New Admin Config Setting and Drush Command [#2400177]

On a client project we needed the ability to prevent administrators from manually setting the bind password for non-anonymous searches in the Binding Method section of the LDAP Server Configuration tab. Instead, the preference was for this to be configurable through Drush instead, making it easily configurable during the build process without actually storing any password-related information in the code repository for the site via an LDAP configuration feature.

To control this, I added a checkbox that is used to remove the "Password for non-anonymous search" and "Clear existing password from the database" fields from the UI where they appear on the main LDAP Settings tab. I also added a "drush lssd" (drush ldap-servers-set-password) command for setting the password through Drush.

The attached patch contains these new features.

Comment	File	Size	Author
#16	ldap_servers-drush-password-2400177-15.patch	3.76 KB	grahl
#16
#10	ldap_servers-drush-password-2400177-10.patch	6.54 KB	NWOM
#10	7.x-2.x: PHP 5.3 & MySQL 5.5, D7 19 pass, 13 fail PHP 5.4 & MySQL 5.5, D7 21 pass PHP 5.5 & MySQL 5.5, D7 21 pass PHP 5.6 & MySQL 5.5, D7 21 pass
#9	ldap_servers-drush-password-2400177-9.patch	6.54 KB	NWOM
#9
#6	ldap_servers-drush-password-2400177-6.patch	6.51 KB	rklawson
#6
#5	ldap_servers-drush-password-2400177-5.patch	6.63 KB	rklawson
#5
#4	ldap_servers-drush-password-2400177-4.patch	6.72 KB	rklawson
#4
#3	ldap_servers-drush-password-2400177-2.patch	6.6 KB	rklawson
#3
#1	ldap-servers-drush-password-2400177-1.patch	6.53 KB	rklawson
#1
	ldap_module_drush_password.patch	6.53 KB	rklawson

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

rklawson CreditAttribution: rklawson commented 30 December 2014 at 19:23

File	Size
ldap-servers-drush-password-2400177-1.patch	6.53 KB

1 file was hidden/shown/deleted

File	Size
ldap_module_drush_password.patch	6.53 KB

Comment #2

rklawson CreditAttribution: rklawson commented 30 December 2014 at 19:23

Reformatted the title of the patch file.

Comment #3

rklawson CreditAttribution: rklawson commented 30 December 2014 at 21:38

File	Size
ldap_servers-drush-password-2400177-2.patch	6.6 KB

1 file was hidden/shown/deleted

File	Size
ldap-servers-drush-password-2400177-1.patch	6.53 KB

Fixed some help text and an issue with the way that the 'bindpw' and 'clear_bindpw' were being unset in terms of the bind process.

Comment #4

rklawson CreditAttribution: rklawson commented 31 December 2014 at 19:44

File	Size
ldap_servers-drush-password-2400177-4.patch	6.72 KB

1 file was hidden/shown/deleted

File	Size
ldap_servers-drush-password-2400177-2.patch	6.6 KB

Re-rolled the patch due to failures in Drush make when downloading from here at Drupal.org as a result of line endings.

Comment #5

rklawson CreditAttribution: rklawson commented 5 January 2015 at 17:33

File	Size
ldap_servers-drush-password-2400177-5.patch	6.63 KB

1 file was hidden/shown/deleted

File	Size
ldap_servers-drush-password-2400177-4.patch	6.72 KB

Re-rolled the patch, replacing the database queries to save the password in the Drush command with the save method of the LdapServerAdmin class.

Not only is this much better from a technical perspective, it was necessary because the defaults that set up the CTools export for the server config are not initially saved to the database without a save via the UI. This prevented the previous version of the Drush command from working during a build, since it was unable to find any configurations in the ldap_servers table.

Comment #6

rklawson CreditAttribution: rklawson commented 7 January 2015 at 18:34

File	Size
ldap_servers-drush-password-2400177-6.patch	6.51 KB

1 file was hidden/shown/deleted

File	Size
ldap_servers-drush-password-2400177-5.patch	6.63 KB

Re-rolled the patch to remove a call to ldap_servers_encrypt() in the drush command, since this is already handled by the class. The password was being encrypted and then that hash was being encrypted within the class.

Comment #7

rklawson CreditAttribution: rklawson commented 20 January 2015 at 20:35

Version:

7.x-1.0-beta12

» 7.x-2.0-beta7

Comment #8

larowlan

🇦🇺🏝.au GMT+10

CreditAttribution: larowlan at PreviousNext commented 11 March 2016 at 04:43

Version:

7.x-2.0-beta7

» 7.x-2.x-dev

Comment #9

NWOM CreditAttribution: NWOM commented 1 December 2016 at 17:11

File	Size
ldap_servers-drush-password-2400177-9.patch	6.54 KB

1 file was hidden/shown/deleted

File	Size
ldap_servers-drush-password-2400177-6.patch	6.51 KB

This patch worked perfectly and applied cleanly to the newest dev. Thank you very much! I however found one small typo:

Line 122:

+ the service account through the user interface, so use the "drush lssd" command to set the password instead.'),

Should instead be:

+ the service account through the user interface, so use the "drush lssp" command to set the password instead.'),

However, I noticed that it wasn't clear from the description how the drush command should be formatted, so I changed it further to this:

+ the service account through the user interface, so use the "drush lssp SERVERID --password="PASSWORD"" command to set the password instead.'),

Please review the attached patch. Thanks!

Comment #10

NWOM CreditAttribution: NWOM commented 1 December 2016 at 17:11

File	Size
ldap_servers-drush-password-2400177-10.patch	6.54 KB
7.x-2.x: PHP 5.3 & MySQL 5.5, D7 19 pass, 13 fail PHP 5.4 & MySQL 5.5, D7 21 pass PHP 5.5 & MySQL 5.5, D7 21 pass PHP 5.6 & MySQL 5.5, D7 21 pass

1 file was hidden/shown/deleted

File	Size
ldap_servers-drush-password-2400177-9.patch	6.54 KB

Please disregard the last patch. Here it is again.

Comment #11

NWOM CreditAttribution: NWOM commented 1 December 2016 at 17:17

Status:

Active

» Needs review

Comment #12

11 February 2017 at 20:37

Status:

Needs review

» Needs work

The last submitted patch, 10: ldap_servers-drush-password-2400177-10.patch, failed testing.

Comment #13

NWOM CreditAttribution: NWOM commented 2 March 2017 at 10:06

This sadly no longer works on the newest dev (it applied cleanly however). It now always shows "Failed to Bind" when attempting to login, even though the Status Report shows that it is binded correctly.

Comment #14

NWOM CreditAttribution: NWOM commented 8 March 2017 at 15:54

Status:

Needs work

» Needs review

Nevermind, #10 applies cleanly and works on the newest dev. Please review.

Comment #15

8 March 2017 at 21:46

grahl committed 184e62d on 7.x-2.x authored by rklawson

Issue #2400177 by rklawson, NWOM: New Admin Config Setting and Drush...

Comment #16

grahl

he/him

Zürich

CreditAttribution: grahl as a volunteer commented 8 March 2017 at 21:46

Priority:	Normal	» Minor
Status:	Needs review	» Postponed

File	Size
ldap_servers-drush-password-2400177-15.patch	3.76 KB

1 file was hidden/shown/deleted

File	Size
ldap_servers-drush-password-2400177-10.patch	6.54 KB
7.x-2.x: PHP 5.3 & MySQL 5.5, D7 19 pass, 13 fail PHP 5.4 & MySQL 5.5, D7 21 pass PHP 5.5 & MySQL 5.5, D7 21 pass PHP 5.6 & MySQL 5.5, D7 21 pass

Thanks for following up with this NWOM.

I've added the drush command since it works fine, has no side-effects I can see and serves a genuine need to automate setting the service account in 7 outside of a feature module.

The remainder I've put into a separate patch since I don't see disabling the UI for setting the password as essential. If there is significant need for this, please speak up or I at least will leave this issue as postponed indefinitely.

I won't add this to 8 since configuration overrides can achieve the same thing there and are documented in the installation instructions.