$ldap_authentication_conf->logonFormHideResetPassword = TRUE;
$ldap_authentication_conf->logonFormHideCreateAccount = TRUE;
$ldap_authentication_conf->loginConflictResolve = LDAP_AUTHENTICATION_CONFLICT_LOG; //LDAP_AUTHENTICATION_CONFLICT_LOG or LDAP_AUTHENTICATION_CONFLICT_RESOLVE
$ldap_authentication_conf->allowOnlyIfTextInDn = array('jbarclay');
$ldap_authentication_conf->excludeIfTextInDn = array('ou=evil', 'ou=bad');
$ldap_authentication_conf->allowTestPhp = NULL;
$ldap_authentication_conf->ldapUsersRequireAdminApproval = FALSE;
$ldap_authentication_conf->ldapUsersDontCreateAutomatically = FALSE;
$ldap_authentication_conf->emailOption = LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE; // LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE or LDAP_AUTHENTICATION_EMAIL_ALLOW_DRUPAL_EMAIL or LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE
$ldap_authentication_conf->save();
}
break;
case 'ldap_authorization':
require_once(drupal_get_path('module', 'ldap_authorization').'/ldap_authorization.module');
require_once(drupal_get_path('module', 'ldap_authorization_drupal_role').'/ldap_authorization_drupal_role.module');
require_once(drupal_get_path('module', 'ldap_authorization') .'/LdapAuthorizationMappingAdmin.class.php');
// ($_mid, $_new = FALSE, $_sid = NULL, $_consumer_type = NULL, $_consumer_module = NULL)
$ldap_authorization_conf = new LdapAuthorizationMappingAdmin('active_directory', TRUE, 'uiuc_ad', 'drupal_role', 'ldap_authorization_drupal_role');
if ((! $ldap_authorization_conf->inDatabase) || $op == 'overwrite') { // only populate if already uninstalled
$ldap_authorization_conf->sid = 'uiuc_ad';
$ldap_authorization_conf->consumerModule = 'ldap_authorization_drupal_role'; // id of module providing consumer
//$ldap_authorization_conf->consumerType = ;
$ldap_authorization_conf->description = 'AD to Drupal Role Mapping';
$ldap_authorization_conf->status = 1;
$ldap_authorization_conf->onlyApplyToLdapAuthenticated = TRUE;
$ldap_authorization_conf->deriveFromDn = TRUE;
$ldap_authorization_conf->deriveFromDnAttr = 'ou';
$ldap_authorization_conf->deriveFromAttr = TRUE;
$ldap_authorization_conf->deriveFromAttrAttr = array('memberOf');
$ldap_authorization_conf->deriveFromEntry = FALSE;
$ldap_authorization_conf->deriveFromEntryEntries = NULL;
$ldap_authorization_conf->deriveFromEntryAttr = NULL;
$ldap_authorization_conf->mappings = array(
array('CN=ED IT NAG Staff,OU=PeopleGroups,OU=Education,DC=ad,DC=uiuc,DC=edu', 'administrator'),
array('Campus Accounts', 'Campus Accounts'),
array('CN=ED IT NAG Staff,OU=PeopleGroups,OU=Education,DC=ad,DC=uiuc,DC=edu', 'bsides'),
);
$ldap_authorization_conf->synchToLdap = FALSE;
$ldap_authorization_conf->synchOnLogon = TRUE;
$ldap_authorization_conf->synchManually = TRUE;
$ldap_authorization_conf->useMappingsAsFilter = TRUE;
$ldap_authorization_conf->revokeLdapProvisioned = TRUE;
$ldap_authorization_conf->revokeNonLdapProvisioned = FALSE;
$ldap_authorization_conf->regrantLdapProvisioned = TRUE;
$ldap_authorization_conf->createTargets = TRUE;
$ldap_authorization_conf->save();
}
break;
}
}{
drupal_set_message('Populated Config Data: '. $module .", op=$op", 'status');
switch ($module) {
......
http://drupal.org/node/928026
implement with ctools api
- presets could be based on type of ldap server, but probably best to have no presets
==============================
TODOs
==============================
-----------------------------------------------------------------------------
#807418 implement hook_entity_info for user object
-----------------------------------------------------------------------------
In d7, user_load_multiple fires entity_load('user', $uids, $conditions, $reset) which gets its data from entity_get_info which invokes hook_entity_info.
We need to leverage hook_entity_info to provide any user attributes we want in the user object that are not cached or otherwise storable in the user.data array.
http://api.drupal.org/api/function/entity_get_info/7
==============================
REFERENCES
==============================
-----------------------------------------------------------------------------
#809430 d7 workflow and hook notes
-----------------------------------------------------------------------------
===============================
Use Cases and Feature Requests
===============================
----------------------------------------------------------------------------
#807416 fuzzy line between authentication white and black lists and authorization
-----------------------------------------------------------------------------
- allow grant and deny OUs for authentication
- allow base dns for search (we already do this)
- deny allow hook
- executable php code for allow deny.
http://drupal.org/node/224333#php_eval
------------------------------------------------------------------------------
#807394 Storing Users LDAP Passwords
------------------------------------------------------------------------------
Decision: never store in db, encrypted or otherwise
Decision: if demand, implement store in session with 2 way encryption with opt in and lots of warnings and alternatives
------------------------------------------------------------------------------
#968574 Option to prevent new accounts from LDAP from being added to Drupal and have admin approve them
------------------------------------------------------------------------------
in advanced setting and disabled by default:
#256226: Option to prevent new accounts from LDAP from being added to Drupal - option to disallow drupal accounts generated from ldap
#258974: Administrator Approval - option to allow admins to approve drupal user accounts generated from ldap
------------------------------------------------------------------------------
#807388 Prepopulate Users in LDAP Authentication, with ldap auth designation
------------------------------------------------------------------------------
- single function available to other modules
- simple interface in ldap authentication
Flow chart of ldap_authentication logon process:
http://www.gliffy.com/publish/2362004
\ No newline at end of file
ldap_authentication tests
==============================
Uncategorized Tests
==============================
Action: install ldap_authentication
Result: none
Action: Configure ldap_authentication configuration
Assert: LdapAuthenticationConf properties match configuration
Action: instantiate LdapAuthenticationConf and LdapAuthenticationConfAdmin classes
Assert: success
Action: populate LdapAuthenticationConf properties, save, and load
Assert: object has correct properties
Action: populate LdapAuthenticationConfAdmin from form array, save, and load
Assert: object has correct properties
Action: populate LdapAuthenticationConfAdmin from form array with various validation problems
Assert: validation errors thrown
Action: uninstall
Assert: configuration is deleted
==============================
Functional Tests
==============================
binding with service account
binding with user's account
==============================
Unit Tests
==============================
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment