summaryrefslogtreecommitdiff
path: root/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php
diff options
context:
space:
mode:
Diffstat (limited to 'kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php')
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php37
1 files changed, 28 insertions, 9 deletions
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php
index 75d0c3a..e0e8983 100644
--- a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php
@@ -12,7 +12,7 @@ class LdapAuthenticationConf {
// no need for LdapAuthenticationConf id as only one instance will exist per drupal install
public $sids = array(); // server configuration ids being used for authentication
- public $servers = array(); // ldap server object
+ public $enabledAuthenticationServers = array(); // ldap server object
public $inDatabase = FALSE;
public $authenticationMode = LDAP_AUTHENTICATION_MODE_DEFAULT;
public $loginUIUsernameTxt;
@@ -68,9 +68,13 @@ class LdapAuthenticationConf {
);
/** are any ldap servers that are enabled associated with ldap authentication **/
+ public function hasEnabledAuthenticationServers() {
+ return !(count($this->enabledAuthenticationServers) == 0);
+ }
public function enabled_servers() {
- return !(count(array_filter(array_values($this->sids))) == 0);
+ return $this->hasEnabledAuthenticationServers();
}
+
function __construct() {
$this->load();
}
@@ -85,12 +89,13 @@ class LdapAuthenticationConf {
$this->{$property} = $saved[$property];
}
}
- foreach ($this->sids as $sid => $is_enabled) {
- if ($is_enabled) {
- $this->servers[$sid] = ldap_servers_get_servers($sid, 'enabled', TRUE);
+
+ $enabled_ldap_servers = ldap_servers_get_servers(NULL, 'enabled');
+ foreach ($this->sids as $sid => $enabled) {
+ if ($enabled && isset($enabled_ldap_servers[$sid])) {
+ $this->enabledAuthenticationServers[$sid] = $enabled_ldap_servers[$sid];
}
}
-
}
else {
$this->inDatabase = FALSE;
@@ -131,12 +136,19 @@ class LdapAuthenticationConf {
*
* return boolean
*/
- public function allowUser($name, $ldap_user_entry) {
+ public function allowUser($name, $ldap_user_entry, $account_exists = NULL) {
/**
* do one of the exclude attribute pairs match
*/
$exclude = FALSE;
+
+ // if user does not already exists and deferring to user settings AND user settings only allow
+ $user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
+ if (!$account_exists && $this->acctCreation == LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP && $user_register == USER_REGISTER_ADMINISTRATORS_ONLY) {
+ return FALSE;
+ }
+
foreach ($this->excludeIfTextInDn as $test) {
if (stripos($ldap_user_entry['dn'], $test) !== FALSE) {
return FALSE;// if a match, return FALSE;
@@ -163,7 +175,7 @@ class LdapAuthenticationConf {
else {
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
$tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
- watchdog('warning', 'LDAP Authentication is configured to deny users based on php execution with php_eval function, but php module is not enabled. Please enable php module or remove php code at !ldap_authentication_config .', $tokens);
+ watchdog('ldap_authentication', 'LDAP Authentication is configured to deny users based on php execution with php_eval function, but php module is not enabled. Please enable php module or remove php code at !ldap_authentication_config .', $tokens);
return FALSE;
}
}
@@ -214,13 +226,20 @@ class LdapAuthenticationConf {
if (!$has_enabled_consumers) {
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
$tokens = array('!ldap_consumer_config' => l(t('LDAP Authorization Configuration'), 'admin/config/people/ldap/authorization'));
- watchdog('warning', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but 0 LDAP Authorization consumers are configured: !ldap_consumer_config .', $tokens);
+ watchdog('ldap_authentication', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but 0 LDAP Authorization consumers are configured: !ldap_consumer_config .', $tokens);
return FALSE;
}
return FALSE;
}
+ // allow other modules to hook in and refuse if they like
+ $hook_result = TRUE;
+ drupal_alter('ldap_authentication_allowuser_results', $ldap_user_entry, $name, $hook_result);
+ if (!$hook_result) {
+ watchdog('ldap_authentication', "Authentication Allow User Result=refused for %name", array('%name' => $name), WATCHDOG_NOTICE);
+ return FALSE;
+ }
/**
* default to allowed