diff --git b/ldap_servers/LdapServerAdmin.class.php a/ldap_servers/LdapServerAdmin.class.php index be8c2e7..6a5ab80 100644 --- b/ldap_servers/LdapServerAdmin.class.php +++ a/ldap_servers/LdapServerAdmin.class.php @@ -383,7 +383,8 @@ class LdapServerAdmin extends LdapServer { } if ($op == 'add') { if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT && - (($op == 'add' && !$this->bindpw_new) || ($op != 'add' && !$this->bindpw)) + (($op == 'add' && !$this->bindpw_new) || ($op != 'add' && !$this->bindpw)) && + !variable_get('ldap_servers_force_drush_bindpw', 0) ) { $errors['bindpw'] = t('When using "Bind with Service Account", Bind password is required.'); } @@ -1238,6 +1239,12 @@ public function drupalFormSubmit($op, $values) { ); + // When forced to use Drush for the bind password, remove the bind password control fields. + if (variable_get('ldap_servers_force_drush_bindpw', 0)) { + $fields['bindpw']['form']['#access'] = FALSE; + $fields['clear_bindpw']['form']['#access'] = FALSE; + } + return $fields; } diff --git b/ldap_servers/ldap_servers.drush.inc a/ldap_servers/ldap_servers.drush.inc new file mode 100644 index 0000000..1527af0 --- /dev/null +++ a/ldap_servers/ldap_servers.drush.inc @@ -0,0 +1,65 @@ + 'Set the password of an otherwise already configured LDAP server.', + 'aliases' => array('lssp'), + 'arguments' => array( + 'ldap_sid' => 'The configured LDAP server ID.' + ), + 'options' => array( + 'password' => 'The password to set for the server.' + ), + 'examples' => array( + 'drush lssp LDAP_SERVER_ID --password="PASSWORD"' => 'Sets the password for LDAP_SERVER_ID. Replace LDAP_SERVER_ID with the "Machine name for this configuration." of + the server found at /admin/config/people/ldap/servers, and replace PASSWORD with your password.', + ), + ); + return $items; +} + +/** + * Callback for the ldap-servers-set-password command. + * + * @param string $ldap_sid The server ID for which to set the password. + * @option string --password Used to provide the password via an option in the Drush command. + * + * @return + * Error or success message. + */ +function drush_ldap_servers_set_password($ldap_sid = NULL) { + // Check for the argument. + if (!isset($ldap_sid)) { + return drush_set_error(t('The server ID was not included as an argument. Use the "Machine name for this server configuration." found on the edit screen for that server.')); + } + // Instantiate the server configuration with the provided sid. + ldap_servers_module_load_include('php', 'ldap_servers', 'LdapServerAdmin.class'); + $ldap_server = new LdapServerAdmin($ldap_sid); + if (isset($ldap_server)) { + // Retrieves the password from the --password option set in the drush command. + $ldap_server->bindpw = drush_get_option('password'); + if (!isset($ldap_server->bindpw)) { + return drupal_set_message(dt('No password was provided for @ldap_sid. A password has not been set.', array('@ldap_sid' => $ldap_sid))); + } + // Save the server configuration with the password. + $ldap_server->save('edit'); + // Notify of success. + return drupal_set_message(dt('Password for @ldap_sid has been set.', array('@ldap_sid' => $ldap_sid))); + } + // Provided server ID does not match any of the existing server IDs. + return drush_set_error(dt('@ldap_sid does not match the server ID of any configured servers. Use the "Machine name for this server configuration." found on the edit screen for that server.', + array('@ldap_sid' => $ldap_sid))); +} diff --git b/ldap_servers/ldap_servers.settings.inc a/ldap_servers/ldap_servers.settings.inc index ed76506..1ca2458 100644 --- b/ldap_servers/ldap_servers.settings.inc +++ a/ldap_servers/ldap_servers.settings.inc @@ -36,6 +36,7 @@ function ldap_servers_settings() { */ $form['previous_encryption'] = array('#type' => 'hidden', '#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT)); + $form['previous_drush'] = array('#type' => 'hidden', '#default_value' => variable_get('ldap_servers_force_drush_bindpw', LDAP_SERVERS_ENC_TYPE_CLEARTEXT)); $form['encryption'] = array('#type' => 'fieldset', '#title' => t('Encryption')); $form['encryption']['ldap_servers_encryption'] = array( '#type' => 'select', @@ -48,6 +49,16 @@ function ldap_servers_settings() { discovery of a clear text password.'), ); + /** When set, this allows password entry through a separate Drush command during a build process instead of via form fields. + */ + $form['drush'] = array('#type' => 'fieldset', '#title' => t('Drush')); + $form['drush']['ldap_servers_force_drush_bindpw'] = array( + '#type' => 'checkbox', + '#title' => t('If checked, this setting forces the use of Drush for setting the bind passwords for non-anonymous search, removing the "Password for non-anonymous search" and + "Clear existing password from the database fields" from the "Binding Method" section of the LDAP Server Configuration page. This prevents entering/changing the password for + the service account through the user interface, so use the 'drush lssp SERVERID --password="PASSWORD"' command to set the password instead.'), + '#default_value' => variable_get('ldap_servers_force_drush_bindpw', 0), + ); // $options will be empty if server does not support mcrypt. // Disable the form field and explain this to the user. @@ -64,6 +75,15 @@ function ldap_servers_settings() { function ldap_servers_settings_submit($form, &$form_state) { if ($form_state['submitted']) { + // Check the old/new versions of the configuration setting to only flush the caches when necessary. + $new_drush = $form_state['values']['ldap_servers_force_drush_bindpw']; + $old_drush = $form_state['values']['previous_drush']; + + if ($new_drush != $old_drush) { + // Flush the cache bin so that the form will work properly after the configuration change. Note that this flush will only happen when the Drupal setting is changed, which should be rare, if ever. + drupal_flush_all_caches('*', 'cache', TRUE); + } + $new_encyption = $form_state['values']['ldap_servers_encryption']; $old_encyption = $form_state['values']['previous_encryption'];