diff -rupN ldap.work/ldap_authorization/ldap_authorization.inc ldap.new/ldap_authorization/ldap_authorization.inc --- ldap.work/ldap_authorization/ldap_authorization.inc 2013-05-20 11:49:19.713951168 +0000 +++ ldap.new/ldap_authorization/ldap_authorization.inc 2013-05-20 11:48:36.144951278 +0000 @@ -59,6 +59,8 @@ function ldap_authorization_help_watchdo function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $context) { $debug = FALSE; + //dpm($op,"_ldap_authorizations_user_authorizations OP"); + //dpm($context,"context"); $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0); $authorizations = array(); $notifications = array(); @@ -466,6 +468,8 @@ function _ldap_authorizations_user_autho function _ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) { + //dpm($user_ldap_entry,"_ldap_authorization_ldap_authorization_maps_alter ** user_ldap_entry"); + //dpm($op,"op"); $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0); $watchdog_tokens = array(); diff -rupN ldap.work/ldap_authorization/ldap_authorization.module ldap.new/ldap_authorization/ldap_authorization.module --- ldap.work/ldap_authorization/ldap_authorization.module 2013-05-20 11:49:19.713951168 +0000 +++ ldap.new/ldap_authorization/ldap_authorization.module 2013-05-20 11:48:36.144951278 +0000 @@ -107,6 +107,7 @@ function ldap_authorization_user_login(& */ function ldap_authorization_maps_alter_invoke(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$proposed_ldap_authorizations, $op) { foreach (module_implements('ldap_authorization_maps_alter') as $module) { + //dpm($module,"ldap_authorization_maps_alter_invoke module"); $function = $module . '_ldap_authorization_maps_alter'; $function($user, $user_ldap_entry, $ldap_server, $consumer_conf, $proposed_ldap_authorizations, $op); } @@ -135,7 +136,7 @@ function ldap_authorization_ldap_server_ * Implements hook_ldap_attributes_needed_alter(). */ function ldap_authorization_ldap_attributes_needed_alter(&$attribute_maps, $params) { - + //dpm($params,"ldap_authorization_ldap_attributes_needed_alter ** params"); if (isset($params['ldap_context'])) { $parts = explode('__', $params['ldap_context']); if (count($parts) == 2 && $parts[0] == 'ldap_authorization') { diff -rupN ldap.work/ldap_servers/LdapServer.class.php ldap.new/ldap_servers/LdapServer.class.php --- ldap.work/ldap_servers/LdapServer.class.php 2013-05-20 11:58:04.464952050 +0000 +++ ldap.new/ldap_servers/LdapServer.class.php 2013-05-20 11:48:36.138951351 +0000 @@ -511,8 +511,8 @@ class LdapServer { function modifyLdapEntry($dn, $attributes = array(), $old_attributes = FALSE) { /*dpm($dn,"Method modifyLdapEntry DN"); - dpm($attributes,"Method modifyLdapEntry attributes"); - dpm(debug_backtrace());*/ + //dpm($attributes,"Method modifyLdapEntry attributes"); + //dpm(debug_backtrace());*/ $this->connectAndBindIfNotAlready(); @@ -1139,7 +1139,7 @@ class LdapServer { return $this->userUserToExistingLdapEntry($user); } public function userUserToExistingLdapEntry($user) { - + //dpm("userUserToExistingLdapEntry ENTER"); if (is_object($user)) { $user_ldap_entry = $this->userUserNameToExistingLdapEntry($user->name); } @@ -1174,24 +1174,30 @@ class LdapServer { * 'dn' => dn of entry */ function userUserNameToExistingLdapEntry($drupal_user_name, $ldap_context = NULL) { - + //dpm($ldap_context,"userUserNameToExistingLdapEntry ldap_context"); + //dpm($this, "this"); $watchdog_tokens = array('%drupal_user_name' => $drupal_user_name); + //dpm($drupal_user_name,"drupal_user_name"); $ldap_username = $this->userUsernameToLdapNameTransform($drupal_user_name, $watchdog_tokens); + //dpm($ldap_username,"ldap_username"); if (!$ldap_username) { return FALSE; } - if (!$ldap_context) { - $attributes = array(); - } - else { - $attribute_maps = ldap_servers_attributes_needed($this->sid, $ldap_context); - $attributes = array_keys($attribute_maps); + //dpm("calling ldap_servers_attributes_needed "); + $attribute_maps = ldap_servers_attributes_needed($this->sid, $ldap_context); + $attributes = array_keys($attribute_maps); + #What about case ? do we have a guarantie about the case (lowercase ?) of the stored attributes ? it seems like yes. + if (!in_array($this->groupUserMembershipsAttr, $attributes)){ + $attributes[]= $this->groupUserMembershipsAttr; } - + //dpm($attributes,"attributes"); foreach ($this->basedn as $basedn) { + //dpm($basedn,"basedn"); if (empty($basedn)) continue; $filter = '(' . $this->user_attr . '=' . ldap_server_massage_text($ldap_username, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP) . ')'; + //dpm($filter,"filter"); $result = $this->search($basedn, $filter, $attributes); + //dpm($result,"result"); if (!$result || !isset($result['count']) || !$result['count']) continue; // Must find exactly one user for authentication to work. @@ -1218,6 +1224,7 @@ class LdapServer { } else { if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) { + //dpm($match,"match"); $result = array( 'dn' => $match['dn'], 'mail' => $this->userEmailFromLdapEntry($match), @@ -1469,7 +1476,7 @@ class LdapServer { }; foreach ($current_member_entries as $i => $member_entry) { - //dpm("groupMembersResursive:member_entry $i, level=$level < max_levels=$max_levels"); dpm($member_entry); + //dpm("groupMembersResursive:member_entry $i, level=$level < max_levels=$max_levels"); //dpm($member_entry); // 1. Add entry itself if of the correct type to $all_member_dns $objectClassMatch = (!$object_classes || (count(array_intersect(array_values($member_entry['objectclass']), $object_classes)) > 0)); $objectIsGroup = in_array($this->groupObjectClass, array_values($member_entry['objectclass'])); @@ -1542,7 +1549,8 @@ class LdapServer { */ public function groupMembershipsFromUser($user, $return = 'group_dns', $nested = NULL) { - + + //dpm($user,"groupMembershipsFromUser ** user"); $group_dns = FALSE; $user_ldap_entry = @$this->userUserToExistingLdapEntry($user); if (!$user_ldap_entry || $this->groupFunctionalityUnused) { @@ -1551,8 +1559,9 @@ class LdapServer { if ($nested === NULL) { $nested = $this->groupNested; } - + //dpm($user_ldap_entry,"user_ldap_entry"); if ($this->groupUserMembershipsConfigured) { // preferred method + //dpm("groupUserMembershipsFromUserAttr CALL"); $group_dns = $this->groupUserMembershipsFromUserAttr($user_ldap_entry, $nested); } elseif ($this->groupGroupEntryMembershipsConfigured) { @@ -1595,17 +1604,21 @@ class LdapServer { if ($nested === NULL) { $nested = $this->groupNested; } - + //dpm($user,"groupUserMembershipsFromUserAttr => user"); + //dpm($this,"this"); + //dpm($this->groupUserMembershipsAttr,"$this->groupUserMembershipsAttr"); $not_user_ldap_entry = empty($user['attr'][$this->groupUserMembershipsAttr]); if ($not_user_ldap_entry) { // if drupal user passed in, try to get user_ldap_entry $user = $this->userUserToExistingLdapEntry($user); $not_user_ldap_entry = empty($user['attr'][$this->groupUserMembershipsAttr]); if ($not_user_ldap_entry) { + //dpm("1 out"); return FALSE; // user's membership attribute is not present. either misconfigured or query failed } } // if not exited yet, $user must be user_ldap_entry. $user_ldap_entry = $user; + //dpm($user_ldap_entry,"user_ldap_entry"); $all_group_dns = array(); $tested_group_ids = array(); $level = 0; diff -rupN ldap.work/ldap_servers/ldap_servers.functions.inc ldap.new/ldap_servers/ldap_servers.functions.inc --- ldap.work/ldap_servers/ldap_servers.functions.inc 2013-05-20 11:49:19.707951316 +0000 +++ ldap.new/ldap_servers/ldap_servers.functions.inc 2013-05-20 11:48:36.139951251 +0000 @@ -106,7 +106,7 @@ function ldap_badattr($attr, $attr_name) * */ function ldap_servers_attributes_needed($sid, $ldap_context = 'all', $reset = TRUE) { - + //dpm($ldap_context,"ldap_servers_attributes_needed"); static $attributes; $sid = is_object($sid) ? $sid->sid : $sid; $static_cache_id = ($sid) ? $ldap_context . '__' . $sid : $ldap_context; diff -rupN ldap.work/ldap_servers/ldap_servers.tokens.inc ldap.new/ldap_servers/ldap_servers.tokens.inc --- ldap.work/ldap_servers/ldap_servers.tokens.inc 2013-05-20 11:58:04.466003752 +0000 +++ ldap.new/ldap_servers/ldap_servers.tokens.inc 2013-05-20 11:48:36.138951351 +0000 @@ -54,10 +54,13 @@ function ldap_servers_parse_user_attr_na */ function ldap_servers_token_replace($resource, $text, $resource_type = 'ldap_entry') { // user_account - + //dpm($resource, "ldap_servers_token_replace : resource"); + //dpm($resource_type,"resource_type"); + //dpm(isset($text)?$text:"not set", "ldap_servers_token_replace : text"); $desired_tokens = ldap_servers_token_tokens_needed_for_template($text); // desired tokens are of form "cn","mail", etc. - + //dpm($desired_tokens, "ldap_servers_token_replace : desired_tokens"); if (empty($desired_tokens)) { + //dpm('empty($desired_tokens) !!!'); return $text; // if no tokens exist in text, return text itself. It is literal value } @@ -70,7 +73,8 @@ function ldap_servers_token_replace($res $tokens = ldap_servers_token_tokenize_user_account($resource, $desired_tokens, LDAP_SERVERS_TOKEN_PRE, LDAP_SERVERS_TOKEN_POST); break; } - + + //dpm($tokens,"tokens"); // add lowercase tokens to avoid case sensitivity foreach ($tokens as $attribute => $value) { $tokens[drupal_strtolower($attribute)] = $value; @@ -81,6 +85,7 @@ function ldap_servers_token_replace($res $result = str_replace($attributes, $values, $text); $result = preg_replace('/\[[^\]]*>/', '', $result); // strip out any unreplace tokens + //dpm($result, "ldap_servers_token_replace : result"); return ($result == '') ? NULL : $result; // return NULL if $result is empty, else $result } diff -rupN ldap.work/ldap_user/LdapUserConf.class.php ldap.new/ldap_user/LdapUserConf.class.php --- ldap.work/ldap_user/LdapUserConf.class.php 2013-05-20 11:58:04.466003752 +0000 +++ ldap.new/ldap_user/LdapUserConf.class.php 2013-05-20 11:48:36.139951251 +0000 @@ -580,6 +580,7 @@ class LdapUserConf { // remove altered $proposed_ldap_entry from $ldap_entries array $proposed_ldap_entry = $ldap_entries[$proposed_dn_lcase]; + //dpm($proposed_ldap_entry,"provisionLdapEntry : proposed_ldap_entry"); $ldap_entry_created = $ldap_server->createLdapEntry($proposed_ldap_entry, $proposed_dn); if ($ldap_entry_created) { module_invoke_all('ldap_entry_post_provision', $ldap_entries, $ldap_server, $context); @@ -861,11 +862,16 @@ class LdapUserConf { */ public function deleteProvisionedLdapEntries($account) { // determine server that is associated with user - + //dpm($account,"deleteProvisionedLdapEntries : account"); + //dpm(debug_backtrace()); $boolean_result = FALSE; - $language = ($account->language) ? $account->language : 'und'; + //$language = ($account->language) ? $account->language : 'und'; + $language = 'und'; //HACK see issue [#1993092] + //dpm($language,"language"); + //dpm(isset($account->ldap_user_prov_entries[$language][0])? "TRUE" : "FALSE", "isset($account->ldap_user_prov_entries[$language][0])"); if (isset($account->ldap_user_prov_entries[$language][0])) { foreach ($account->ldap_user_prov_entries[$language] as $i => $field_instance) { + //dpm($field_instance, "field_value_instance"); $parts = explode('|', $field_instance['value']); if (count($parts) == 2) { @@ -911,6 +917,8 @@ class LdapUserConf { function drupalUserToLdapEntry($account, $ldap_server, $params, $ldap_user_entry = NULL) { //debug('call to drupalUserToLdapEntry, account:'); //debug($account); //debug('ldap_server'); //debug($ldap_server); //debug('params'); //debug($params); //debug('ldap_user_entry');//debug($ldap_user_entry); + //dpm($account,"drupalUserToLdapEntry : account"); + //dpm($params,"params"); $provision = (isset($params['function']) && $params['function'] == 'provisionLdapEntry'); $result = LDAP_USER_PROV_RESULT_NO_ERROR; if (!$ldap_user_entry) { @@ -931,9 +939,13 @@ class LdapUserConf { $mappings = $this->getSynchMappings($direction, $prov_events); //debug('prov_events'); //debug(join(",",$prov_events)); // debug('mappings'); debug($mappings); + //dpm($mappings,"mapping"); // Loop over the mappings. foreach ($mappings as $field_key => $field_detail) { + //dpm($field_key,"field_key"); + //dpm($field_detail,"field_detail"); list($ldap_attr_name, $ordinal, $conversion) = ldap_servers_token_extract_parts($field_key, TRUE); //trim($field_key, '[]'); + //dpm($ldap_attr_name, "attr_name"); $has_ordinal = ($ordinal != ATTRIBUTE_WITHOUT_ORDINAL); if ($ldap_user_entry && isset($ldap_user_entry[$ldap_attr_name]) && is_array($ldap_user_entry[$ldap_attr_name]) && ($has_ordinal ? isset($ldap_user_entry[$ldap_attr_name][$ordinal]) : isset($ldap_user_entry[$ldap_attr_name]) ) ) { @@ -942,12 +954,15 @@ class LdapUserConf { $synched = $this->isSynched($field_key, $params['prov_events'], LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY); // debug("isSynched $field_key: $synched"); + //dpm($synched,"synched"); if ($synched) { $token = ($field_detail['user_attr'] == 'user_tokens') ? $field_detail['user_tokens'] : $field_detail['user_attr']; $value = ldap_servers_token_replace($account, $token, 'user_account'); - + //dpm($value,"value"); if (substr($token, 0, 10) == '[password.' && (!$value || $value == $token)) { // deal with empty/unresolved password + //dpm('empty/unresolved password'); if (!$provision) { + //dpm("on't overwrite password on synch if no value provided"); continue; //don't overwrite password on synch if no value provided } } @@ -978,9 +993,9 @@ class LdapUserConf { /** * 4. call drupal_alter() to allow other modules to alter $ldap_user */ - + //dpm($ldap_user_entry,"ldap_user_entry before alter hook"); drupal_alter('ldap_entry', $ldap_user_entry, $params); - + //dpm($ldap_user_entry,"ldap_user_entry after alter hook"); return array($ldap_user_entry, $result); } @@ -1031,7 +1046,7 @@ class LdapUserConf { return FALSE; } } - // dpm('ldap_user 675');dpm($ldap_user); + ////dpm('ldap_user 675');dpm($ldap_user); if (!isset($user_edit['name']) && isset($account->name)) { $user_edit['name'] = $account->name; $watchdog_tokens['%username'] = $user_edit['name']; diff -rupN ldap.work/ldap_user/ldap_user.module ldap.new/ldap_user/ldap_user.module --- ldap.work/ldap_user/ldap_user.module 2013-05-20 11:49:19.717951219 +0000 +++ ldap.new/ldap_user/ldap_user.module 2013-05-20 11:48:36.140951226 +0000 @@ -1024,6 +1024,10 @@ function ldap_user_user_presave(&$user_e function ldap_user_user_delete($account) { // drupal user account is about to be deleted. $ldap_user_conf = ldap_user_conf(); + //dpm($account,"ldap_user_user_delete : account"); + //dpm($ldap_user_conf,"ldap_user_user_delete : ldap_user_conf"); + //dpm($ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE)?"TRUE":"FALSE","provisionEnabled"); + //dpm($ldap_user_conf->provisionsLdapEntriesFromDrupalUsers,"$ldap_user_conf->provisionsLdapEntriesFromDrupalUsers"); if ( $ldap_user_conf->provisionsLdapEntriesFromDrupalUsers && $ldap_user_conf->provisionEnabled(LDAP_USER_PROV_DIRECTION_TO_LDAP_ENTRY, LDAP_USER_LDAP_ENTRY_DELETE_ON_USER_DELETE)