Configure LDAP Groups setting specific to a given LDAP Server or configuration below.
+Sites not using the LDAPauth module for authentication, may want to configure ". + l(t('Use LDAP Groups without LDAP Auth'), "admin/settings/ldap/ldapgroups/woauth/edit") ."
"; + + return t($_intro) . theme('table', $header, $rows); +} + +function ldapgroups_wo_ldapauth_edit(&$form_state, $op) { + + if ($op == 'edit') { + + $edit['ldapgroups_groups_wo_ldapauth'] = variable_get('ldapgroups_groups_wo_ldapauth', FALSE); + $edit['ldapgroups_groups_wo_ldapauth_sid'] = variable_get('ldapgroups_groups_wo_ldapauth_sid', FALSE); + + $rows = array(); + $result = db_query("SELECT sid, name FROM {ldapauth} WHERE status = '1' ORDER BY name"); + $ldapconfs[-1] = 'None Selected'; + while ($row = db_fetch_object($result)) { + $ldapconfs[$row->sid] = $row->name; + } + + $form['groups_wo_ldapauth'] = array( + '#type' => 'fieldset', + '#title' => t('Use LDAP Groups functionality without Authenticating via LDAP'), + '#collapsible' => TRUE, + '#collapsed' => FALSE, + '#description' => 'In this scenario a particular LDAP config below must be used + to determine (1) how a drupal username will map to an LDAP user object and (2) + which LDAP config to query, and (3) how mapping is done.
' + ); + + + $form['groups_wo_ldapauth']['ldapgroups_groups_wo_ldapauth'] = array( + '#type' => 'checkbox', + '#title' => t('Use LDAP Groups functionality without Authenticating via LDAP'), + '#default_value' => $edit['ldapgroups_groups_wo_ldapauth'] + ); + + if (! $edit['ldapgroups_groups_wo_ldapauth_sid'] ) { + $edit['ldapgroups_groups_wo_ldapauth_sid'] = "-1"; + } + $form['groups_wo_ldapauth']['ldapgroups_groups_wo_ldapauth_sid'] = array( + '#type' => 'radios', + '#title' => t('Which LDAP Config to use. One must be selected'), + '#default_value' => $edit['ldapgroups_groups_wo_ldapauth_sid'], + '#options' => $ldapconfs + ); + + $form['submit'] = array( + '#type' => 'submit', + '#value' => t('Update'), + ); + + $form['#validate'][] = '_ldapgroups_wo_ldapauth_validate'; + + return $form; + } + else { + $form_state['redirect'] = 'admin/settings/ldap/ldapgroups'; + //drupal_goto('admin/settings/ldap/ldapgroups'); + } + +} + +function _ldapgroups_wo_ldapauth_validate($form, $form_state) { + + if ($form_state['values']['ldapgroups_groups_wo_ldapauth'] && + ( ! $form_state['values']['ldapgroups_groups_wo_ldapauth_sid'] || + $form_state['values']['ldapgroups_groups_wo_ldapauth_sid'] == "-1" )) { + form_set_error('ldapgroups_groups_wo_ldapauth_sid', + t('"'. $form['groups_wo_ldapauth']['ldapgroups_groups_wo_ldapauth']['#title'] .'" is checked,'.
+ ' but no LDAP Config was selected.'));
+ }
}
/**
+ * Submit hook for the settings form.
+ */
+function ldapgroups_wo_ldapauth_edit_submit($form, &$form_state) {
+ $values = $form_state['values'];
+
+ if ($values['ldapgroups_groups_wo_ldapauth_sid'] == -1) {
+ unset($values['ldapgroups_groups_wo_ldapauth_sid']);
+ }
+ variable_set('ldapgroups_groups_wo_ldapauth', $values['ldapgroups_groups_wo_ldapauth']);
+ variable_set('ldapgroups_groups_wo_ldapauth_sid', $values['ldapgroups_groups_wo_ldapauth_sid']);
+
+ drupal_set_message(t('The configuration options have been saved.'));
+}
+
+
+/**
* Implements the LDAP server edit page.
*
* @param $form_state
@@ -49,6 +138,11 @@ function ldapgroups_admin_list() {
*/
function ldapgroups_admin_edit(&$form_state, $op, $sid) {
+
+ // a static method and constant in ldapgroupconf.class is required for documentation in form
+
+ require_once(drupal_get_path('module', 'ldapgroups') .'/ldapgroupconf.class.php');
+
if (($op == 'reset') && $sid) {
$form['sid'] = array(
'#type' => 'value',
@@ -57,20 +151,24 @@ function ldapgroups_admin_edit(&$form_st
return confirm_form(
$form,
t('Are you sure you want to reset the groups mapping to defaults ?'),
- 'admin/settings/ldapgroups',
+ 'admin/settings/ldap/ldapgroups',
t('This action cannot be undone.'),
t('Reset'),
t('Cancel')
);
}
elseif ($op == 'edit' && $sid) {
- $edit = db_fetch_array(db_query("SELECT ldapgroups_in_dn, ldapgroups_in_dn_desc, ldapgroups_dn_attribute, ldapgroups_in_attr, ldapgroups_attr, ldapgroups_as_entries, ldapgroups_entries, ldapgroups_entries_attribute FROM {ldapauth} WHERE sid = %d", $sid));
+ $edit = db_fetch_array(db_query("SELECT ldapgroups_in_dn, ldapgroups_dn_attribute, ldapgroups_in_attr,
+ ldapgroups_attr, ldapgroups_as_entries, ldapgroups_entries, ldapgroups_entries_attribute,
+ ldapgroups_use_group_filter, ldapgroups_role_mappings,
+ ldapgroups_role_filtering_php, ldapgroups_roles_granted_accts
+ FROM {ldapauth} WHERE sid = %d", $sid));
$form['group_dn'] = array(
'#type' => 'fieldset',
'#title' => t('Group by DN'),
'#collapsible' => TRUE,
- '#collapsed' => FALSE,
+ '#collapsed' => ! ($edit['ldapgroups_in_dn'] || $edit['ldapgroups_dn_attribute']),
);
$form['group_dn']['ldapgroups_in_dn'] = array(
'#type' => 'checkbox',
@@ -91,7 +189,7 @@ function ldapgroups_admin_edit(&$form_st
'#type' => 'fieldset',
'#title' => t('Group by attribute'),
'#collapsible' => TRUE,
- '#collapsed' => FALSE,
+ '#collapsed' => ! ($edit['ldapgroups_in_attr'] || $edit['ldapgroups_attr']),
);
$form['group_attr']['ldapgroups_in_attr'] = array(
'#type' => 'checkbox',
@@ -111,7 +209,7 @@ function ldapgroups_admin_edit(&$form_st
'#type' => 'fieldset',
'#title' => t('Group by entry'),
'#collapsible' => TRUE,
- '#collapsed' => FALSE,
+ '#collapsed' => ! ($edit['ldapgroups_as_entries'] || $edit['ldapgroups_entries'] || $edit['ldapgroups_entries_attribute']) ,
);
$form['group_entry']['ldapgroups_as_entries'] = array(
'#type' => 'checkbox',
@@ -135,6 +233,73 @@ function ldapgroups_admin_edit(&$form_st
'#description' => t('Name of the multivalued attribute which holds the CNs of group members, for example: !attr', array('!attr' => theme('placeholder', LDAP_DEFAULT_GROUP_ENTRIES_ATTRIBUTE))),
);
+ $form['role_filtering'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('LDAP Group to Drupal Role Filtering'),
+ '#collapsible' => TRUE,
+ '#collapsed' => ! ($edit['ldapgroups_use_group_filter'] || $edit['ldapgroups_role_mappings'] || $edit['ldapgroups_role_filtering_php']),
+ );
+ $form['role_filtering']['ldapgroups_use_group_filter'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Use LDAP Group to Drupal Roles Filtering'),
+ '#default_value' => $edit['ldapgroups_use_group_filter'],
+ '#description' => t('The module automatically decides names for the Drupal roles based in the names of the LDAP groups. For example:
+ filter_roles in the file '.
+ drupal_get_path('module', 'ldapgroups') .'/ldapgroupconf.class.php to understand the context
+ this code is evaluated in. Careful, bad PHP code here will break your site.
+ If left empty, the following filter code will
+ be used:'. LDAPGroupConf::get_default_group_filter() .''), + ); + + $form['limit_account_creation_by_groups'] = array( + '#type' => 'fieldset', + '#title' => t('Limit which LDAP granted Drupal roles will have accounts created.'), + '#collapsible' => TRUE, + '#collapsed' => ! $edit['ldapgroups_roles_granted_accts'], + ); + + $_ldapgroups_roles_granted_accts = trim($edit['ldapgroups_roles_granted_accts']) ? join(", ", unserialize($edit['ldapgroups_roles_granted_accts'])) : ''; + $form['limit_account_creation_by_groups']['ldapgroups_roles_granted_accts'] = array( + '#type' => 'textarea', + '#title' => t('Drupal roles which allow automatic account creation'), + '#default_value' => $_ldapgroups_roles_granted_accts, + '#cols' => 50, + '#rows' => 5, + '#description' => t('Leave blank to automatically create accounts for + all LDAP authenticated users. Otherwise, enter a comma separated list + of Drupal roles such as
admin, author.
+ If the user is not granted one of those Drupal roles based on LDAP,
+ the account will not be created.
+ Don\'t put the LDAP formatted group name such as CN=blah,....
+ Spaces around commas will be ignored. Everything will be converted to lower case.'),
+ );
+
$form['sid'] = array(
'#type' => 'hidden',
'#value' => $sid,
@@ -148,10 +313,18 @@ function ldapgroups_admin_edit(&$form_st
return $form;
}
else {
- drupal_goto('admin/settings/ldapgroups');
+ drupal_goto('admin/settings/ldap/ldapgroups');
}
}
+function _ldapgroups_cleanrole($string) {
+ return trim(drupal_strtolower($string));
+};
+
+
+
+
+
/**
* Submit hook for the settings form.
*/
@@ -159,18 +332,144 @@ function ldapgroups_admin_edit_submit($f
$values = $form_state['values'];
if ($values['op'] == t('Reset') && $values['confirm'] == 1) {
-
- // Settings reset.
- db_query("UPDATE {ldapauth} SET ldapgroups_in_dn = '0', ldapgroups_in_dn_desc = '0', ldapgroups_dn_attribute = '', ldapgroups_in_attr = '0', ldapgroups_attr = '', ldapgroups_as_entries = '0', ldapgroups_entries = '', ldapgroups_entries_attribute = '' WHERE sid = %d", $values['sid']);
+ db_query("UPDATE {ldapauth} SET ldapgroups_in_dn = 0, ldapgroups_dn_attribute = '', ldapgroups_in_attr = 0, ldapgroups_attr = '', ldapgroups_as_entries = 0, ldapgroups_entries = '', ldapgroups_entries_attribute = '', ldapgroups_entries_attribute = '', ldapgroups_use_group_filter = '0', ldapgroups_role_mappings = '', ldapgroups_role_filtering_php = '', ldapgroups_roles_granted_accts = '' WHERE sid = %d", $values['sid']);
drupal_set_message(t('The configuration options have been reset to their default values.'));
}
else {
+ $values['ldapgroups_dn_attribute'] = drupal_strtolower(trim($values['ldapgroups_dn_attribute']));
+ // parse, cleanse, and serialize array of ldapgroups_roles_granted_accts
+ if (trim($values['ldapgroups_roles_granted_accts'])) {
+ $rolenames = explode(",", $values['ldapgroups_roles_granted_accts']);
+ $rolenames = array_map("_ldapgroups_cleanrole", $rolenames);
+ $serialized_ldapgroups_roles_granted_accts = serialize($rolenames);
+ $ldapgroups_roles_granted_accts = TRUE;
+ }
+ else {
+ $serialized_ldapgroups_roles_granted_accts = '';
+ $ldapgroups_roles_granted_accts = FALSE;
+ }
- // Update the ldapgroups configuration.
- db_query("UPDATE {ldapauth} SET ldapgroups_in_dn = %d, ldapgroups_in_dn_desc = %d, ldapgroups_dn_attribute = '%s', ldapgroups_in_attr = %d, ldapgroups_attr = '%s', ldapgroups_as_entries = %d, ldapgroups_entries = '%s', ldapgroups_entries_attribute = '%s' WHERE sid = %d", $values['ldapgroups_in_dn'], $values['ldapgroups_in_dn_desc'], $values['ldapgroups_dn_attribute'], $values['ldapgroups_in_attr'], $values['ldapgroups_attr'], $values['ldapgroups_as_entries'], $values['ldapgroups_entries'], $values['ldapgroups_entries_attribute'], $values['sid']);
+
+ // Convert | delimited text area to serialized array to stored in db.
+ $mappings = array();
+ $mapping_lines = explode("\n", $values['ldapgroups_role_mappings']);
+ foreach ($mapping_lines as $mapping_line) {
+ $pair = explode('|', $mapping_line);
+ if (trim($pair[1]) && $pair[0]) {
+ $mappings[$pair[0]] = _ldapgroups_cleanrole($pair[1]);
+ }
+ }
+ $serialized_ldapgroups_role_mappings = ($mappings) ? serialize($mappings) : '';
+
+ db_query("UPDATE {ldapauth} SET ldapgroups_in_dn = %d, ldapgroups_dn_attribute = '%s', ldapgroups_in_attr = %d,
+ ldapgroups_attr = '%s', ldapgroups_as_entries = %d, ldapgroups_entries = '%s',
+ ldapgroups_entries_attribute = '%s', ldapgroups_use_group_filter = %d,
+ ldapgroups_role_mappings = '%s', ldapgroups_role_filtering_php = '%s',
+ ldapgroups_roles_granted_accts = '%s' WHERE sid = %d", $values['ldapgroups_in_dn'],
+ $values['ldapgroups_dn_attribute'], $values['ldapgroups_in_attr'], $values['ldapgroups_attr'],
+ $values['ldapgroups_as_entries'], $values['ldapgroups_entries'], $values['ldapgroups_entries_attribute'],
+ $values['ldapgroups_use_group_filter'], $serialized_ldapgroups_role_mappings,
+ $values['ldapgroups_role_filtering_php'], $serialized_ldapgroups_roles_granted_accts, $values['sid']);
+
+ variable_set('ldapgroups_roles_granted_accts', $ldapgroups_roles_granted_accts);
drupal_set_message(t('The configuration options have been saved.'));
}
- $form_state['redirect'] = 'admin/settings/ldapgroups';
+ $form_state['redirect'] = 'admin/settings/ldap/ldapgroups/edit/'. $values['sid'];
}
+
+
+// Convert LDAP group to Drupal role mappings from serialized array stored in db
+// to | delimited text area for user interface.
+function _ldapgroups_admin_group_mappings_serialized_to_text_input($_group_mappings) {
+ $_input_textarea = "";
+ $_group_mappings = unserialize($_group_mappings);
+ foreach ($_group_mappings as $_ldap_group => $_drupal_role) {
+ $_input_textarea = $_input_textarea . $_ldap_group ."|". $_drupal_role ."\n";
+ }
+ return $_input_textarea;
+}
+
+function _ldapgroups_role_mappings_validate($form, $form_state) {
+
+ $values = $form_state['values'];
+
+ if ($values['ldapgroups_in_dn'] && ! $values['ldapgroups_dn_attribute'] ) {
+ form_set_error('ldapgroups_dn_attribute',
+ t('"'. $form['group_dn']['ldapgroups_in_dn']['#title'] .'" is checked,'.
+ ' but "'. $form['group_dn']['ldapgroups_dn_attribute']['#title'] .'" is empty.'));
+ }
+
+ if (! $values['ldapgroups_in_dn'] && $values['ldapgroups_dn_attribute'] ) {
+ drupal_set_message( t('"'. $form['group_dn']['ldapgroups_in_dn']['#title']
+ .'" is not checked,'.
+ ' but "'. $form['group_dn']['ldapgroups_dn_attribute']['#title'] .'" has data.
+ Groups will not be selected based on user\'s DN unless "'.
+ $form['group_dn']['ldapgroups_in_dn']['#title'] .'" is checked.'), "warning");
+ }
+
+ if ($values['ldapgroups_in_attr'] && ! $values['ldapgroups_attr'] ) {
+ form_set_error('ldapgroups_attr',
+ t('"'. $form['group_attr']['ldapgroups_in_attr']['#title'] .'" is checked,'.
+ ' but "'. $form['group_attr']['ldapgroups_attr']['#title'] .'" is empty.'));
+ }
+
+ if (! $values['ldapgroups_in_attr'] && $values['ldapgroups_attr'] ) {
+ drupal_set_message(
+ t('"'. $form['group_attr']['ldapgroups_in_attr']['#title'] .'" is not checked,'.
+ ' but "'. $form['group_attr']['ldapgroups_attr']['#title'] .'" has data.
+ Groups will not be selected based on user\'s LDAP Attributes unless "'.
+ $form['group_attr']['ldapgroups_in_attr']['#title'] .'" is checked.'), "warning");
+ }
+
+ if ($values['ldapgroups_as_entries'] && ! $values['ldapgroups_entries'] ) {
+ form_set_error('ldapgroups_entries',
+ t('"'. $form['group_entry']['ldapgroups_as_entries']['#title'] .'" is checked,'
+ .' but "'. $form['group_entry']['ldapgroups_entries']['#title'] .'" is empty.'));
+ }
+
+ if ($values['ldapgroups_as_entries'] && ! $values['ldapgroups_entries_attribute'] ) {
+ form_set_error('ldapgroups_entries',
+ t('"'. $form['group_entry']['ldapgroups_as_entries']['#title'] .'" is checked,'.
+ ' but "'. $form['group_entry']['ldapgroups_entries_attribute']['#title'] .'" is empty.'));
+ }
+
+ if (! $values['ldapgroups_as_entries'] && $values['ldapgroups_entries'] ) {
+ drupal_set_message(
+ t('"'. $form['group_entry']['ldapgroups_as_entries']['#title'] .'" is not checked,'.
+ ' but "'. $form['group_entry']['ldapgroups_entries']['#title'] .'" has data. Groups
+ will not be selected based "Group by entry" unless "' .
+ $form['group_entry']['ldapgroups_as_entries']['#title'] .'" is checked.'), "warning");
+ }
+
+ $bad_mapping_syntax = FALSE;
+ if ($values['ldapgroups_role_mappings']) {
+ $_mapping_lines = explode("\n", trim($values['ldapgroups_role_mappings']));
+ if (is_array($_mapping_lines) && count($_mapping_lines) > 0 ) {
+ foreach ($_mapping_lines as $_mapping_line) {
+ if (trim($_mapping_line) && count(explode('|', trim($_mapping_line))) != 2) {
+ $bad_mapping_syntax = TRUE;
+ }
+ }
+ }
+ }
+
+ if ($values['ldapgroups_use_group_filter'] && ! trim($values['ldapgroups_role_mappings'])) {
+ drupal_set_message(t(""" . $form['role_filtering']['ldapgroups_use_group_filter']['#title'] .
+ "" was checked, but no LDAP Groups to Drupal Role are listed. This is ok, but no LDAP
+ groups will be mapped to Drupal roles."), "warning");
+ }
+
+ elseif (trim($values['ldapgroups_role_mappings']) && ! $values['ldapgroups_use_group_filter']) {
+ drupal_set_message(t(""" . $form['role_filtering']['ldapgroups_use_group_filter']['#title'] .
+ "" was not checked, but LDAP Groups to Drupal Role are listed. This is ok, but no LDAP
+ groups will be mapped to Drupal roles."), "warning");
+ }
+
+ if ($bad_mapping_syntax) {
+ form_set_error('ldapgroups_role_mappings', t('Mapping of LDAP Groups to Drupal Roles should be
+ of the form: [group]|[drupal role]'));
+ }
+
+}
Index: ldap_integration/ldapgroups.install
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/ldap_integration/ldapgroups.install,v
retrieving revision 1.1.4.5
diff -u -p -r1.1.4.5 ldapgroups.install
--- ldap_integration/ldapgroups.install 11 Aug 2008 11:10:07 -0000 1.1.4.5
+++ ldap_integration/ldapgroups.install 14 Dec 2008 02:01:34 -0000
@@ -1,5 +1,5 @@
TRUE,
'default' => '0',
));
- db_add_field($ret, 'ldapauth', 'ldapgroups_in_dn_desc', array(
- 'type' => 'int',
- 'size' => 'tiny',
- 'not null' => TRUE,
- 'default' => '0',
- ));
db_add_field($ret, 'ldapauth', 'ldapgroups_dn_attribute', array(
'type' => 'varchar',
'length' => 255,
- 'not null' => TRUE,
- 'default' => '',
));
db_add_field($ret, 'ldapauth', 'ldapgroups_attr', array(
'type' => 'varchar',
'length' => 255,
- 'not null' => TRUE,
- 'default' => '',
));
db_add_field($ret, 'ldapauth', 'ldapgroups_in_attr', array(
'type' => 'int',
@@ -53,18 +43,35 @@ function ldapgroups_install() {
'default' => '0',
));
db_add_field($ret, 'ldapauth', 'ldapgroups_entries', array(
- 'type' => 'varchar',
- 'length' => 255,
- 'not null' => TRUE,
- 'default' => '',
+ 'type' => 'text',
));
db_add_field($ret, 'ldapauth', 'ldapgroups_entries_attribute', array(
'type' => 'varchar',
'length' => 255,
+ ));
+ db_add_field($ret, 'ldapauth', 'ldapgroups_use_group_filter', array(
+ 'type' => 'int',
+ 'size' => 'tiny',
'not null' => TRUE,
+ 'default' => '0',
+ ));
+ db_add_field($ret, 'ldapauth', 'ldapgroups_role_mappings', array(
+ 'type' => 'text',
+ 'not null' => FALSE,
+ 'default' => '',
+ ));
+ db_add_field($ret, 'ldapauth', 'ldapgroups_role_filtering_php', array(
+ 'type' => 'text',
+ 'not null' => FALSE,
+ 'default' => '',
+ ));
+ db_add_field($ret, 'ldapauth', 'ldapgroups_roles_granted_accts', array(
+ 'type' => 'text',
+ 'not null' => FALSE,
'default' => '',
));
+ variable_set('ldapgroups_roles_granted_accts', FALSE);
return $ret;
}
@@ -72,18 +79,131 @@ function ldapgroups_install() {
* Implementation of hook_uninstall().
*/
function ldapgroups_uninstall() {
- // We're removing fileds from an existing table, not deleting a whole one.
+ // We're removing fields from an existing table, not deleting a whole one.
+ // ...the table is used by other ldap modules
$ret = array();
db_drop_field($ret, 'ldapauth', 'ldapgroups_in_dn');
- db_drop_field($ret, 'ldapauth', 'ldapgroups_in_dn_desc');
db_drop_field($ret, 'ldapauth', 'ldapgroups_dn_attribute');
db_drop_field($ret, 'ldapauth', 'ldapgroups_attr');
db_drop_field($ret, 'ldapauth', 'ldapgroups_in_attr');
db_drop_field($ret, 'ldapauth', 'ldapgroups_as_entries');
db_drop_field($ret, 'ldapauth', 'ldapgroups_entries');
db_drop_field($ret, 'ldapauth', 'ldapgroups_entries_attribute');
+ db_drop_field($ret, 'ldapauth', 'ldapgroups_use_group_filter');
+ db_drop_field($ret, 'ldapauth', 'ldapgroups_role_mappings');
+ db_drop_field($ret, 'ldapauth', 'ldapgroups_role_filtering_php');
+ db_drop_field($ret, 'ldapauth', 'ldapgroups_roles_granted_accts');
+
+ variable_del('ldapgroups_roles_granted_accts');
+ variable_del('ldapgroups_groups_wo_ldapauth');
+ variable_del('ldapgroups_groups_wo_ldapauth_sid');
+
+ return $ret;
+}
+
+
+/**
+ * Implementation of hook_update().
+ */
+function ldapgroups_update_6100() {
+ // add db fields if they do not exist.
+
+ $message = 'With this LDAP Groups upgrade, LDAP group to Drupal role mappings are now + configured via the LDAP Groups web interface.
'; + + $ret = array(); + $dbnewcolumns = FALSE; + + if (! db_column_exists('ldapauth', 'ldapgroups_use_group_filter')) { + $dbnewcolumns = TRUE; + db_add_field($ret, 'ldapauth', 'ldapgroups_use_group_filter', array( + 'type' => 'int', + 'size' => 'tiny', + 'not null' => TRUE, + 'default' => '0', + )); + } + + if (! db_column_exists('ldapauth', 'ldapgroups_role_mappings')) { + $dbnewcolumns = TRUE; + db_add_field($ret, 'ldapauth', 'ldapgroups_role_mappings', array( + 'type' => 'text', + 'not null' => FALSE, + 'default' => '', + )); + } + + if (! db_column_exists('ldapauth', 'ldapgroups_role_filtering_php')) { + $dbnewcolumns = TRUE; + db_add_field($ret, 'ldapauth', 'ldapgroups_role_filtering_php', array( + 'type' => 'text', + 'not null' => FALSE, + 'default' => '', + )); + } + + if (! db_column_exists('ldapauth', 'ldapgroups_roles_granted_accts')) { + $dbnewcolumns = TRUE; + db_add_field($ret, 'ldapauth', 'ldapgroups_roles_granted_accts', array( + 'type' => 'text', + 'not null' => FALSE, + 'default' => '', + )); + } + + + + + + + /* If the old /ldap_integration/ldapgroups.conf.php files exists and ldapgroups_roles_filter + function is not commented out, import the mapping data into + the new db fields for it. Previously whether or not the function ldapgroups_roles_filter + was commented out or not determined if mapping was used and mappings were applied to all sites + on a multisite install for all LDAP instances. During update, role mappings are put into + all LDAP instances (The update SQL has no WHERE clause). + */ + if ($dbnewcolumns) { + if (file_exists(drupal_get_path('module', 'ldapauth') .'/ldap_integration/ldapgroups.conf.php')) { + require_once(drupal_get_path('module', 'ldapauth') .'/ldap_integration/ldapgroups.conf.php'); + if (function_exists('ldapgroups_role_mappings') && function_exists('ldapgroups_roles_filter')) { + $mappings = ldapgroups_role_mappings(); + if (count($mappings) > 0) { + $result = db_query("UPDATE {ldapauth} SET ldapgroups_use_group_filter = 1, ldapgroups_role_mappings = '%s'", serialize($mappings), TRUE); + $ret[] = array('success' => $result !== FALSE, 'query' => "UPDATE ldapauth SET ldapgroups_use_group_filter = 1, ldapgroups_role_mappings = serialized mappings array" ); + $message_groups = "The following LDAP group to Drupal roles were read from the
+ ldap_integration/ldapgroups.conf.php file and configured for this site.
+ When you have updated all sites on this Drupal install that use LDAP groups mappings,
+ you may remove the ldap_integration/ldapgroups.conf.php file.
ldap_integration/ldapgroups.conf.php file
+ for mappings this is the desired behavior.
+ If you used ldap_integration/ldapgroups.conf.php, those mappings will
+ need to be added via the LDAP Groups web interface.
+