summaryrefslogtreecommitdiff
path: root/kolab.org/www/drupal-7.15/sites/all/modules/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'kolab.org/www/drupal-7.15/sites/all/modules/ldap')
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/.gitignore2
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/CHANGELOG.txt271
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/INSTALL.txt47
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/LICENSE.txt339
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/README.developers.txt26
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/README.txt15
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/TODO.text1
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php232
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConfAdmin.class.php614
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/README.txt40
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.admin.inc62
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc559
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.info22
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.install110
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.module412
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.theme.inc132
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/tests/LdapServerTestData.ldapauthen1.inc225
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/tests/ldap_authentication.test543
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php367
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConf.class.php227
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php1002
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/README.txt82
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.inc161
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.test.inc163
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.inc549
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.info31
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.install253
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.module300
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.theme.inc135
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php210
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.info18
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.install9
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.module45
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php620
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/NOTES.txt33
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/README.txt36
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.info21
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.install6
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.module213
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_authentication.test_data.inc22
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_authorization.test_data.inc38
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_servers.test_data.inc69
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.test46
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/BasicTests.test278
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/flags.ldap_authorization.inc47
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authentication.inc19
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authorization.flags.inc44
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authorization.simple.inc43
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_servers.inc198
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/DeriveFromAttr.test265
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authentication.inc19
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authorization.inc51
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authorization.nested.inc45
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_servers.inc211
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_servers.nested.inc258
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/DeriveFromDN.test102
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_authentication.inc19
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_authorization.inc46
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_servers.inc148
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.notes.cn.txt241
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.notes.txt274
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.test141
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authentication.inc19
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authorization.inc48
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authorization.nested.inc53
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_servers.inc243
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/LdapAuthorizationTestCase.class.php106
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/Og.test424
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/Og2.test487
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authentication.inc19
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authorization.inc88
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authorization_og2.inc88
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_servers.inc237
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/Other.test84
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_authentication.inc19
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_authorization.inc42
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_servers.inc237
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsDrupalUserLdapEntryFetcher.inc141
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsLdapEntryParser.inc141
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsLdapQueryFetcher.inc119
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/README.txt9
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/TODO.txt11
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/ldap_feeds.info20
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/ldap_feeds.module175
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/tests/LdapServerTestData.inc143
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/tests/feeds_ldap_query_fetcher.test167
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.css10
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.info14
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.install15
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.issues.inc60
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.module91
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.resources.inc61
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.status.inc462
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.watchdog.inc30
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_profile/LdapProfileConf.class.php48
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_profile/LdapProfileConfAdmin.class.php248
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_profile/README.txt16
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_profile/ldap_profile.admin.inc52
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_profile/ldap_profile.info19
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_profile/ldap_profile.install21
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_profile/ldap_profile.module340
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_profile/ldap_profile_data_translate.inc24
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/LdapQuery.class.php450
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/LdapQueryAdmin.class.php295
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/_dev_notes.txt56
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/ldap_query.admin.inc261
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/ldap_query.inc71
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/ldap_query.info25
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/ldap_query.install101
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/ldap_query.module131
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_query/ldap_query.theme.inc160
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/LdapServer.class.php902
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/LdapServerAdmin.class.php960
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.admin.css17
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.admin.inc252
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.encryption.inc162
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.functions.inc596
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.inc233
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.info31
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.install249
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.module483
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.settings.inc81
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.test_form.inc245
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_servers.theme.inc165
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_types/LdapTypeAbstract.class.php44
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_types/LdapTypeActiveDirectory.class.php32
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_types/LdapTypeDefault.class.php35
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_types/LdapTypeNovell.class.php34
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/ldap_types/LdapTypeOpenLdap.class.php30
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/tests/LdapServerTest.class.php287
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/tests/LdapTestFunctions.class.php101
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_servers/tests/ldap_servers.test257
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_sso/MSTMG.notes.txt23
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_sso/README.txt113
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_sso/ldap_sso.info14
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_sso/ldap_sso.module195
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/LICENSE.txt274
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/handlers/ldap_views_handler_argument.inc21
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/handlers/ldap_views_handler_argument_attribute.inc54
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/handlers/ldap_views_handler_field.inc68
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/handlers/ldap_views_handler_field_attribute.inc60
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/handlers/ldap_views_handler_filter.inc237
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/handlers/ldap_views_handler_filter_attribute.inc120
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/handlers/ldap_views_handler_sort.inc8
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/handlers/ldap_views_handler_sort_attribute.inc49
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/ldap_views.info29
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/ldap_views.install7
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/ldap_views.module18
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/ldap_views.views.inc124
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/ldap_views.views_default.inc213
-rw-r--r--kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_views/plugins/ldap_views_plugin_query_ldap.inc377
151 files changed, 24138 insertions, 0 deletions
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/.gitignore b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/.gitignore
new file mode 100644
index 0000000..c992996
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/.gitignore
@@ -0,0 +1,2 @@
+*.patch
+*.komodoproject
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/CHANGELOG.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/CHANGELOG.txt
new file mode 100644
index 0000000..d14cd36
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/CHANGELOG.txt
@@ -0,0 +1,271 @@
+Issue #1632922 by brianV. Schema fix for ldap query.
+Changes in ldap_authorization.inc to make logic clearer and set array keys in authorization lowercase.
+Fix for ldap servers caching issue when ctools enabled. noticed the bug when building simpletests. There is no issue for this.
+Issue #1371452. Simpletest coverage for ldap servers add, update, delete and class property population.
+Fixed bug where ldap server could not be deleted even if disabled in ldap authentication.
+Issues #1588854, #1601270. The gist of this patch was to fix exportables, fix setting of numeric id property on ldap authorization class load and rework simpltests to be able to test if the admin interface works with and without ctools
+Issue #1617696 by thomas.borrmann. Fix for case sensitivity of mail attribute.
+Issue 1599632#comment-6076358 by jzornig. Finished applying patch.
+Issue #1599632 by jzornig. Patch by jzornig. Support $account->name being different to the users login id thru use of Persistent and Unique User Attribute.
+Issue #1612378 by Gisle Aas. Fix for empty user logon help text.
+Add drupal user object and entity to ldap server test form, when devel enabled.
+Finished getting simpletests working and dealing with case sensitivity and escaping issues.
+Issue #1589148 by miscul. Fix for login impossible with bind_method = 4.
+Issue #1066608#comment-6009682 by jdickmann. fix for deriveFromEntryAttrMatchingUserAttr field implementation.
+Issue #1588068 by jzornig. Patch to correct role saving in ldap authorization drupal role.
+Issue #1559388 by jzornig. Patch to query group bundle instead of content bundle.
+added ldap_pear_unescape_filter_value() function
+A number of small fixes, including:
+-- changing of LdapAuthorizationConsumerConfAdmin->save() method to only save explicitly listed properties
+-- LdapAuthorizationConsumerConfAdmin->save() method to force 0 or 1 for status.
+-- call in ldap_authorization.inc to ldap_authorization_get_consumers() to flush cache.
+-- function ldap_authorizations_user_authorizations() changed to support multiple consumer types
+-- removal of test cases for case sensitivity and escaping. These need to be tested on acutal ldap installs.
+Issue #1559088 by NimbyDagda. LDAP SSO "noisily" checks the remote users headers for mod_auth_kerb.
+Issue #1548102 by MJCO. Mixed case Drupal role names failed.
+Issue #1477540. Added more debug code to ldap authorization og and addl error checking.
+Issue #1535538 by snickl. fix testing username property
+Issue #1532084 by lucuhb. Remove ldap_profile's dependeny on ldap_authentication
+Issue #1468990 by superhenne. Duplicate entry in db after updating configuration
+Issue #1512562 by jasondranedesigns and patch by figureone. Issue still may not be resolved because binary files need to be addressed.
+Issue #1272190 by jrm402. Fix ability to apply mapping to authorization without filtering.
+Issue #1446758 for pagination and size limit of ldap queries.
+fix for case sensitivity in ldap authorization mappings
+added deriveFromEntryEntriesAttr for strategy IIC in ldap authorization to deal with admin specified attributes so groups can contain cn, dns, etc
+renamed property deriveFromEntryAttr to deriveFromEntryMembershipAttr
+Fixed bug in basic authorization unit test (had wrong server configuration values)
+General commit of ldap authorization code which is still broken, but need feedback on authorization IIC and nested groups.
+removed description from authorization consumer class
+improvements to ldap authorization interface
+fix in ldap authorization test form and ldap_authorization_get_consumers (which was broken)
+added deriveFromEntryAttrMatchingUserAttr and deriveFromEntryUseFirstAttr properties to ldap authorization consumer conf
+General commit of ldap authorization code with support for nested groups and improved, but broken, IIC derive from entry setup.
+Issue #1491244 by smsearcy. Adjustment to work with IIS for strip domain name.
+Issue #1498616 by johnbarclay. LDAP Authorization OG was hiding filter checkbox on ldap authorization drupal roles form.
+LDAP Query: added more theming and info to ldap query test query interface
+Issue #1485118 by paulpaul. SSO redirect issue corrected with drupal get destination call.
+Issue #1484418. Missing ldap_servers.bind_method field for some unstable upgrades in update hook.
+Issue #1016728. Moved deriveFromAttrGroups and deriveFromEntryGroups functions out of ldap authorization and into ldap servers to help implement nested groups.
+Issue #1016728. Added interface and db for nested groups config.
+Issue #1412076 by srinivas.kakde. Allow specification of "Strategy 3: groups as entries" attribute
+johnbarclay added display of unfiltered authorizations to authorization debug/test interface
+Issue #1480236 by paulpaul. foreach getting non array in ldap authorization include file.
+Issue #1481778 by dams_26. includes without drupal root fixed.
+Issue #1412030 by srinivas.kakde. corrected problem where authentication binding by user was preserverd in authorization, etc.
+Issue #1441694 by haydeniv. fixed some needed include in ldap sso.
+Issue #1450932 by hotspoons. untested kerberos for ldap sso.
+Issue #1451778 by paulpaul. bad variable used in dev verison.
+Issue #1452116 by paulpaul. fixed db fields too short for ldap authorization
+Issue #1446768 by johnbarclay. refined ldap server ->search() method error handling
+Reworked LDAP Authorization OG to improve user interface and to support mapping to more OG roles than "member".
+Reworked User Interface for LDAP Authorization.
+Issue #1416738 by fearlsgroove. disable editing on ldap profile fields synched from ldap
+Issue #1328750#comment-5540222 by heydeniv. misc ldap sso issues.
+Issue #1328750#comment-5540318 by haydeniv. Fix for ldap authentication validation function return.
+Issue #1430428 by resplin. Added patch to with hook_ldap_server_in_use() so servers cannot be deleted or disabled when in use.
+Issue #1421980 by clifmo. Patch by chris.leversuch to fix ldap_feeds.info file
+Issue #1341340 by marleythedod. Views fix.
+Fixed some error messaging in the test ldap server form.
+Issue #1398204 by froeser. Add try catch to check_plain on token array.
+Issue #1396786 by thesaunterer. patch to fix undefined token attributes.
+Issue #1393196 by mattyohe. fixed stripping of quotes in return attributes.
+Issue #1393188 by mattyohe. lengthened size of ldap query filter field.
+Issue #1357412 by nathangervais with patch. ldap name transform php needed to be executed when binding with user ldap credentials.
+Issue #1328750 by Gribnif, catch by memfis. ldap_sso problems related to moving to own module.
+Issue #1362480 by ybizeul to fix ldap profile warning/error.
+Some quick fixes to menus, debug statements and ldap_sso.
+Issue #1359222 by SangersDrupalDude. theme_ldap_authorization_admin_index was sending empty array.
+Issue #1359574 by heatherwoz. spelling error.
+Issue #1328750 by Gribnif. I forgot to remove hook_boot and hook_user_logout from ldap authentication.module
+Issue #1359600 by heatherwoz. Fixed code that set all fields with not null in schema to required. Made exception for checkboxes.
+Issue #1358174 by SangersDrupalDude. Changed '0' to 0 to avoid schema errors.
+Issue #1328750 by Gribnif. Moved LDAP SSO to a separate module. Details on issue queue item.
+11/22/2011 Coder Review formatting and tweaks.
+Issue #1328750. Not finished with issue, but added check for command line in hook_boot. was breaking drush and other command line scripts.
+Issue #1317816 by johnbarclay. LDAP Authorization simpletest was broken. Improved authorization form directions.
+Issue #1329254 by Simon Georges: bad t() function call.
+Issue #1284632 by iKevin and heatherwoz: fixed link to external url in logon help url.
+Issue #1333714 by cmurph: LDAP Authentication: Add the ability to change user login description.
+Added LDAP Profile to 7.x-1.x branch and did quite a bit of code cleanup. Also added display of mapping
+ example data on mapping page. Limited servers being looked at for profile data to the servers user
+ is authenticating to.
+Issue #1334138 by benys: LDAP Authentication: Strip REMOTE_USER domain name
+Issue #1322786 by heatherwoz: Feeds: Return only users of a certain role in LDAP Drupal User LDAP Entry Fetcher
+Issue #1332410 by David Reid: improved usability of ldap_help and ldap server debug pages
+Issue #1332350 by David Reid: mess from last commits removal of validation and switch to ldap type classes.
+Issue #1308854 by trprinty patch by joericapens: fixed check of uid as numeric, not integer
+Issue #1322180 by cmurph. logout error thrown.
+Issue #1310318 by heatherwoz. array_merge() was making numeric ldap attributes fail for authorization
+Issue #1316090 by geeve. fixed ldap options call that was broke in previous change.
+added classes for specific ldap implementations: http://drupal.org/node/1115704#comment-5103276
+
+==================
+7.x-1.0-beta5
+==================
+Updated documentation page http://drupal.org/node/997082
+Fix token in ldap_authorization config page
+Fixed ldap_help uninstall of straggling variable
+Moved readme to http://drupal.org/node/1300810
+Fixed bug with ldap_feeds users. Added documentation for one use case at http://drupal.org/node/1300812
+Fixed a number of ldap_feeds issues. Both feed fetchers work and parser now. But not heavily tested and no simpletest coverage.
+Update 7100 for ldap_query to add scope field to ldap_query table
+Issue #1296994 by johnbarclay. case sensitivity issue in ldap query.
+Issue #1296984 by johnbarclay. ldap_query. when no attributes specified, all should be returned.
+Issue #1290832 by slerby. space issue in attributes property
+Issue #1290826 by slerby. unused parameters in getLdapQueryObjects
+Issue #1290816 by slerby. failed saving of attribute to table
+Issue #1296154 by mrryanjohnston fixed with patch from same author.
+"final" release candidate plan of action. See http://drupal.org/node/1115704#comment-5045030
+Added ldap_query module into 7.1 branch.
+Issue #1202744 by slerby. ldap_views integration module to 7.1 branch
+Issue #1267552 by stred. object issue in sso hook_boot.
+Issue #1259628 by justintime, missing include in test form
+Issue #1256658 by matir, fix install time requirements for profiles. also fixed feeds bug (see diff).
+Issue #1248116 by justintime, Allow users on one LDAP server to be assigned roles defined on a different server
+Issue #1240782 by justintime, fixes flatten returned array in ldap servers
+Issue #1240782 by justintime, fixes _ldap_servers_get_user_ldap_data when sid is passed in.
+Issue #1236532, #986806 by johnbarclay, begin to deal with a number of username, email, and unique id issues.
+Issue #1224808#21 by mfulz, need to remove quotes from filter.
+
+==================
+7.x-1.0-beta4
+==================
+Issue #1227088 by hotspoons. Allow SSO for authentication http://drupal.org/project/ldap_sso
+Issue #1240966 by sunil. Fix multiple consumer loads and display on authorizations test page.
+Issue #1235430 by kbnielsen. Improve message of disabled password reset form.
+Issue #1238818 by showmanlkz. Made sid required on server form.
+Backed out of quoting filter values. Though valid syntax, doesn't seem to work.
+Issue #1232332 by zeezhao: cut length of file so .tar packaging would work
+Issue #1224808 by cpierce: A number of escaping and quoting issues were resolved via quoting filters on ldap queries and using ldap_explode_dn() function instead of splitting on ",". Also added a detialed logging entry for the ldap server class search() method to aid in future debugging
+Issue #1206500 by justintime: Added Make bind passwords exportable
+
+==================
+7.x-1.0-beta3
+==================
+Issue #1209576 thekevinday: install shows error of undefined constant fixed
+Added simpletests for drupal authentication and ldap authorization, and the following 2 issues (#1206146, #1213228)
+filtered on array_unique for drupal role mapping to avoid redundant role names
+Issue #1206146 danharper (and likely several other issues): allow mapping of cn or other first attribute instead of dn in ldap authorization and check for long drupal role names.
+Issue #1213228 johnbarclay: drupal user name to ldap php never implemented in ldap authorization. php format has changed.
+
+==================
+7.x-1.0-beta2
+==================
+Issue #1206500 by justintime: applied patch to allow exporting bind password if encryption enabled
+Issue #1201414 by justintime: applied very big exportables patch http://drupal.org/node/1201414#comment-4672616 successfully
+Added warnings when drupal 6 ldapauth table is found warning of manual upgrade process.
+Issue #1201414 by justintime: to improve exportables, renamed ldap_servers.type to ldap_server.ldap_type for older versions of ctools. Also added export type string.
+Issue #1174332 by endiku: error thrown when trying to add the same drupal role twice. Added simpletest and applied array_unique().
+Issue #1192356 by bfroehle: ldap_servers_get_servers returning null instead of empty array. 1192356-Fix-warnings-when-iterating-through-en.patch
+Issue #1030404 by ankur: Fixed issue with ldap authentication with multiple servers. 1030404 comment #6
+Simpletests by johnbarclay: fixed fake ldap server arrays for simpletests to work with #1030404 patch.
+Issue #1170034 by pumpkinkid: Added functionality for limiting who can authenticate based on whether ldap authorizations exist. U.I. was already in, just not functionality.
+Fixed whitelist php eval code by johnbarclay. Did not check for php.module enabled, documentation showed wrong variables and return values.
+Additonal Ldap Authentication whitelist section simpletests added by johnbarclay: LDAP_authen.WL.php.php disabled, LDAP_authen.WL.php.true, LDAP_authen.WL.php.false, LDAP_authen.WL.exclude.miss, LDAP_authen.WL.exclude.match, LDAP_authen.WL.allow.miss, LDAP_authen.WL.allow.match
+
+==================
+7.x-1.0-beta1
+==================
+Ldap Authentication by johnbarclay: simpletest coverage covers common user logon scenarios. moved notes into ldap_authentication.test code rather than text file.
+Ldap Authorization by johnbarclay: simpletest coverage complete for now. Additional tests added as bugs arise and functionality changes. moved notes into ldap_authorization.test code rather than text file.
+Issue #1167010 ldap authentication: fix watchdog message.
+Ldap Authorization: remove "synch manually option". Not implemented.
+Ldap Authorization: jbarclay, fixed bug where disabling authorization settings did not disable their use
+Issue #1162904 by byrond: fixed broken watchdog message in ldap_authentication.
+Issue #1023366 by johnbarclay: change password encryption when changing encryption types.
+Issue #1062994 simpltest. Much progress made on this in ldap_authorization.
+Issue #1066608 Ldap authorization: IIC Derive Drupal Roles not implemented. Implemented correctly now.
+Issue #1155196 SQL Syntax error slerby
+Issue #1149942 by jzornig: support LDAP directories which restrict attributes available to anonymous searches
+Issue #1150044 by jdelaune: fixed call to wrong ldap error function
+Issue #1119774 by micahw156, weboide: fixed issues with storing and removing service account password
+Issue #1126600 by micahw156: fixed logging errors from detailed logging option that caused WSOD fixed.
+Issue #1119330 by alvmarveg: fixed untrapped error when bad basedn is used"
+Ldap Authorization: fix role saving bug introduced in 7.x-1.0-unstable6
+Ldap Authorization: fix $user->data['ldap_authorizations'] saving bug introduced in 7.x-1.0-unstable6
+Ldap Authoirzation: removed option to remove non ldap granted authorizations since it wasn't implemented
+Ldap Authorization and Ldap Authorization Drupal Roles: made distinct functionality in each as far
+ as storing $user->data['ldap_authorizations'] data. Only gave drupal role class access to
+ $user->data['ldap_authorizations'][$consumer->consumerType] array; not entire user data array
+ and made saving of $user->data in ldap_authorization.inc
+Ldap Authorization: simplified case sensitivity in drupal role names in LdapAuthorizationConsumerDrupalRole::createConsumers method
+
+==================
+7.x-1.0-unstable6
+==================
+
+Ldap Authentication and Ldap Servers are feature complete. Testing and bug
+fixes are needed to move it toward a relase candidate.
+
+Ldap Authorization got a good cleanup and restructuring, but
+is wholly untested. I would not use this version of ldap authorization or expect it to work;
+but I am ready for bug reports and patches as the rewrite is done.
+
+Issue [#1050944] by [dennisz]: allowing for more than one authorization configuration per consumer type (e.g. drupal roles)
+was never implemented. Realized this and changed the architecture so only support 1. This allowed alot of code to be removed
+as well as made the instructions better.
+Issue [#1119774] by [micahw156]: fixed broken password validation on service account
+Issue [#1034712] by [wernercd]: way to short of db field length for some ldap fields.
+Issue [#1034734] by [wernercd]: made changes to encourage filtering and mapping in ldap authorization
+Issue [#1026078] by [wernercd], [micahw156]: menus, tabs, and breadcrumbs are better now. I think they still could be improved.
+Issue [#989090] by
+Issues ([#1101422], [#1104366], [#1064692], [#1067158]) arise from the anonymous and user binding to ldap
+ part on ldap authentication not being implemented yet. [cezaryrk] code took care of the binding side and more options were
+ added to the sever configuration.
+Issue [#1110854] by [rbp]: fixed parsing of lines into arrays. was not accounting for both unix and windows line endings. this could have created
+any number of issues with configurations that involved text areas with multiple lines such as: [#1110854]. Thanks rbp for pointing
+this out.
+Issue [#1111000] by [ankurs]: added some of ankurs functions for password reset into ldap_servers/ldap_servers.functions.inc. [#1111000]
+Issue [#1101422]: bug with account creation flag fixed,
+Issue [#1089854] better ldap error messages shown in watchdog for server binding, connection, etc.
+
+
+==================
+7.x-1.0-unstable5
+==================
+- install instructions: disable and uninstall previous ldap modules. make sure tables are removed.
+------------------
+- main focus of unstable 5 is ldap_authentication including finishing out features, improving usability,
+fixing bugs, documentation and setting up tests. ldap_authorization still needs features to be
+finished out, documentation and usability improvements, and a set of tests.
+- ldap_authentication: reordered authentication validation related to issue #1022362
+- ldap_authentication: added test grid for ldap_authentication testing: http://drupal.org/node/1053818
+- ldap_authentication: added typical authentication configurations: http://drupal.org/node/1053748
+- ldap_help: added "status" and "issue reporting" tabs to improve testing and bug reporting
+- ldap_authentication: removed option to allow ldap users to change, have separate drupal email. this feature needs more work if desired at all.
+- ldap_authentication: added configurable help link for ldap password resetting.
+- ldap_authentication: made more content themeable, especially where localized ldap user help may be a factor
+- ldap_authentication: #807416 finished and tested white lists
+- ldap_authentication: clarified and tested rules for existing drupal account conflicts. Desired behavior is in
+tests (ldap_authentication.tests.txt).
+- ldap_authentication: #968574, #256226, #258974 added "Account Creation for LDAP Authenticated Users" section for account creation. Desired behavior is in
+tests (ldap_authentication.tests.txt). Pushed some configuration over to user settings page.
+- ldap_servers: #1050590 added check for existance of https in $_SERVER array per
+- ldap_authorization: #1050944 fixed array work ldap to role mapping.
+- ldap_servers: improved wording on required https message and made themeable
+- ldap_authentication: #1023510 several tweaks for ldap authentication settings related to location and visibility of password,
+password reset links, account creation links, etc. Many of the combinations made no sense and the form was overly complex. The logic is
+articulated in the ldap authentication settings form and ldap_authentication.tests.txt
+- ldap_authentication: moved request account and password reset link hide/show logic from theming layer to menu/permission layer.
+makes more sense and reduced code alot.
+- another trip through drupal code module\
+- ldap_authorization: #1026138 bug that didn't remove past ldap applied roles #1026138
+- ldap_authorization: fixed 1 case insensitivity issue; may be more. target role mappings are case sensitive in php, but not in mysql.
+
+
+==================
+7.x-1.0-unstable4
+==================
+- fixed schema issue in ldap authorization #1021478
+- fixed issue when ldap authentication was before drupal authentication and created false error messsage. #1021612, #1009990
+- fixed undefined $name_attr warning. #1021636
+
+==================
+7.x-1.0-unstable3
+==================
+- #1018968, #1016284 "ldap_authorization_example" text fixed
+- added check for uid==1 in ldap to make sure that uid=1 is not using ldap authentication
+- #1017578, #1005358 mixed mode authentication failed for user 1 fixed.
+- #1017282 uninitialized array gives warning. I'd like to get rid of all these types of warnings.
+- #807420 initial exportables/features code added. needs testing. not sure if ldap_servers_encrypt_key variable should be exportable
+- starter working with coder module cleanup (spacing, translation, etc)
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/INSTALL.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/INSTALL.txt
new file mode 100644
index 0000000..8d9064a
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/INSTALL.txt
@@ -0,0 +1,47 @@
+
+==================================================================================
+LDAP Installation instructions:
+==================================================================================
+
+Note: This does not automatically upgrade for Drupal 6 LDAP Integration Modules.
+ This functionality may be developed. Some notes are below.
+
+1) Download the whole package of files from
+ http://drupal.org/project/ldap
+
+2) Upload the LDAP files to the modules directory.
+
+
+2b) If you are using an Active Directory server, you may benefit from AD LDAP: http://adldap.sourceforge.net/
+Download it and install in /sites/all/libraries. The folder hierarchy should look like:
+/sites/all/libraries/adLDAP/src
+
+
+3) Go to admin/build/modules and enable the needed modules from the
+ Lightweight Directory Access Protocal group.
+
+4) Enable and configure ldap servers and configure at least one server.
+
+5) Enable and configure ldap authentication and/or ldap authorization
+
+6) LDAP Help is just for debugging and administrator help. Use it if you have problems.
+Disable it in production; it adds no functionality or end user help.
+
+==================================================================================
+Older PHP versions
+==================================================================================
+These modules will NOT work If you are using PHP 4 or any other version less
+than 5.1.
+
+==================================================================================
+More documentation is available at:
+
+ http://drupal.org/project/ldap -- project homepage
+ http://drupal.org/node/997082 - project documentation
+==================================================================================
+
+Crossgrading:
+
+Drupal 6 ldapauth -> ldap_authentication
+- get rid of authmap records associated with ldapauth with the following sql:
+DELETE FROM authmap WHERE module = 'ldapauth'
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/LICENSE.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/LICENSE.txt
new file mode 100644
index 0000000..d159169
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/LICENSE.txt
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/README.developers.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/README.developers.txt
new file mode 100644
index 0000000..4d9b86e
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/README.developers.txt
@@ -0,0 +1,26 @@
+
+
+--------------------------------------------------------
+Case Sensitivity and Character Escaping in LDAP Modules
+--------------------------------------------------------
+
+The function ldap_server_massage_text() should be used for dealing with case sensitivity
+and character escaping consistently.
+
+The general rule is codified in ldap_server_massage_text() which is:
+- escape filter values and attribute values when querying ldap
+- use unescaped, lower case attribute names when storing attribute names in arrays (as keys or values), databases, or object properties.
+- use unescaped, mixed case attribute values when storing attribute values in arrays (as keys or values), databases, or object properties.
+
+So a filter might be built as follows:
+
+ $username = ldap_server_massage_text($username, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP)
+ $objectclass = ldap_server_massage_text($objectclass, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP)
+ $filter = "(&(cn=$username)(objectClass=$objectclass))";
+
+
+The following functions are also available:
+ldap_pear_escape_dn_value()
+ldap_pear_unescape_dn_value()
+ldap_pear_unescape_filter_value()
+ldap_pear_unescape_filter_value()
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/README.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/README.txt
new file mode 100644
index 0000000..b98dbde
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/README.txt
@@ -0,0 +1,15 @@
+
+
+
+------------------------------------
+When Uninstall Fails...or you need to make sure you have a fresh install
+------------------------------------
+
+1. Remove ldap module directory
+2 Execute the following sql. Beware this will likely remove other ldap_* modules not in the ldap package.
+
+DELETE FROM variables WHERE name like 'ldap_%';
+DELETE FROM system WHERE name like 'ldap_%';
+DROP TABLE ldap_authorization;
+DROP TABLE ldap_servers;
+DELETE FROM authmap WHERE module like 'ldap_%'; -- this will disassociate existing user from ldap without removing the users
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/TODO.text b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/TODO.text
new file mode 100644
index 0000000..40749b7
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/TODO.text
@@ -0,0 +1 @@
+need to change basedn in server definition to say base dn for users and group queries; or create a separate one.
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php
new file mode 100644
index 0000000..75d0c3a
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConf.class.php
@@ -0,0 +1,232 @@
+<?php
+// $Id: LdapAuthenticationConf.class.php,v 1.4.2.2 2011/02/08 20:05:41 johnbarclay Exp $
+
+/**
+ * @file
+ * This class represents an ldap_authentication module's configuration
+ * It is extended by LdapAuthenticationConfAdmin for configuration and other admin functions
+ */
+
+class LdapAuthenticationConf {
+
+ // no need for LdapAuthenticationConf id as only one instance will exist per drupal install
+
+ public $sids = array(); // server configuration ids being used for authentication
+ public $servers = array(); // ldap server object
+ public $inDatabase = FALSE;
+ public $authenticationMode = LDAP_AUTHENTICATION_MODE_DEFAULT;
+ public $loginUIUsernameTxt;
+ public $loginUIPasswordTxt;
+ public $ldapUserHelpLinkUrl;
+ public $ldapUserHelpLinkText = LDAP_AUTHENTICATION_HELP_LINK_TEXT_DEFAULT;
+ public $loginConflictResolve = LDAP_AUTHENTICATION_CONFLICT_RESOLVE_DEFAULT;
+ public $acctCreation = LDAP_AUTHENTICATION_ACCT_CREATION_DEFAULT;
+ public $emailOption = LDAP_AUTHENTICATION_EMAIL_FIELD_DEFAULT;
+ public $emailUpdate = LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DEFAULT;
+ public $ssoEnabled = FALSE;
+ public $ssoRemoteUserStripDomainName = FALSE;
+ public $seamlessLogin = FALSE;
+ public $ldapImplementation = FALSE;
+ public $cookieExpire = LDAP_AUTHENTICATION_COOKIE_EXPIRE;
+
+ public $apiPrefs = array();
+ public $createLDAPAccounts; // should an drupal account be created when an ldap user authenticates
+ public $createLDAPAccountsAdminApproval; // create them, but as blocked accounts
+
+ /**
+ * Advanced options. whitelist / blacklist options
+ *
+ * these are on the fuzzy line between authentication and authorization
+ * and determine if a user is allowed to authenticate with ldap
+ *
+ */
+
+ public $allowOnlyIfTextInDn = array(); // eg ou=education that must be met to allow ldap authentication
+ public $excludeIfTextInDn = array();
+ public $allowTestPhp = NULL; // code that returns boolean TRUE || FALSE for allowing ldap authentication
+ public $excludeIfNoAuthorizations = LDAP_AUTHENTICATION_EXCL_IF_NO_AUTHZ_DEFAULT;
+
+ public $saveable = array(
+ 'sids',
+ 'authenticationMode',
+ 'loginConflictResolve',
+ 'acctCreation',
+ 'loginUIUsernameTxt',
+ 'loginUIPasswordTxt',
+ 'ldapUserHelpLinkUrl',
+ 'ldapUserHelpLinkText',
+ 'emailOption',
+ 'emailUpdate',
+ 'allowOnlyIfTextInDn',
+ 'excludeIfTextInDn',
+ 'allowTestPhp',
+ 'excludeIfNoAuthorizations',
+ 'ssoRemoteUserStripDomainName',
+ 'seamlessLogin',
+ 'ldapImplementation',
+ 'cookieExpire',
+ );
+
+ /** are any ldap servers that are enabled associated with ldap authentication **/
+ public function enabled_servers() {
+ return !(count(array_filter(array_values($this->sids))) == 0);
+ }
+ function __construct() {
+ $this->load();
+ }
+
+
+ function load() {
+
+ if ($saved = variable_get("ldap_authentication_conf", FALSE)) {
+ $this->inDatabase = TRUE;
+ foreach ($this->saveable as $property) {
+ if (isset($saved[$property])) {
+ $this->{$property} = $saved[$property];
+ }
+ }
+ foreach ($this->sids as $sid => $is_enabled) {
+ if ($is_enabled) {
+ $this->servers[$sid] = ldap_servers_get_servers($sid, 'enabled', TRUE);
+ }
+ }
+
+ }
+ else {
+ $this->inDatabase = FALSE;
+ }
+
+ $this->ssoEnabled = module_exists('ldap_sso');
+ $this->apiPrefs['requireHttps'] = variable_get('ldap_servers_require_ssl_for_credentails', 1);
+ $this->apiPrefs['encryption'] = variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT);
+
+ // determine account creation configuration
+ $user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
+ if ($this->acctCreation == LDAP_AUTHENTICATION_ACCT_CREATION_DEFAULT || $user_register == USER_REGISTER_VISITORS) {
+ $this->createLDAPAccounts = TRUE;
+ $this->createLDAPAccountsAdminApproval = FALSE;
+ }
+ elseif ($user_register == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) {
+ $this->createLDAPAccounts = FALSE;
+ $this->createLDAPAccountsAdminApproval = TRUE;
+ }
+ else {
+ $this->createLDAPAccounts = FALSE;
+ $this->createLDAPAccountsAdminApproval = FALSE;
+ }
+
+ }
+
+ /**
+ * Destructor Method
+ */
+ function __destruct() {
+
+
+ }
+
+
+ /**
+ * decide if a username is excluded or not
+ *
+ * return boolean
+ */
+ public function allowUser($name, $ldap_user_entry) {
+
+ /**
+ * do one of the exclude attribute pairs match
+ */
+ $exclude = FALSE;
+ foreach ($this->excludeIfTextInDn as $test) {
+ if (stripos($ldap_user_entry['dn'], $test) !== FALSE) {
+ return FALSE;// if a match, return FALSE;
+ }
+ }
+
+
+ /**
+ * evaluate php if it exists
+ */
+ if ($this->allowTestPhp) {
+ if (module_exists('php')) {
+ global $_name, $_ldap_user_entry;
+ $_name = $name;
+ $_ldap_user_entry = $ldap_user_entry;
+ $code = '<?php ' . "global \$_name; \n global \$_ldap_user_entry; \n" . $this->allowTestPhp . ' ?>';
+ $code_result = php_eval($code);
+ $_name = NULL;
+ $_ldap_user_entry = NULL;
+ if ((boolean)($code_result) == FALSE) {
+ return FALSE;
+ }
+ }
+ else {
+ drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
+ $tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
+ watchdog('warning', 'LDAP Authentication is configured to deny users based on php execution with php_eval function, but php module is not enabled. Please enable php module or remove php code at !ldap_authentication_config .', $tokens);
+ return FALSE;
+ }
+ }
+
+ /**
+ * do one of the allow attribute pairs match
+ */
+ if (count($this->allowOnlyIfTextInDn)) {
+ $fail = TRUE;
+ foreach ($this->allowOnlyIfTextInDn as $test) {
+ if (stripos($ldap_user_entry['dn'], $test) !== FALSE) {
+ $fail = FALSE;
+ }
+ }
+ if ($fail) {
+ return FALSE;
+ }
+
+ }
+ /**
+ * is excludeIfNoAuthorizations option enabled and user not granted any groups
+ */
+
+ if ($this->excludeIfNoAuthorizations) {
+ if (!module_exists('ldap_authorization')) {
+ drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
+ $tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
+ watchdog('warning', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but LDAP Authorization module is not enabled. Please enable and configure LDAP Authorization or disable this option at !ldap_authentication_config .', $tokens);
+ return FALSE;
+ }
+ $user = new stdClass();
+ $user->name = $name;
+ $user->ldap_authenticated = TRUE; // fake user property added for query
+ $consumers = ldap_authorization_get_consumers();
+ $has_enabled_consumers = FALSE;
+
+ foreach ($consumers as $consumer_type => $consumer_config) {
+ $consumer_obj = ldap_authorization_get_consumer_object($consumer_type);
+ if ($consumer_obj->consumerConf->status) {
+ $has_enabled_consumers = TRUE;
+ list($authorizations, $notifications) = ldap_authorizations_user_authorizations($user, 'query', $consumer_type, 'test_if_authorizations_granted');
+ if (count(array_filter(array_values($authorizations))) > 0) {
+ return TRUE;
+ }
+ }
+ }
+
+ if (!$has_enabled_consumers) {
+ drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
+ $tokens = array('!ldap_consumer_config' => l(t('LDAP Authorization Configuration'), 'admin/config/people/ldap/authorization'));
+ watchdog('warning', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but 0 LDAP Authorization consumers are configured: !ldap_consumer_config .', $tokens);
+ return FALSE;
+ }
+
+ return FALSE;
+ }
+
+
+ /**
+ * default to allowed
+ */
+ return TRUE;
+ }
+
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConfAdmin.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConfAdmin.class.php
new file mode 100644
index 0000000..3600ac1
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/LdapAuthenticationConfAdmin.class.php
@@ -0,0 +1,614 @@
+<?php
+// $Id: LdapAuthenticationConfAdmin.class.php,v 1.4.2.1 2011/02/08 06:01:00 johnbarclay Exp $
+
+/**
+ * @file
+ * This classextends by LdapAuthenticationConf for configuration and other admin functions
+ */
+module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConf.class');
+
+class LdapAuthenticationConfAdmin extends LdapAuthenticationConf {
+
+ protected function setTranslatableProperties() {
+
+ /**
+ * 0. Logon Options
+ */
+
+ $values['authenticationModeOptions'] = array(
+ LDAP_AUTHENTICATION_MIXED => t('Mixed mode. Drupal authentication is tried first. On failure, LDAP authentication is performed.'),
+ LDAP_AUTHENTICATION_EXCLUSIVE => t('Only LDAP Authentication is allowed except for user 1.
+ If selected, (1) reset password links will be replaced with links to ldap end user documentation below.
+ (2) The reset password form will be left available at user/password for user 1; but no links to it
+ will be provided to anonymous users.
+ (3) Password fields in user profile form will be removed except for user 1.'),
+ );
+
+ $values['authenticationServersDescription'] = t('Check all LDAP server configurations to use in authentication.
+ Each will be tested for authentication until successful or
+ until each is exhausted. In most cases only one server configuration is selected.');
+
+ /**
+ * 1. User Login Interface
+ */
+ $values['loginUIUsernameTxtDescription'] = t('Text to be displayed to user below the username field of
+ the user login screen.');
+
+ $values['loginUIPasswordTxtDescription'] = t('Text to be displayed to user below the password field of
+ the user login screen.');
+
+ $values['ldapUserHelpLinkUrlDescription'] = t('URL to LDAP user help/documentation for users resetting
+ passwords etc. Should be of form http://domain.com/. Could be the institutions ldap password support page
+ or a page within this drupal site that is available to anonymous users.');
+
+ $values['ldapUserHelpLinkTextDescription'] = t('Text for above link e.g. Account Help or Campus Password Help Page');
+
+
+ /**
+ * 2. LDAP User Restrictions
+ */
+
+ $values['allowOnlyIfTextInDnDescription'] = t('A list of text such as ou=education
+ or cn=barclay that at least one of be found in user\'s dn string. Enter one per line
+ such as <pre>ou=education') . "\n" . t('ou=engineering</pre> This test will be case insensitive.');
+
+ $values['excludeIfTextInDnDescription'] = t('A list of text such as ou=evil
+ or cn=bad that if found in a user\'s dn, exclude them from ldap authentication.
+ Enter one per line such as <pre>ou=evil') . "\n" . t('cn=bad</pre> This test will be case insensitive.');
+
+ $values['allowTestPhpDescription'] = t('PHP code which should print 1
+ for allowing ldap authentication or 0 for not allowed. Available variables are:
+ $_name and $_ldap_user_entry See readme.txt for more info.');
+
+ $values['excludeIfNoAuthorizationsDescription'] = t('If the user is not granted any drupal roles,
+ organic groups, etc. by LDAP Authorization, login will be denied. LDAP Authorization must be
+ enabled for this to work.');
+
+
+
+ /**
+ * 3. Drupal Account Provisioning and Syncing
+ */
+ $values['loginConflictResolveDescription'] = t('What should be done if a local Drupal or other external
+ authentication account already exists with the same login name.');
+ $values['loginConflictOptions'] = array(
+ LDAP_AUTHENTICATION_CONFLICT_LOG => t('Disallow login and log the conflict'),
+ LDAP_AUTHENTICATION_CONFLICT_RESOLVE => t('Associate local account with the LDAP entry. This option
+ is useful for creating accounts and assigning roles before an ldap user authenticates.'),
+ );
+
+
+ $values['acctCreationOptions'] = array(
+ LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR => t('Create accounts automatically for ldap authenticated users.
+ Account creation settings at /admin/config/people/accounts/settings will only affect non-ldap authenticated accounts.'),
+ LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP => t('Use account creation policy
+ at /admin/config/people/accounts/settings under for both Drupal and LDAP Authenticated users.
+ "Visitors" option automatically creates and account when they successfully LDAP authenticate.
+ "Admin" and "Admin with approval" do not allow user to authenticate until the account is approved.'),
+ );
+
+
+ /**
+ * 4. Email
+ */
+
+ $values['emailOptionOptions'] = array(
+ LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE => t('Don\'t show an email field on user forms. LDAP derived email will be used for user and connot be changed by user'),
+ LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE => t('Show disabled email field on user forms with LDAP derived email. LDAP derived email will be used for user and connot be changed by user'),
+ );
+
+ $values['emailUpdateOptions'] = array(
+ LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY => t('Update stored email if LDAP email differs at login and notify user.'),
+ LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE => t('Update stored email if LDAP email differs at login but don\'t notify user.'),
+ LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE => t('Don\'t update stored email if LDAP email differs at login.'),
+ );
+
+
+ /**
+ * 5. Single Sign-On / Seamless Sign-On
+ */
+
+ $values['ldapImplementationOptions'] = array(
+ 'mod_auth_sspi' => t('mod_auth_sspi'),
+ 'mod_auth_kerb' => t('mod_auth_kerb'),
+ );
+
+ $values['cookieExpirePeriod'] = array(0 => t('Immediately')) +
+ drupal_map_assoc(array(3600, 86400, 604800, 2592000, 31536000, 315360000), 'format_interval')
+ + array(-1 => t('Never'));
+
+ $values['ssoEnabledDescription'] = '<strong>' . t('Single Sign on is enabled.') .
+ '</strong> ' . t('To disable it, disable the LDAP SSO Module on the ') . l('Modules Form', 'admin/modules') . '.<p>' .
+ t('Single Sign-On enables ' .
+ 'users of this site to be authenticated by visiting the URL ' .
+ '"user/login/sso, or automatically if selecting "automated ' .
+ 'single sign-on" below. Set up of LDAP authentication must be ' .
+ 'performed on the web server. Please review the !readme file ' .
+ 'for more information.', array('!readme' =>
+ l(t('README.txt'), drupal_get_path('module', 'ldap_sso') . '/README.txt')))
+ . '</p>';
+
+ $values['ssoRemoteUserStripDomainNameDescription'] = t('Useful when the ' .
+ 'WWW server provides authentication in the form of user@realm and you ' .
+ 'want to have both SSO and regular forms based authentication ' .
+ 'available. Otherwise duplicate accounts with conflicting e-mail ' .
+ 'addresses may be created.');
+ $values['seamlessLogInDescription'] = t('This requires that you ' .
+ 'have operational NTLM or Kerberos authentication turned on for at least ' .
+ 'the path user/login/sso, or for the whole domain.');
+ $values['cookieExpireDescription'] = t('If using the seamless login, a ' .
+ 'cookie is necessary to prevent automatic login after a user ' .
+ 'manually logs out. Select the lifetime of the cookie.');
+ $values['ldapImplementationDescription'] = t('Select the type of ' .
+ 'authentication mechanism you are using.');
+
+ foreach ($values as $property => $default_value) {
+ $this->$property = $default_value;
+ }
+ }
+
+ /**
+ * 0. Logon Options
+ */
+ public $authenticationModeDefault = LDAP_AUTHENTICATION_MIXED;
+ public $authenticationModeOptions;
+
+ protected $authenticationServersDescription;
+ protected $authenticationServersOptions = array();
+
+ /**
+ * 1. User Login Interface
+ */
+ protected $loginUIUsernameTxtDescription;
+ protected $loginUIPasswordTxtDescription;
+ protected $ldapUserHelpLinkUrlDescription;
+ protected $ldapUserHelpLinkTextDescription;
+
+
+ /**
+ * 2. LDAP User Restrictions
+ */
+
+ protected $allowOnlyIfTextInDnDescription;
+ protected $excludeIfTextInDnDescription;
+ protected $allowTestPhpDescription;
+
+ /**
+ * 3. Drupal Account Provisioning and Syncing
+ */
+ public $loginConflictResolveDescription;
+ public $loginConflictResolveDefault = LDAP_AUTHENTICATION_CONFLICT_LOG; // LDAP_CONFLICT_RESOLVE;
+ public $loginConflictOptions;
+
+ public $acctCreationDescription = '';
+ public $acctCreationDefault = LDAP_AUTHENTICATION_ACCT_CREATION_DEFAULT;
+ public $acctCreationOptions;
+
+
+ /**
+ * 4. Email
+ */
+
+ public $emailOptionDefault = LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE;
+ public $emailOptionOptions;
+
+ public $emailUpdateDefault = LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY;
+ public $emailUpdateOptions;
+
+
+ /**
+ * 5. Single Sign-On / Seamless Sign-On
+ */
+
+ public $ssoEnabledDescription;
+ public $ssoRemoteUserStripDomainNameDescription;
+ public $ldapImplementationOptions;
+ public $cookieExpirePeriod;
+ public $seamlessLogInDescription;
+ public $cookieExpireDescription;
+ public $ldapImplementationDescription;
+
+
+ public $errorMsg = NULL;
+ public $hasError = FALSE;
+ public $errorName = NULL;
+
+ public function clearError() {
+ $this->hasError = FALSE;
+ $this->errorMsg = NULL;
+ $this->errorName = NULL;
+ }
+
+ public function save() {
+ foreach ($this->saveable as $property) {
+ $save[$property] = $this->{$property};
+ }
+ variable_set('ldap_authentication_conf', $save);
+ }
+
+ static public function getSaveableProperty($property) {
+ $ldap_authentication_conf = variable_get('ldap_authentication_conf', array());
+ return isset($ldap_authentication_conf[$property]) ? $ldap_authentication_conf[$property] : FALSE;
+
+ }
+
+ static public function uninstall() {
+ variable_del('ldap_authentication_conf');
+ }
+
+ public function __construct() {
+ parent::__construct();
+ $this->setTranslatableProperties();
+ if ($servers = ldap_servers_get_servers(NULL, 'enabled')) {
+ foreach ($servers as $sid => $ldap_server) {
+ $enabled = ($ldap_server->status) ? 'Enabled' : 'Disabled';
+ $this->authenticationServersOptions[$sid] = $ldap_server->name . ' (' . $ldap_server->address . ') Status: ' . $enabled;
+ }
+ }
+ }
+
+
+ public function drupalForm() {
+
+ if (count($this->authenticationServersOptions) == 0) {
+ $message = ldap_servers_no_enabled_servers_msg('configure LDAP Authentication');
+ $form['intro'] = array(
+ '#type' => 'item',
+ '#markup' => t('<h1>LDAP Authentication Settings</h1>') . $message,
+ );
+ return $form;
+ }
+
+ $tokens = array(); // not sure what the tokens would be for this form?
+
+ $form['intro'] = array(
+ '#type' => 'item',
+ '#markup' => t('<h1>LDAP Authentication Settings</h1>'),
+ );
+
+ $form['logon'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Logon Options'),
+ '#collapsible' => TRUE,
+ '#collapsed' => FALSE,
+ );
+
+ $form['logon']['authenticationMode'] = array(
+ '#type' => 'radios',
+ '#title' => t('Allowable Authentications'),
+ '#required' => 1,
+ '#default_value' => $this->authenticationMode,
+ '#options' => $this->authenticationModeOptions,
+ );
+
+
+ $form['logon']['authenticationServers'] = array(
+ '#type' => 'checkboxes',
+ '#title' => t('Authentication LDAP Server Configurations'),
+ '#required' => FALSE,
+ '#default_value' => $this->sids,
+ '#options' => $this->authenticationServersOptions,
+ '#description' => $this->authenticationServersDescription
+ );
+
+ $form['login_UI'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('User Login Interface'),
+ '#collapsible' => TRUE,
+ '#collapsed' => FALSE,
+ );
+
+ $form['login_UI']['loginUIUsernameTxt'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Username Description Text'),
+ '#required' => 0,
+ '#default_value' => $this->loginUIUsernameTxt,
+ '#description' => $this->loginUIUsernameTxtDescription,
+ );
+
+ $form['login_UI']['loginUIPasswordTxt'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Password Description Text'),
+ '#required' => 0,
+ '#default_value' => $this->loginUIPasswordTxt,
+ '#description' => $this->loginUIPasswordTxtDescription,
+ );
+
+ $form['login_UI']['ldapUserHelpLinkUrl'] = array(
+ '#type' => 'textfield',
+ '#title' => t('LDAP Account User Help URL'),
+ '#required' => 0,
+ '#default_value' => $this->ldapUserHelpLinkUrl,
+ '#description' => $this->ldapUserHelpLinkUrlDescription,
+ );
+
+
+ $form['login_UI']['ldapUserHelpLinkText'] = array(
+ '#type' => 'textfield',
+ '#title' => t('LDAP Account User Help Link Text'),
+ '#required' => 0,
+ '#default_value' => $this->ldapUserHelpLinkText,
+ '#description' => $this->ldapUserHelpLinkTextDescription,
+ );
+
+ $form['restrictions'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('LDAP User "Whitelists" and Restrictions'),
+ '#collapsible' => TRUE,
+ '#collapsed' => FALSE,
+ );
+
+
+ $form['restrictions']['allowOnlyIfTextInDn'] = array(
+ '#type' => 'textarea',
+ '#title' => t('Allow Only Text Test'),
+ '#default_value' => $this->arrayToLines($this->allowOnlyIfTextInDn),
+ '#cols' => 50,
+ '#rows' => 3,
+ '#description' => t($this->allowOnlyIfTextInDnDescription, $tokens),
+ );
+
+ $form['restrictions']['excludeIfTextInDn'] = array(
+ '#type' => 'textarea',
+ '#title' => t('Excluded Text Test'),
+ '#default_value' => $this->arrayToLines($this->excludeIfTextInDn),
+ '#cols' => 50,
+ '#rows' => 3,
+ '#description' => t($this->excludeIfTextInDnDescription, $tokens),
+ );
+
+ $form['restrictions']['allowTestPhp'] = array(
+ '#type' => 'textarea',
+ '#title' => t('PHP to Test for Allowed LDAP Users'),
+ '#default_value' => $this->allowTestPhp,
+ '#cols' => 50,
+ '#rows' => 3,
+ '#description' => t($this->allowTestPhpDescription, $tokens),
+ '#disabled' => (boolean)(!module_exists('php')),
+ );
+ if (!module_exists('php')) {
+ $form['restrictions']['allowTestPhp']['#title'] .= ' <em>' . t('php module currently disabled') . '</em>';
+ }
+
+
+ $form['restrictions']['excludeIfNoAuthorizations'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('New and lightly tested feature. Use with caution! Requires LDAP Authorization to be enabled and configured. Deny access to users without Ldap Authorization Module authorization mappings such as Drupal roles.'),
+ '#default_value' => $this->excludeIfNoAuthorizations,
+ '#description' => t($this->excludeIfNoAuthorizationsDescription, $tokens),
+ '#disabled' => (boolean)(!module_exists('ldap_authorization')),
+ );
+
+
+ $form['drupal_accounts'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Drupal User Account Creation'),
+ '#collapsible' => TRUE,
+ '#collapsed' => FALSE,
+ );
+
+ $form['drupal_accounts']['loginConflictResolve'] = array(
+ '#type' => 'radios',
+ '#title' => t('Existing Drupal User Account Conflict'),
+ '#required' => 1,
+ '#default_value' => $this->loginConflictResolve,
+ '#options' => $this->loginConflictOptions,
+ '#description' => t( $this->loginConflictResolveDescription),
+ );
+
+
+ $form['drupal_accounts']['acctCreation'] = array(
+ '#type' => 'radios',
+ '#title' => t('Account Creation for LDAP Authenticated Users'),
+ '#required' => 1,
+ '#default_value' => $this->acctCreation,
+ '#options' => $this->acctCreationOptions,
+ '#description' => t($this->acctCreationDescription),
+ );
+
+ $form['email'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Email'),
+ '#collapsible' => TRUE,
+ '#collapsed' => FALSE,
+ );
+
+ $form['email']['emailOption'] = array(
+ '#type' => 'radios',
+ '#title' => t('Email Behavior'),
+ '#required' => 1,
+ '#default_value' => $this->emailOption,
+ '#options' => $this->emailOptionOptions,
+ );
+
+ $form['email']['emailUpdate'] = array(
+ '#type' => 'radios',
+ '#title' => t('Email Update'),
+ '#required' => 1,
+ '#default_value' => $this->emailUpdate,
+ '#options' => $this->emailUpdateOptions,
+ );
+
+
+ /**
+ * Begin single sign-on settings
+ */
+ $form['sso'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Single Sign-On'),
+ '#collapsible' => TRUE,
+ '#collapsed' => (boolean)(!$this->ssoEnabled),
+ );
+
+/**
+ $form['sso']['ssoEnabled'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Enable Single Sign-On'),
+ '#description' => t($this->ssoEnabledDescription),
+ '#default_value' => $this->ssoEnabled,
+ '#disabled' => (boolean)(!module_exists('ldap_sso')),
+ );
+**/
+ if ($this->ssoEnabled) {
+
+ $form['sso']['enabled'] = array(
+ '#type' => 'markup',
+ '#markup' => $this->ssoEnabledDescription,
+ );
+
+ }
+ else {
+ $form['sso']['disabled'] = array(
+ '#type' => 'markup',
+ '#markup' => '<p><em>' . t('LDAP Single Sign-On module must be enabled for options below to work.')
+ . ' ' . t('It is currently disabled.')
+ . ' ' . l('Modules Form', 'admin/modules') . '</p></em>',
+ );
+
+
+
+ }
+ $form['sso']['ssoRemoteUserStripDomainName'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Strip REMOTE_USER domain name'),
+ '#description' => t($this->ssoRemoteUserStripDomainNameDescription),
+ '#default_value' => $this->ssoRemoteUserStripDomainName,
+ '#disabled' => (boolean)(!$this->ssoEnabled),
+ );
+
+ $form['sso']['seamlessLogin'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Turn on automated single sign-on'),
+ '#description' => t($this->seamlessLogInDescription),
+ '#default_value' => $this->seamlessLogin,
+ '#disabled' => (boolean)(!$this->ssoEnabled),
+ );
+
+ $form['sso']['cookieExpire'] = array(
+ '#type' => 'select',
+ '#title' => t('Cookie Lifetime'),
+ '#description' => t($this->cookieExpireDescription),
+ '#default_value' => $this->cookieExpire,
+ '#options' => $this->cookieExpirePeriod,
+ '#disabled' => (boolean)(!$this->ssoEnabled),
+ );
+
+ $form['sso']['ldapImplementation'] = array(
+ '#type' => 'select',
+ '#title' => t('Authentication Mechanism'),
+ '#description' => t($this->ldapImplementationDescription),
+ '#default_value' => $this->ldapImplementation,
+ '#options' => $this->ldapImplementationOptions,
+ '#disabled' => (boolean)(!$this->ssoEnabled),
+ );
+
+ $form['submit'] = array(
+ '#type' => 'submit',
+ '#value' => 'Save',
+ );
+
+ return $form;
+}
+
+/**
+ * validate form, not object
+ */
+ public function drupalFormValidate($values) {
+
+ $this->populateFromDrupalForm($values);
+
+ $errors = $this->validate();
+
+ return $errors;
+ }
+
+/**
+ * validate object, not form
+ */
+ public function validate() {
+ $errors = array();
+
+ $enabled_servers = ldap_servers_get_servers(NULL, 'enabled');
+ if ($this->ssoEnabled) {
+ foreach ($this->sids as $sid) {
+ if ($enabled_servers[$sid]->bind_method == LDAP_SERVERS_BIND_METHOD_USER || $enabled_servers[$sid]->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
+ $methods = array(
+ LDAP_SERVERS_BIND_METHOD_USER => 'Bind with Users Credentials',
+ LDAP_SERVERS_BIND_METHOD_ANON_USER => 'Anonymous Bind for search, then Bind with Users Credentials',
+ );
+ $tokens = array(
+ '!edit' => l($enabled_servers[$sid]->name, LDAP_SERVERS_INDEX_BASE_PATH . '/edit/' . $sid),
+ '%sid' => $sid,
+ '%bind_method' => $methods[$enabled_servers[$sid]->bind_method],
+ );
+
+ $errors['ssoEnabled'] = t('Single Sign On is not valid with the server !edit (id=%sid) because that server configuration uses %bind_method. Since the user\'s credentials are never available to this module with single sign on enabled, there is no way for the ldap module to bind to the ldap server with credentials.', $tokens);
+ }
+ }
+ }
+ return $errors;
+ }
+
+ protected function populateFromDrupalForm($values) {
+ $this->authenticationMode = ($values['authenticationMode']) ? (int)$values['authenticationMode'] : NULL;
+ $this->sids = $values['authenticationServers'];
+ $this->allowOnlyIfTextInDn = $this->linesToArray($values['allowOnlyIfTextInDn']);
+ $this->excludeIfTextInDn = $this->linesToArray($values['excludeIfTextInDn']);
+ $this->allowTestPhp = $values['allowTestPhp'];
+ $this->loginConflictResolve = ($values['loginConflictResolve']) ? (int)$values['loginConflictResolve'] : NULL;
+ $this->acctCreation = ($values['acctCreation']) ? (int)$values['acctCreation'] : NULL;
+ $this->loginUIUsernameTxt = ($values['loginUIUsernameTxt']) ? (string)$values['loginUIUsernameTxt'] : NULL;
+ $this->loginUIPasswordTxt = ($values['loginUIPasswordTxt']) ? (string)$values['loginUIPasswordTxt'] : NULL;
+ $this->ldapUserHelpLinkUrl = ($values['ldapUserHelpLinkUrl']) ? (string)$values['ldapUserHelpLinkUrl'] : NULL;
+ $this->ldapUserHelpLinkText = ($values['ldapUserHelpLinkText']) ? (string)$values['ldapUserHelpLinkText'] : NULL;
+ $this->excludeIfNoAuthorizations = ($values['excludeIfNoAuthorizations']) ? (int)$values['excludeIfNoAuthorizations'] : NULL;
+ $this->emailOption = ($values['emailOption']) ? (int)$values['emailOption'] : NULL;
+ $this->emailUpdate = ($values['emailUpdate']) ? (int)$values['emailUpdate'] : NULL;
+ // $this->ssoEnabled = ($values['ssoEnabled']) ? (int)$values['ssoEnabled'] : NULL;
+ $this->ssoRemoteUserStripDomainName = ($values['ssoRemoteUserStripDomainName']) ? (int)$values['ssoRemoteUserStripDomainName'] : NULL;
+ $this->seamlessLogin = ($values['seamlessLogin']) ? (int)$values['seamlessLogin'] : NULL;
+ $this->cookieExpire = ($values['cookieExpire']) ? (int)$values['cookieExpire'] : NULL;
+ $this->ldapImplementation = ($values['ldapImplementation']) ? (string)$values['ldapImplementation'] : NULL;
+ }
+
+ public function drupalFormSubmit($values) {
+
+ $this->populateFromDrupalForm($values);
+ try {
+ $save_result = $this->save();
+ }
+ catch (Exception $e) {
+ $this->errorName = 'Save Error';
+ $this->errorMsg = t('Failed to save object. Your form data was not saved.');
+ $this->hasError = TRUE;
+ }
+
+ }
+
+ protected function arrayToLines($array) {
+ $lines = "";
+ if (is_array($array)) {
+ $lines = join("\n", $array);
+ }
+ elseif (is_array(@unserialize($array))) {
+ $lines = join("\n", unserialize($array));
+ }
+ return $lines;
+ }
+
+ protected function linesToArray($lines) {
+ $lines = trim($lines);
+
+ if ($lines) {
+ $array = preg_split('/[\n\r]+/', $lines);
+ foreach ($array as $i => $value) {
+ $array[$i] = trim($value);
+ }
+ }
+ else {
+ $array = array();
+ }
+ return $array;
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/README.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/README.txt
new file mode 100644
index 0000000..4533a85
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/README.txt
@@ -0,0 +1,40 @@
+
+
+
+=======================================
+PHP to Test for Allowed LDAP Users
+=======================================
+
+Two variables are available:
+
+(1) $_name - the username ldap server configuration has mapped user to such as "jdoe" etc. How this is derived is configured in ldap_servers module.
+
+
+
+(2) $_ldap_user_entry - their ldap entry as returned from php ldap extension.
+
+$_ldap_user_entry is something like:
+
+array(
+ 'dn' => 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+
+Result should print 1 for allowed or 0 for disallowed. The function used to evaluate the code is php_eval() in php.module
+
+---------------------------------
+Examples:
+
+
+//exclude users with guests.myuniversity.edu email address
+if (strpos($_ldap_user_entry['attr']['mail'][0], '@guests.myuniversity.edu') === FALSE) {
+ print 1;
+}
+else {
+ print 0;
+}
+
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.admin.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.admin.inc
new file mode 100644
index 0000000..eb60148
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.admin.inc
@@ -0,0 +1,62 @@
+<?php
+// $Id: ldap_authentication.admin.inc,v 1.1.4.2 2011/02/08 06:01:00 johnbarclay Exp $
+
+/**
+ * @file
+ * Administrative page callbacks for the ldap_authentication module.
+ */
+
+
+/**
+ * form for adding, updating, and deleting a single ldap authorization mapping
+ *
+ * @param <type> $form
+ * @param <type> $form_state
+ * @return array drupal form array
+ */
+function ldap_authentication_admin_form($form, &$form_state) {
+ ldap_server_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConfAdmin.class');
+ $auth_conf = new LdapAuthenticationConfAdmin();
+ return $auth_conf->drupalForm();
+}
+
+
+/**
+ * validate handler for the ldap_authentication_admin_form
+ */
+function ldap_authentication_admin_form_validate($form, &$form_state) {
+
+ ldap_server_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConfAdmin.class');
+ $auth_conf = new LdapAuthenticationConfAdmin();
+ $errors = $auth_conf->drupalFormValidate($form_state['values']);
+ foreach ($errors as $error_name => $error_text) {
+ form_set_error($error_name, t($error_text));
+ }
+
+}
+
+
+/**
+ * submit handler function for ldap_authorization_admin_form
+ */
+
+function ldap_authentication_admin_form_submit($form, &$form_state) {
+ ldap_server_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConfAdmin.class');
+ $auth_conf = new LdapAuthenticationConfAdmin();
+ $auth_conf->drupalFormSubmit($form_state['values']); // add form data to object and save or create
+
+ if (!$auth_conf->enabled_servers()) {
+ drupal_set_message(t('No LDAP servers are enabled for authentication,
+ so no LDAP Authentication can take place. This essentially disables
+ LDAP Authentication.'), 'warning');
+ }
+ if ($auth_conf->hasError == FALSE) {
+ drupal_set_message(t('LDAP Authentication configuration saved'), 'status');
+ drupal_goto(LDAP_SERVERS_MENU_BASE_PATH . '/authentication');
+ }
+ else {
+ form_set_error($auth_conf->errorName, $auth_conf->errorMsg);
+ $auth_conf->clearError();
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc
new file mode 100644
index 0000000..e97a69a
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.inc
@@ -0,0 +1,559 @@
+<?php
+// $Id: ldap_authentication.inc,v 1.1.2.3 2011/02/18 15:17:09 johnbarclay Exp $
+
+/**
+ * @file
+ * ldap_authn provides authentication against ldap server.
+ */
+
+/**
+ * helper function for ldap_authn_form_user_login_block_alter and ldap_authn_form_user_login_alter
+ *
+ * hook_user is gone in drupal 7 so functionality can be replaced by
+ * altering login form submit and validate functions
+ * http://drupal.org/update/modules/6/7#remove_op
+ *
+ * if form is being generated on non https and is set in preferences, set warning and end form development
+ * add submit functions to form
+ * - make sure submit function is in the correct order; that is if ldap precedes drupal, make _ldap_authn_login_form_submit first.
+ * do not remove other authentication submit functions, just reorder.
+ */
+function _ldap_authentication_login_form_alter(&$form, &$form_state, $form_id) {
+
+/**
+ * make sure ldap_authentication is configured and valid first
+ */
+
+ if (!$auth_conf = ldap_authentication_get_valid_conf()) {
+ return;
+ }
+ elseif (!$auth_conf->enabled_servers()) {
+ return;
+ }
+
+ /**
+ *
+ * add validate function to test for ldap authentication
+ * should be placed after user_login_authenticate_validate
+ * 1. user_login_name_validate
+ * 2. user_login_authenticate_validate
+ * 3. external authentication validate functions
+ * 4. user_login_final_validate
+ *
+ * as articulated above user_login_default_validators() in user.module
+ *
+ * without any other external authentication modules, this array will start out as:
+ * array('user_login_name_validate', 'user_login_authenticate_validate', 'user_login_final_validate')
+ */
+
+ if (@in_array('user_login_authenticate_validate', $form['#validate'])) {
+ $new_validation_sequence = array();
+ foreach ($form['#validate'] as $validate_function_name) {
+ if ($validate_function_name == 'user_login_authenticate_validate') {
+ if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_MIXED) {
+ // if mixed mode, allow drupal authentication first
+ $new_validation_sequence[] = 'user_login_authenticate_validate';
+ $new_validation_sequence[] = 'ldap_authentication_user_login_authenticate_validate';
+ }
+ elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
+ // see drupal.org/node/1009990 and drupal.org/node/1022362 change back when fixed.
+ $new_validation_sequence[] = 'user_login_authenticate_validate';
+ $new_validation_sequence[] = 'ldap_authentication_user_login_authenticate_validate';
+ }
+ else { // misconfigured ldap authentication, restore to original validation sequence
+ $new_validation_sequence[] = 'user_login_authenticate_validate';
+ }
+ }
+ else {
+ $new_validation_sequence[] = $validate_function_name;
+ }
+ }
+ $form['#validate'] = $new_validation_sequence;
+ }
+
+ if ($form_id == 'user_login_block') {
+ $user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
+ $vars = array(
+ 'show_reset_pwd' => ldap_authentication_show_reset_pwd(),
+ 'auth_conf' => $auth_conf,
+ );
+
+ $form['links']['#markup'] = theme('ldap_authentication_user_login_block_links', $vars);
+ }
+ ldap_servers_disable_http_check($form);
+
+ // Add help information for entering in username/password
+ $auth_conf = ldap_authentication_get_valid_conf();
+ if ($auth_conf) {
+ if (isset($auth_conf->loginUIUsernameTxt)) {
+ $form['name']['#description'] = t($auth_conf->loginUIUsernameTxt);
+ }
+ if (isset($auth_conf->loginUIPasswordTxt)) {
+ $form['pass']['#description'] = t($auth_conf->loginUIPasswordTxt);
+ }
+ }
+}
+
+
+
+
+function _ldap_authentication_form_user_profile_form_alter(&$form, $form_state) {
+ // keep in mind admin may be editing another users profile form. don't assume current global $user
+ $auth_conf = ldap_authentication_get_valid_conf();
+ if ($auth_conf && ldap_authentication_ldap_authenticated($form['#user'])) {
+ if ($auth_conf->emailOption == LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE) {
+ $form['account']['mail']['#type'] = 'hidden';
+ }
+ elseif ($auth_conf->emailOption == LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE) {
+ $form['account']['mail']['#disabled'] = TRUE;
+ $form['account']['mail']['#description'] = t('This email address is automatically set and may not be changed.');
+ }
+
+ if (!ldap_authentication_show_reset_pwd($form['#user'])) {
+ $form['account']['current_pass']['#disabled'] = TRUE;
+ if ($auth_conf->ldapUserHelpLinkUrl) {
+ $form['account']['current_pass']['#description'] = l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl);
+ }
+ else {
+ $form['account']['current_pass']['#description'] = t('The password cannot be changed using this website');
+ }
+ $form['account']['pass']['#disabled'] = TRUE;
+ }
+ }
+}
+
+
+/**
+ * user form validation will take care of username, pwd fields
+ *
+ * this may validate if the user exists in ldap in the case of using
+ * ldap authentication exclusively
+ */
+function _ldap_authentication_user_login_authenticate_validate(&$form_state) {
+
+ $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
+ $authname = $form_state['values']['name']; // $name = $form_state['values']['name']; // patch 1599632
+ $pass = $form_state['values']['pass'];
+
+ /*
+ * If a fake form state was passed into this function from
+ * _ldap_authentication_user_login_sso(), there will be a value outside of the
+ * form_state[values] array to let us know that we are not authenticating with
+ * a password, but instead just looking up a username/dn in LDAP since the web
+ * server already authenticated the user.
+ */
+ $sso_login = (isset($form_state['sso_login']) && $form_state['sso_login']) ? TRUE : FALSE;
+
+
+ $watchdog_tokens = array('%username' => $authname); // $watchdog_tokens = array('%username' => $name); // patch 1599632
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Beginning authentification....', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+ if (!$auth_conf = ldap_authentication_get_valid_conf()) {
+ watchdog('ldap_authentication', 'Failed to get valid ldap authentication configuration.', array(), WATCHDOG_ERROR);
+ form_set_error('name', 'Server Error: Failed to get valid ldap authentication configuration.' . $error);
+ return FALSE;
+ }
+
+ // if already succeeded at authentication, see if LDAP Exclusive is set
+ if (isset($form_state['uid']) && is_numeric($form_state['uid'])) {
+ if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_MIXED || $form_state['uid'] == 1) {
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Previously authenticated in mixed mode or uid=1', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ return; // already passed previous authentication validation
+ }
+ elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Previously authenticated in exclusive mode or uid is not 1. Clear uid
+ in form_state and attempt ldap authentication.', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ $form_state['uid'] = NULL; // passed previous authentication, but only ldap should be used
+ }
+ }
+
+ if (!count($auth_conf->servers)) {
+ watchdog('ldap_authentication', 'No LDAP servers configured.', array(), WATCHDOG_ERROR);
+ form_set_error('name', 'Server Error: No LDAP servers configured.');
+ }
+
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : user_load_by_name(%username)', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+ if(!($account = user_load_by_name($authname))) {
+ $uid = db_query("SELECT uid FROM {authmap} WHERE authname = :authname AND module = 'ldap_authentication'", array(':authname' => $authname))->fetchColumn();
+ $account = $uid ? user_load($uid) : FALSE;
+ }
+
+ if (is_object($account)) {
+ if ($account->uid == 1) {
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Drupal username maps to user 1, so do not authenticate with ldap', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ return FALSE; // user 1 must use drupal authentication
+ }
+ else {
+ $account_exists = TRUE;
+ $user_data = $account->data;
+ $authmaps = user_get_authmaps($authname); // $authmaps = user_get_authmaps($name); // patch 1599632
+ $ldap_authentication_authmap = isset($authmaps['ldap_authentication']);
+ $no_authmaps = (boolean)(count($authmaps));
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Drupal User Account found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ }
+ }
+ else { // account does not exist
+ $account_exists = FALSE;
+ if ($auth_conf->createLDAPAccounts == FALSE) {
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Drupal User Account not found and configuration is set to not create new accounts.', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ }
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Existing Drupal User Account not found. Continuing on to attempt ldap authentication', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ }
+
+ foreach ($auth_conf->servers as $sid => $ldap_server) {
+ $watchdog_tokens['%sid'] = $sid;
+ $watchdog_tokens['%bind_method'] = $ldap_server->bind_method;
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Trying server %sid where bind_method = %bind_method', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+ // #1 CONNECT TO SERVER
+ $authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC;
+ $result = $ldap_server->connect();
+ if ($result != LDAP_SUCCESS) {
+ $authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT;
+ $watchdog_tokens['%err_msg'] = $ldap_server->errorMsg('ldap');
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Failed connecting to %sid. Error: %err_msg', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ $watchdog_tokens['%err_msg'] = NULL;
+ continue; // next server, please
+ }
+ elseif ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Success at connecting to %sid', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+ // #2 BIND TO SERVER
+ $bind_success = FALSE;
+ if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT ||
+ $ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER
+ ) {
+ $bind_success = ($ldap_server->bind() == LDAP_SUCCESS);
+ }
+ elseif ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
+ $bind_success = ($ldap_server->bind(NULL, NULL, TRUE) == LDAP_SUCCESS);
+ }
+ elseif ($sso_login) {
+ watchdog('ldap_authentication', 'Trying to use SSO with LDAP_SERVERS_BIND_METHOD_USER bind method.', $watchdog_tokens, WATCHDOG_ERROR);
+ }
+ elseif ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_USER && $sso_login == FALSE) {
+ // with sso enabled this method of binding isn't valid
+ foreach ($ldap_server->basedn as $basedn) {
+ $search = array('%basedn', '%username');
+ $transformname = $ldap_server->drupalToLdapNameTransform($authname, $watchdog_tokens);
+ $replace = array($basedn, $transformname);
+ $userdn = str_replace($search, $replace, $ldap_server->user_dn_expression);
+ $bind_success = ($ldap_server->bind($userdn, $pass) == LDAP_SUCCESS);
+ if ($bind_success) {
+ break;
+ }
+ }
+ }
+ else {
+ watchdog('ldap_authentication', 'No bind method set in ldap_server->bind_method in _ldap_authentication_user_login_authenticate_validate.', $watchdog_tokens, WATCHDOG_ERROR);
+ }
+
+ if (!$bind_success) {
+ if ($detailed_watchdog_log) {
+ $watchdog_tokens['%err_text'] = $ldap_server->errorMsg('ldap');
+ watchdog('ldap_authentication', '%username : Trying server %sid where bind_method = %bind_method. Error: %err_text', $watchdog_tokens, WATCHDOG_DEBUG);
+ $watchdog_tokens['%err_text'] = NULL;
+ }
+ $authentication_result = ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_USER) ? LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS : LDAP_AUTHENTICATION_RESULT_FAIL_BIND;
+ continue; // if bind fails, onto next server
+ }
+
+ // #3 DOES USER EXIST IN SERVER'S LDAP
+ if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
+ $ldap_user = $ldap_server->user_lookup($authname);
+ }
+ elseif ($sso_login) {
+ $ldap_user = $ldap_server->user_lookup($authname);
+ if ($detailed_watchdog_log) {
+ $watchdog_tokens['%result'] = var_export($result, TRUE);
+ watchdog('ldap_authentication', '%username : attempting single sign-on
+ login in bind_method of LDAP_SERVERS_BIND_METHOD_USER. Result of
+ user_lookup: <pre>%result</pre>', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ }
+ else {
+ $ldap_user = $ldap_server->user_lookup($authname);
+ }
+
+ if (!$ldap_user) {
+ if ($detailed_watchdog_log) {
+ $watchdog_tokens['%err_text'] = $ldap_server->errorMsg('ldap');
+ watchdog('ldap_authentication', '%username : Trying server %sid where bind_method = %bind_method. Error: %err_text', $watchdog_tokens, WATCHDOG_DEBUG);
+ $watchdog_tokens['%err_text'] = NULL;
+ }
+ if ($ldap_server->ldapErrorNumber()) {
+ $authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_SERVER;
+ break;
+ }
+ $authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_FIND;
+ continue; // next server, please
+ }
+
+ $watchdog_tokens['%dn'] = $ldap_user['dn'];
+ $watchdog_tokens['%mail'] = $ldap_user['mail'];
+
+ /**
+ * #4 CHECK ALLOWED AND EXCLUDED LIST AND PHP FOR ALLOWED USERS
+ */
+ $allow = $auth_conf->allowUser($authname, $ldap_user);
+ if (!$allow) {
+ $authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED;
+ break; // regardless of how many servers, disallowed user fails
+ }
+
+ /**
+ * #5 TEST PASSWORD
+ */
+ $credentials_pass = FALSE;
+ if ($sso_login) {
+ /** If we have $sso_login passed in as true from the fake form state in
+ * passed from _ldap_authentication_user_login_sso(), we will be relying
+ * on the webserver for actually authenticating the user, either by NTLM
+ * or user/password if configured as a fallback. Since the webserver has
+ * already authenticated the user, and the web server only contains the
+ * user's LDAP user name, instead of binding on the username/pass, we
+ * simply look up the user's account in LDAP, and make sure it matches
+ * what is contained in the global $_SERVER array populated by the web
+ * server authentication.
+ */
+ $credentials_pass = (boolean)($ldap_user);
+ }
+ else {
+ $credentials_pass = ($ldap_server->bind($ldap_user['dn'], $pass) == LDAP_SUCCESS);
+ }
+ if (!$credentials_pass) {
+ if ($detailed_watchdog_log) {
+ $watchdog_tokens['%err_text'] = $ldap_server->errorMsg('ldap');
+ watchdog('ldap_authentication', '%username : Testing user credentials on server %sid where bind_method = %bind_method. Error: %err_text', $watchdog_tokens, WATCHDOG_DEBUG);
+ $watchdog_tokens['%err_text'] = NULL;
+ }
+ $authentication_result = LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS;
+ continue; // next server, please
+ }
+ else {
+ $authentication_result = LDAP_AUTHENTICATION_RESULT_SUCCESS;
+ if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
+ $ldap_user = $ldap_server->user_lookup($authname); // after successful bind, lookup user again to get private attributes
+ $watchdog_tokens['%mail'] = $ldap_user['mail'];
+ }
+ if ($ldap_server->account_name_attr != '') {
+ $accountname = $ldap_user['attr'][$ldap_server->account_name_attr][0];
+ }
+ else {
+ $accountname = $authname;
+ }
+ $watchdog_tokens['%account_name_attr'] = $accountname;
+ break; //success
+ }
+
+ if ($ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT ||
+ $ldap_server->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
+ $ldap_server->disconnect();
+ }
+
+ } // end loop through servers
+
+
+
+
+
+ $watchdog_tokens['%result'] = $result;
+ $watchdog_tokens['%auth_result'] = $authentication_result;
+ $watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result) ;
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : Authentication result id=%result auth_result=%auth_result (%err_text)', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+ if ($authentication_result != LDAP_AUTHENTICATION_RESULT_SUCCESS) {
+ $watchdog_tokens['%err_text'] = _ldap_authentication_err_text($authentication_result);
+ // fail scenario 1. ldap auth exclusive and failed throw error
+ if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', '%username : setting error because failed at ldap and
+ LDAP_AUTHENTICATION_EXCLUSIVE is set to true. So need to stop authentication of Drupal user that is not user 1.
+ error message: %err_text', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ form_set_error('name', $watchdog_tokens['%err_text']);
+ }
+ else {
+ // fail scenario 2. simply fails ldap. return false.
+ // don't show user message, may be using other authentication after this that may succeed.
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication',
+ '%username : Failed ldap authentication.
+ User may have authenticated successfully by other means in a mixed authentication site.
+ LDAP Authentication Error #: %auth_result error message: %err_text',
+ $watchdog_tokens,
+ WATCHDOG_DEBUG
+ );
+ }
+ }
+ return FALSE;
+ }
+
+ /**
+ * case 1: previously drupal authenticated user authenticated successfully on ldap
+ *
+ */
+ if (!$account_exists && ($account = user_load_by_name($accountname))) {
+ user_set_authmaps($account, array('authname_ldap_authentication' => $authname));
+ $account_exists = TRUE;
+ }
+ if (!$account_exists) {
+ if ($account_with_same_email = user_load_by_mail($ldap_user['mail'])) {
+ /**
+ * username does not exist but email does. Since user_external_login_register does not deal with
+ * mail attribute and the email conflict error needs to be caught beforehand, need to throw error here
+ */
+ $watchdog_tokens['%duplicate_name'] = $account_with_same_email->name;
+ watchdog('ldap_authentication', 'LDAP user with DN %dn has email address
+ (%mail) conflict with a drupal user %duplicate_name', $watchdog_tokens, WATCHDOG_ERROR);
+ drupal_set_message(t('Another user already exists in the system with the same email address. You should contact the system administrator in order to solve this conflict.'), 'error');
+ return FALSE;
+
+ }
+ /**
+ *
+ * new ldap_authentication provisioned account could let user_external_login_register create the account and set authmaps, but would need
+ * to add mail and any other user->data data in hook_user_presave which would mean requerying ldap
+ * or having a global variable. At this point the account does not exist, so there is no
+ * reason not to create it here.
+ *
+ * @todo create patch for user_external_login_register to deal with new external accounts
+ * a little tweak to add user->data and mail etc as parameters would make it more useful
+ * for external authentication modules
+ */
+ ldap_server_module_load_include('inc', 'ldap_servers', 'ldap_servers.functions');
+
+
+ $account = ldap_create_drupal_account($authname, $accountname, $ldap_user['mail'], $ldap_user['dn'], $sid);
+ if ($account === FALSE) {
+ // need to throw error that account was not created
+ }
+
+
+ }
+ else { // account already exists
+ if ($ldap_authentication_authmap == FALSE) { // LDAP_authen.AC.disallow.ldap.drupal
+ if ($auth_conf->loginConflictResolve == LDAP_AUTHENTICATION_CONFLICT_LOG) {
+ $watchdog_tokens['%conflict_name'] = $account_with_same_email->name;
+ watchdog('ldap_authentication', 'LDAP user with DN %dn has a naming conflict with a local drupal user %conflict_name', $watchdog_tokens, WATCHDOG_ERROR);
+ drupal_set_message(t('Another user already exists in the system with the same login name. You should contact the system administrator in order to solve this conflict.'), 'error');
+ return FALSE;
+ }
+ else { // LDAP_authen.AC.disallow.ldap.drupal
+ // add ldap_authentication authmap to user. account name is fine here, though cn could be used
+ user_set_authmaps($account, array('authname_ldap_authentication' => $authname));
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authentication', 'set authmap for %username authname_ldap_authentication', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ }
+ }
+
+ if ($account->mail != $ldap_user['mail'] && (
+ $auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ||
+ $auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE
+ )) {
+ $edit = array('mail' => $ldap_user['mail']);
+ if (!$updated_account = user_save($account, $edit)) {
+ $watchdog_tokens = array('%username' => $account->name, '%old' => $account->mail, '%new' => $ldap_user['mail']);
+ watchdog('ldap_authentication', 'User e-mail for %username update from %old to %new failed because of system problems.', $watchdog_tokens, WATCHDOG_ERROR);
+ }
+ elseif ($auth_conf->emailUpdate == LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY ) {
+ $message_tokens = array('@mail' => $ldap_user['mail']);
+ drupal_set_message(t('Your e-mail has been updated to match your LDAP account (@mail).', $message_tokens), 'status');
+ }
+ }
+ }
+
+ /**
+ * we now have valid, ldap authenticated username with an account authmapped to ldap_authentication.
+ * since user_external_login_register can't deal with user mail attribute and doesn't do much else, it is not
+ * being used here.
+ */
+
+
+ /**
+ * without doing the user_login_submit,
+ * [#1009990]
+ *
+ */
+ $fake_form_state = array('uid' => $account->uid);
+ user_login_submit(array(), $fake_form_state);
+ global $user;
+ $form_state['uid'] = $user->uid;
+ return $user;
+
+}
+
+
+
+function _ldap_authentication_err_text($error) {
+
+ $msg = t('unknown error: ' . $error);
+ switch ($error) {
+ case LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT:
+ $msg = "Failed to connect to ldap server";
+ break;
+
+ case LDAP_AUTHENTICATION_RESULT_FAIL_BIND:
+ $msg = "Failed to bind to ldap server";
+ break;
+
+ case LDAP_AUTHENTICATION_RESULT_FAIL_FIND:
+ $msg = t('Sorry, unrecognized username or password.');
+ break;
+
+ case LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED:
+ $msg = "User disallowed";
+ break;
+
+ case LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS:
+ $msg = t('Sorry, unrecognized username or password.');
+ break;
+
+ case LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC:
+ $msg = t('Sorry, unrecognized username or password.');
+ break;
+
+ case LDAP_AUTHENTICATION_RESULT_FAIL_SERVER:
+ $msg = t('Authentication Server or Configuration Error.');
+ break;
+
+ }
+
+ return $msg;
+}
+
+function ldap_authentication_redirect_to_ldap_help() {
+
+ if ($auth_conf = ldap_authentication_get_valid_conf() && $auth_conf->ldapUserHelpLinkUrl) {
+ drupal_goto($auth_conf->ldapUserHelpLinkUrl);
+ }
+ else {
+ return "Misconfigured LDAP Help Link";
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.info b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.info
new file mode 100644
index 0000000..76234bb
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.info
@@ -0,0 +1,22 @@
+name = LDAP Authentication
+description = "Implements LDAP authentication"
+package = "Lightweight Directory Access Protocol"
+dependencies[] = ldap_servers
+core = 7.x
+configure = admin/config/people/ldap/authentication
+files[] = LdapAuthenticationConf.class.php
+files[] = LdapAuthenticationConfAdmin.class.php
+
+files[] = ldap_authentication.module
+files[] = ldap_authentication.install
+files[] = ldap_authentication.inc
+files[] = ldap_authentication.theme.inc
+files[] = ldap_authentication.admin.inc
+files[] = tests/ldap_authentication.test
+
+; Information added by drupal.org packaging script on 2012-06-14
+version = "7.x-1.0-beta11"
+core = "7.x"
+project = "ldap"
+datestamp = "1339643179"
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.install b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.install
new file mode 100644
index 0000000..23e0fcf
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.install
@@ -0,0 +1,110 @@
+<?php
+// $Id: ldap_authentication.install,v 1.1.4.2 2011/02/08 06:01:00 johnbarclay Exp $
+
+/**
+ * @file
+ * Install, update and uninstall functions for the LDAP authentication module.
+ */
+
+
+/**
+ * Implements hook_requirements().
+ */
+function ldap_authentication_requirements($phase) {
+ $requirements = array();
+ if ($phase != "install" && db_table_exists('ldapauth')) {
+
+ $requirements['ldap_authentication_ldap_integration']['title'] = t('LDAP Integration LDAP Auth Upgrade Concern');
+ $requirements['ldap_authentication_ldap_integration']['severity'] = REQUIREMENT_WARNING;
+ $requirements['ldap_authentication_ldap_integration']['value'] = NULL;
+ $requirements['ldap_authentication_ldap_integration']['description'] = t('Upgrade from Drupal 6 LDAP Auth to Drupal 7
+ LDAP Authentication is not automatic. LDAP Authentication will need to be configured by hand.
+ Some harmless data will remain in the user.data field in the user table. Records in
+ the authmap table will cause conflicts and should be removed or changed to ldap_authentication
+ as the module (see http://drupal.org/node/1183192).
+ See http://drupal.org/node/1023016, http://drupal.org/node/1183192.
+ This message will go away when the ldapauth database table is removed.');
+ }
+ // check that ldapauth not installed.
+ return $requirements;
+}
+
+/**
+ * Implements hook_install().
+ */
+function ldap_authentication_install() {
+}
+
+/**
+ * Implements hook_uninstall().
+ */
+function ldap_authentication_uninstall() {
+ //$result = db_query('DELETE FROM {variables} WHERE name like "ldap_authentication_%"');
+ variable_del('ldap_authentication_conf');
+}
+
+/**
+ * just notes and psuedo code for now. need a place to keep track
+ * of what a cross grade function would do
+ */
+
+
+/**
+ * ldap_authentication and ldap_sso. enable ldap_sso if sso was enabled in ldap_authentication previously
+ */
+function ldap_authentication_update_7100() {
+ // if sso is enabled in ldap authentication, enable module ldap_sso
+ module_load_include('inc', 'ldap_servers','ldap_servers.functions');
+ ldap_server_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConfAdmin.class');
+ $sso_enabled = LdapAuthenticationConfAdmin::getSaveableProperty('ssoEnabled');
+ if ($sso_enabled) {
+ module_enable(array('ldap_sso'));
+ return t('Enabled new LDAP SSO module if Single Sign on was previously enabled. Code for LDAP Single Sign On was moved to new "LDAP SSO" included module.');
+ }
+}
+
+
+function ldap_authentication_ldap_integration6_to_ldap7() {
+
+ // fix authmaps
+ // UPDATE {authmap} SET module = 'ldap_authentication' WHERE module = 'ldapauth'
+
+ // load all users and setup user data array
+
+/**
+ * CREATE TABLE `ldapauth` (
+ `sid` TINYINT(4) NOT NULL AUTO_INCREMENT,
+ `name` VARCHAR(255) NOT NULL,
+ `status` TINYINT(4) NOT NULL DEFAULT '0',
+ `server` VARCHAR(255) NOT NULL,
+ `port` INT(11) NOT NULL DEFAULT '389',
+ `tls` TINYINT(4) NOT NULL DEFAULT '0',
+ `encrypted` TINYINT(4) NOT NULL DEFAULT '0',
+ `basedn` TEXT NULL,
+ `user_attr` VARCHAR(255) NULL DEFAULT NULL,
+ `mail_attr` VARCHAR(255) NULL DEFAULT NULL,
+ `binddn` VARCHAR(255) NULL DEFAULT NULL,
+ `bindpw` VARCHAR(255) NULL DEFAULT NULL,
+ `login_php` TEXT NULL,
+ `filter_php` TEXT NULL,
+ `weight` INT(11) NOT NULL DEFAULT '0',
+ `ldapgroups_in_dn` TINYINT(4) NOT NULL DEFAULT '0',
+ `ldapgroups_dn_attribute` VARCHAR(255) NULL DEFAULT NULL,
+ `ldapgroups_attr` VARCHAR(255) NULL DEFAULT NULL,
+ `ldapgroups_in_attr` TINYINT(4) NOT NULL DEFAULT '0',
+ `ldapgroups_as_entries` TINYINT(4) NOT NULL DEFAULT '0',
+ `ldapgroups_entries` TEXT NULL,
+ `ldapgroups_entries_attribute` VARCHAR(255) NULL DEFAULT NULL,
+ `ldapgroups_mappings` TEXT NULL,
+ `ldapgroups_mappings_filter` TINYINT(4) NOT NULL DEFAULT '0',
+ `ldapgroups_filter_php` TEXT NULL,
+ `ldapgroups_groups` TEXT NULL,
+ PRIMARY KEY (`name`),
+ INDEX `sid` (`sid`)
+)
+COLLATE='utf8_general_ci'
+ENGINE=InnoDB
+ROW_FORMAT=DEFAULT
+AUTO_INCREMENT=2
+ */
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.module b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.module
new file mode 100644
index 0000000..fb60fac
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.module
@@ -0,0 +1,412 @@
+<?php
+// $Id: ldap_authentication.module,v 1.1.4.3 2011/02/08 20:05:41 johnbarclay Exp $
+
+/**
+ * @file
+ * This module injects itself into Drupal's Authentication stack.
+ */
+
+/**
+ * @todo fix advanced help for ../ldap/authentication settings page
+ *
+ */
+define('LDAP_AUTHENTICATION_PROJECT_TAG', 'ldap');
+
+define('LDAP_AUTHENTICATION_MIXED', 1);
+define('LDAP_AUTHENTICATION_EXCLUSIVE', 2);
+define('LDAP_AUTHENTICATION_MODE_DEFAULT', 1);
+
+define('LDAP_AUTHENTICATION_EXCL_IF_NO_AUTHZ_DEFAULT', 0);
+define('LDAP_AUTHENTICATION_CONFLICT_LOG', 1);
+define('LDAP_AUTHENTICATION_CONFLICT_RESOLVE', 2);
+define('LDAP_AUTHENTICATION_CONFLICT_RESOLVE_DEFAULT', 2);
+
+define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE_NOTIFY', 1);
+define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_ENABLE', 2);
+define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE', 3);
+define('LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DEFAULT', 1);
+
+define('LDAP_AUTHENTICATION_EMAIL_ALLOW_DRUPAL_EMAIL', 1);
+define('LDAP_AUTHENTICATION_EMAIL_FIELD_REMOVE', 2);
+define('LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE', 3);
+define('LDAP_AUTHENTICATION_EMAIL_FIELD_DEFAULT', 3);
+
+define('LDAP_AUTHENTICATION_RESULT_FAIL_CONNECT', 1);
+define('LDAP_AUTHENTICATION_RESULT_FAIL_BIND', 2);
+define('LDAP_AUTHENTICATION_RESULT_FAIL_FIND', 3);
+define('LDAP_AUTHENTICATION_RESULT_FAIL_DISALLOWED', 4);
+define('LDAP_AUTHENTICATION_RESULT_FAIL_CREDENTIALS', 5);
+define('LDAP_AUTHENTICATION_RESULT_SUCCESS', 6);
+define('LDAP_AUTHENTICATION_RESULT_FAIL_GENERIC', 7);
+define('LDAP_AUTHENTICATION_RESULT_FAIL_SERVER' , 8);
+
+define('LDAP_AUTHENTICATION_ACCT_CREATION_DEFAULT', 4);
+define('LDAP_AUTHENTICATION_ACCT_CREATION_USER_SETTINGS_FOR_LDAP', 1);
+define('LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR', 4);
+
+define('LDAP_AUTHENTICATION_HELP_LINK_TEXT_DEFAULT', 'Logon Help');
+
+define('LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG' , 'The site logon is currently not working due to a configuration error. Please see logs for additional details.');
+define('LDAP_AUTHENTICATION_COOKIE_EXPIRE', 0);
+
+/**
+ * Implements hook_menu().
+ */
+function ldap_authentication_menu() {
+ $items = array();
+
+ $items['admin/config/people/ldap/authentication'] = array(
+ 'title' => 'Authentication',
+ 'description' => 'Configure LDAP Authentication',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('ldap_authentication_admin_form'),
+ 'access arguments' => array('administer site configuration'),
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 2,
+ 'file' => 'ldap_authentication.admin.inc',
+ );
+
+ return $items;
+}
+
+ /**
+ * Implements hook_menu_alter().
+ * since menu items are cached, only useful to add or alter callbacks
+ * for ldap authentication driven menu items.
+ *
+ */
+function ldap_authentication_menu_alter(&$items) {
+ ldap_server_module_load_include('inc', 'ldap_authentication', 'ldap_authentication');
+ $items['user/password']['access callback'] = 'ldap_authentication_show_reset_pwd';
+ $auth_conf = ldap_authentication_get_valid_conf();
+ if (@$auth_conf->ldapUserHelpLinkUrl) {
+ $items['user/ldaphelp'] = array(
+ 'title' => $auth_conf->ldapUserHelpLinkText,
+ 'page callback' => 'drupal_goto',
+ 'page arguments' => array($auth_conf->ldapUserHelpLinkUrl),
+ 'access callback' => 'ldap_authentication_show_ldap_help_link',
+ 'type' => MENU_LOCAL_TASK,
+ );
+ }
+}
+
+
+function ldap_authentication_theme() {
+ return array(
+ 'ldap_authentication_user_login_block_links' => array(
+ 'variables' => array('ldap_user_help_link' => NULL, 'user_register' => TRUE),
+ 'render element' => 'element',
+ 'file' => 'ldap_authentication.theme.inc'
+ ),
+ 'ldap_authentication_user_pass_message' => array(
+ 'variables' => array('show_reset_pwd' => NULL, 'auth_conf' => TRUE),
+ 'render element' => 'element',
+ 'file' => 'ldap_authentication.theme.inc'
+ ),
+ 'ldap_authentication_user_pass_validate_ldap_authenticated' => array(
+ 'variables' => array('account' => NULL, 'auth_conf' => TRUE),
+ 'render element' => 'element',
+ 'file' => 'ldap_authentication.theme.inc'
+ ),
+ 'ldap_authentication_login_message' => array(
+ 'render element' => 'element',
+ 'variables' => array('message' => NULL),
+ 'file' => 'ldap_authentication.theme.inc'
+ ),
+ 'ldap_authentication_message_not_found' => array(
+ 'render element' => 'element',
+ 'variables' => array('message' => NULL),
+ 'file' => 'ldap_authentication.theme.inc'
+ ),
+ 'ldap_authentication_message_not_authenticated' => array(
+ 'render element' => 'element',
+ 'variables' => array('message' => NULL),
+ 'file' => 'ldap_authentication.theme.inc'
+ ),
+ );
+}
+
+
+/**
+ * Implements hook_help().
+ */
+
+function ldap_authentication_help($path, $arg) {
+
+ $authentication_help = t('LDAP authentication allows authentication against an LDAP server. It
+ may be used alongside other authentication means such as built in drupal authentication,
+ open id, etc. More detailed help is available on drupal.org at !helplink.',
+ array(
+ '!helplink' => l(LDAP_SERVERS_DRUPAL_HELP_URL, LDAP_SERVERS_DRUPAL_HELP_URL),
+ ));
+
+ switch ($path) {
+ case 'admin/config/people/ldap/authentication':
+ $output = '<p>' . $authentication_help . '</p>';
+ return $output;
+
+ case 'admin/help#ldap_authentication':
+ $output = '<p>' . $authentication_help . '</p>';
+ return $output;
+ }
+}
+
+/**
+ * Implements hook_info().
+ */
+function ldap_authentication_info($field = 0) {
+ $info['name']= 'ldap_authentication';
+ $info['protocol'] = 'LDAP';
+
+ if ($field) {
+ return $info[$field];
+ }
+
+ return $info;
+}
+
+
+/**
+ *
+ * @param object $user
+ * @return boolean
+ * true if user is recorded as ldap authenticated and identified (ldap_authentified)
+ *
+ * notes to developers
+ * - make user object explicit for clarity; don't default to current user as admins could be editing profile pages
+ * - don't use $user->data['ldap_authentified'] as it is geared toward ldap_authentication data, not where the user is currently ldap authenticated
+ * -
+ */
+function ldap_authentication_ldap_authenticated($user) {
+
+ if (is_numeric($user)) {
+ $user = @user_load((int)$user);
+ }
+ if (!is_object($user) || $user->uid == 0) {
+ return FALSE;
+ }
+
+ $authmaps = db_query("SELECT module, authname FROM {authmap} WHERE uid = :uid", array(':uid' => $user->uid))->fetchAllKeyed();
+ return isset($authmaps['ldap_authentication']);
+
+}
+
+/**
+ * A user access callback for using the single sign-on URL, denying access to
+ * authenticated users, and granting access to anonymous users and menu
+ * administrators viewing the menu item.
+ *
+ */
+function _ldap_authentication_user_access() {
+ return (boolean)(!$GLOBALS['user']->uid || !empty($GLOBALS['menu_admin']));
+}
+
+
+
+/**
+ * get LdapAuthenticationConf object
+ *
+ * @return object LdapAuthenticationConf object if configured, otherwise FALSE
+ *
+ */
+
+function ldap_authentication_get_valid_conf() {
+
+ static $auth_conf;
+ if (is_object($auth_conf)) {
+ return $auth_conf;
+ }
+ ldap_server_module_load_include('php', 'ldap_authentication', 'LdapAuthenticationConf.class');
+
+ $auth_conf = new LdapAuthenticationConf();
+ return ($auth_conf->inDatabase) ? $auth_conf : FALSE;
+
+}
+
+/**
+ * Implements hook_ldap_ldap_server_in_use().
+ */
+function ldap_authentication_ldap_server_in_use($sid, $server_name) {
+
+ $use_warnings = array();
+ $auth_conf = ldap_authentication_get_valid_conf();
+ if (in_array($sid, array_keys($auth_conf->sids)) && $auth_conf->sids[$sid] == 1) {
+ $use_warnings[] = t('This server (%server_name) may not be deleted or
+ disabled because it is being used for ldap authentication.',
+ array('%server_name' => $server_name));
+ }
+ return $use_warnings;
+}
+
+function ldap_authentication_show_reset_pwd($user = NULL) {
+
+ if (!$user) {
+ global $user;
+ }
+ $auth_conf = ldap_authentication_get_valid_conf();
+ if (current_path() == 'user/password' || $user->uid == 1 || !$auth_conf) {
+ return TRUE;
+ // always show at user/passwordurl. otherwise user 1 will not be able to reset password.
+ // LDAP_authen.login_forms.MM.user1, LDAP_authen.login_forms.EM.user1
+ }
+
+ if ($user->uid == 0) {
+ // hide reset password for anonymous users if ldap only authentication, otherwise show
+ // LDAP_authen.login_forms.MM.anon, LDAP_authen.login_forms.EM.anon
+ return ($auth_conf->authenticationMode != LDAP_AUTHENTICATION_EXCLUSIVE);
+ }
+ else {
+ // authenticated user. hide if ldap authenticated otherwise show.
+ // LDAP_authen.login_forms.EM.ldap, LDAP_authen.login_forms.EM.drupal,
+ // LDAP_authen.login_forms.MM.drupal, LDAP_authen.login_forms.MM.ldap
+ return (!ldap_authentication_ldap_authenticated($user));
+ }
+
+}
+
+
+/**
+ * Implements hook_form_FORM_ID_alter().
+ */
+
+function ldap_authentication_form_user_pass_alter(&$form, $form_state) {
+ // the following could be in a theme preproces function
+ $auth_conf = ldap_authentication_get_valid_conf();
+ $form['ldap_warning'] = array(
+ '#type' => 'item',
+ '#markup' => theme('ldap_authentication_user_pass_message', array('auth_conf' => $auth_conf)),
+ '#weight' => 10,
+ );
+
+ // need to insert before user_pass_validate
+ array_unshift($form['#validate'], 'ldap_authentication_user_pass_validate');
+}
+
+
+function ldap_authentication_user_pass_validate(&$form_state) {
+ $name_or_mail = trim($form_state['name']['#value']);
+ if ($account = user_load_by_mail($name_or_mail)) {
+
+ }
+ else {
+ $account = user_load_by_name($name_or_mail);
+ }
+
+ if (ldap_authentication_ldap_authenticated($account)) {
+ $vars = array(
+ 'account' => $account,
+ 'auth_conf' => ldap_authentication_get_valid_conf(),
+ );
+ form_set_error('name', theme('ldap_authentication_user_pass_validate_ldap_authenticated', $vars));
+ }
+}
+/**
+ * Implements hook_form_FORM_ID_alter().
+ */
+
+function ldap_authentication_form_user_register_alter(&$form, $form_state) {
+
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter(). for user_profile_form
+ */
+function ldap_authentication_form_user_profile_form_alter(&$form, $form_state) {
+ ldap_server_module_load_include('inc', 'ldap_authentication', 'ldap_authentication');
+ _ldap_authentication_form_user_profile_form_alter($form, $form_state, 'user_login');
+
+}
+
+
+/**
+ * Implements hook_form_FORM_ID_alter(). for user_login
+ */
+function ldap_authentication_form_user_login_alter(&$form, &$form_state) {
+ ldap_server_module_load_include('inc', 'ldap_authentication', 'ldap_authentication');
+ _ldap_authentication_login_form_alter($form, $form_state, 'user_login');
+
+}
+
+/**
+ * Implements hook_form_FORM_ID_alter(). for user_login_block
+ */
+function ldap_authentication_form_user_login_block_alter(&$form, &$form_state) {
+ ldap_server_module_load_include('inc', 'ldap_authentication', 'ldap_authentication');
+ _ldap_authentication_login_form_alter($form, $form_state, 'user_login_block');
+
+}
+
+/**
+ * validate function for user logon forms.
+ */
+function ldap_authentication_user_login_authenticate_validate($form, &$form_state) {
+ ldap_server_module_load_include('inc', 'ldap_authentication', 'ldap_authentication');
+ return _ldap_authentication_user_login_authenticate_validate($form_state);
+}
+
+/**
+ * submit function for user logon forms
+ */
+function ldap_authentication_login_form_submit(&$form, $form_state) {
+ ldap_server_module_load_include('inc', 'ldap_authentication', 'ldap_authentication');
+ _ldap_authentication_login_form_submit($form, $form_state);
+
+}
+
+
+/**
+ * Implements hook_user_presave().
+ * A user account is about to be created or updated.
+ */
+
+function ldap_authentication_user_presave(&$edit, $account, $category = NULL) {
+
+}
+
+
+/**
+ * Implements hook_user_insert().
+ *
+ * A user account was created.
+ * The module should save its custom additions to the user object into the database.
+ */
+
+function ldap_authentication_user_insert(&$edit, $account, $category) {
+
+}
+
+
+/**
+ * Implements hook_user_update().
+ *
+ * A user account was updated.
+ * Modules may use this hook to update their user data in a custom storage after a user account has been updated.
+ */
+
+
+function ldap_authentication_user_update($edit, $user, $category) {
+
+}
+
+function ldap_authentication_show_ldap_help_link($user = NULL) {
+ global $user;
+
+ if (!$auth_conf = ldap_authentication_get_valid_conf()) {
+ return FALSE;
+ }
+
+ if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_MIXED) {
+ return (ldap_authentication_ldap_authenticated($user));
+ // LDAP_authen.login_forms.MM.* // show ldap help only if ldap authenticated in mixed mode
+
+ }
+ elseif ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
+ if ($user->uid == 0 || ldap_authentication_ldap_authenticated($user)) {
+ // LDAP_authen.login_forms.EM.anon, LDAP_authen.login_forms.EM.ldap
+ return TRUE;
+ }
+ else {
+ return FALSE; // LDAP_authen.login_forms.EM.user1, LDAP_authen.login_forms.EM.drupal
+ }
+ }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.theme.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.theme.inc
new file mode 100644
index 0000000..cec6bac
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/ldap_authentication.theme.inc
@@ -0,0 +1,132 @@
+<?php
+// $Id: ldap_authentication.theme.inc,v 1.1.2.1 2011/02/08 06:01:00 johnbarclay Exp $
+
+
+/**
+ * @file
+ * theming functions for ldap_authentication module
+ *
+ */
+
+/**
+ * Returns HTML for user login block links.
+ * @param $variables
+ * An associative array containing:
+ * - hide_reset_pwd (boolean) whether reset password link should be visible
+ * - auth_conf: object with ldap authentication configuration data
+ *
+ * @ingroup themeable
+ */
+function theme_ldap_authentication_user_login_block_links($variables) {
+ extract($variables);
+
+ // the code below modified from user.module user_login_block function
+ $items = array();
+ if (variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL)) {
+ $items[] = l(t('Create new account'), 'user/register', array('attributes' => array('title' => t('Create a new user account.'))));
+ }
+ if ($show_reset_pwd) {
+ $items[] = l(t('Request new password'), 'user/password', array('attributes' => array('title' => t('Request new password via e-mail.'))));
+ }
+ elseif ($auth_conf->ldapUserHelpLinkUrl) {
+ $items[] = l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl);
+ }
+
+ $output = theme('item_list', array('items' => $items));
+ return $output;
+}
+
+/**
+ * Returns HTML warning text for request new password/password reset form.
+ * @param $variables
+ * An associative array containing:
+ * - auth_conf: object with ldap authentication configuration data
+ *
+ * @ingroup themeable
+ */
+function theme_ldap_authentication_user_pass_message($variables) {
+ extract($variables);
+ if ($auth_conf->authenticationMode == LDAP_AUTHENTICATION_EXCLUSIVE) {
+ $msg = t('This page is only useful for the site administrator. All other users
+ need to reset their passwords');
+ if ($auth_conf->ldapUserHelpLinkUrl) {
+ $msg .= ' ' . t('at') . ' ' . l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl) . '.';
+ }
+ else {
+ $msg .= ' ' . t('with one of your organizations password management sites.');
+ }
+ }
+ else { // mixed mode
+ $msg = ""; // warning will come up on validation. we do not know if the user is ldap authenticated or not until they submit form.
+ }
+
+ return $msg;
+}
+
+/**
+ * Returns HTML warning text when an ldap authenticated user tries to reset their password.
+ * @param $variables
+ * An associative array containing:
+ * - auth_conf: object with ldap authentication configuration data
+ * - account: user object
+ *
+ * @ingroup themeable
+ */
+function theme_ldap_authentication_user_pass_validate_ldap_authenticated($variables) {
+ extract($variables);
+ // already know user exists and is ldap authenticated
+
+ if ($auth_conf->ldapUserHelpLinkUrl) {
+ $msg = t('You may not reset your password here. You must reset your password via the directions at')
+ . ' ' . l(t($auth_conf->ldapUserHelpLinkText), $auth_conf->ldapUserHelpLinkUrl);
+ }
+ else {
+ $msg = t('You may not reset your password here. You must reset your password via one of your
+ organization\'s password management sites.');
+ }
+ return $msg;
+}
+
+
+/**
+ * The following three functions are theme callbacks for various messages
+ * from NTLM/seamless login integration.
+ *
+ * Provides a theme callback for successful login messages. The reason for
+ * using theme callbacks instead of a simple t() function is to provide the
+ * ability to have more complex message handling performed; an example would
+ * be to use the Real Name module to say "Welcome, User Name" upon successful
+ * login.
+ * @param $message
+ * A text string containing a translatable success message
+ *
+ * @ingroup themeable
+ */
+function theme_ldap_authentication_login_message($variables) {
+ extract($variables);
+ return $message;
+}
+
+/**
+ * Provides a theme callback for user not found messages.
+ * @param $message
+ * A text string containing a translatable "user not found" message
+ *
+ * @ingroup themeable
+ */
+function theme_ldap_authentication_message_not_found($variables) {
+ extract($variables);
+ return $message;
+}
+
+/**
+ * Provides a theme callback for authentication failure messages.
+ * @param $message
+ * A text string containing a translatable "authentication failure" message
+ *
+ * @ingroup themeable
+ */
+function theme_ldap_authentication_message_not_authenticated($variables) {
+ extract($variables);
+ return $message;
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/tests/LdapServerTestData.ldapauthen1.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/tests/LdapServerTestData.ldapauthen1.inc
new file mode 100644
index 0000000..ae56824
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/tests/LdapServerTestData.ldapauthen1.inc
@@ -0,0 +1,225 @@
+<?php
+// $Id: LdapServerTest.class.inc,v 1.4.2.1 2011/02/08 06:01:00 johnbarclay Exp $
+
+/**
+ * @file
+ * test configurations for LdapServerTest.class.php
+ * file name should be of form LdapServerTestData.<sid>.inc
+ * where sid is the server id data is used for.
+ *
+ */
+
+$test_data = array();
+
+/**
+ * $test_data['properties'] are all the initial properties of the instantiated LdapServerTest object
+ */
+
+$test_data['servers']['ldapauthen1']['properties'] = array(
+
+ 'sid' => 'ldapauthen1',
+ 'name' => 'Test LDAP Server 1 for LDAP Authentication' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=education,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+
+ );
+
+/**
+ *
+ * method responses are stored in array $test_data['methodResponses']
+ * where keys are:
+ * <method_name>
+ * parameter1,
+ * parameter2,
+ * ...
+ *
+ * and value is the response test ldap server is expected to return. values
+ * can be scalar, array, object, etc, depending on what the method being mimicked
+ * is expected to return
+ */
+
+$test_data['servers']['ldapauthen1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$test_data['servers']['ldapauthen1']['search_results']['member=cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 1 => array('count' => 1, 'dn' => 'cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 2,
+ );
+
+$test_data['servers']['ldapauthen1']['search_results']['member=cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 1,
+ );
+
+/**
+ * fake user data array below 'attr' should mimick ldap user result data
+ */
+$test_data['servers']['ldapauthen1']['users']['cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jdoe@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jdoe', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+$test_data['servers']['ldapauthen1']['users']['cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$test_data['servers']['ldapauthen1']['users']['cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$test_data['servers']['ldapauthen1']['users']['cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'verykool@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'verykool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'meMBErof' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'CN=NETadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2,
+ ),
+ );
+
+
+/**
+ * test users should include service account if one is being used
+ */
+$test_data['servers']['ldapauthen1']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 2,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+/** the ldap_authentication data is keyed on the test id such
+ * that the same ldap test data above can be reused for all authentication configurations
+ */
+
+$test_data['ldap_authentication']['MixedModeUserLogon'] = array(
+ 'sids' => array('ldapauthen1' => 'ldapauthen1'),
+ 'authenticationMode' => LDAP_AUTHENTICATION_MIXED,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ 'excludeIfNoAuthorizations' => LDAP_AUTHENTICATION_EXCL_IF_NO_AUTHZ_DEFAULT,
+ );
+
+$test_data['ldap_authentication']['ExclusiveModeUserLogon'] = array(
+ 'sids' => array('ldapauthen1' => 'ldapauthen1'),
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ 'excludeIfNoAuthorizations' => LDAP_AUTHENTICATION_EXCL_IF_NO_AUTHZ_DEFAULT,
+ );
+
+$test_data['ldap_authentication']['WL1'] = array(
+ 'sids' => array('ldapauthen1' => 'ldapauthen1'),
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ 'excludeIfNoAuthorizations' => 0,
+ );
+
+// single sign on tests
+$test_data['ldap_authentication']['MixedModeUserLogonSSO'] = $test_data['ldap_authentication']['MixedModeUserLogon'];
+$test_data['ldap_authentication']['MixedModeUserLogonSSO']['ssoRemoteUserStripDomainName'] = FALSE;
+$test_data['ldap_authentication']['MixedModeUserLogonSSO']['seamlessLogin'] = TRUE;
+$test_data['ldap_authentication']['MixedModeUserLogonSSO']['ldapImplementation'] = 'mod_auth_sspi';
+$test_data['ldap_authentication']['MixedModeUserLogonSSO']['cookieExpire'] = 3600;
+
+$test_data['ldap_authentication']['ExclusiveModeUserLogonSSO'] = $test_data['ldap_authentication']['ExclusiveModeUserLogon'];
+$test_data['ldap_authentication']['ExclusiveModeUserLogonSSO']['ssoRemoteUserStripDomainName'] = FALSE;
+$test_data['ldap_authentication']['ExclusiveModeUserLogonSSO']['seamlessLogin'] = FALSE;
+$test_data['ldap_authentication']['ExclusiveModeUserLogonSSO']['ldapImplementation'] = 'mod_auth_sspi';
+$test_data['ldap_authentication']['ExclusiveModeUserLogonSSO']['cookieExpire'] = 3600;
+
+
+
+
+$test_data['ldap_authorization_conf']['consumer_conf']['sid'] = 'ldapauthen1';
+
+$test_data['ldap_authorization_conf']['consumer_conf']['consumerType'] = 'drupal_role'; // change as desired
+$test_data['ldap_authorization_conf']['consumer_conf']['consumerModule'] = 'ldap_authorization_drupal_role';
+
+$test_data['ldap_authorization_conf']['consumer_conf']['description'] = 'UIUC AD';
+$test_data['ldap_authorization_conf']['consumer_conf']['status'] = 1;
+$test_data['ldap_authorization_conf']['consumer_conf']['onlyApplyToLdapAuthenticated'] = 1;
+
+$test_data['ldap_authorization_conf']['consumer_conf']['deriveFromDn'] = 1;
+$test_data['ldap_authorization_conf']['consumer_conf']['deriveFromDnAttr'] = 'ou';
+
+$test_data['ldap_authorization_conf']['consumer_conf']['deriveFromAttr'] = 0;
+$test_data['ldap_authorization_conf']['consumer_conf']['deriveFromAttrAttr'] = array();
+
+$test_data['ldap_authorization_conf']['consumer_conf']['deriveFromEntry'] = 0;
+$test_data['ldap_authorization_conf']['consumer_conf']['deriveFromEntryEntries'] = NULL;
+$test_data['ldap_authorization_conf']['consumer_conf']['deriveFromEntryEntriesAttr'] = NULL;
+$test_data['ldap_authorization_conf']['consumer_conf']['deriveFromEntryMembershipAttr'] = NULL;
+
+
+$test_data['ldap_authorization_conf']['consumer_conf']['mappings'][] = array('Campus Accounts', 'campus accounts');
+$test_data['ldap_authorization_conf']['consumer_conf']['mappings'][] = array('guest accounts', 'guests');
+$test_data['ldap_authorization_conf']['consumer_conf']['mappings'][] = array('special guests', 'special guests');
+$test_data['ldap_authorization_conf']['consumer_conf']['mappings'][] = array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'sysadmins');
+
+$test_data['ldap_authorization_conf']['consumer_conf']['useMappingsAsFilter'] = 1;
+
+$test_data['ldap_authorization_conf']['consumer_conf']['synchOnLogon'] = 1;
+$test_data['ldap_authorization_conf']['consumer_conf']['synchManually'] = 1;
+
+$test_data['ldap_authorization_conf']['consumer_conf']['revokeLdapProvisioned'] = 1;
+$test_data['ldap_authorization_conf']['consumer_conf']['createConsumers'] = 1;
+$test_data['ldap_authorization_conf']['consumer_conf']['regrantLdapProvisioned'] = 1;
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/tests/ldap_authentication.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/tests/ldap_authentication.test
new file mode 100644
index 0000000..4da5dc2
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authentication/tests/ldap_authentication.test
@@ -0,0 +1,543 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * ldap_authentication simpletests
+ *
+ */
+require_once(drupal_get_path('module', 'ldap_servers') . '/tests/LdapTestFunctions.class.php');
+
+class LdapAuthenticationTestCase extends DrupalWebTestCase {
+ public static function getInfo() {
+ return array(
+ 'name' => 'LDAP Authentication Tests',
+ 'description' => 'Test ldap authentication.',
+ 'group' => 'LDAP Authentication'
+ );
+ }
+
+ public $module_name = 'ldap_authentication';
+ public $testFunctions;
+ public $testData;
+ public $sid;
+
+ function setUp($addl_modules = array()) {
+ parent::setUp(array('ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role')); // don't need any real servers, configured, just ldap_servers code base
+ variable_set('ldap_simpletest', 1);
+ variable_set('ldap_help_watchdog_detail', 0);
+ }
+
+
+ function tearDown() {
+ parent::tearDown();
+ variable_del('ldap_help_watchdog_detail');
+ variable_del('ldap_simpletest');
+ }
+
+
+ /**
+ * prepTestData create an ldap_authorization configuration and stores fake ldap server configuration.
+ *
+ * @param string $testid the name of the test. used to determine which configuration file to include
+ * @return object consumer configuration object (class = LdapAuthorizationConsumerConfAdmin)
+ *
+ */
+ function prepTestData($sid, $testid) {
+ $this->testFunctions = new LdapTestFunctions();
+
+ include(drupal_get_path('module', 'ldap_authentication') . '/tests/LdapServerTestData.' . $sid . '.inc');
+ $this->testFunctions->prepTestServers($test_data['servers']);
+ $this->testData = $test_data;
+ $authentication_conf = (is_array($testid)) ? $testid : $test_data['ldap_authentication'][$testid];
+ $this->testFunctions->configureAuthentication($authentication_conf);
+
+
+
+ // set up authorization conf. needed for some tests.
+ $consumer_conf = $test_data['ldap_authorization_conf']['consumer_conf'];
+ $consumer_obj = ldap_authorization_get_consumer_object($consumer_conf['consumerType']);
+ $consumer_conf_admin = new LdapAuthorizationConsumerConfAdmin($consumer_obj, TRUE);
+ foreach ($consumer_conf as $property_name => $property_value) {
+ $consumer_conf_admin->{$property_name} = $property_value;
+ }
+ $consumer_conf_admin->save();
+
+
+ }
+
+ public function AttemptLogon($dn, $goodpwd = TRUE) {
+
+ $this->drupalLogout();
+ $user = $this->testData['servers'][$this->sid]['users'][$dn]['attr'];
+ $parts = ldap_explode_dn($dn, 0);
+ $cn_parts = explode('=', $parts[0]);
+ $edit = array(
+ 'name' => ldap_pear_unescape_dn_value($cn_parts[1]),
+ 'pass' => $user['password'][0],
+ );
+ $user = user_load_by_name($edit['name']);
+ if ($user) {
+ user_delete($user->uid);
+ }
+ $this->drupalPost('user', $edit, t('Log in'));
+ }
+
+ /**
+ * difficult to test install and uninstall since setUp does module enabling and installing.
+ */
+ function testInstall() {
+ $sid = 'ldapauthen1';
+ include(drupal_get_path('module', 'ldap_authentication') . '/tests/LdapServerTestData.' . $sid . '.inc');
+ $testid = $this->module_name . ': setup success';
+ // just to give warning if setup doesn't succeed. may want to take these out at some point.
+
+ $setup_success = (
+ module_exists('ldap_authentication') &&
+ module_exists('ldap_servers')
+ );
+
+ $this->assertTrue($setup_success, ' ldap_authentication setup successful', $testid);
+
+ }
+
+
+/**
+ * LDAP Authentication Mixed Mode User Logon Test (ids = LDAP_authen.MM.ULT.*)
+ */
+
+
+ function testMixedModeUserLogon() {
+
+ $sid = 'ldapauthen1';
+ $testid = 'MixedModeUserLogon';
+ $this->prepTestData($sid, $testid);
+ $ldap_servers = ldap_servers_get_servers($sid, 'enabled');
+ $this->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
+
+ /**
+ * LDAP_authen.MM.ULT.user1.goodpwd -- result: Successful logon as user 1
+ */
+
+ $user1 = user_load(1);
+ $password = $this->randomString(20);
+ require_once(DRUPAL_ROOT . '/includes/password.inc');
+ $account = array(
+ 'name' => $user1->name,
+ 'pass' => user_hash_password(trim($password)),
+ );
+ db_update('users')
+ ->fields($account)
+ ->condition('uid', 1)
+ ->execute();
+
+ $edit = array(
+ 'name' => $user1->name,
+ 'pass' => $password,
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'User 1 successfully authenticated', $testid);
+ $this->drupalGet('user/logout');
+
+ /** LDAP_authen.MM.ULT.user1.badpwd -- result: Drupal logon error message. **/
+
+ $edit = array(
+ 'name' => $user1->name,
+ 'pass' => 'mydabpassword',
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid);
+ $this->drupalLogout();
+
+ /** LDAP_authen.MM.ULT.drupal.goodpwd - result: Successful logon **/
+
+ $drupal_user = $this->drupalCreateUser();
+ $raw_pass = $drupal_user->pass_raw;
+ $edit = array(
+ 'name' => $drupal_user->name,
+ 'pass' => $raw_pass,
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'Drupal user successfully authenticated', $testid);
+ $this->drupalGet('user/logout');
+
+ /** LDAP_authen.MM.ULT.drupal.badpwd - result: Drupal logon error message. **/
+ $edit = array(
+ 'name' => $drupal_user->name,
+ 'pass' => 'mydabpassword',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'Drupal user with bad password failed to authenticate.', $testid);
+ $this->drupalGet('user/logout');
+
+ /** LDAP_authen.MM.ULT.ldap.newaccount.badpwd - result: Drupal logon error message. **/
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'mydabpassword',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid);
+ $this->drupalGet('user/logout');
+
+
+ /** LDAP_authen.MM.ULT.ldap.newaccount.goodpwd - result: Successful logon, with user record created and authmapped to ldap **/
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'goodpwd',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.');
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('jkool'), 'Ldap user properly authmapped.', $testid);
+ $this->drupalGet('user/logout');
+
+
+ /** LDAP_authen.MM.ULT.existingacct.badpwd - result: Drupal logon error message. **/
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'mydabpassword',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid);
+ $this->drupalGet('user/logout');
+
+ /** LDAP_authen.MM.ULT.existingacct.goodpwd - result: Successful logon. **/
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'goodpwd',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'Existing Ldap user with good password authenticated.');
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('jkool'), 'Existing Ldap user still properly authmapped.', $testid);
+ $this->drupalGet('user/logout');
+ }
+
+
+/**
+ * LDAP Authentication Exclusive Mode User Logon Test (ids = LDAP_authen.EM.ULT.*)
+ */
+ function testExclusiveModeUserLogon() {
+
+ $sid = 'ldapauthen1';
+ $testid = 'ExclusiveModeUserLogon';
+ $this->prepTestData($sid, $testid);
+ $ldap_servers = ldap_servers_get_servers($sid, 'enabled');
+ $this->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
+
+ /**
+ * LDAP_authen.EM.ULT.user1.goodpwd -- result: Successful logon as user 1
+ */
+
+ $user1 = user_load(1);
+ $password = $this->randomString(20);
+ require_once(DRUPAL_ROOT . '/includes/password.inc');
+ $account = array(
+ 'name' => $user1->name,
+ 'pass' => user_hash_password(trim($password)),
+ );
+ db_update('users')
+ ->fields($account)
+ ->condition('uid', 1)
+ ->execute();
+
+ $edit = array(
+ 'name' => $user1->name,
+ 'pass' => $password,
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'User 1 successfully authenticated', $testid);
+ $this->drupalGet('user/logout');
+
+ /** LDAP_authen.EM.ULT.user1.badpwd -- result: Drupal logon error message. **/
+
+ $edit = array(
+ 'name' => $user1->name,
+ 'pass' => 'mydabpassword',
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'User 1 failed with bad password', $testid );
+ $this->drupalLogout();
+
+ /** LDAP_authen.EM.ULT.drupal.goodpwd - result: failed logon **/
+
+ $drupal_user = $this->drupalCreateUser();
+ $raw_pass = $drupal_user->pass_raw;
+ $edit = array(
+ 'name' => $drupal_user->name,
+ 'pass' => $raw_pass,
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'Drupal user successfully authenticated', $testid );
+ $this->drupalGet('user/logout');
+
+ /** LDAP_authen.EM.ULT.drupal.badpwd - result: Drupal logon error message. **/
+ $edit = array(
+ 'name' => $drupal_user->name,
+ 'pass' => 'mydabpassword',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'Drupal user with bad password failed to authenticate.', $testid );
+ $this->drupalGet('user/logout');
+
+ /** LDAP_authen.EM.ULT.ldap.newaccount.badpwd - result: Drupal logon error message. **/
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'mydabpassword',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'New Ldap user with bad password failed to authenticate.', $testid );
+ $this->drupalGet('user/logout');
+
+
+ /** LDAP_authen.EM.ULT.ldap.newaccount.goodpwd - result: Successful logon, with user record created and authmapped to ldap **/
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'goodpwd',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.');
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('jkool'), 'Ldap user properly authmapped.', $testid );
+ $this->drupalGet('user/logout');
+
+
+ /** LDAP_authen.EM.ULT.existingacct.badpwd - result: Drupal logon error message. **/
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'mydabpassword',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Sorry, unrecognized username or password'), 'Existing Ldap user with bad password failed to authenticate.', $testid );
+ $this->drupalGet('user/logout');
+
+ /** LDAP_authen.MM.ULT.existingacct.goodpwd - result: Successful logon. **/
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'goodpwd',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'Existing Ldap user with good password authenticated.');
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('jkool'), 'Existing Ldap user still properly authmapped.', $testid );
+ $this->drupalGet('user/logout');
+ }
+
+
+
+ function testAuthenticationWhitelistTests() {
+ require_once(drupal_get_path('module', 'ldap_authentication') . '/LdapAuthenticationConfAdmin.class.php');
+
+ $sid = 'ldapauthen1';
+ $this->sid = $sid;
+ $testid = 'WL1';
+ $this->prepTestData($sid, $testid);
+ $ldap_servers = ldap_servers_get_servers($sid, 'enabled');
+ $this->assertTrue(count($ldap_servers) == 1, ' ldap_authentication test server setup successful', $testid);
+
+ // these 2 modules are configured in setup, but disabled for most authentication tests
+ module_disable(array('ldap_authorization_drupal_role', 'ldap_authorization'));
+
+ /**
+ * LDAP_authen.WL.user1 test for user 1 being excluded from white and black list tests
+ */
+
+ $user1 = user_load(1);
+ $password = $this->randomString(20);
+ require_once(DRUPAL_ROOT . '/includes/password.inc');
+ $account = array(
+ 'name' => $user1->name,
+ 'pass' => user_hash_password(trim($password)),
+ );
+ db_update('users')
+ ->fields($account)
+ ->condition('uid', 1)
+ ->execute();
+
+ $edit = array(
+ 'name' => $user1->name,
+ 'pass' => $password,
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'User 1 successfully authenticated in LDAP_authen.WL.user1', $testid);
+ $this->drupalGet('user/logout');
+
+ module_enable(array('ldap_authorization'));
+ module_enable(array('ldap_authorization_drupal_role'));
+
+
+ /**
+ * prep LDAP_authen.WL.allow
+ */
+ $authenticationConf = new LdapAuthenticationConfAdmin();
+ $authenticationConf->allowOnlyIfTextInDn = array('ou=guest accounts');
+ $authenticationConf->save();
+
+
+ /**
+ * LDAP_authen.WL.allow.match -- desirect_result: authenticate success
+ */
+
+ $this->attemptLogon('cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(t('Member for'), 'User able to authenticate because in white list (allowOnlyIfTextInDn).', $testid);
+
+ /**
+ * LDAP_authen.WL.allow.miss -- desirect_result: authenticate fail
+ */
+
+ $this->attemptLogon('cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(t('Sorry, unrecognized username or password'), 'User unable to authenticate because not in white list (allowOnlyIfTextInDn).', $testid);
+
+
+ /**
+ * undo LDAP_authen.WL.allow settings
+ */
+
+ $authenticationConf = new LdapAuthenticationConfAdmin();
+ $authenticationConf->allowOnlyIfTextInDn = array();
+ $authenticationConf->save();
+
+ /**
+ * prep LDAP_authen.WL.exclude
+ */
+ $authenticationConf = new LdapAuthenticationConfAdmin();
+ $authenticationConf->excludeIfTextInDn = array('cn=unkool');
+ $authenticationConf->save();
+
+
+ /**
+ * LDAP_authen.WL.exclude.match -- desirect_result: authenticate fail
+ */
+
+ $this->attemptLogon('cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(t('Sorry, unrecognized username or password'), 'User unable to authenticate in exclude list (excludeIfTextInDn).', $testid);
+
+ /**
+ * LDAP_authen.WL.exclude.miss-- desirect_result: authenticate success
+ */
+
+ $this->attemptLogon('cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(t('Member for'), 'Able to authenticate because not in exclude list (allowOnlyIfTextInDn).', $testid);
+
+ /**
+ * undo LDAP_authen.WL.allow settings
+ */
+
+ $authenticationConf = new LdapAuthenticationConfAdmin();
+ $authenticationConf->excludeIfTextInDn = array();
+ $authenticationConf->save();
+
+
+ /**
+ * prep LDAP_authen.WL.php
+ */
+ $authenticationConf = new LdapAuthenticationConfAdmin();
+ $authenticationConf->allowTestPhp = "\n
+ //exclude users with guests.myuniversity.edu email address \n
+ if (strpos(\$_ldap_user_entry['attr']['mail'][0], '@guests.myuniversity.edu') === FALSE) {\n
+ print 1;\n
+ }\n
+ else {
+ print 0;\n
+ }
+ ";
+
+ $authenticationConf->save();
+
+ /**
+ * LDAP_authen.WL.php.php disabled -- desired result: authenticate fail with warning the authentication disabled
+ */
+ module_disable(array('php'));
+ $this->attemptLogon('cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, 'With php disabled and php code in whitelist, refuse authentication. (allowTestPhp).', $testid);
+ module_enable(array('php'));
+
+
+ /**
+ * LDAP_authen.WL.php.true -- desired result: authenticate success
+ */
+ $this->attemptLogon('cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(t('Member for'), 'Able to authenticate because php returned true (allowTestPhp).', $testid);
+
+ /**
+ * LDAP_authen.WL.php.false-- desired result: authenticate fail
+ */
+
+ $this->attemptLogon('cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(t('User disallowed'), 'User unable to authenticate because php returned false (allowTestPhp).', $testid);
+
+
+ /**
+ * clear LDAP_authen.WL.php
+ */
+ $authenticationConf = new LdapAuthenticationConfAdmin();
+ $authenticationConf->allowTestPhp = '';
+ $authenticationConf->save();
+ /*** multiple options used in whitelist **/
+
+ /**
+ * LDAP_authen.WL.allow[match].exclude[match] -- desired result: authenticate fail
+ */
+
+
+
+ /**
+ * LDAP_authen.WL.allow[match].exclude[miss] -- desired result: authenticate success
+ */
+
+
+ /**
+ * LDAP_authen.WL.exclude[match].*-- desirect_result: authenticate fail
+ */
+
+
+
+ /**
+ * LDAP_authen.WL.exclude[match].php[false] -- desired result: authenticate fail
+ */
+
+
+ /**
+ * LDAP_authen.WL1.excludeIfNoAuthorizations.hasAuthorizations
+ * test for excludeIfNoAuthorizations set to true and consumer granted authorizations
+ */
+
+ // these 2 modules are configured in setup, but disabled for most authentication tests
+ module_disable(array('ldap_authorization_drupal_role', 'ldap_authorization'));
+ $authenticationConf = new LdapAuthenticationConfAdmin();
+ $authenticationConf->excludeIfNoAuthorizations = 1;
+ $authenticationConf->save();
+
+ /**
+ * LDAP_authen.WL1.excludeIfNoAuthorizations.failsafe
+ * test for excludeIfNoAuthorizations set to true and ldap_authorization disabled
+ * to make sure authentication fails completely
+ */
+
+
+ $this->attemptLogon('cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG, t('Authentication prohibited when excludeIfNoAuthorizations = true and LDAP Authorization disabled. LDAP_authen.WL1.excludeIfNoAuthorizations.failsafe'), $testid);
+
+ module_enable(array('ldap_authorization_drupal_role'), TRUE);
+ $this->attemptLogon('cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(t('Member for'), 'User able to authenticate because of excludeIfNoAuthorizations setting.', $testid);
+
+ /**
+ * LDAP_authen.WL1.excludeIfNoAuthorizations.hasNoAuthorizations
+ * test for excludeIfNoAuthorizations set to true and No consumer granted authorizations
+ */
+
+ $this->attemptLogon('cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu');
+ $this->assertText(t('Sorry, unrecognized username or password'), 'User unable to authenticate because of excludeIfNoAuthorizations setting.', $testid);
+
+ $authenticationConf = new LdapAuthenticationConfAdmin();
+ $authenticationConf->excludeIfNoAuthorizations = 0;
+ $authenticationConf->save();
+ module_disable(array('ldap_authorization_drupal_role', 'ldap_authorization'));
+
+
+}
+
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php
new file mode 100644
index 0000000..1523cb8
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerAbstract.class.php
@@ -0,0 +1,367 @@
+<?php
+// $Id: LdapAuthorizationConsumerAbstract.class.php,v 1.2.2.1 2011/02/08 20:05:41 johnbarclay Exp $
+
+/**
+ * @file
+ * abstract class to represent an ldap_authorization consumer
+ * such as drupal_role, og_group, etc. each authorization comsumer
+ * will extend this class with its own class named
+ * LdapAuthorizationConsumer<consumer type> such as LdapAuthorizationConsumerDrupalRole
+ *
+ */
+
+class LdapAuthorizationConsumerAbstract {
+
+ public $name; // e.g. drupal role, og group
+ public $namePlural; // e.g. drupal roles, og groups
+ public $shortName; // e.g. role, group
+ public $shortNamePlural; // e.g. roles, groups
+ public $description;
+ public $consumerConf; // each consumer type has cosumer conf object
+ public $consumerModule;
+ public $testLink;
+ public $editLink;
+
+ protected $_availableConsumerIDs;
+
+
+ /**
+ * @property boolean $allowSynchBothDirections
+ *
+ * Does this consumer module support synching in both directions?
+ *
+ */
+ public $allowSynchBothDirections = FALSE;
+
+ /**
+ * @property boolean $allowConsumerObjectCreation
+ *
+ * Does this consumer module support creating consumer objects
+ * (drupal roles, og groups, etc.)
+ *
+ */
+
+ public $allowConsumerObjectCreation = FALSE;
+
+
+ /**
+ * default consumer conf property values for this consumer type.
+ * Should be overridden by child classes as appropriate
+ */
+
+ public $onlyApplyToLdapAuthenticatedDefault = TRUE;
+ public $useMappingsAsFilterDefault = TRUE;
+ public $synchOnLogonDefault = TRUE;
+ public $synchManuallyDefault = TRUE;
+ public $revokeLdapProvisionedDefault = TRUE;
+ public $regrantLdapProvisioned = TRUE;
+ public $createConsumersDefault = TRUE;
+ public $detailedWatchdogLog = FALSE;
+
+
+
+ /**
+ * @property array $defaultableConsumerConfProperties
+ * properties a consumer may provide defaults for
+ * should include every item in "default mapping property values" above
+ */
+ public $defaultableConsumerConfProperties = array(
+ 'onlyApplyToLdapAuthenticated',
+ 'useMappingsAsFilter',
+ 'synchOnLogon',
+ 'synchManually',
+ 'revokeLdapProvisioned',
+ 'regrantLdapProvisioned',
+ 'createConsumers'
+ );
+
+
+ /**
+ * Constructor Method
+ *
+ */
+ function __construct($consumer_type, $params) {
+ $this->consumerType = $consumer_type;
+ $this->name = $params['consumer_name'];
+ $this->namePlural= $params['consumer_name_plural'];
+ $this->shortName = $params['consumer_short_name'];
+ $this->shortNamePlural= $params['consumer_short_name_plural'];
+ $this->consumerModule = $params['consumer_module'];
+ $this->mappingDirections = $params['consumer_mapping_directions'];
+ $this->testLink = l(t('test') . ' ' . $this->name, LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $this->consumerType);
+ $this->editLink = l(t('edit') . ' ' . $this->name, LDAP_SERVERS_MENU_BASE_PATH . '/authorization/edit/' . $this->consumerType);
+ ldap_server_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
+ $this->consumerConf = new LdapAuthorizationConsumerConf($this);
+
+ }
+
+
+ /**
+ * function to normalize mappings
+ * should be overridden when mappings are not stored as map|authorization_id format
+ * where authorization_id is the format returned by LdapAuthorizationConsumerAbstract::usersAuthorizations()
+ *
+ * for example ldap_authorization_og may store mapping target as:
+ * Campus Accounts|group-name=knitters,role-name=administrator member
+ *
+ * but the target authorization_id format is in the form gid-rid such as 2-3
+ */
+ public function normalizeMappings($mappings) {
+ return $mappings;
+ }
+
+
+ /**
+ * get list of all authorization consumer ids available to a this authorization consumer. For
+ * example for drupal_roles, this would be an array of drupal roles such
+ * as array('admin', 'author', 'reviewer',... ). For organic groups in
+ * might be all the names of organic groups.
+ *
+ * return array in form array(id1, id2, id3,...)
+ *
+ */
+ public function availableConsumerIDs() {
+ // method must be overridden
+ }
+
+ /**
+ *
+ * create authorization consumers
+ *
+ * @param array $creates an array of authorization consumer ids in form array(id1, id2, id3,...)
+ *
+ * return array in form array(id1, id2, id3,...) representing all
+ * existing consumer ids ($this->availableConsumerIDs())
+ *
+ */
+ public function createConsumers($creates) {
+ // method must be overridden
+ }
+
+ /**
+ * grant authorizations to a user
+ *
+ * @param object $user drupal user object
+ *
+ * @param $consumer_ids string or array of strings that are authorization consumer ids
+ *
+ * @param array $ldap_entry is ldap data from ldap entry which drupal user is mapped to
+ *
+ * @param boolean $user_save. should user object be saved by authorizationGrant method
+ *
+ * @return array $results. Array of form
+ * array(
+ * <authz consumer id1> => 1,
+ * <authz consumer id2> => 0,
+ * )
+ * where 1s and 0s represent success and failure to grant
+ *
+ *
+ * method may be desireable to override, if consumer benefits from adding grants as a group rather than one at a time
+ */
+
+ public function authorizationGrant(&$user, &$user_auth_data, $consumer_ids, $ldap_entry = NULL, $user_save = TRUE) {
+ $this->grantsAndRevokes('grant', $user, $user_auth_data, $consumer_ids, $ldap_entry, $user_save);
+ }
+
+ /**
+ * revoke authorizations to a user
+ *
+ * @param object $user drupal user object
+ *
+ * @param $consumer_ids string or array of strings that are authorization consumer ids
+ *
+ * @param array $ldap_entry is ldap data from ldap entry which drupal user is mapped to
+ *
+ * @param boolean $user_save. should user object be saved by authorizationGrant method
+ *
+ * @return array $results. Array of form
+ * array(
+ * <authz consumer id1> => 1,
+ * <authz consumer id2> => 0,
+ * )
+ * where 1s and 0s represent success and failure to revoke
+ * $user_auth_data is returned by reference
+ *
+ * method may be desireable to override, if consumer benefits from revoking grants as a group rather than one at a time
+ */
+
+ public function authorizationRevoke(&$user, &$user_auth_data, $consumer_ids, $ldap_entry, $user_save = TRUE) {
+ $this->grantsAndRevokes('revoke', $user, $user_auth_data, $consumer_ids, $ldap_entry, $user_save);
+ }
+
+ /**
+ * some authorization schemes such as organic groups, require a certain order. implement this method
+ * to sort consumer ids/authorization ids
+ *
+ * @param string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids
+ *
+ * alters $consumer_ids by reference
+ */
+ public function sortConsumerIds($op, &$consumer_ids) { } // some
+
+
+ /**
+ * @param string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids
+ * @param drupal user object $object
+ * @param array $user_auth_data is array specific to this consumer_type. Stored at $user->data['ldap_authorizations'][<consumer_type>]
+ * @param array $consumer_ids (aka $authorization_ids) e.g. array(id1, id2, ...)
+ * @param array $ldap_entry, when available user's ldap entry.
+ * @param boolean $user_save indicates is user data array should be saved or not. this depends on the implementation calling this function
+ */
+
+ protected function grantsAndRevokes($op, &$user, &$user_auth_data, $consumer_ids, &$ldap_entry = NULL, $user_save = TRUE) {
+
+ if (!is_array($user_auth_data)) {
+ $user_auth_data = array();
+ }
+
+ $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
+ $this->sortConsumerIds($op, $consumer_ids);
+ $results = array();
+ $watchdog_tokens = array();
+ if (!is_array($consumer_ids)) {
+ $consumer_ids = array($consumer_ids);
+ }
+ $watchdog_tokens['%username'] = $user->name;
+ $watchdog_tokens['%action'] = $op;
+ $watchdog_tokens['%user_save'] = $user_save;
+ $consumer_ids_log = array();
+ $users_authorization_ids = $this->usersAuthorizations($user);
+ $watchdog_tokens['%users_authorization_ids'] = join(', ', $users_authorization_ids);
+ if ($detailed_watchdog_log) {watchdog('ldap_authorization', "on call of grantsAndRevokes: user_auth_data=" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);}
+
+ foreach ($consumer_ids as $consumer_id) {
+ if ($detailed_watchdog_log) {watchdog('ldap_authorization', "consumer_id=$consumer_id, user_save=$user_save, op=$op", $watchdog_tokens, WATCHDOG_DEBUG);}
+ $log = "consumer_id=$consumer_id, op=$op,";
+ $results[$consumer_id] = TRUE;
+ if ($op == 'grant' && in_array($consumer_id, $users_authorization_ids) && !isset($user_auth_data[$consumer_id])) {
+ // authorization id already exists for user, but is not ldap provisioned. mark as ldap provisioned, but don't regrant
+ $user_auth_data[$consumer_id] = array('date_granted' => time() );
+ }
+ elseif ($op == 'grant' && !in_array($consumer_id, $users_authorization_ids)) {
+ $log .=" grant existing consumer id ($consumer_id), ";
+ if (!in_array($consumer_id, $this->availableConsumerIDs(TRUE))) {
+ $log .= "consumer id not available for $op, ";
+ if ($this->allowConsumerObjectCreation) {
+ $this->createConsumers(array($consumer_id));
+ if (in_array($consumer_id, $this->availableConsumerIDs(TRUE))) {
+ if ($detailed_watchdog_log) {watchdog('ldap_authorization', "grantSingleAuthorization : consumer_id=$consumer_id, op=$op", $watchdog_tokens, WATCHDOG_DEBUG);}
+ $this->grantSingleAuthorization($user, $consumer_id, $user_auth_data); // allow consuming module to add additional data to $user_auth_data
+ $user_auth_data[$consumer_id] = array('date_granted' => time() );
+ $log .= "created consumer object, ";
+ }
+ else {
+ $log .= "tried and failed to create consumer object, ";
+ $results[$consumer_id] = FALSE;
+ // out of luck, failed to create consumer id
+ }
+ }
+ else {
+ $log .= "consumer does not support creating consumer object, ";
+ // out of luck. can't create new consumer id.
+ $results[$consumer_id] = FALSE;
+ }
+ }
+ if ($results[$consumer_id]) {
+ if ($detailed_watchdog_log) {watchdog('ldap_authorization', "grantSingleAuthorization : consumer_id=$consumer_id, op=$op", $watchdog_tokens, WATCHDOG_DEBUG);}
+ $log .= "granting existing consumer object, ";
+ $results[$consumer_id] = $this->grantSingleAuthorization($user, $consumer_id, $user_auth_data); // allow consuming module to add additional data to $user_auth_data
+
+ if ($results[$consumer_id]) {
+ $user_auth_data[$consumer_id] = array('date_granted' => time() );
+ }
+ $log .= t(',result=') . (boolean)($results[$consumer_id]);
+ }
+ }
+ elseif ($op == 'revoke') {
+ if (isset($user_auth_data[$consumer_id])) {
+ $log .= "revoking existing consumer object, ";
+ if (in_array($consumer_id, $users_authorization_ids)) {
+ $results[$consumer_id] = $this->revokeSingleAuthorization($user, $consumer_id, $user_auth_data); // defer to default for $user_save param
+ if ($results[$consumer_id]) {
+ unset($user_auth_data[$consumer_id]);
+ }
+ $log .= t(',result=') . (boolean)($results[$consumer_id]);
+ }
+ else {
+ unset($user_auth_data[$consumer_id]);
+ }
+ }
+ }
+ $consumer_ids_log[] = $log;
+ if ($detailed_watchdog_log) {watchdog('ldap_authorization', "user_auth_data after consumer $consumer_id" . print_r($user_auth_data, TRUE), $watchdog_tokens, WATCHDOG_DEBUG);}
+
+ $watchdog_tokens['%consumer_ids_log'] = (count($consumer_ids_log)) ? join('<hr/>', $consumer_ids_log) : t('no actions');
+ }
+
+ if ($user_save) {
+ $user = user_load($user->uid, TRUE);
+ $user_edit = $user->data;
+ $user_edit['data']['ldap_authorizations'][$this->consumerType] = $user_auth_data;
+ $user = user_save($user, $user_edit);
+ }
+
+ watchdog('ldap_authorization', '%username:
+ <hr/>LdapAuthorizationConsumerAbstract grantsAndRevokes() method log. action=%action:<br/> %consumer_ids_log
+ ',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+
+ }
+
+ /**
+ * @param drupal user object $user to have $consumer_id revoked
+ * @param string $consumer_id $consumer_id such as drupal role name, og group name, etc.
+ * @param array $user_auth_data array of $user data specific to this consumer type.
+ * stored in $user->data['ldap_authorization'][<consumer_type>] array
+ *
+ * return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will
+ * not be saved and reloaded, so a returned TRUE may be misleading.
+ */
+
+ public function revokeSingleAuthorization(&$user, $role_name, &$user_auth_data) {
+ // method must be overridden
+ }
+
+ /**
+ * put authorization ids in displayable format
+ */
+ public function convertToFriendlyAuthorizationIds($authorizations) {
+ return $authorizations;
+ }
+
+ /**
+ * @param drupal user object $user to have $consumer_id granted
+ * @param string $consumer_id $consumer_id such as drupal role name, og group name, etc.
+ * @param array $user_auth_data array of $user data specific to this consumer type.
+ * stored in $user->data['ldap_authorization'][<consumer_type>] array
+ *
+ * return boolen TRUE on success, FALSE on fail. If user save is FALSE, the user object will
+ * not be saved and reloaded, so a returned TRUE may be misleading.
+ */
+ public function createSingleAuthorization(&$user, $role_name, &$user_auth_data) {
+ // method must be overridden
+ }
+
+ public function hasLdapGrantedAuthorization(&$user, $authorization_id) {
+ // @todo load user and check field ldap_authorizations
+ return @$user->data['ldap_authorizations'][$this->consumerType][$authorization_id];
+ }
+
+ public function hasAuthorization(&$user, $authorization_id) {
+ return @in_array($authorization_id, $this->usersAuthorizations($user));
+ }
+
+ /**
+ * @param string $map_to such as drupal role or og group/role
+ * @return array with validation type ('error', 'warning', 'status')
+ * and message text
+ */
+ public function validateAuthorizationMappingTarget($map_to, $form_values = NULL, $clear_cache = FALSE) {
+ $message_type = NULL;
+ $message_text = NULL;
+ return array($message_type, $message_text);
+ }
+
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConf.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConf.class.php
new file mode 100644
index 0000000..5155981
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConf.class.php
@@ -0,0 +1,227 @@
+<?php
+// $Id$
+/**
+ * @file
+ * class to encapsulate an ldap entry to authorization consumer ids mapping configuration
+ *
+ * this is the lightweight version of the class for use on logon etc.
+ * the LdapAuthorizationConsumerConfAdmin extends this class and has save,
+ * iterate, etc methods.
+ *
+ */
+
+/**
+ * LDAP Authorization Consumer Configuration
+ */
+class LdapAuthorizationConsumerConf {
+
+ public $sid = NULL;
+ public $consumerType = NULL;
+ public $consumerModule = NULL;
+ public $consumer = NULL;
+ public $inDatabase = FALSE;
+ public $numericConsumerConfId = NULL;
+
+ public $description = NULL;
+ public $status = NULL;
+ public $onlyApplyToLdapAuthenticated = TRUE;
+
+ public $deriveFromDn = FALSE;
+ public $deriveFromDnAttr = NULL;
+
+ public $deriveFromAttr = FALSE;
+ public $deriveFromAttrAttr = NULL;
+ public $deriveFromAttrUseFirstAttr = FALSE;
+ public $deriveFromAttrNested = FALSE;
+
+ public $deriveFromEntry = FALSE;
+ public $deriveFromEntryEntries = NULL;
+ public $deriveFromEntryEntriesAttr = NULL;
+
+ public $deriveFromEntryMembershipAttr = NULL;
+ public $deriveFromEntrySearchAll = FALSE;
+ public $deriveFromEntryAttrMatchingUserAttr = FALSE; // can be removed in 2.0 branch
+ public $deriveFromEntryAttrMatchingUserAttrUndefined = TRUE;
+ public $deriveFromEntryUseFirstAttr = FALSE;
+ public $deriveFromEntryNested = FALSE;
+
+
+ public $mappings = array();
+ public $normalizedMappings = array(); // mappings in simples form.
+ public $useMappingsAsFilter = TRUE;
+
+ public $synchToLdap = FALSE;
+
+ public $synchOnLogon = TRUE;
+ public $synchManually = TRUE;
+
+ public $revokeLdapProvisioned = TRUE;
+ public $regrantLdapProvisioned = TRUE;
+ public $createConsumers = TRUE;
+
+ public $errorMsg = NULL;
+ public $hasError = FALSE;
+ public $errorName = NULL;
+
+
+ public function clearError() {
+ $this->hasError = FALSE;
+ $this->errorMsg = NULL;
+ $this->errorName = NULL;
+ }
+ /**
+ * Constructor Method
+ */
+ function __construct(&$consumer, $_new = FALSE, $_sid = NULL) {
+ $this->consumer = $consumer;
+ $this->consumerType = $consumer->consumerType;
+ if ($_new) {
+ $this->inDatabase = FALSE;
+ }
+ else {
+ $this->inDatabase = TRUE;
+ $this->loadFromDb();
+ }
+ // default value for deriveFromEntryAttrMatchingUserAttr set up this way for backward compatibility in 1.0 branch,
+ // make deriveFromEntryAttrMatchingUserAttr default to dn in 2.0 branch.
+ if ($this->deriveFromEntryAttrMatchingUserAttr) {
+ $this->deriveFromEntryAttrMatchingUserAttrUndefined = FALSE;
+ }
+ else {
+ $this->deriveFromEntryAttrMatchingUserAttr = 'dn';
+ $this->deriveFromEntryAttrMatchingUserAttrUndefined = TRUE;
+ }
+ $this->normalizedMappings = $consumer->normalizeMappings($this->mappings);
+ }
+
+ protected function loadFromDb() {
+ if (module_exists('ctools')) {
+ ctools_include('export');
+ $result = ctools_export_load_object('ldap_authorization', 'names', array($this->consumerType));
+
+ // @todo, this is technically wrong, but I don't quite grok what we're doing in the non-ctools case - justintime
+ $consumer_conf = array_pop($result);
+ // There's no ctools api call to get the reserved properties, so instead of hardcoding a list of them
+ // here, we just grab everything. Basically, we sacrifice a few bytes of RAM for forward-compatibility.
+ }
+ else {
+ $select = db_select('ldap_authorization', 'ldap_authorization');
+ $select->fields('ldap_authorization');
+ $select->condition('ldap_authorization.consumer_type', $this->consumerType);
+ $consumer_conf = $select->execute()->fetchObject();
+ }
+
+ if (!$consumer_conf) {
+ $this->inDatabase = FALSE;
+ return;
+ }
+
+ $this->sid = $consumer_conf->sid;
+ $this->consumerType = $consumer_conf->consumer_type;
+ $this->numericConsumerConfId = $consumer_conf->numeric_consumer_conf_id;
+ $this->status = ($consumer_conf->status) ? 1 : 0;
+ $this->onlyApplyToLdapAuthenticated = (bool)(@$consumer_conf->only_ldap_authenticated);
+
+ $this->deriveFromDn = (bool)(@$consumer_conf->derive_from_dn);
+ $this->deriveFromDnAttr = $consumer_conf->derive_from_dn_attr;
+
+ $this->deriveFromAttr = (bool)($consumer_conf->derive_from_attr);
+ $this->deriveFromAttrAttr = $this->linesToArray($consumer_conf->derive_from_attr_attr);
+ $this->deriveFromAttrUseFirstAttr = (bool)($consumer_conf->derive_from_attr_use_first_attr);
+ $this->deriveFromAttrNested = (bool)($consumer_conf->derive_from_attr_nested);
+
+ $this->deriveFromEntry = (bool)(@$consumer_conf->derive_from_entry);
+ $this->deriveFromEntryEntries = $this->linesToArray($consumer_conf->derive_from_entry_entries);
+ $this->deriveFromEntryEntriesAttr = $consumer_conf->derive_from_entry_entries_attr;
+
+
+ $this->deriveFromEntryMembershipAttr = $consumer_conf->derive_from_entry_attr;
+ $this->deriveFromEntryAttrMatchingUserAttr = $consumer_conf->derive_from_entry_user_ldap_attr;
+ $this->deriveFromEntrySearchAll = (bool)($consumer_conf->derive_from_entry_search_all);
+ $this->deriveFromEntryUseFirstAttr = (bool)($consumer_conf->derive_from_entry_use_first_attr);
+ $this->deriveFromEntryNested = $consumer_conf->derive_from_entry_nested;
+
+ $this->mappings = $this->pipeListToArray($consumer_conf->mappings, FALSE);
+ $this->useMappingsAsFilter = (bool)(@$consumer_conf->use_filter);
+
+ $this->synchToLdap = (bool)(@$consumer_conf->synch_to_ldap);
+ $this->synchOnLogon = (bool)(@$consumer_conf->synch_on_logon);
+ $this->regrantLdapProvisioned = (bool)(@$consumer_conf->regrant_ldap_provisioned);
+ $this->revokeLdapProvisioned = (bool)(@$consumer_conf->revoke_ldap_provisioned);
+ $this->createConsumers = (bool)(@$consumer_conf->create_consumers);
+
+
+ }
+ /**
+ * Destructor Method
+ */
+ function __destruct() {
+
+ }
+
+ protected $_sid;
+ protected $_new;
+
+ protected $saveable = array(
+ 'sid',
+ 'consumerType',
+ 'status',
+ 'onlyApplyToLdapAuthenticated',
+
+ 'deriveFromDn',
+ 'deriveFromDnAttr',
+
+ 'deriveFromAttr',
+ 'deriveFromAttrAttr',
+ 'deriveFromAttrUseFirstAttr',
+ 'deriveFromAttrNested',
+
+ 'deriveFromEntry',
+ 'deriveFromEntryEntries',
+ 'deriveFromEntryEntriesAttr',
+ 'deriveFromEntryMembershipAttr',
+ 'deriveFromEntrySearchAll',
+ 'deriveFromEntryAttrMatchingUserAttr',
+ 'deriveFromEntryUseFirstAttr',
+ 'deriveFromEntryNested',
+
+ 'mappings',
+ 'useMappingsAsFilter',
+ 'synchToLdap',
+ 'synchOnLogon',
+ 'synchManually',
+ 'revokeLdapProvisioned',
+ 'createConsumers',
+ 'regrantLdapProvisioned',
+
+ );
+
+
+ protected function linesToArray($lines) {
+ $lines = trim($lines);
+
+ if ($lines) {
+ $array = preg_split('/[\n\r]+/', $lines);
+ foreach ($array as $i => $value) {
+ $array[$i] = trim($value);
+ }
+ }
+ else {
+ $array = array();
+ }
+ return $array;
+ }
+
+
+ protected function pipeListToArray($mapping_list_txt, $make_item0_lowercase = FALSE) {
+ $result_array = array();
+ $mappings = preg_split('/[\n\r]+/', $mapping_list_txt);
+ foreach ($mappings as $line) {
+ if (count($mapping = explode('|', trim($line))) == 2) {
+ $item_0 = ($make_item0_lowercase) ? drupal_strtolower(trim($mapping[0])) : trim($mapping[0]);
+ $result_array[] = array($item_0, trim($mapping[1]));
+ }
+ }
+ return $result_array;
+ }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php
new file mode 100644
index 0000000..f643fd3
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/LdapAuthorizationConsumerConfAdmin.class.php
@@ -0,0 +1,1002 @@
+<?php
+// $Id: LdapAuthorizationConsumerConfAdmin.class.php,v 1.6.2.1 2011/02/08 06:01:00 johnbarclay Exp $
+
+ /**
+ * @file
+ * class to encapsulate an ldap authorization ldap entry to authorization ids mapping
+ *
+ */
+
+module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConf.class');
+ /**
+ * LDAP Authorization Consumer Configration Admin Class
+ */
+class LdapAuthorizationConsumerConfAdmin extends LdapAuthorizationConsumerConf {
+
+
+ public function save() {
+
+ $op = $this->inDatabase ? 'edit' : 'insert';
+ $values = new stdClass; // $this;
+ $values->sid = $this->sid;
+ $values->numeric_consumer_conf_id = $this->numericConsumerConfId;
+ $values->consumer_type = $this->consumerType;
+ $values->consumer_module = $this->consumer->consumerModule;
+ $values->status = ($this->status) ? 1 : 0;
+ $values->only_ldap_authenticated = (int)$this->onlyApplyToLdapAuthenticated;
+ $values->derive_from_dn = (int)$this->deriveFromDn;
+ $values->derive_from_dn_attr = $this->deriveFromDnAttr;
+
+ $values->derive_from_attr = (int)$this->deriveFromAttr;
+ $values->derive_from_attr_attr = $this->arrayToLines($this->deriveFromAttrAttr);
+ $values->derive_from_attr_use_first_attr = (int)$this->deriveFromAttrUseFirstAttr;
+ $values->derive_from_attr_nested = (int)$this->deriveFromAttrNested;
+
+ $values->derive_from_entry = (int)$this->deriveFromEntry;
+ $values->derive_from_entry_search_all = (int)$this->deriveFromEntrySearchAll;
+ $values->derive_from_entry_entries = $this->arrayToLines($this->deriveFromEntryEntries);
+ $values->derive_from_entry_entries_attr = $this->deriveFromEntryEntriesAttr;
+ $values->derive_from_entry_attr = $this->deriveFromEntryMembershipAttr;
+ $values->derive_from_entry_user_ldap_attr = $this->deriveFromEntryAttrMatchingUserAttr;
+ $values->derive_from_entry_use_first_attr = (int)$this->deriveFromEntryUseFirstAttr;
+ $values->derive_from_entry_nested = (int)$this->deriveFromEntryNested;
+
+ $values->mappings = $this->arrayToPipeList($this->mappings);
+ $values->use_filter = (int)$this->useMappingsAsFilter;
+ $values->synch_to_ldap = (int)$this->synchToLdap;
+ $values->synch_on_logon = (int)$this->synchOnLogon;
+ $values->revoke_ldap_provisioned = (int)$this->revokeLdapProvisioned;
+ $values->create_consumers = (int)$this->createConsumers;
+ $values->regrant_ldap_provisioned = (int)$this->regrantLdapProvisioned;
+
+ if (module_exists('ctools')) {
+ ctools_include('export');
+ // Populate our object with ctool's properties
+ $object = ctools_export_crud_new('ldap_authorization');
+ foreach ($object as $property => $value) {
+ if (!isset($values->$property)) {
+ $values->$property = $value;
+ }
+ }
+ $values->export_type = ($this->numericConsumerConfId) ? EXPORT_IN_DATABASE : NULL;
+ $result = ctools_export_crud_save('ldap_authorization', $values);
+ ctools_export_load_object_reset('ldap_authorization'); // ctools_export_crud_save doesn't invalidate cache
+ }
+ else {
+
+ if ($op == 'edit') {
+ $result = drupal_write_record('ldap_authorization', $values, 'consumer_type');
+ }
+ else { // insert
+ $result = drupal_write_record('ldap_authorization', $values);
+ }
+
+ if ($result) {
+ $this->inDatabase = TRUE;
+ }
+ else {
+ drupal_set_message(t('Failed to write LDAP Authorization to the database.'));
+ }
+ }
+
+ // revert mappings to array and remove temporary properties from ctools export
+ $this->mappings = $this->pipeListToArray($values->mappings, FALSE);
+ foreach (array(
+ 'consumer_type',
+ 'consumer_module',
+ 'only_ldap_authenticated',
+
+ 'derive_from_dn',
+ 'derive_from_dn_attr',
+
+ 'derive_from_attr',
+ 'derive_from_attr_attr',
+ 'derive_from_attr_use_first_attr',
+ 'derive_from_attr_nested',
+
+ 'derive_from_entry',
+ 'derive_from_entry_search_all',
+ 'derive_from_entry_entries',
+ 'derive_from_entry_entries_attr',
+ 'derive_from_entry_attr',
+ 'derive_from_entry_user_ldap_attr',
+ 'derive_from_entry_use_first_attr',
+ 'derive_from_entry_nested',
+
+ 'use_filter',
+ 'synch_to_ldap',
+ 'synch_on_logon',
+ 'revoke_ldap_provisioned',
+ 'create_consumers',
+ 'regrant_ldap_provisioned'
+ ) as $prop_name) {
+ unset($this->{$prop_name});
+ }
+ }
+
+ public $fields;
+ public $consumers;
+
+ public function delete() {
+ if ($this->consumerType) {
+ $this->inDatabase = FALSE;
+ if (module_exists('ctools')) {
+ ctools_export_load_object_reset('ldap_authorization');
+ }
+ return db_delete('ldap_authorization')->condition('consumer_type', $this->consumerType)->execute();
+ }
+ else {
+ return FALSE;
+ }
+ }
+
+ public function __construct(&$consumer = NULL, $new = FALSE) {
+ parent::__construct($consumer, $new);
+ $this->fields = $this->fields();
+ $this->consumers = ldap_authorization_get_consumers(NULL, TRUE);
+
+ if ($new) {
+ foreach ($this->consumer->defaultableConsumerConfProperties as $property) {
+ $default_prop_name = $property . 'Default';
+ $this->$property = $this->consumer->$default_prop_name;
+ }
+ }
+ }
+
+ public function drupalForm($server_options, $op) {
+
+ $consumer_tokens = ldap_authorization_tokens($this->consumer);
+ $form['intro'] = array(
+ '#type' => 'item',
+ '#markup' => t('<h1>LDAP to !consumer_name Configuration</h1>', $consumer_tokens),
+ );
+
+ // $form['status_intro'] = array(
+ // '#type' => 'item',
+ // '#title' => t('Part I. Basics.', $consumer_tokens),
+ // );
+
+ $form['status'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('I. Basics', $consumer_tokens),
+ '#collapsible' => TRUE,
+ '#collapsed' => FALSE,
+ );
+
+ $form['status']['sid'] = array(
+ '#type' => 'radios',
+ '#title' => t('LDAP Server used in !consumer_name configuration.', $consumer_tokens),
+ '#required' => 1,
+ '#default_value' => $this->sid,
+ '#options' => $server_options,
+ );
+
+ $form['status']['consumer_type'] = array(
+ '#type' => 'hidden',
+ '#value' => $this->consumerType,
+ '#required' => 1,
+ );
+
+ $form['status']['status'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Enable this configuration', $consumer_tokens),
+ '#default_value' => $this->status,
+ );
+
+ $form['status']['only_ldap_authenticated'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Only apply the following LDAP to !consumer_name configuration to users authenticated via LDAP.', $consumer_tokens),
+ '#default_value' => $this->onlyApplyToLdapAuthenticated,
+ );
+
+
+ $form['mapping_intro'] = array(
+ '#type' => 'item',
+ '#title' => t('Part II. How are !consumer_namePlural derived from LDAP data?', $consumer_tokens),
+ '#markup' => t('One or more of the following 3 strategies may be used.', $consumer_tokens),
+ );
+ /**
+ * II A. derive from DN option
+ */
+ $form['derive_from_dn'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Strategy II.A. Derive !consumer_namePlural from DN in User\'s LDAP Entry ', $consumer_tokens),
+ '#collapsible' => TRUE,
+ '#collapsed' => !$this->deriveFromDn,
+ );
+
+ $form['derive_from_dn']['derive_from_dn_preamble'] = array(
+ '#type' => 'item',
+ '#markup' => t('Use this strategy if your users\' LDAP entry DNs look like <code>cn=jdoe,<strong>ou=Group1</strong>,cn=example,cn=com</code>
+ and <code>Group1</code> maps to the !consumer_name you want.', $consumer_tokens) .
+ t(' See '). l('http://drupal.org/node/1498558' , 'http://drupal.org/node/1498558') . t(' for additional documentation.'),
+
+ );
+
+ $form['derive_from_dn']['derive_from_dn'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('!consumer_namePlural are derived from user\'s LDAP entry DN', $consumer_tokens),
+ '#default_value' => $this->deriveFromDn,
+ );
+
+ $form['derive_from_dn']['derive_from_dn_attr'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Attribute of the User\'s LDAP Entry DN which contains the !consumer_shortName name:', $consumer_tokens),
+ '#default_value' => $this->deriveFromDnAttr,
+ '#size' => 50,
+ '#maxlength' => 255,
+ '#description' => t('In the example above, it would be <code>ou</code>', $consumer_tokens),
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_dn"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+ /**
+ * II B. derive from attributes option
+ */
+
+ $form['derive_from_attr'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Strategy II.B. Derive !consumer_namePlural from Attribute in User\'s LDAP Entry', $consumer_tokens),
+ '#collapsible' => TRUE,
+ '#collapsed' => !$this->deriveFromAttr,
+ );
+
+ $form['derive_from_attr']['derive_from_entry_preamble'] = array(
+ '#type' => 'item',
+ '#markup' => '<p>' .
+ t('Use this strategy if users\' LDAP entries contains an attribute such as <code>memberOf</code> that contains a list of groups
+ the user belongs to. Typically only one attribute name would be used. See '). l('http://drupal.org/node/1487018' , 'http://drupal.org/node/1487018') . t(' for additional documentation.') .
+ '</p>'
+ );
+
+ $form['derive_from_attr']['derive_from_attr'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('!consumer_namePlural are specified by LDAP attributes', $consumer_tokens),
+ '#default_value' => $this->deriveFromAttr,
+ );
+
+ $form['derive_from_attr']['derive_from_attr_attr'] = array(
+ '#type' => 'textarea',
+ '#title' => t('Attribute name(s) (one per line)'),
+ '#default_value' => $this->arrayToLines($this->deriveFromAttrAttr),
+ '#cols' => 50,
+ '#rows' => 1,
+ '#description' => NULL,
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_attr"]' => array('checked' => TRUE),
+ ),
+ ),
+
+ );
+
+ $form['derive_from_attr']['derive_from_attr_use_first_attr'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Convert full dn to value of first attribute. e.g. <code>cn=admin group,ou=it,dc=ad,dc=nebraska,dc=edu</code> would be converted to <code>admin group</code>', $consumer_tokens),
+ '#default_value' => $this->deriveFromAttrUseFirstAttr,
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_attr"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+ $nested_warning = t('Warning: this is fairly new and untested feature. Please test a few users with the !consumer_testLink form first.
+ Nested groups also involves more queries which require the service account or other binding account to be able to query the nested groups.
+ If using nested groups, consider less, higher level base dns in the server configuration for more efficient queries.', $consumer_tokens);
+
+ $form['derive_from_attr']['derive_from_attr_nested'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Include nested groups. ', $consumer_tokens) . $nested_warning,
+ '#default_value' => $this->deriveFromAttrNested,
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_attr"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+ /**
+ * II C. derive from entry option
+ */
+
+ $form['derive_from_entry'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Strategy II.C. Derive !consumer_namePlural from LDAP Group entries', $consumer_tokens),
+ '#collapsible' => TRUE,
+ '#collapsed' => !$this->deriveFromEntry,
+ );
+
+
+ $form['derive_from_entry']['derive_from_entry_preamble'] = array(
+ '#type' => 'item',
+ '#markup' => t('Use this strategy if your LDAP has entries for groups and strategy II.B. is not applicable.') .
+ t(' See ') . l('http://drupal.org/node/1499172' , 'http://drupal.org/node/1499172') . t(' for additional documentation.'),
+ );
+
+ $form['derive_from_entry']['derive_from_entry'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('!consumer_namePlural exist as LDAP entries where a multivalued attribute contains the members', $consumer_tokens),
+ '#default_value' => $this->deriveFromEntry,
+ );
+
+
+ $form['derive_from_entry']['derive_from_entry_entries'] = array(
+ '#type' => 'textarea',
+ '#title' => t('LDAP DNs containing !consumer_shortNamePlural (one per line)', $consumer_tokens),
+ '#default_value' => $this->arrayToLines($this->deriveFromEntryEntries),
+ '#cols' => 50,
+ '#rows' => 6,
+ '#description' => t('Enter a list of LDAP entries where !consumer_namePlural should be searched for.', $consumer_tokens),
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_entry"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+ $form['derive_from_entry']['derive_from_entry_entries_attr'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Attribute holding the previous list of values. e.g. cn, dn', $consumer_tokens),
+ '#default_value' => $this->deriveFromEntryEntriesAttr,
+ '#size' => 50,
+ '#maxlength' => 255,
+ '#description' => t('If the above lists are ldap cns, this should be "cn", if they are ldap dns, this should be "dn"', $consumer_tokens),
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_entry"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+ $form['derive_from_entry']['derive_from_entry_attr'] = array(
+ '#type' => 'textfield',
+ '#title' => t('Attribute holding !consumer_namePlural members', $consumer_tokens),
+ '#default_value' => $this->deriveFromEntryMembershipAttr,
+ '#size' => 50,
+ '#maxlength' => 255,
+ '#description' => t('Name of the multivalued attribute which holds the !consumer_namePlural members,
+ for example: uniquemember, memberUid', $consumer_tokens),
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_entry"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+// deriveFromEntryAttrMatchingUserAttr
+ $form['derive_from_entry']['derive_from_entry_user_ldap_attr'] = array(
+ '#type' => 'textfield',
+ '#title' => t('User LDAP Entry attribute held in "', $consumer_tokens) . $form['derive_from_entry']['derive_from_entry_attr']['#title'] . '"',
+ '#default_value' => $this->deriveFromEntryAttrMatchingUserAttr,
+ '#size' => 50,
+ '#maxlength' => 255,
+ '#description' => t('This is almost always "dn" or "cn".') . '<br/>' .
+ t('For example if the attribute holding members is "uniquemember" and that the group entry has the following uniquemember values: ') .
+ '<code>
+ uniquemember[0]=uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu<br/>
+ uniquemember[1]=cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu
+ </code><br/>' .
+ t('"dn" would be used because uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu and cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu are the dn\'s of the LDAP entries.') . '<br/>' .
+ t('If the attribute holding members is member and that the group entry has: ') .
+ '<br/><code>
+ member[0]=joeprogrammer<br/>
+ member[1]=sysadmins
+ </code><br/>' .
+ t('"cn" would be used because joeprogrammer and sysadmins are the cn\'s of the LDAP entries.'),
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_entry"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+ $form['derive_from_entry']['derive_from_entry_use_first_attr'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Convert full dn to value of first attribute. e.g. <code>cn=admin group,ou=it,dc=ad,dc=nebraska,dc=edu</code> would be converted to <code>admin group</code>', $consumer_tokens),
+ '#default_value' => $this->deriveFromEntryUseFirstAttr,
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_entry"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+ $form['derive_from_entry']['derive_from_entry_search_all'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Search all enabled LDAP servers for matching users. This Enables roles on one server referencing users on another.
+ This can lead to [Number of Enabled Servers] x [Number of Base DNs] x [Number of Groups] queries;
+ so don\'t enable this unless you know its useful to your use case.'),
+ '#default_value' => $this->deriveFromEntrySearchAll,
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_entry"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+ $form['derive_from_entry']['derive_from_entry_nested'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Include nested groups.', $consumer_tokens) . $nested_warning,
+ '#default_value' => $this->deriveFromEntryNested,
+ '#states' => array(
+ 'visible' => array( // action to take.
+ ':input[name="derive_from_entry"]' => array('checked' => TRUE),
+ ),
+ ),
+ );
+
+
+ /**
+ * filter and whitelist
+ */
+
+ // $form['filter_intro'] = array(
+ // '#type' => 'item',
+ // '#title' => t('Part III. Mapping and White List.', $consumer_tokens),
+ // '#markup' => t('The rules in Part I. and II. will create a list of "raw authorization ids".
+ // Part III. determines how these are mapped to!consumer_namePlural.', $consumer_tokens),
+ // );
+
+ if (method_exists($this->consumer, 'mappingExamples')) {
+ $consumer_tokens['!examples'] = '<fieldset class="collapsible collapsed form-wrapper" id="authorization-mappings">
+<legend><span class="fieldset-legend">' . t('Examples base on current !consumer_namePlural', $consumer_tokens) . '</span></legend>
+<div class="fieldset-wrapper">'. $this->consumer->mappingExamples($consumer_tokens) . '<div class="fieldset-wrapper">
+</fieldset>';
+ }
+ else {
+ $consumer_tokens['!examples'] = '';
+ }
+ $form['filter_and_mappings'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('III. LDAP to !consumer_name mapping and filtering', $consumer_tokens),
+ '#description' => t('
+The settings in part II generate a list of "raw authorization ids" which
+need to be converted to !consumer_namePlural.
+Raw authorization ids look like:
+<ul>
+<li><code>Campus Accounts</code> (...from II.A)</li>
+<li><code>ou=Underlings,dc=myorg,dc=mytld,dc=edu</code> (...from II.B and II.C.)</li>
+<li><code>ou=IT,dc=myorg,dc=mytld,dc=edu</code> (...from II.B and II.C.)</li>
+</ul>
+
+<p><strong>Mappings are often needed to convert these "raw authorization ids" to !consumer_namePlural.</strong></p>
+
+!consumer_mappingDirections
+
+!examples
+
+', $consumer_tokens),
+ '#collapsible' => TRUE,
+ '#collapsed' => !($this->mappings || $this->useMappingsAsFilter),
+ );
+
+ $form['filter_and_mappings']['mappings'] = array(
+ '#type' => 'textarea',
+ '#title' => t('Mapping of LDAP to !consumer_name (one per line)', $consumer_tokens),
+ '#default_value' => $this->arrayToPipeList($this->mappings),
+ '#cols' => 50,
+ '#rows' => 5,
+ );
+ $form['filter_and_mappings']['use_filter'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Use LDAP group to !consumer_namePlural filtering', $consumer_tokens),
+ '#default_value' => $this->useMappingsAsFilter,
+ '#description' => t('If enabled, only above mapped !consumer_namePlural will be assigned.
+ <strong>If not checked, many !consumer_namePlural may be created.</strong>', $consumer_tokens)
+ );
+
+ $form['advanced_intro'] = array(
+ '#type' => 'item',
+ '#title' => t('Part IV. Even More Settings.', $consumer_tokens),
+ '#markup' => t('', $consumer_tokens),
+ );
+
+/**
+ *
+ * @todo for 7.x-2.x
+ $form['advanced_intro'] = array(
+ '#type' => 'item',
+ '#title' => t('IV.A. Map in both directions.', $consumer_tokens),
+ '#markup' => t('', $consumer_tokens),
+ );
+
+
+ $form['misc_settings']['allow_synch_both_directions'] = array(
+ '#type' => 'checkbox',
+ '#disabled' => !$this->consumer->allowSynchBothDirections,
+ '#default_value' => $this->synchToLdap,
+ '#title' => t('Check this option if you want LDAP data to be modified if a user
+ has a !consumer_name. In other words, synchronize both ways. For this to work the ldap server
+ needs to writeable, the right side of the mappings list must be unique, and I.B or I.C.
+ derivation must be used.', $consumer_tokens),
+ );
+ */
+
+ $synchronization_modes = array();
+ if ($this->synchOnLogon) {
+ $synchronization_modes[] = 'user_logon';
+ }
+ $form['misc_settings']['synchronization_modes'] = array(
+ '#type' => 'checkboxes',
+ '#title' => t('IV.B. When should !consumer_namePlural be granted/revoked from user?', $consumer_tokens),
+ '#options' => array(
+ 'user_logon' => t('When a user logs on'),
+ 'manually' => t('Manually or via another module')
+ ),
+ '#default_value' => $synchronization_modes,
+ '#description' => t('<p>"When a user logs on" is the common way to do this.</p>', $consumer_tokens),
+ );
+
+ $synchronization_actions = array();
+ if ($this->revokeLdapProvisioned) {
+ $synchronization_actions[] = 'revoke_ldap_provisioned';
+ }
+ if ($this->createConsumers) {
+ $synchronization_actions[] = 'create_consumers';
+ }
+ if ($this->regrantLdapProvisioned) {
+ $synchronization_actions[] = 'regrant_ldap_provisioned';
+ }
+
+ $options = array(
+ 'revoke_ldap_provisioned' => t('Revoke !consumer_namePlural previously granted by LDAP Authorization but no longer valid.', $consumer_tokens),
+ 'regrant_ldap_provisioned' => t('Re grant !consumer_namePlural previously granted by LDAP Authorization but removed manually.', $consumer_tokens),
+ );
+
+ if ($this->consumer->allowConsumerObjectCreation) {
+ $options['create_consumers'] = t('Create !consumer_namePlural if they do not exist.', $consumer_tokens);
+ }
+
+ $form['misc_settings']['synchronization_actions'] = array(
+ '#type' => 'checkboxes',
+ '#title' => t('IV.C. What actions would you like performed when !consumer_namePlural are granted/revoked from user?', $consumer_tokens),
+ '#options' => $options,
+ '#default_value' => $synchronization_actions,
+ );
+ /**
+ * @todo some general options for an individual mapping (perhaps in an advance tab).
+ *
+ * - on synchronization allow: revoking authorizations made by this module, authorizations made outside of this module
+ * - on synchronization create authorization contexts not in existance when needed (drupal roles etc)
+ * - synchronize actual authorizations (not cached) when granting authorizations
+ */
+
+ switch ($op) {
+ case 'add':
+ $action = 'Add';
+ break;
+
+ case 'edit':
+ $action = 'Save';
+ break;
+
+ case 'delete':
+ $action = 'Delete';
+ break;
+ }
+
+ $form['submit'] = array(
+ '#type' => 'submit',
+ '#value' => $action,
+ );
+
+ return $form;
+ }
+
+
+ protected function loadFromForm($values, $op) {
+
+ }
+
+ public function getLdapAuthorizationConsumerActions() {
+ $actions = array();
+ $actions[] = l(t('edit'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/edit/' . $this->consumerType);
+ if (property_exists($this, 'type')) {
+ if ($this->type == 'Overridden') {
+ $actions[] = l(t('revert'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
+ }
+ if ($this->type == 'Normal') {
+ $actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
+ }
+ }
+ else {
+ $actions[] = l(t('delete'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/delete/' . $this->consumerType);
+ }
+ $actions[] = l(t('test'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $this->consumerType);
+ return $actions;
+ }
+
+ public function drupalFormValidate($op, $values) {
+ $errors = array();
+
+ if ($op == 'delete') {
+ if (!$this->consumerType) {
+ $errors['consumer_type_missing'] = 'Consumer type is missing from delete form.';
+ }
+ }
+ else {
+
+ $this->populateFromDrupalForm($op, $values);
+
+
+ $errors = $this->validate($values);
+ if (count($this->mappings) == 0 && trim($values['mappings'])) {
+ $errors['mappings'] = t('Bad mapping syntax. Text entered but not able to convert to array.');
+ }
+
+ }
+ return $errors;
+ }
+
+ public function validate($form_values = array()) {
+ $errors = array();
+
+ if (!$this->consumerType) {
+ $errors['consumer_type'] = t('Consumer type is missing.');
+ }
+
+ if ($this->inDatabase && (!$this->consumerType)) {
+ $errors['consumer_type'] = t('Edit or delete called without consumer type in form.');
+ }
+
+ // are correct values available for selected mapping approach
+ if ($this->deriveFromDn && !trim($this->deriveFromDnAttr)) {
+ $errors['derive_from_dn'] = t('DN attribute is missing.');
+ }
+ if ($this->deriveFromAttr && !count($this->deriveFromAttrAttr)) {
+ $errors['derive_from_attr'] = t('Attribute names are missing.');
+ }
+ if ($this->deriveFromEntry && !count($this->deriveFromEntryEntries)) {
+ $errors['derive_from_entry'] = t('Group entries are missing.');
+ }
+ if ($this->deriveFromEntry && !$this->deriveFromEntryEntriesAttr) {
+ $errors['derive_from_entry'] = t('Attribute holding the previous list of values is empty.');
+ }
+ if ($this->deriveFromEntry && !trim($this->deriveFromEntryMembershipAttr)) {
+ $errors['derive_from_entry_attribute'] = t('Membership Attribute is missing.');
+ }
+
+ if (count($this->mappings) > 0) {
+ foreach ($this->mappings as $mapping_item) {
+ list($map_from, $map_to) = $mapping_item;
+ list($type, $text) = $this->consumer->validateAuthorizationMappingTarget($map_to, $form_values);
+ if ($type == 'error') {
+ $errors['mappings'] = $text;
+ }
+ elseif ($type == 'warning' || $type == 'status') {
+ drupal_set_message($text, $type);
+ }
+ }
+ }
+ if ($this->useMappingsAsFilter && !count($this->mappings)) {
+ $errors['mappings'] = t('Mappings are missing.');
+ }
+ return $errors;
+ }
+
+ protected function populateFromDrupalForm($op, $values) {
+ $this->inDatabase = (drupal_strtolower($op) == 'edit' || drupal_strtolower($op) == 'save');
+ $values['mappings'] = $this->pipeListToArray($values['mappings'], FALSE);
+ $values['derive_from_attr_attr'] = $this->linesToArray($values['derive_from_attr_attr']);
+ $values['derive_from_entry_entries'] = $this->linesToArray($values['derive_from_entry_entries']);
+
+ $this->sid = $values['sid'];
+ $this->consumerType = $values['consumer_type'];
+ $this->status = (bool)$values['status'];
+ $this->onlyApplyToLdapAuthenticated = (bool)(@$values['only_ldap_authenticated']);
+
+ $this->deriveFromDn = (bool)(@$values['derive_from_dn']);
+ $this->deriveFromDnAttr = $values['derive_from_dn_attr'];
+
+ $this->deriveFromAttr = (bool)($values['derive_from_attr']);
+ $this->deriveFromAttrAttr = $values['derive_from_attr_attr'];
+ $this->deriveFromAttrUseFirstAttr = (bool)($values['derive_from_attr_use_first_attr']);
+ $this->deriveFromAttrNested = (bool)($values['derive_from_attr_nested']);
+
+ $this->deriveFromEntry = (bool)(@$values['derive_from_entry']);
+ $this->deriveFromEntryEntries = $values['derive_from_entry_entries'];
+ $this->deriveFromEntryEntriesAttr = $values['derive_from_entry_entries_attr'];
+ $this->deriveFromEntryMembershipAttr = $values['derive_from_entry_attr'];
+ $this->deriveFromEntryAttrMatchingUserAttr = $values['derive_from_entry_user_ldap_attr'];
+ $this->deriveFromEntryUseFirstAttr = (bool)($values['derive_from_entry_use_first_attr']);
+ $this->deriveFromEntrySearchAll = (bool)($values['derive_from_entry_search_all']);
+ $this->deriveFromEntryNested = (bool)($values['derive_from_entry_nested']);
+
+ $this->mappings = $values['mappings'];
+ $this->useMappingsAsFilter = (bool)(@$values['use_filter']);
+
+
+ $this->synchOnLogon = (bool)(@$values['synchronization_modes']['user_logon']);
+ $this->regrantLdapProvisioned = (bool)(@$values['synchronization_actions']['regrant_ldap_provisioned']);
+ $this->revokeLdapProvisioned = (bool)(@$values['synchronization_actions']['revoke_ldap_provisioned']);
+ $this->createConsumers = (bool)(@$values['synchronization_actions']['create_consumers']);
+
+ }
+
+ public function drupalFormSubmit($op, $values) {
+
+ $this->populateFromDrupalForm($op, $values);
+ if ($op == 'delete') {
+ $this->delete();
+ }
+ else { // add or edit
+
+ try {
+ $save_result = $this->save();
+ }
+ catch (Exception $e) {
+ $this->errorName = 'Save Error';
+ $this->errorMsg = t('Failed to save object. Your form data was not saved.');
+ $this->hasError = TRUE;
+ }
+ }
+ }
+
+
+ public static function fields() {
+
+ /**
+ * consumer_type is tag (unique alphanumeric id) of consuming authorization such as
+ * drupal_roles, og_groups, civicrm_memberships
+ */
+ $fields = array(
+ 'numeric_consumer_conf_id' => array(
+ 'schema' => array(
+ 'type' => 'serial',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'description' => 'Primary ID field for the table. Only used internally.',
+ 'no export' => TRUE,
+ ),
+ ),
+ 'sid' => array(
+ 'schema' => array(
+ 'type' => 'varchar',
+ 'length' => 20,
+ 'not null' => TRUE,
+ )
+ ),
+ 'consumer_type' => array(
+ 'schema' => array(
+ 'type' => 'varchar',
+ 'length' => 20,
+ 'not null' => TRUE,
+ )
+ ),
+ 'consumer_module' => array(
+ 'schema' => array(
+ 'type' => 'varchar',
+ 'length' => 30,
+ 'not null' => TRUE,
+ )
+ ),
+
+ 'status' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+ 'only_ldap_authenticated' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 1,
+ )
+ ),
+ 'derive_from_dn' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+ 'derive_from_dn_attr' => array(
+ 'schema' => array(
+ 'type' => 'text',
+ 'default' => NULL,
+ )
+ ),
+ 'derive_from_attr' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+ 'derive_from_attr_attr' => array(
+ 'schema' => array(
+ 'type' => 'text',
+ 'default' => NULL,
+ )
+ ),
+ 'derive_from_attr_use_first_attr' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+ 'derive_from_attr_nested' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+ 'derive_from_entry' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+ 'derive_from_entry_nested' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+ 'derive_from_entry_entries' => array(
+ 'form_default' => array(),
+ 'schema' => array(
+ 'default' => NULL,
+ 'type' => 'text',
+ )
+ ),
+
+ 'derive_from_entry_entries_attr' => array(
+ 'form_default' => 'dn',
+ 'schema' => array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'default' => NULL,
+ )
+ ),
+
+ 'derive_from_entry_attr' => array(
+ 'schema' => array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'default' => NULL,
+ )
+ ),
+
+ 'derive_from_entry_search_all' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+
+ 'derive_from_entry_use_first_attr' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ )
+ ),
+
+ 'derive_from_entry_user_ldap_attr' => array(
+ 'schema' => array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'default' => NULL,
+ ),
+ ),
+
+ 'mappings' => array(
+ 'form_default' => array(),
+ 'schema' => array(
+ 'type' => 'text',
+ 'not null' => FALSE,
+ 'default' => NULL,
+ )
+ ),
+
+ 'use_filter' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 1,
+ )
+ ),
+
+ 'synchronization_modes' => array(
+ 'form_default' => array('user_logon'),
+ ),
+
+ 'synchronization_actions' => array(
+ 'form_default' => array('revoke_ldap_provisioned', 'create_consumers'),
+ ),
+
+ 'synch_to_ldap' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ),
+ ),
+
+ 'synch_on_logon' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ),
+ ),
+
+ 'revoke_ldap_provisioned' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ),
+ ),
+
+ 'create_consumers' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ),
+ ),
+
+ 'regrant_ldap_provisioned' => array(
+ 'schema' => array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ),
+ ),
+ );
+ return $fields;
+ }
+
+
+
+
+ protected function arrayToPipeList($array) {
+ $result_text = "";
+ foreach ($array as $map_pair) {
+ $result_text .= $map_pair[0] . '|' . $map_pair[1] . "\n";
+ }
+ return $result_text;
+ }
+
+ protected function arrayToLines($array) {
+ $lines = "";
+ if (is_array($array)) {
+ $lines = join("\n", $array);
+ }
+ elseif (is_array(@unserialize($array))) {
+ $lines = join("\n", unserialize($array));
+ }
+ return $lines;
+ }
+
+
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/README.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/README.txt
new file mode 100644
index 0000000..d91a23e
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/README.txt
@@ -0,0 +1,82 @@
+// $Id: README.txt,v 1.2 2010/12/29 01:37:46 johnbarclay Exp $
+
+Vocubulary of LDAP Authorization and its Code
+
+----------------------
+"Consumer"
+----------------------
+The "consumer" or entity that authorization is being granted.
+
+Examples: Drupal role, Organic Group group
+
+----------------------
+"Consumer Type"
+----------------------
+Machine ID of a consumer. This is used in naming conventionss.
+
+Examples: drupal_role, og_group
+
+----------------------
+"Consumer Module"
+----------------------
+The module that bridges ldap_authorization and the consumer.
+It needs to (1) provide a class: LdapAuthorizationConsumer<consumer_type>
+and (2) implement hook_ldap_authorization_consumer.
+
+Examples: ldap_authorization_drupal_role
+
+
+----------------------
+"Authorization ID" aka "Consumer ID"
+----------------------
+The id of an individual authorization such as a drupal role or organic group.
+
+Examples: "authenticated user", "admin" (for drupal roles)
+Examples: "knitters on skates", "vacationing programmers" (og group names for organic groups)
+
+
+----------------------
+"Consumer Configuration"
+----------------------
+Configuration of how a users ldap attributes will
+determine a set of Consumer ids the user should be granted.
+Represented by LdapAuthorizationConsumerConf and LdapAuthorizationConsumerConfAdmin classes
+and managed at /admin/config/people/ldap/authorization. Stored in ldap_authorization database table.
+
+---------------------
+LDAP Server Configuration
+---------------------
+Each Consumer Configuration will use a single ldap server configuration to bind
+and query ldap. The ldap server configuration is also used to map the drupal
+username to an ldap user entry.
+
+
+----------------------
+LDAP Authorization data storage:
+---------------------
+
+Authorization data is stored in user->data array. Ultimately these should be stored in $user entity fields to make integration with other modules better.
+
+$user->data['ldap_authorizations'][<consumerType>][<authorization_id>] => attributes
+
+such as:
+
+$user->data = array(
+ 'ldap_authorizations' => array(
+ 'og_group' => array (
+ '3-2' => array (
+ 'date_granted' => 1329105152,
+ ),
+ '2-3' => array (
+ 'date_granted' => 1329105152,
+ ),
+ ),
+ 'drupal_role' => array (
+ '7' => array (
+ 'date_granted' => 1329105152,
+ ),
+ '5' => array (
+ 'date_granted' => 1329105152,
+ ),
+ ),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.inc
new file mode 100644
index 0000000..8843aec
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.inc
@@ -0,0 +1,161 @@
+<?php
+// $Id: ldap_authorization.admin.inc,v 1.1.4.2 2011/02/08 06:01:00 johnbarclay Exp $
+
+/**
+ * @file
+ * Administrative page callbacks for the ldap_authorization module. Consumer configuration form and index.
+ */
+
+
+/**
+ * index of ldap authorization configurations
+ *
+ * @return string html table
+ */
+
+function ldap_authorizations_admin_index() {
+
+ $consumers = ldap_authorization_get_consumers(NULL, TRUE, FALSE);
+ if (!is_array($consumers) || count($consumers) == 0) {
+ drupal_set_message(t('No authorization consumer modules are enabled. Enable
+ LDAP Authorization Drupal Roles, OG LDAP, or another LDAP Authorization consuming module'), 'warning');
+ }
+
+ $servers = ldap_servers_get_servers(NULL, 'enabled');
+ if (count($servers) == 0) {
+ return t('ldap authorization can not be set up until ldap servers are configured.') . ' ' .
+ l(t('Add LDAP Server'), 'admin/config/people/ldap/servers/add');
+ }
+
+ foreach ($consumers as $consumer_type => $consumer) {
+ $consumers[$consumer_type] = ldap_authorization_get_consumer_object($consumer_type);
+ }
+ return theme('ldap_authorization_admin_index', array('consumers' => $consumers));
+
+}
+
+
+
+/**
+ * form for adding, updating, and deleting a single ldap authorization configuration
+ *
+ * @param form array $form
+ * @param form state array $form_state
+ * @param string $op (add, edit, or delete)
+ * @param string $consumer_type e.g. drupal_roles, og_group, etc. Only needed for adds
+ * @return drupal form array
+ */
+
+function ldap_authorization_admin_form($form, &$form_state, $consumer_type, $op = NULL) {
+ ldap_server_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
+ $consumer = ldap_authorization_get_consumer_object($consumer_type);
+
+ if ($op == 'add' && is_object($consumer->consumerConf) && $consumer->consumerConf->inDatabase) {
+ drupal_set_message(t('Only one configuration is allowed per consumer type.
+ Configuration already exists for the cosumer type %consumer_type. Please edit that configuration.',
+ array('%consumer_type' => $consumer_type)), 'warning');
+ drupal_goto(LDAP_SERVERS_MENU_BASE_PATH . '/authorization');
+ }
+
+ if (($op == 'edit' || $op == 'delete') && !is_object($consumer->consumerConf)) {
+ drupal_set_message(t('Bad LDAP Authorization Configuration URL.'), 'error');
+ drupal_goto(LDAP_SERVERS_MENU_BASE_PATH . '/authorization');
+ }
+
+ $servers = ldap_servers_get_servers(NULL, 'enabled');
+ if (count($servers) == 0) {
+ drupal_set_message(t('No ldap servers configured. Please configure a server before an ldap authorization.'), 'error');
+ drupal_goto('admin/config/people/ldap/authorization');
+ }
+
+
+ $new = ($op == 'add');
+ $consumer_conf_admin = new LdapAuthorizationConsumerConfAdmin($consumer, $new);
+
+ foreach ($servers as $sid => $server) {
+ $server_options[$sid] = $server->name;
+ }
+ return $consumer_conf_admin->drupalForm($server_options, $op);
+
+}
+
+
+/**
+ * validate handler for the ldap_authorization_admin_form
+ */
+
+function ldap_authorization_admin_form_validate($form, &$form_state) {
+
+ list($consumer, $op, $op_past, $new) = _ldap_authorization_admin_parse_form($form, $form_state);
+ $values = $form_state['values'];
+ ldap_server_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
+ $consumer_conf_admin = new LdapAuthorizationConsumerConfAdmin($consumer, $new);
+
+ $errors = $consumer_conf_admin->drupalFormValidate($op, $values);
+ foreach ($errors as $error_name => $error_text) {
+ $error_text = check_plain($error_text);
+ form_set_error($error_name, t($error_text));
+ }
+
+}
+
+
+/**
+ * submit handler function for ldap_authorization_admin_form
+ */
+
+function ldap_authorization_admin_form_submit($form, &$form_state) {
+ list($consumer, $op, $op_past_tense, $new) = _ldap_authorization_admin_parse_form($form, $form_state);
+ $values = $form_state['values'];
+ ldap_server_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
+ $consumer_conf = new LdapAuthorizationConsumerConfAdmin($consumer, $new);
+ $consumer_conf->drupalFormSubmit($op, $values); // add form data to object and save or create
+
+ if ($consumer_conf->hasError == FALSE) {
+ drupal_set_message(t('LDAP Authorization %name !verb', array('!verb' => $op_past_tense, '%name' => $consumer->name)), 'status');
+ drupal_goto(LDAP_SERVERS_MENU_BASE_PATH . '/authorization');
+ }
+
+ form_set_error($consumer_conf->errorName, $consumer_conf->errorMsg);
+ $consumer_conf->clearError();
+
+}
+
+/**
+ * helper function for parsing ldap authorization config form
+ */
+
+function _ldap_authorization_admin_parse_form($form, &$form_state) {
+ $op = drupal_strtolower($form_state['clicked_button']['#value']);
+ $values = $form_state['values'];
+
+ if ($values['consumer_type']) {
+ $consumer_type = $values['consumer_type'];
+ $consumer = ldap_authorization_get_consumer_object($consumer_type);
+ }
+ else {
+ return FALSE;
+ }
+
+ switch ($op) {
+ case 'add':
+ $op_past_tense = 'Added';
+ $new = TRUE;
+ break;
+
+ case 'save':
+ case 'update':
+ case 'edit':
+ $op_past_tense = 'Updated';
+ $new = FALSE;
+ break;
+
+ case 'delete':
+ $op_past_tense = 'Deleted';
+ $new = FALSE;
+ break;
+ }
+
+ return array($consumer, $op, $op_past_tense, $new);
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.test.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.test.inc
new file mode 100644
index 0000000..1a05a62
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.admin.test.inc
@@ -0,0 +1,163 @@
+<?php
+// $Id: ldap_authorization.admin.test.inc,v 1.3 2010/12/29 01:37:46 johnbarclay Exp $
+
+/**
+ * @file
+ * form to test a ldap authorization consumer configuration
+ */
+
+/**
+ * form for adding, updating, and deleting a single ldap authorization consumer configuration
+ *
+ * @param <type> $form
+ * @param <type> $form_state
+ * @return array drupal form array
+ */
+
+
+function ldap_authorization_test_form($form, &$form_state, $consumer_type) {
+ $consumer = ldap_authorization_get_consumer_object($consumer_type);
+ $consumer_tokens = ldap_authorization_tokens($consumer);
+
+ if (isset($_SESSION['ldap_authorization_test_query']['result'])) {
+ $form['result'] = array(
+ '#type' => 'item',
+ '#markup' => $_SESSION['ldap_authorization_test_query']['result'],
+ );
+
+ $form['pre-filtered'] = array(
+ '#type' => 'fieldset',
+ '#title' => t('Prefiltered and Final Mappings'),
+ '#collapsible' => TRUE,
+ '#collapsed' => TRUE,
+ );
+ $form['pre-filtered']['overview'] = array(
+ '#type' => 'item',
+ '#markup' => t('Below are the "raw authorizations" and which strategy they are derived from. If enabled, the mapping filter is applied to these.'),
+ );
+
+ if (isset($_SESSION['ldap_authorization_test_query']['maps'])) {
+ $i = 0;
+ foreach ($_SESSION['ldap_authorization_test_query']['maps'] as $map => $data) {
+ $i++;
+ $form['pre-filtered']['map' . $i] = array(
+ '#type' => 'item',
+ '#markup' => is_scalar($data) ? "<h2>$map (without filter)</h2>" . $data : theme('item_list', array('items' => $data, 'type' => 'ul', 'title' => "$map (without filter)")),
+ );
+ }
+ }
+ }
+
+ $form['intro'] = array(
+ '#type' => 'item',
+ '#markup' => t('<h1>Test LDAP to !consumer_name Configuration</h1>
+ <p>This form will not actually grant any authorizations, its just to show
+ what authorizations would be granted with this configuration.</p>', $consumer_tokens),
+ );
+
+ $form['consumer_type'] = array(
+ '#type' => 'hidden',
+ '#default_value' => $consumer_type,
+ );
+
+ $form['usernames'] = array(
+ '#type' => 'textarea',
+ '#title' => t('Drupal usernames to test !consumer_shortName authorizations results for. One per line.', $consumer_tokens),
+ '#default_value' => @$_SESSION['ldap_authorization_test_query']['usernames'] ,
+ '#cols' => 50,
+ '#rows' => 6,
+ '#description' => t('', $consumer_tokens),
+ );
+
+ $form['random_users'] = array(
+ '#type' => 'checkbox',
+ '#default_value' => @$_SESSION['ldap_authorization_test_form']['random_users'],
+ '#title' => t('Use 10 random users', $consumer_tokens),
+ );
+
+ $form['submit'] = array(
+ '#type' => 'submit',
+ '#value' => 'test',
+ );
+ unset($_SESSION['ldap_authorization_test_query']);
+ return $form;
+}
+
+
+/**
+ * validate handler for the ldap_authorization_test
+ */
+function ldap_authorization_test_form_validate($form, &$form_state) {
+
+ $values = $form_state['values'];
+ if (!($values['usernames'] || $values['random_users'])) {
+ form_set_error('No options chosen', t('Usernames must be given or random users checked.'));
+ }
+
+}
+
+/**
+ * submit handler function for ldap_authorization_test
+ */
+
+
+function ldap_authorization_test_form_submit($form, &$form_state) {
+
+ $consumer_type = $form_state['values']['consumer_type'];
+ $consumer = ldap_authorization_get_consumer_object($consumer_type);
+ $consumer_tokens = ldap_authorization_tokens($consumer);
+
+ $results = array();
+ $users_listed = $array = preg_split('/[\n\r]+/', $form_state['values']['usernames']);
+ $random_users = array();
+ $_SESSION['ldap_authorization_test_query']['random_users'] = $form_state['values']['random_users'];
+ $_SESSION['ldap_authorization_test_query']['usernames'] = $form_state['values']['usernames'];
+ if ($form_state['values']['random_users']) { // add 10 random usernames to test
+ // not using user_load_multiple because need randomness outside of query
+ $select = db_select('users', 'u');
+ $select->fields('u');
+
+ try {
+ $random_users = $select->execute()->fetchAllAssoc('name', PDO::FETCH_ASSOC);
+ }
+ catch (Exception $e) {
+ drupal_set_message(t('db users query failed. Message = %message, query= %query',
+ array('%message' => $e->getMessage(), '%query' => $e->query_string)), 'error');
+ return "";
+ }
+
+ }
+
+
+ $user_names = array_unique(array_merge(array_keys($random_users), $users_listed));
+ $i = 0;
+ foreach ($user_names as $username) {
+ if ($username) {
+ if (!$user = user_load_by_name($username)) {
+ // if not existing user, create fake user assumed to be ldap authenticated
+ $user = new stdClass();
+ $user->name = $username;
+ $user->ldap_test = TRUE;
+ $user->ldap_authenticated = TRUE;
+ }
+ else {
+ if (function_exists('dpm')) {
+ dpm("user: $username"); dpm($user);
+ }
+ }
+ list($results[$username], $notifications[$username]) = ldap_authorizations_user_authorizations($user, 'test_query', $consumer_type, 'logon');
+ // remove authorizations from other consumer types
+ $results[$username] = array($consumer_type => $results[$username][$consumer_type]);
+ $i++;
+ if ($i == 10) {
+ break;
+ }
+
+ }
+ }
+
+ $table = theme('ldap_authorization_test_results', array('results' => $results, 'consumer' => $consumer, 'notifications' => $notifications));
+ $_SESSION['ldap_authorization_test_query']['result'] = $table;
+ $form_state['redirect'] = LDAP_SERVERS_MENU_BASE_PATH . '/authorization/test/' . $consumer->consumerType;
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.inc
new file mode 100644
index 0000000..69b6a26
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.inc
@@ -0,0 +1,549 @@
+<?php
+// $Id: ldap_authorization.inc,v 1.3.2.3 2011/02/18 15:06:09 johnbarclay Exp $
+
+/**
+ * @file
+ * bulk of authorization code executed to determine a users authorizations
+ */
+
+function ldap_authorization_help_watchdog() { // remove after testing
+
+ drupal_add_css(drupal_get_path('module', 'ldap_help') . '/ldap_help.css', 'module', 'all', FALSE);
+ $path = drupal_get_path("module", "ldap_help");
+ $_content = "";
+ if (module_exists('dblog')) {
+ include_once(drupal_get_path('module', 'dblog') . '/dblog.admin.inc');
+ $_SESSION['dblog_overview_filter']['type'] = Array('ldap' => 'ldap');
+ $_content .= "<h3>" . t('LDAP Watchdog Errors and Notifications') . "</h3>";
+ $overview = dblog_overview();
+ $_content .= render($overview);
+
+ $_content .= l(t('...more watchdog'), 'admin/reports/dblog');
+ }
+ else {
+ $_content .= "<h3>" . t('LDAP Help Watchdog Errors and Notifications') . "</h3>";
+ $_content .= 'This feature requires <code>Database logging</code> module to be turned on. ';
+ $_content .= l(t('Module enable page'), 'admin/build/modules');
+ }
+
+
+ return $_content;
+}
+
+
+/**
+ * return all desired authorizations for a given user
+ *
+ * @param object $user
+ *
+ * @param string $op =
+ * set -- grant authorizations (store in db) and return authorizations
+ * test_query -- don't grant authorization, just query and return authorizations. assume user is ldap authenticated and exists
+ * query -- don't grant authorization, just query and return authorizations
+ *
+ * @param string $consumer_type e.g. drupal_roles
+ * @param string $context 'logon', 'test_if_authorizations_granted'
+ *
+ * @return
+ *
+ * LDAP_AUTHORIZATION_NO_LDAP_SERVERS if no servers configured
+ * LDAP_AUTHORIZATION_LDAP_ERROR if ldap error
+ * TRUE if servers configured but no roles derived from ldap
+ * array of potential authorizations (user may or may not already have these)
+ *
+ * by reference $user->data[<consumer_type>][<authorization_id>] = array();
+ * e.g. $var['drupal_role']['content_admin'] = array('rid' => 4)
+ * e.g. $var['og_membership']['bakers club'] = array('expires' => '01/01/2012');
+ *
+ */
+
+
+function _ldap_authorizations_user_authorizations(&$user, $op, $consumer_type, $context) {
+
+ $debug = FALSE;
+ $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
+ $authorizations = array();
+ $notifications = array();
+ $watchdog_tokens = array('%username' => $user->name);
+ $consumers = ldap_authorization_get_consumers($consumer_type, TRUE, FALSE);
+
+ $servers = ldap_servers_get_servers(NULL, 'enabled', TRUE);
+
+ /**
+ * user 1 not used in ldap authorization. this is a design decision.
+ */
+ if (property_exists($user, 'uid') && $user->uid == 1) {
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : ldap_authorization not applied to user 1', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ $notifications['all'] = LDAP_AUTHORIZATION_NOT_APPLY_USER_1;
+ foreach ($consumers as $consumer_type => $consumer) {
+ $authorizations[$consumer_type] = array();
+ }
+ return array($authorizations, $notifications);
+ }
+
+ /**
+ * determine if user is ldap authenticated
+ */
+ if ($context == 'test_if_authorizations_granted' || ($op == 'test_query' && @$user->ldap_test == TRUE)) {
+ $ldap_authenticated = $user->ldap_authenticated; // property 'ldap_authenticated' only exists for fake user objects
+ }
+ else {
+ $ldap_authenticated = (boolean)(module_exists('ldap_authentication') && ldap_authentication_ldap_authenticated($user));
+ }
+ $watchdog_tokens['%ldap_authenticated'] = ($ldap_authenticated) ? 'yes' : 'no';
+
+ foreach ($consumers as $consumer_type => $consumer) {
+ $authorizations[$consumer_type] = array();
+ /**
+ * each consumer type has only one consumer conf and each consumer conf has only one ldap server id (sid)
+ * so there is a one-to-one-to-one relationship between:
+ * - consumer object ($consumer),
+ * - server object ($ldap_server),
+ * - and consumer conf object.
+ *
+ */
+
+ $consumer = ldap_authorization_get_consumer_object($consumer_type);
+ if (!$consumer->consumerConf->status) {
+ continue;
+ }
+
+ $proposed_ldap_authorizations = array();
+ $watchdog_tokens['%consumer_type'] = $consumer_type;
+ $watchdog_tokens['%sid'] = $consumer->consumerConf->sid;
+
+ if (! is_object($consumer->consumerConf)) {
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : consumer type %consumer_type has no
+ configuration set.', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ continue;
+ }
+
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : testing with
+ consumer type %consumer_type. ldap authenticated=%ldap_authenticated', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ if ($debug) {
+ debug(t('%username : testing with consumer type %consumer_type. ldap authenticated=%ldap_authenticated'), $watchdog_tokens);
+ }
+
+ if ($context == 'logon' && !$consumer->consumerConf->synchOnLogon) {
+ $notifications[$consumer_type][] = LDAP_AUTHORIZATION_MAP_NOT_CONF_FOR_LOGON;
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : %consumer_type not set to run on user logon.', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ continue;
+ }
+
+ if ($consumer->consumerConf->onlyApplyToLdapAuthenticated && !$ldap_authenticated && $op != 'test_query') {
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : not used because it is set to be applied only to ldap authenticated users.
+ %username is not ldap authenticated.', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ $notifications[$consumer_type][] = LDAP_AUTHORIZATION_USER_NOT_LDAP_AUTHENTICATED;
+ continue;
+ }
+
+ $consumer_sid = $consumer->consumerConf->deriveFromEntrySearchAll ? NULL : $consumer->consumerConf->sid;
+ if (! ($user_ldap_entry = ldap_servers_get_user_ldap_data($user, $consumer_sid))) {
+ $notifications[$consumer_type][] = LDAP_AUTHORIZATION_USER_LDAP_NOT_FOUND;
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : %consumer_type ldap user not found.', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ continue;
+ }
+
+ if (! isset($servers[$consumer->consumerConf->sid])) {
+ $notifications[$consumer_type][] = LDAP_AUTHORIZATION_SERVER_CONFIG_NOT_FOUND;
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : %consumer_type ldap server %sid not enabled or found.', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ continue;
+ }
+
+ $ldap_server = $servers[$consumer->consumerConf->sid];
+
+ /**
+ * 1. first just need to figure out what authz_ids are generated for this consumer type/mapping configuration
+ *
+ * goal here is simply to build an array of authorizations for this ldap authz mapping
+ * $proposed_ldap_authorizations[<authorization id>] = properties associative array or empty array
+ * e.g. $proposed_ldap_authorizations['admin'] = array()
+ *
+ * the authorization ids may represent drupal roles, organic groups, civicrm groups, etc.
+ * these mappings are a function of:
+ * - drupal user entry, $user
+ * - a user ldap entry, $user_ldap_entry
+ * - an ldap server configuration, $ldap_server
+ * - a mapping configuration ($consumer_conf)
+ */
+
+ if ($detailed_watchdog_log || $debug) {
+ $_proposed_ldap_authorizations_pre_hook_maps_alter = is_array($proposed_ldap_authorizations) ? $proposed_ldap_authorizations : array();
+ $watchdog_tokens['%proposed_authorizations_pre_hook'] = join(', ', $_proposed_ldap_authorizations_pre_hook_maps_alter);
+ watchdog('ldap_authorization', '%username : initial proposed authorization before mapps_alter_invoke %consumer_type: %proposed_authorizations_pre_hook.',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+ ldap_authorization_maps_alter_invoke($user, $user_ldap_entry, $ldap_server, $consumer->consumerConf, $proposed_ldap_authorizations, $op);
+
+ if ($detailed_watchdog_log || $debug) {
+ $_proposed_ldap_authorizations = is_array($proposed_ldap_authorizations) ? $proposed_ldap_authorizations : array();
+ $watchdog_tokens['%proposed_authorizations'] = join(', ', $_proposed_ldap_authorizations);
+ }
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : initial proposed authorization for %consumer_type: %proposed_authorizations.',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ if ($debug) {
+ debug(t('%username : initial proposed authorization for %consumer_type: %proposed_authorizations.',
+ $watchdog_tokens));
+ }
+
+ /** make sure keys of array are lower case and values are mixed case **/
+ foreach ($proposed_ldap_authorizations as $key => $value) {
+ if ($key != drupal_strtolower($key)) {
+ $proposed_ldap_authorizations[drupal_strtolower($key)] = $value;
+ unset($proposed_ldap_authorizations[$key]);
+ }
+ }
+ // debug('proposed_ldap_authorizations3'); debug($proposed_ldap_authorizations);
+ /**
+ * 2. filter can be both a whitelist and a mapping of an ldap results to an authorization id.
+ * goal of this step is to generate $filtered_ldap_authorizations[$consumer_type]
+ * an array of filtered and mapped authorization ids
+ */
+
+
+ if ($consumer->consumerConf->useMappingsAsFilter) { // filter + map
+ $filtered_ldap_authorizations = array();
+ // debug('useMappingsAsFilter');
+ foreach ($consumer->consumerConf->normalizedMappings as $mapping_filter) {
+ $map_from = $mapping_filter[0];
+ $map_to = $mapping_filter[1];
+ // debug("from:$map_from to:$map_to");
+ if (isset($proposed_ldap_authorizations[drupal_strtolower($map_from)])) {
+ $filtered_ldap_authorizations[] = $map_to;
+ }
+ }
+ }
+ else { // only map
+ // debug('not useMappingsAsFilter');
+ $filtered_ldap_authorizations = array_values($proposed_ldap_authorizations);
+ if (is_array($consumer->consumerConf->mappings) && is_array($proposed_ldap_authorizations)) {
+ foreach ($consumer->consumerConf->mappings as $mapping_filter) {
+ $map_from = $mapping_filter[0];
+ $map_to = $mapping_filter[1];
+ // debug("from:$map_from to:$map_to");
+ $map_from_key = array_search(drupal_strtolower($map_from), array_keys($proposed_ldap_authorizations));
+ if ($map_from_key !== FALSE) {
+ // remove non mapped authorization
+ $filtered_ldap_authorizations = array_diff($filtered_ldap_authorizations, array($map_from));
+ $filtered_ldap_authorizations = array_diff($filtered_ldap_authorizations, array(drupal_strtolower($map_from)));
+ // add mapped authorization
+ $filtered_ldap_authorizations[] = $map_to;
+ // remove map from;
+ }
+ }
+ }
+ }
+
+ $filtered_ldap_authorizations = array_unique($filtered_ldap_authorizations);
+ // debug('filtered_ldap_authorizations'); debug($filtered_ldap_authorizations);
+ $watchdog_tokens['%filtered_ldap_authorizations'] = join(', ', $filtered_ldap_authorizations);
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : filtered authorization for %consumer_type: %filtered_ldap_authorizations.',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ if ($debug) {
+ debug(t('%username : filtered authorization for %consumer_type: %filtered_ldap_authorizations.',
+ $watchdog_tokens));
+ }
+
+ /**
+ * 3. third, grant any proposed authorizations not already granted
+ */
+
+ if ($op == 'test_query') {
+ $_SESSION['ldap_authorization_test_query']['tokens'] = $watchdog_tokens;
+ }
+ if ($op == 'set') {
+ _ldap_authorizations_user_authorizations_set($user, $consumer, $filtered_ldap_authorizations, $user_ldap_entry, $watchdog_tokens);
+ }
+ // debug('filtered,'. $consumer_type); debug($authorizations[$consumer_type]);
+ $authorizations[$consumer_type] = $filtered_ldap_authorizations;
+ } // end foreach $consumers
+
+ return array($authorizations, $notifications);
+
+}
+/**
+ * @param object $user is a drupal user account object, need not be current user
+ * @param object $consumer is instance of an authorization consumer class such as LdapAuthorizationConsumerDrupalRole
+ * @param array $filtered_ldap_authorizations all authorization ids a user is granted via ldap authorization configuration
+ * @param object $ldap_entry is users ldap entry. mapping of drupal user to ldap entry is stored in ldap_server configuration
+ *
+ * returns nothing
+ */
+
+function _ldap_authorizations_user_authorizations_set(&$user, $consumer, $filtered_ldap_authorizations, &$ldap_entry, $watchdog_tokens) {
+// debug('filtered ldap authorizations'); debug($filtered_ldap_authorizations);
+ $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
+
+ ldap_authorization_cleanse_empty_og_fields($user);
+
+ /**
+ * A. Determine what authorizations have been granted in the past by ldap authorization
+ */
+
+ if (isset($user->data['ldap_authorizations'][$consumer->consumerType]) && is_array($user->data['ldap_authorizations'][$consumer->consumerType])) {
+ $user_auth_data = $user->data['ldap_authorizations'][$consumer->consumerType];
+ $initial_existing_ldap_authorizations = array_keys($user_auth_data);
+ }
+ else {
+ $user_auth_data = array();
+ $initial_existing_ldap_authorizations = array();
+ }
+
+ $watchdog_tokens['%initial'] = join(', ', $initial_existing_ldap_authorizations);
+ $grants = $filtered_ldap_authorizations;
+ $watchdog_tokens['%filtered_ldap_authorizations'] = join(', ', $filtered_ldap_authorizations);
+ /**
+ * B. if regrantLdapProvisioned is false, $grants array should only be new authorizations
+ */
+ // if regranting disabled, filter off previously granted roles
+ if ($consumer->consumerConf->regrantLdapProvisioned === FALSE) {
+ $grants = array_diff($filtered_ldap_authorizations, $initial_existing_ldap_authorizations);
+ }
+ $watchdog_tokens['%grants1'] = join(', ', $grants);
+
+
+ /**
+ * C. query or create existing authorization consumer ids (drupal roles, og groups etc.)
+ */
+ $consumer_containers_existing = $consumer->availableConsumerIDs();
+ $containers_needed = array_diff($grants, $consumer_containers_existing);
+ $watchdog_tokens['%consumer_containers_initial'] = (count($consumer_containers_existing)) ? join(', ', $consumer_containers_existing) : t('none');
+ $watchdog_tokens['%consumer_containers_needed'] = (count($containers_needed)) ? join(', ', $containers_needed) : t('none');
+
+ if (count($containers_needed) > 0) {
+ if ($consumer->consumerConf->createConsumers) {
+ $consumer->createConsumers($containers_needed);
+ $consumer_containers_existing = $consumer->availableConsumerIDs(); // requery in case of failure
+ }
+ else {
+ $grants = array_diff($grants, $containers_needed); // filter off consumer ids that don't exist and can't be created
+ }
+ }
+
+ $watchdog_tokens['%consumer_containers_final'] = join(', ', $consumer_containers_existing);
+
+ /**
+ * D. Only grant authorization consumer ids that exist
+ */
+
+
+ $watchdog_tokens['%consumer_containers_existing'] = (count($consumer_containers_existing)) ? join(', ', $consumer_containers_existing) : t('none');
+ $watchdog_tokens['%grants_pre_intersect'] = (count($grants)) ? join(', ', $grants) : t('none');
+ $grants = array_intersect($consumer_containers_existing, $grants);
+ $watchdog_tokens['%grants_post_intersect'] = (count($grants)) ? join(', ', $grants) : t('none');
+
+ /**
+ * E. Do grants
+ */
+ $consumer->authorizationGrant($user, $user_auth_data, $grants, $ldap_entry, FALSE);
+
+ /**
+ * 3.F take away any authorizations not in proposed authorization,
+ * but previously granted by ldap
+ */
+ $watchdog_tokens['%revokes'] = t('none');
+ if ($consumer->consumerConf->revokeLdapProvisioned) {
+ $revokes = array_diff($initial_existing_ldap_authorizations, $filtered_ldap_authorizations);
+ if (count($revokes)) {
+ $consumer->authorizationRevoke($user, $user_auth_data, $revokes, $ldap_entry, FALSE);
+ $watchdog_tokens['%revokes'] = join(', ', $revokes);
+ }
+ }
+
+ $watchdog_tokens['%user_data'] = print_r($user_auth_data, TRUE);
+
+
+ /**
+ * 3.G save user object and user data
+ */
+
+ $user = user_load($user->uid, TRUE);
+ $user->data['ldap_authorizations'][$consumer->consumerType] = $user_auth_data; // not a merge here.
+ $user_edit['data'] = $user->data;
+ $user = user_save($user, $user_edit);
+ $user = user_load($user->uid, TRUE);
+
+ $watchdog_tokens['%user_obj_data_ldap_authorizations'] = print_r($user->data, TRUE);
+
+ if ($detailed_watchdog_log) {
+ watchdog('ldap_authorization', '%username : user_authorizations_set results for %consumer_type:
+ <hr/>1. Initial existing authorizations: %initial
+ <hr/>1. Filtered Authorizations: %filtered_ldap_authorizations
+ <hr/>2. After filtering off previously granted authorizations: %grants1
+ <hr/>3. All available existing authorization ids: %consumer_containers_initial
+ <hr/>4. authorization ids that need to be created: %consumer_containers_needed
+ <hr/>5. consumer containers existing after create call (or non-call if og): %consumer_containers_final
+ <hr/>6a. consumer_containers_existing: %consumer_containers_existing
+ <hr/>6b. grants_pre_intersect: %grants_pre_intersect
+ <hr/>6c. grants_post_intersect: %grants_post_intersect
+ <hr/>7. revokes passed to authorizationRevoke(): %revokes
+ <hr/>8. user auth data after save for %consumer_type: %user_data
+ <hr/>9. user->data[ldap_authorizations] after save: <pre>%user_obj_data_ldap_authorizations</pre>
+ ', $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+}
+
+function _ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) {
+
+ $detailed_watchdog_log = variable_get('ldap_help_watchdog_detail', 0);
+ $watchdog_tokens = array();
+
+ // Strategy 1: group extracted from user's DN.
+ $derive_from_dn_authorizations = array();
+ if ($consumer_conf->deriveFromDn) {
+ // debug('deriveFromDn');
+ $pairs = ldap_explode_dn($user_ldap_entry['dn'], 0); // escapes attribute values, need to be unescaped later
+ $count = array_shift($pairs);
+ foreach ($pairs as $p) {
+ $pair = explode('=', $p);
+ if (drupal_strtolower(trim($pair[0])) == drupal_strtolower($consumer_conf->deriveFromDnAttr)) {
+ $authorization_id = ldap_pear_unescape_dn_value(trim($pair[1]));
+ $derive_from_dn_authorizations[drupal_strtolower($authorization_id)] = (string)$authorization_id;
+ }
+ }
+ // debug($derive_from_dn_authorizations);
+ }
+ if ($op == 'test_query') {
+ $_SESSION['ldap_authorization_test_query']['maps']['Strategy 1. Derive from DN'] = ($consumer_conf->deriveFromDn) ? $derive_from_dn_authorizations : t('disabled');
+ }
+
+ // Strategy 2: groups in user attributes
+ $derive_from_attr_authorizations = array();
+ if ($consumer_conf->deriveFromAttr) {
+ // debug('consumer_conf->deriveFromAttr');
+ foreach ($consumer_conf->deriveFromAttrAttr as $derive_from_attribute_name) {
+ $authorizations = $ldap_server->deriveFromAttrGroups($derive_from_attribute_name, $user_ldap_entry, $consumer_conf->deriveFromAttrNested);
+ //debug('authorizations'); debug($authorizations);
+ foreach ($authorizations as $id => $authorization) {
+ if ($consumer_conf->deriveFromAttrUseFirstAttr) {
+ // debug('authorization'); debug($authorization);
+ $attr_parts = ldap_explode_dn($authorization, 0); // explode_dn escapes attribute values, so must be unescaped later!
+ // debug('attr_parts'); debug($attr_parts);
+ $first_part = explode('=', $attr_parts[0]);
+ // debug('first_part'); debug($first_part); debug(ldap_pear_unescape_filter_value($first_part));
+ $authorization_id = ldap_pear_unescape_filter_value(trim($first_part[1]));
+ }
+ else {
+ $authorization_id = $authorization;
+ }
+ $derive_from_attr_authorizations[drupal_strtolower($authorization_id)] = $authorization_id;
+ }
+ }
+ }
+ if ($op == 'test_query') {
+ $_SESSION['ldap_authorization_test_query']['maps']['Strategy 2. Groups in User Attributes'] = ($consumer_conf->deriveFromAttr) ? $derive_from_attr_authorizations : t('disabled');
+ }
+
+/**
+ *
+ * Strategy 3: groups as entries.
+ *
+ * given:
+ * - user dn = cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu
+ * - deriveFromEntryEntries = array(cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu)
+ * - deriveFromEntryMembershipAttr = 'member'
+ *
+ * search on member=cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu within basedn cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu
+ *
+ * returned entries dn or cn should be used to derive authorization mappings
+ *
+ */
+
+ $derive_from_entry_authorizations = array();
+ if ($consumer_conf->deriveFromEntry) {
+ if ($consumer_conf->deriveFromEntryAttrMatchingUserAttrUndefined) {
+ // this condition will be removed in the 7.x-2.x branch, its here to avoid breaking 7.x-1.x sites
+ // that use this somewhat flawed approach successfully. see: http://drupal.org/node/1412076
+ foreach ($consumer_conf->deriveFromEntryEntries as $branch) {
+ $filter = '(' . $consumer_conf->deriveFromEntryMembershipAttr . '=' . $user_ldap_entry['dn'] . ')';
+ $entries = $ldap_server->search($branch, $filter, array('cn'));
+ if ($entries === FALSE || empty($entries) || $entries['count'] == 0) {
+ $filter = '(' . $consumer_conf->deriveFromEntryMembershipAttr . '=' . $user->name . ')';
+ $entries = $ldap_server->search($branch, $filter, array('cn'));
+ }
+ if ($entries !== FALSE) {
+ foreach ($entries as $entry) {
+ if (isset($entry['cn'])) {
+ $authorization_id = $entry['cn'][0];
+ }
+ elseif (isset($entry['dn'])) {
+ $authorization_id = (string)$entry['dn'];
+ }
+ $derive_from_entry_authorizations[drupal_strtolower($authorization_id)] = $authorization_id;
+ }
+ }
+ }
+ }
+ elseif (isset($user_ldap_entry[$consumer_conf->deriveFromEntryAttrMatchingUserAttr]) ||
+ isset($user_ldap_entry['attr'][$consumer_conf->deriveFromEntryAttrMatchingUserAttr])) {
+ // $derive_from_entries_entries, $derive_from_entry_attr, $derive_from_entry_user_ldap_attr, $user_ldap_entry, $nested = FALSE
+ $derive_from_entry_authorizations = $ldap_server->deriveFromEntryGroups(
+ $consumer_conf->deriveFromEntryEntries,
+ $consumer_conf->deriveFromEntryEntriesAttr,
+ $consumer_conf->deriveFromEntryMembershipAttr,
+ $consumer_conf->deriveFromEntryAttrMatchingUserAttr,
+ $user_ldap_entry,
+ $consumer_conf->deriveFromEntryNested
+ );
+ if (count($derive_from_entry_authorizations)) {
+ foreach ($derive_from_entry_authorizations as $i => $authorization) {
+ if ($consumer_conf->deriveFromEntryUseFirstAttr) {
+ $attr_parts = ldap_explode_dn($authorization, 0); // escapes attribute values, need to be unescaped later
+ $first_part = explode('=', $attr_parts[0]);
+ $authorization_id = ldap_pear_unescape_dn_value(trim($first_part[1]));
+ }
+ else {
+ $authorization_id = $authorization;
+ }
+ $derive_from_entry_authorizations[drupal_strtolower($authorization_id)] = $authorization_id;
+ }
+ }
+ }
+ }
+ if ($op == 'test_query') {
+ $_SESSION['ldap_authorization_test_query']['maps']['Strategy 3. groups as entries'] = ($consumer_conf->deriveFromEntry) ? $derive_from_entry_authorizations : t('disabled');
+ }
+
+ $values = array_merge(array_values($derive_from_dn_authorizations), array_values($derive_from_attr_authorizations), array_values($derive_from_entry_authorizations));
+ $values = array_unique($values);
+ // debug('values'); debug($values);
+ $authz_ids = (count($values)) ? array_combine($values, $values) : array();
+ // debug('authz_ids'); debug($authz_ids);
+ if ($detailed_watchdog_log) {
+ $watchdog_tokens['%username'] = $user->name;
+ $watchdog_tokens['%ldap_server'] = $ldap_server->sid;
+ $watchdog_tokens['%deriveFromDn'] = join(', ', array_keys($derive_from_dn_authorizations));
+ $watchdog_tokens['%deriveFromAttr'] = join(', ', array_keys($derive_from_attr_authorizations));
+ $watchdog_tokens['%deriveFromEntry'] = 'authorizations: ' . join(', ', array_keys($derive_from_entry_authorizations));
+ $watchdog_tokens['%authz_ids'] = join(', ', array_keys($authz_ids));
+
+ watchdog('ldap_authorization', '%username :_ldap_authorization_ldap_authorization_maps_alter:
+ <hr/>deriveFromDn authorization ids: %deriveFromDn
+ <hr/>deriveFromAttr authorization ids: %deriveFromAttr
+ <hr/>deriveFromEntry authorization ids: %deriveFromEntry
+ <hr/>merged authz_ids authorization ids: %authz_ids
+ ',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.info b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.info
new file mode 100644
index 0000000..2f9addb
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.info
@@ -0,0 +1,31 @@
+; $Id: ldap_authorization.info,v 1.1.4.2 2011/02/08 06:01:00 johnbarclay Exp $
+name = LDAP Authorization
+description = "Implements LDAP authorization (previously LDAP Groups)"
+package = "Lightweight Directory Access Protocol"
+dependencies[] = ldap_servers
+core = 7.x
+
+files[] = LdapAuthorizationConsumerAbstract.class.php
+files[] = LdapAuthorizationConsumer.class.php
+files[] = LdapAuthorizationConsumerAdmin.class.php
+files[] = ldap_authorization.install
+files[] = ldap_authorization.module
+files[] = ldap_authorization.admin.inc
+files[] = ldap_authorization.admin.test.inc
+files[] = ldap_authorization.theme.inc
+files[] = tests/BasicTests/BasicTests.test
+files[] = tests/DeriveFromDN/DeriveFromDN.test
+files[] = tests/DeriveFromAttr/DeriveFromAttr.test
+files[] = tests/DeriveFromEntry/DeriveFromEntry.test
+files[] = tests/1197636/1197636.test
+files[] = tests/Other/Other.test
+files[] = tests/Og/Og.test
+files[] = tests/Og/Og2.test
+configure = admin/config/people/ldap/authorization
+
+; Information added by drupal.org packaging script on 2012-06-14
+version = "7.x-1.0-beta11"
+core = "7.x"
+project = "ldap"
+datestamp = "1339643179"
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.install b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.install
new file mode 100644
index 0000000..51599df
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.install
@@ -0,0 +1,253 @@
+<?php
+// $Id: ldap_authorization.install,v 1.1.4.2 2011/02/08 06:01:00 johnbarclay Exp $
+
+/**
+ * @file
+ * Install, update and uninstall functions for the LDAP authorization module.
+ */
+
+/**
+ * Implements hook_requirements().
+ */
+function ldap_authorization_requirements($phase) {
+ $requirements = array();
+
+if ($phase != "install" && db_field_exists('ldapauth', 'ldapgroups_in_dn' )) {
+ $requirements['ldap_authorization_ldap_integration']['title'] = t('LDAP Integration LDAP Groups Upgrade Concern');
+ $requirements['ldap_authorization_ldap_integration']['severity'] = REQUIREMENT_WARNING;
+ $requirements['ldap_authorization_ldap_integration']['value'] = NULL;
+ $requirements['ldap_authorization_ldap_integration']['description'] = t('Upgrade from Drupal 6 LDAP Groups to Drupal 7
+ LDAP Authorization is not automatic. LDAP Authorization will need to be configured by hand.
+ The authorization options are different and automated updgrade is not possible.
+ See also. See http://drupal.org/node/1023016, http://drupal.org/node/1183192.
+ This message will go away when the ldapauth database table is removed.');
+ }
+ // check that ldapauth not installed.
+ return $requirements;
+}
+
+
+/**
+ * Implements hook_schema().
+ */
+function ldap_authorization_schema() {
+
+ $schema['ldap_authorization'] = array(
+ 'export' => array(
+ 'key' => 'consumer_type',
+ 'key name' => 'Mapping ID',
+ 'identifier' => 'consumer_type',
+ 'primary key' => 'numeric_consumer_conf_id',
+ 'api' => array(
+ 'owner' => 'ldap_authorization',
+ 'api' => 'ldap_authorization',
+ 'minimum_version' => 1,
+ 'current_version' => 1,
+ ),
+ ),
+
+ 'description' => "Data used to map users ldap entry to authorization rights.",
+ 'primary key' => array('numeric_consumer_conf_id'),
+ 'foreign keys' => array(
+ 'sid' => array(
+ 'table' => 'ldap_servers',
+ 'columns' => array('sid' => 'sid'),
+ ),
+ ),
+ );
+
+ module_load_include('inc', 'ldap_servers','ldap_servers.functions');
+ ldap_server_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
+
+ $fields = LdapAuthorizationConsumerConfAdmin::fields();
+ foreach ($fields as $name => $props) {
+ if (isset($props['schema'])) {
+ $schema['ldap_authorization']['fields'][$name] = $props['schema'];
+ }
+ }
+
+ return $schema;
+}
+
+/**
+ * add 'create_consumers field to ldap_authorization table
+ */
+function ldap_authorization_update_7100() {
+
+ if (!db_field_exists('ldap_authorization', 'create_consumers')) {
+ db_add_field('ldap_authorization', 'create_consumers', array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ));
+ return t('"create_consumers" field added to ldap_authorization table');
+ }
+ else {
+ return t('No database changes made.');
+ }
+
+}
+
+/**
+ * add derive_from_attr_use_first_attr field to ldap_authorization table
+ */
+function ldap_authorization_update_7101() {
+
+ if (!db_field_exists('ldap_authorization', 'derive_from_attr_use_first_attr')) {
+ db_add_field('ldap_authorization', 'derive_from_attr_use_first_attr', array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ));
+ return t('"derive_from_attr_use_first_attr" field added to ldap_authorization table');
+ }
+ else {
+ return t('No database changes made.');
+ }
+
+}
+
+
+/**
+ * Add derive_from_entry_search_all column to ldap_authorization
+ */
+function ldap_authorization_update_7102() {
+
+ if (!db_field_exists('ldap_authorization', 'derive_from_entry_search_all')) {
+ db_add_field('ldap_authorization', 'derive_from_entry_search_all', array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ));
+ return t('"derive_from_entry_search_all" field added to ldap_authorization table');
+ }
+ else {
+ return t('No database changes made.');
+ }
+
+}
+
+/**
+ * change derive_from_attr_attr and derive_from_entry fields to text instead of varchar 2555
+ */
+function ldap_authorization_update_7103() {
+
+ foreach (array('derive_from_dn_attr', 'derive_from_attr_attr', 'derive_from_entry_entries') as $field_name) {
+ db_change_field('ldap_authorization', $field_name, $field_name, array(
+ 'type' => 'text',
+ 'not null' => FALSE,
+ ));
+ }
+
+}
+
+/**
+ * change derive_from_attr_attr and derive_from_entry fields to text instead of varchar 2555
+ * applied second time because beta6 and 7 were wrong.
+ */
+function ldap_authorization_update_7104() {
+
+ foreach (array('derive_from_dn_attr', 'derive_from_attr_attr', 'derive_from_entry_entries') as $field_name) {
+ db_change_field('ldap_authorization', $field_name, $field_name, array(
+ 'type' => 'text',
+ 'not null' => FALSE,
+ ));
+ }
+
+}
+
+/**
+ * add derive_from_entry_user_ldap_attr field to allow user specification of dn or other identifier.
+ */
+function ldap_authorization_update_7105() {
+
+ if (!db_field_exists('ldap_authorization', 'derive_from_entry_user_ldap_attr')) {
+ db_add_field('ldap_authorization', 'derive_from_entry_user_ldap_attr', array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'default' => NULL,
+ ));
+ return t('"derive_from_entry_user_ldap_attr" field added to ldap_authorization table');
+ }
+ else {
+ return t('No database changes made.');
+ }
+
+}
+
+/**
+ * add nested checkboxes to derive from entry and attributes strategies.
+ */
+function ldap_authorization_update_7106() {
+
+ if (!db_field_exists('ldap_authorization', 'derive_from_attr_nested')) {
+ db_add_field('ldap_authorization', 'derive_from_attr_nested', array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ));
+ $msg = t('"derive_from_attr_nested" field added to ldap_authorization table');
+ }
+
+ if (!db_field_exists('ldap_authorization', 'derive_from_entry_nested')) {
+ db_add_field('ldap_authorization', 'derive_from_entry_nested', array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ));
+ $msg .= t('"derive_from_entry_nested" field added to ldap_authorization table');
+ }
+
+ return ($msg) ? $msg : t('No database changes made.');
+}
+
+/**
+ * add derive_from_entry_use_first_attr field to and remove description field from ldap_authorization table
+ */
+function ldap_authorization_update_7107() {
+
+ $changes = '';
+
+ if (!db_field_exists('ldap_authorization', 'derive_from_entry_use_first_attr')) {
+ db_add_field('ldap_authorization', 'derive_from_entry_use_first_attr', array(
+ 'type' => 'int',
+ 'size' => 'tiny',
+ 'not null' => TRUE,
+ 'default' => 0,
+ ));
+ $changes .= t('"derive_from_entry_use_first_attr" field added to ldap_authorization table');
+ }
+
+ if (db_field_exists('ldap_authorization', 'description')) {
+ db_drop_field('ldap_authorization', 'description');
+ $changes .= t('"description" field dropped from to ldap_authorization table');
+ }
+
+ return ($changes) ? $changes : t('No database changes made.');
+
+}
+
+
+/**
+ * add derive_from_entry_entries_attr field to allow user specification of attribute representing group in queries.
+ */
+function ldap_authorization_update_7108() {
+
+ if (!db_field_exists('ldap_authorization', 'derive_from_entry_entries_attr')) {
+ db_add_field('ldap_authorization', 'derive_from_entry_entries_attr', array(
+ 'type' => 'varchar',
+ 'length' => 255,
+ 'default' => NULL,
+ ));
+ return t('"derive_from_entry_entries_attr" field added to ldap_authorization table');
+ }
+ else {
+ return t('No database changes made.');
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.module b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.module
new file mode 100644
index 0000000..4fa06ce
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.module
@@ -0,0 +1,300 @@
+<?php
+// $Id: ldap_authorization.module,v 1.1.4.3 2011/02/08 20:05:41 johnbarclay Exp $
+
+/**
+ * @file
+ * ldap authorization module
+ */
+
+define('LDAP_AUTHORIZATION_PROJECT_TAG', 'ldap_authorization');
+define('LDAP_AUTHORIZATION_USER_LDAP_NOT_FOUND', 101);
+define('LDAP_AUTHORIZATION_USER_NOT_LDAP_AUTHENTICATED', 102);
+define('LDAP_AUTHORIZATION_MAP_NOT_CONF_FOR_LOGON', 103);
+define('LDAP_AUTHORIZATION_NOT_APPLY_USER_1', 104);
+define('LDAP_AUTHORIZATION_SERVER_CONFIG_NOT_FOUND', 105);
+
+define('LDAP_AUTHORIZATION_NO_LDAP_SERVERS', 'ldap_authorization_no_ldap_servers');
+
+
+/**
+ * this is a workaround for og 7.x-2.x bug I believe
+ */
+
+function ldap_authorization_cleanse_empty_og_fields(&$user) {
+ if (property_exists($user, 'og_user_group_ref') && is_array($user->og_user_group_ref) && count($user->og_user_group_ref) == 0) {
+ unset($user->og_user_group_ref);
+ }
+ if (property_exists($user, 'og_other_user_group_ref') && is_array($user->og_other_user_group_ref) && count($user->og_other_user_group_ref) == 0 ) {
+ unset($user->og_other_user_group_ref);
+ }
+}
+
+/**
+ * Implements hook_menu().
+ */
+function ldap_authorization_menu() {
+
+ $items['admin/config/people/ldap/authorization'] = array(
+ 'title' => 'Authorization',
+ 'page callback' => 'ldap_authorizations_admin_index',
+ 'page arguments' => array(),
+ 'type' => MENU_LOCAL_TASK,
+ 'access arguments' => array('administer site configuration'),
+ 'file' => 'ldap_authorization.admin.inc',
+ 'weight' => 3,
+ );
+
+ $items['admin/config/people/ldap/authorization/list'] = array(
+ 'title' => 'List',
+ 'type' => MENU_DEFAULT_LOCAL_TASK,
+ );
+
+ $items['admin/config/people/ldap/authorization/edit/%'] = array(
+ 'title' => 'Edit LDAP Authorization Configuration',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('ldap_authorization_admin_form', 6, 'edit'),
+ 'access arguments' => array('administer site configuration'),
+ 'file' => 'ldap_authorization.admin.inc',
+ );
+
+ $items['admin/config/people/ldap/authorization/delete/%'] = array(
+ 'title' => 'Delete LDAP Authorization Configuration',
+ 'description' => 'Delete an ldap authorization configuration',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('ldap_authorization_admin_form', 6, 'delete'),
+ 'access arguments' => array('administer site configuration'),
+ 'file' => 'ldap_authorization.admin.inc',
+ );
+
+ $items['admin/config/people/ldap/authorization/test/%'] = array(
+ 'title' => 'Test LDAP Authorization Configuration',
+ 'description' => 'Test an ldap authorization configuration',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('ldap_authorization_test_form', 6, 'test'),
+ 'access arguments' => array('administer site configuration'),
+ 'file' => 'ldap_authorization.admin.test.inc',
+ );
+
+ $items['admin/config/people/ldap/authorization/add/%'] = array(
+ 'title' => 'Add Authorization Configuration',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('ldap_authorization_admin_form', 6, 'add'),
+ 'access arguments' => array('administer site configuration'),
+ 'file' => 'ldap_authorization.admin.inc',
+ );
+
+ return $items;
+}
+
+/**
+ * @return default value for field user->ldap_authorizations
+ */
+function ldap_authorization_ldap_authorizations_default($entity_type, $entity, $field, $instance, $langcode) {
+ return NULL;
+}
+/**
+ * Implements hook_user_login() login operation.
+ */
+function ldap_authorization_user_login(&$edit, $user) {
+ list($authorizations, $notifications) = ldap_authorizations_user_authorizations($user, 'set', NULL, 'logon');
+}
+
+/**
+ * ldap_authorization_maps_alter_invoke invokes hook_ldap_authorization_maps_alter() in every module.
+ *
+ * We cannot use module_invoke() for this, because the arguments need to
+ * be passed by reference.
+ */
+function ldap_authorization_maps_alter_invoke(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$proposed_ldap_authorizations, $op) {
+ foreach (module_implements('ldap_authorization_maps_alter') as $module) {
+ $function = $module . '_ldap_authorization_maps_alter';
+ $function($user, $user_ldap_entry, $ldap_server, $consumer_conf, $proposed_ldap_authorizations, $op);
+ }
+}
+
+/**
+ * Implements hook_ldap_ldap_server_in_use().
+ */
+function ldap_authorization_ldap_server_in_use($sid, $server_name) {
+
+ $use_warnings = array();
+ $consumers = ldap_authorization_get_consumers();
+ foreach(ldap_authorization_get_consumers() as $consumer_type => $consumer_conf) {
+ $consumer_conf['%server_name'] = $server_name;
+ $consumer_obj = ldap_authorization_get_consumer_object($consumer_type);
+ if ($sid == $consumer_obj->consumerConf->sid) {
+ $use_warnings[] = t('This server (%server_name) may not
+ be deleted or disabled because it is being used by the module consumer_module to
+ authorize consumer_name_plural.', $consumer_conf);
+ }
+ }
+ return $use_warnings;
+}
+
+
+/**
+ * Implements hook_ldap_authorization_maps_alter().
+ *
+ * to suggest authorization ids to grant (drupal roles in this case)
+ *
+ * @param object $user drupal user object
+ *
+ * @param array $user_ldap_entry is ldap data from ldap entry which drupal user is mapped to
+ *
+ * @param object $ldap_server
+ *
+ * @param array $consumer_conf .
+ *
+ * @param array $authz_ids. any new authorization ids (drupal user role names in this case) in form array('rolename1', 'rolename2',....)
+ *
+ * @param string $op = 'set' or 'query'
+ *
+ */
+function ldap_authorization_ldap_authorization_maps_alter(&$user, &$user_ldap_entry, &$ldap_server, &$consumer_conf, &$authz_ids, $op) {
+
+ ldap_server_module_load_include('inc', 'ldap_authorization', 'ldap_authorization');
+ _ldap_authorization_ldap_authorization_maps_alter($user, $user_ldap_entry, $ldap_server, $consumer_conf, $authz_ids, $op);
+}
+
+
+function ldap_authorization_theme() {
+ return array(
+ 'ldap_authorization_test_results' => array(
+ 'variables' => array('data' => NULL),
+ 'render element' => 'element',
+ 'file' => 'ldap_authorization.theme.inc'
+ ),
+ 'ldap_authorization_admin_index' => array(
+ 'variables' => array('consumers' => NULL),
+ 'render element' => 'element',
+ 'file' => 'ldap_authorization.theme.inc'
+ ),
+ );
+}
+
+/**
+ * param string $consumer_type is machine name of consumer such as drupal_role
+ *
+ * @return consumer object
+ */
+function ldap_authorization_get_consumer_object($consumer_type) {
+
+ $consumer = ldap_authorization_get_consumers($consumer_type, TRUE, TRUE);
+
+ if ($consumer) {
+ require_once(drupal_get_path('module', $consumer['consumer_module']) . '/' . $consumer['consumer_class_file']);
+ $class = $consumer['consumer_class_name'];
+ $consumer_obj = new $class($consumer_type);
+ $consumer_obj->detailedWatchdogLog = variable_get('ldap_help_watchdog_detail', 0);
+ return $consumer_obj;
+ }
+ else {
+ return FALSE;
+ }
+}
+
+/**
+ * @param string $consumer_type is machine name of consumer type such as "drupal_role"
+ * @param boolean $reset signifies clear static variable
+ * @param boolean $flatten signies return individual consumer not keyed on consumer type
+ *
+ * @return array (1) if $flatten is true, consumer configuration array
+ * otherwise (2) associative array of consumer configurations keyed on consumer type such as "drupal_role"
+ */
+function ldap_authorization_get_consumers($consumer_type = NULL, $reset = FALSE, $flatten = FALSE) {
+ static $consumers;
+ if ($reset || !is_array($consumers)) {
+ $consumers = module_invoke_all('ldap_authorization_consumer');
+ }
+ if (!$consumer_type) {
+ return $consumers;
+ }
+ elseif ($flatten) {
+ return isset($consumers[$consumer_type]) ? $consumers[$consumer_type] : FALSE;
+ }
+ else {
+ return isset($consumers[$consumer_type]) ? array($consumer_type => $consumers[$consumer_type]) : array();
+ }
+
+}
+
+/**
+ * @rationale: need not be called from hook_user, so this function separated out
+ * so it can be called from a batch synchronization process for example
+ *
+ * @param drupal user object $user
+ * @param string $op indicateing operation such as query, set, test_query, etc.
+ * @param string $consumer_type e.g. drupal_role, or og_groups
+ * @param string $context
+ *
+ * @return array of form:
+ * $authorizations[<consumer_type>][<authorization_id>]
+ *
+ */
+function ldap_authorizations_user_authorizations(&$user, $op = 'query', $consumer_type = NULL, $context = NULL) {
+ ldap_server_module_load_include('inc', 'ldap_authorization', 'ldap_authorization');
+ if ($consumer_type != NULL) {
+ list($new_authorizations, $notifications) = _ldap_authorizations_user_authorizations($user, $op, $consumer_type, $context);
+ }
+ else {
+ $consumers = ldap_authorization_get_consumers();
+ $new_authorizations = array();
+ $notifications = array();
+ foreach ($consumers as $consumer_type => $consumer) {
+ list($new_authorizations_i, $notifications_i) = _ldap_authorizations_user_authorizations($user, $op, $consumer_type, $context);
+ $new_authorizations = $new_authorizations + $new_authorizations_i;
+ $notifications = $notifications + $notifications_i;
+ }
+
+ }
+ return array($new_authorizations, $notifications);
+}
+
+function ldap_authorization_help($path, $arg) {
+
+ $authorization_help = t('LDAP authorization allows LDAP data such as group memberships,
+ user attributes, etc to determine user authorization (drupal roles, organic group memberships,
+ etc. Without additional modules, it only works with Drupal roles.
+ More detailed help is available on drupal.org at !helplink.',
+ array(
+ '!helplink' => l(LDAP_SERVERS_DRUPAL_HELP_URL, LDAP_SERVERS_DRUPAL_HELP_URL),
+ ));
+
+ switch ($path) {
+ case 'admin/config/people/ldap/authorization':
+ $output = '<p>' . $authorization_help . '</p>';
+ return $output;
+
+ case 'admin/help#ldap_authorization':
+ $output = '<p>' . $authorization_help . '</p>';
+ return $output;
+ }
+}
+
+/** just tokens for better watchdog and drupal_set_message arguments **/
+
+function ldap_authorization_tokens($consumer) {
+ $tokens = array();
+
+ if (is_object($consumer)) {
+ foreach (array('%', '!', '@') as $symbol) {
+ foreach (array('name', 'namePlural', 'shortName', 'shortNamePlural', 'consumerModule', 'consumerType', 'mappingDirections', 'testLink', 'editLink') as $property) {
+ $tokens[$symbol . 'consumer_' . $property] = $consumer->$property;
+ }
+ if (is_object($consumer->consumerConf)) {
+ foreach (array('sid', 'status') as $property) {
+ $tokens[$symbol . 'consumer_' . $property] = $consumer->consumerConf->$property;
+ }
+ }
+ }
+ }
+ return $tokens;
+}
+
+
+function ldap_authorization_get_consumer_admin_object($consumer_type) {
+ ldap_server_module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerConfAdmin.class');
+ $consumer_object = ldap_authorization_get_consumer_object($consumer_type);
+ $consumer_conf_admin = new LdapAuthorizationConsumerConfAdmin($consumer_object);
+ return $consumer_conf_admin;
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.theme.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.theme.inc
new file mode 100644
index 0000000..767ece6
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization.theme.inc
@@ -0,0 +1,135 @@
+<?php
+// $Id: ldap_authorization.theme.inc,v 1.4.2.1 2011/02/08 06:01:00 johnbarclay Exp $
+
+/**
+ * @file
+ * theming functions for the LDAP authorization module.
+ */
+
+function theme_ldap_authorization_admin_index(&$variables) {
+ $consumers = $variables['consumers'];
+
+ $table = array(
+ 'header' => array(t('LDAP Server ID'), t('Description'), t('Module'), t('Consumer Type'), t('Enabled'), t('Operations')),
+ 'attributes' => array('id' => 'ldap_consumer_confs', 'class' => 'data'),
+ 'colgroups' => array(),
+ 'sticky' => FALSE,
+ 'empty' => '',
+ 'caption' => t('LDAP Authorization Configurations'),
+ 'rows' => array(),
+ );
+
+ foreach ($consumers as $consumer_type => $consumer) {
+
+ if ($consumer->consumerConf->inDatabase) {
+ $admin = new LdapAuthorizationConsumerConfAdmin($consumer);
+ $actions = join(' | ', $admin->getLdapAuthorizationConsumerActions());
+ }
+ else {
+ $actions = l(t('add'), LDAP_SERVERS_MENU_BASE_PATH . '/authorization/add/' . $consumer->consumerType);
+ }
+
+ $table['rows'][] = array(
+ $consumer->consumerConf->sid,
+ $consumer->name,
+ $consumer->consumerModule,
+ $consumer_type,
+ ($consumer->consumerConf->status) ? t('Yes') : t('No'),
+ $actions
+ );
+ }
+ return theme('table', $table);
+
+}
+
+
+function theme_ldap_authorization_test_results($variables) {
+
+ $results = $variables['results'];
+ $consumer = $variables['consumer'];
+ $notifications = $variables['notifications'];
+ $consumer_conf_link = l($consumer->consumerType, LDAP_SERVERS_MENU_BASE_PATH . '/authorization/edit/' . $consumer->consumerType);
+ $server_link = l($consumer->consumerConf->sid, LDAP_SERVERS_MENU_BASE_PATH . '/servers/edit/' . $consumer->consumerConf->sid);
+
+ $table = array(
+ 'header' => array(t('Drupal Username'), t('Authorization Type'), t('Authorization IDs'), t('Configuration'), t('LDAP Server Configuration')),
+ 'attributes' => array('id' => 'ldap_authorization_authorizations', 'class' => 'data'),
+ 'colgroups' => array(),
+ 'sticky' => FALSE,
+ 'empty' => '',
+ 'caption' => t('LDAP Authorizations Test Results for consumer %consumer', array('%consumer' => $consumer->name)),
+ 'rows' => array(),
+ );
+
+ if (count($results)) {
+ foreach ($results as $username => $user_results) {
+ $row = array();
+ if ($user = user_load_by_name($username)) {
+ $username_link = l($username, 'user/' . $user->uid . '/edit');
+ }
+ foreach ($user_results as $consumer_type => $authorizations) {
+ if (is_array($authorizations) && count($authorizations) > 0) {
+ $authorizations = $consumer->convertToFriendlyAuthorizationIds($authorizations);
+ $authorizations_text = theme('item_list', array('items' => $authorizations, 'title' => NULL, 'type' => 'ul', 'attributes' => array()));
+ }
+ else {
+ $authorizations_text = "";
+ }
+ $row = array($username, $consumer->name, $authorizations_text, $consumer_conf_link, $server_link);
+ $table['rows'][] = $row;
+ }
+
+ foreach ($notifications[$username] as $consumer_type => $user_notifications) {
+ $authorizations_text = "";
+ if ($consumer_type == 'all') {
+ $authorizations_text = ldap_authorization_map_errors($user_notifications, $consumer_conf_link);
+ }
+ elseif (is_array($user_notifications) && count($user_notifications) > 0) {
+ foreach ($user_notifications as $i => $notification) {
+ $authorizations_text .= ldap_authorization_map_errors($notification, $consumer_conf_link);
+ }
+ }
+ $row = array($username_link, $consumer->name, $authorizations_text, $consumer_conf_link, $server_link);
+ $table['rows'][] = $row;
+ }
+ }
+ }
+
+ $output = theme('table', $table);
+
+ return $output;
+
+ }
+
+function ldap_authorization_map_errors($err_id, $consumer_conf_link) {
+
+ $tokens = array('%consumer_conf_link' => $consumer_conf_link);
+ switch ($err_id) {
+
+ case LDAP_AUTHORIZATION_USER_LDAP_NOT_FOUND:
+ $authorizations_text = t('LDAP entry for drupal user not found.', $tokens);
+ break;
+
+ case LDAP_AUTHORIZATION_USER_NOT_LDAP_AUTHENTICATED:
+ $authorizations_text = t('LDAP Authorizations not applied because user is not
+ authenticated via LDAP and configuration requires is (%consumer_conf_link).', $tokens);
+ break;
+
+ case LDAP_AUTHORIZATION_MAP_NOT_CONF_FOR_LOGON:
+ $authorizations_text = t('LDAP Authorizations not configured to be executed on logon in (%consumer_conf_link).', $tokens);
+ break;
+
+ case LDAP_AUTHORIZATION_NOT_APPLY_USER_1:
+ $authorizations_text = t('LDAP Authorizations not applicable to user 1.', $tokens);
+ break;
+
+ case LDAP_AUTHORIZATION_SERVER_CONFIG_NOT_FOUND:
+ $authorizations_text = t('Enabled LDAP server configuration not found for given ldap consumer type in (%consumer_conf_link).', $tokens);
+ break;
+
+ default:
+ $authorizations_text = "Failed.";
+ }
+
+ return $authorizations_text;
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php
new file mode 100644
index 0000000..102f749
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/LdapAuthorizationConsumerRole.class.php
@@ -0,0 +1,210 @@
+<?php
+// $Id: $
+
+
+
+/**
+ * @file
+ * abstract class to represent an ldap_authorization consumer
+ * such as drupal_role, og_group, etc.
+ *
+ */
+
+module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class');
+
+
+class LdapAuthorizationConsumerDrupalRole extends LdapAuthorizationConsumerAbstract {
+
+ public $consumerType = 'drupal_role';
+ public $allowSynchBothDirections = FALSE;
+ public $allowConsumerObjectCreation = TRUE;
+ public $onlyApplyToLdapAuthenticatedDefault = TRUE;
+ public $useMappingsAsFilterDefault = TRUE;
+ public $synchOnLogonDefault = TRUE;
+ public $synchManuallyDefault = TRUE;
+ public $revokeLdapProvisionedDefault = TRUE;
+ public $regrantLdapProvisionedDefault = TRUE;
+ public $createContainersDefault = TRUE;
+ public $drupalRolesByName = array();
+
+ /**
+ * Constructor Method
+ *
+ */
+ function __construct($consumer_type = NULL) {
+ $params = ldap_authorization_drupal_role_ldap_authorization_consumer();
+ $this->refreshConsumerIDs();
+ parent::__construct('drupal_role', $params['drupal_role']);
+ }
+
+ public function refreshConsumerIDs() {
+ $this->drupalRolesByName = array();
+ foreach (array_flip(user_roles()) as $role_name => $rid) {
+ $this->drupalRolesByName[drupal_strtolower($role_name)] = $rid;
+ }
+ $this->_availableConsumerIDs = array(); // array_values(user_roles(TRUE));
+ foreach (array_values(user_roles(TRUE)) as $role_name) {
+ $this->_availableConsumerIDs[] = $role_name;
+ }
+ }
+
+ public function availableConsumerIDs($reset = FALSE) {
+ if ($reset || ! is_array($this->_availableConsumerIDs)) {
+ $this->refreshConsumerIDs();
+ }
+ return $this->_availableConsumerIDs;
+ }
+
+ /**
+ * extends createConsumer method of base class
+ *
+ * creates of drupal roles may be mixed case. drupal doesn't
+ * differentiate, so case is ignored in comparing, but preserved
+ * for the actual created role name saved.
+ *
+ * **/
+
+ public function createConsumers($creates_mixed_case) {
+
+ // 1. determins difference between existing drupal roles and ones that are requested to be created
+ $existing_roles_mixed_case = $this->availableConsumerIDs();
+ $creates_lower_case = array_map('drupal_strtolower', $creates_mixed_case);
+ $existing_roles_lower_case = array_map('drupal_strtolower', $existing_roles_mixed_case);
+ $roles_map_lc_to_mixed_case = array_combine($creates_lower_case, $creates_mixed_case);
+ $roles_to_create = array_unique(array_diff($creates_lower_case, $existing_roles_lower_case));
+
+ // 2. create each role that is needed
+ foreach ($roles_to_create as $i => $role_name_lowercase) {
+ if (strlen($role_name_lowercase) > 63) {
+ watchdog('ldap_authorization_drupal_role', 'Tried to create drupal role with name of over 63 characters (%group_name). Please correct your drupal ldap_authorization settings', array('%group_name' => $role_name_lowercase));
+ continue;
+ }
+ $role = new stdClass();
+ $role->name = $roles_map_lc_to_mixed_case[$role_name_lowercase];
+ if (! ($status = user_role_save($role))) {
+ // if role is not created, remove from array to user object doesn't have it stored as granted
+ watchdog('user', 'failed to create drupal role %role in ldap_authorizations module', array('%role' => $role->name));
+ }
+ else {
+ $created[] = $role->name;
+ watchdog('user', 'drupal role %role in ldap_authorizations module', array('%role' => $role->name));
+ }
+ }
+ // 3. return all existing user roles and flush cache of consumer ids.
+ $refreshed_available_consumer_ids = $this->availableConsumerIDs(TRUE);
+ if ($this->detailedWatchdogLog) {
+ $watchdog_tokens = array('%roles_to_create' => join(", ", $roles_to_create));
+ $watchdog_tokens = array('%existing_roles' => join(", ", $existing_roles_mixed_case));
+ $watchdog_tokens = array('%refreshed_available_consumer_ids' => join(", ", $refreshed_available_consumer_ids));
+ watchdog('ldap_authorization',
+ 'LdapAuthorizationConsumerDrupalRole.createConsumers()
+ roles to create: %roles_to_create;
+ existing roles: %existing_roles;
+ available roles after createConsumers call: %refreshed_available_consumer_ids;',
+ $watchdog_tokens,
+ WATCHDOG_DEBUG);
+ }
+
+
+ return $refreshed_available_consumer_ids; // return actual roles that exist, in case of failure
+
+ }
+
+ public function revokeSingleAuthorization(&$user, $role_name, &$user_auth_data) {
+
+ $user_edit = array('roles' => array_diff($user->roles, array($this->drupalRolesByName[$role_name] => $role_name)));
+ $account = user_load($user->uid);
+ $user = user_save($account, $user_edit);
+ $result = ($user && !isset($user->roles[$this->drupalRolesByName[$role_name]]));
+
+ if ($this->detailedWatchdogLog) {
+ watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.revokeSingleAuthorization()
+ revoked: rid=%rid, role_name=%role_name for username=%username, result=%result',
+ array('%rid' => $this->drupalRolesByName[$role_name], '%role_name' => $role_name, '%username' => $user->name,
+ '%result' => $result), WATCHDOG_DEBUG);
+ }
+
+ return $result;
+
+ }
+
+ /**
+ * extends grantSingleAuthorization()
+ */
+
+ public function grantSingleAuthorization(&$user, $role_name, &$user_auth_data) {
+ if (! isset($this->drupalRolesByName[$role_name])) {
+ watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.grantSingleAuthorization()
+ failed to grant %username the role %role_name because role does not exist',
+ array('%role_name' => $role_name, '%username' => $user->name),
+ WATCHDOG_ERROR);
+ return FALSE;
+ }
+ debug($user->roles);
+ $new_roles = $user->roles + array($this->drupalRolesByName[$role_name] => $role_name);
+ $user_edit = array('roles' => $new_roles);
+
+ debug($new_roles);
+ debug($user_edit);
+ if ($this->detailedWatchdogLog) {
+ watchdog('ldap_authorization', 'grantSingleAuthorization in drupal rold' . print_r($user, TRUE), array(), WATCHDOG_DEBUG);
+ }
+
+ $account = user_load($user->uid);
+ $user = user_save($account, $user_edit);
+ $result = ($user && isset($user->roles[$this->drupalRolesByName[$role_name]]));
+
+ if ($this->detailedWatchdogLog) {
+ watchdog('ldap_authorization', 'LdapAuthorizationConsumerDrupalRole.grantSingleAuthorization()
+ granted: rid=%rid, role_name=%role_name for username=%username, result=%result',
+ array('%rid' => $this->drupalRolesByName[$role_name], '%role_name' => $role_name, '%username' => $user->name,
+ '%result' => $result), WATCHDOG_DEBUG);
+ }
+
+ return $result;
+
+ }
+
+ public function usersAuthorizations(&$user) {
+ return array_values($user->roles);
+ }
+
+ public function validateAuthorizationMappingTarget($map_to, $form_values = NULL, $clear_cache = FALSE) {
+ $has_form_values = is_array($form_values);
+ $message_type = NULL;
+ $message_text = NULL;
+ $normalized = $this->normalizeMappings(array($map_to));
+ $tokens = array('!map_to' => $map_to);
+ $pass = FALSE;
+ if (is_array($normalized) && isset($normalized[0][1]) && $normalized[0][1] !== FALSE ) {
+ $available_authorization_ids = $this->availableConsumerIDs($clear_cache);
+ $available_authorization_ids = array_map('drupal_strtolower', $available_authorization_ids);
+ // debug($available_authorization_ids); debug($normalized[0]);
+ $pass = (in_array(drupal_strtolower($normalized[0]), $available_authorization_ids));
+ }
+
+ if (!$pass) {
+ $message_text = '<code>"' . t('!map_to', $tokens) . '</code>" ' . t('does not map to any existing Drupal roles. ');
+ if ($has_form_values) {
+ $create_consumers = (isset($form_values['synchronization_actions']['create_consumers']) && $form_values['synchronization_actions']['create_consumers']);
+ }
+ else {
+ $create_consumers = $this->consumerConf->create_consumers;
+ }
+ if ($create_consumers && $this->allowConsumerObjectCreation) {
+ $message_type = 'warning';
+ $message_text .= t('It will be created when needed. If "!map_to" is not intentional, please fix it', $tokens);
+ }
+ elseif (!$this->allowConsumerObjectCreation) {
+ $message_type = 'error';
+ $message_text .= t('Since automatic Drupal role creation is not possible with this module, an existing role must be mapped to.');
+ }
+ elseif (!$create_consumers) {
+ $message_type = 'error';
+ $message_text .= t('Since automatic Drupal role creation is disabled, an existing role must be mapped to. Either enable role creation or map to an existing role.');
+ }
+
+ }
+ return array($message_type, $message_text);
+ }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.info b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.info
new file mode 100644
index 0000000..39c1848
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.info
@@ -0,0 +1,18 @@
+;$Id: ldap_authorization_drupal_role.info,v 1.4 2010/12/29 04:51:11 johnbarclay Exp $
+
+name = LDAP Authorization - Drupal Roles
+description = "Implements LDAP authorization for Drupal roles"
+package = "Lightweight Directory Access Protocol"
+dependencies[] = ldap_authorization
+core = 7.x
+configure = admin/config/people/ldap/authorization
+files[] = LdapAuthorizationConsumerRole.class.php
+files[] = ldap_authorization_drupal_role.module
+files[] = ldap_authorization_drupal_role.inc
+
+; Information added by drupal.org packaging script on 2012-06-14
+version = "7.x-1.0-beta11"
+core = "7.x"
+project = "ldap"
+datestamp = "1339643179"
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.install b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.install
new file mode 100644
index 0000000..72295d6
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.install
@@ -0,0 +1,9 @@
+<?php
+// $Id: ldap_authorization_drupal_role.install,v 1.2 2010/12/29 01:37:47 johnbarclay Exp $
+
+/**
+ * @file
+ * Install, update and uninstall functions for the LDAP authorization module.
+ */
+
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.module b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.module
new file mode 100644
index 0000000..1274ce7
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_drupal_role/ldap_authorization_drupal_role.module
@@ -0,0 +1,45 @@
+<?php
+// $Id: ldap_authorization_drupal_role.module,v 1.2 2010/12/13 02:28:51 johnbarclay Exp $
+
+
+
+
+/** @file
+ *
+ * maps ldap data to drupal roles
+ *
+ */
+
+/**
+ * Implements hook_ldap_authorization_consumer().
+ */
+function ldap_authorization_drupal_role_ldap_authorization_consumer() {
+ $types['drupal_role'] = array(
+ 'consumer_name' => t('drupal role'),
+ 'consumer_name_plural' => t('drupal roles'),
+ 'consumer_short_name' => t('role'),
+ 'consumer_short_name_plural' => t('roles'),
+ 'consumer_description' => t('A Drupal Role.'),
+ 'consumer_class_name' => 'LdapAuthorizationConsumerDrupalRole',
+ 'consumer_class_file' => 'LdapAuthorizationConsumerRole.class.php',
+ 'consumer_module' => 'ldap_authorization_drupal_role',
+ 'consumer_mapping_directions' => '<p>Mappings should be of form:<br/>
+<code>[raw authorization id]|[group name]</code>
+<br/>such as:<br/>
+<code>Campus Accounts|authenticated user<br/>
+ou=Underlings,dc=myorg,dc=mytld|underlings<br/>
+ou=IT,dc=myorg,dc=mytld,dc=edu|administrator
+</code><br/>',
+ );
+
+ return $types;
+}
+
+/**
+ * implements hook_form_alter()
+ */
+function ldap_authorization_drupal_role_form_ldap_authorization_admin_form_alter(&$form, $form_state) {
+ if ($form['status']['consumer_type']['#value'] == 'drupal_role') {
+
+ }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php
new file mode 100644
index 0000000..fd0473c
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/LdapAuthorizationConsumerOG.class.php
@@ -0,0 +1,620 @@
+<?php
+// $Id: LdapAuthorizationConsumerOG.class.php,v 1.3.2.1 2011/02/08 20:05:42 johnbarclay Exp $
+
+
+
+/**
+ * @file
+ * class for ldap authorization of organic groups
+ *
+ */
+
+module_load_include('php', 'ldap_authorization', 'LdapAuthorizationConsumerAbstract.class');
+
+class LdapAuthorizationConsumerOG extends LdapAuthorizationConsumerAbstract {
+
+ public $consumerType = 'og_group';
+ public $allowSynchBothDirections = FALSE;
+ public $allowConsumerObjectCreation = FALSE;
+ public $onlyApplyToLdapAuthenticatedDefault = TRUE;
+ public $useMappingsAsFilterDefault = TRUE;
+ public $synchOnLogonDefault = TRUE;
+ public $synchManuallyDefault = TRUE;
+ public $revokeLdapProvisionedDefault = TRUE;
+ public $regrantLdapProvisionedDefault = TRUE;
+ public $createContainersDefault = FALSE;
+ public $ogRoles = array();
+ public $ogRolesByName = array();
+ public $ogVersion = NULL; // 1, 2, etc.
+ public $ogs = array(); // array with keys of entity-type, entity-id, rid
+
+ /**
+ * Constructor Method
+ *
+ */
+ function __construct($consumer_type = NULL) {
+
+ $this->ogVersion = ldap_authorization_og_og_version();
+ $params = ldap_authorization_og_ldap_authorization_consumer();
+ if ($this->ogVersion == 1) {
+ $this->ogRoles = og_roles(0);
+ $this->ogRolesByName = array_flip($this->ogRoles);
+ }
+ else {
+ $this->_setConsumerIDs();
+ }
+ parent::__construct('og_group', $params['og_group']);
+ }
+
+ public function refreshConsumerIDs() {
+ $this->_setConsumerIDs();
+ }
+
+ public function _setConsumerIDs() {
+ $this->_availableConsumerIDs = array();
+
+ if ($this->ogVersion == 1) { // og 7.1.x
+ $groups = og_get_all_group();
+ $og_entities = og_load_multiple($groups);
+ foreach($og_entities as $group) {
+ $this->ogs[$group->gid] = $group;
+ foreach ($this->ogRoles as $rid => $role) {
+ $auth_id = ldap_authorization_og_authorization_id($group->gid, $rid);
+ $this->_availableConsumerIDs[$auth_id] = $group->label . ", $role";
+ }
+ }
+ }
+ else { // og 7.2.x
+ list($this->ogs, $this->_availableConsumerIDs) = $this->og2Groups();
+ // dpm($this->ogs); dpm($this->_availableConsumerIDs);
+ }
+ }
+
+ public static function og2Groups() {
+ $ogs = array();
+ $availableConsumerIDs = array();
+ foreach (og_get_all_group_bundle() as $entity_type => $bundles) {
+ $group_entity_ids = og_get_all_group($entity_type);
+ $group_entities = entity_load($entity_type, $group_entity_ids);
+ $ogs[$entity_type] = $group_entities;
+ foreach ($group_entities as $entity_id => $group_entity) {
+ $roles = og_roles($entity_type, $group_entity->type, $entity_id);
+ $ogs[$entity_type][$entity_id] = array(
+ 'roles' => $roles,
+ 'entity' => $group_entity,
+ 'name' => isset($group_entity->title) ? $group_entity->title : '',
+ );
+ foreach ($roles as $rid => $role) {
+ $auth_id = ldap_authorization_og_authorization_id($entity_id, $rid, $entity_type);
+ $availableConsumerIDs[$auth_id] = $ogs[$entity_type][$entity_id]['name'] . " - $role";
+ }
+ }
+ }
+ return array($ogs, $availableConsumerIDs);
+
+
+ }
+
+ public function normalizeMappings($mappings) {
+
+ if ($this->ogVersion == 2) { // not relavant to og 2 mappings
+ return $mappings;
+ }
+
+ foreach ($mappings as $i => $mapping) {
+ $gid = NULL;
+ $rid = NULL;
+
+ $targets = explode(',', $mapping[1]);
+ if (count($targets) != 2) {
+ return FALSE;
+ }
+
+ $group_target_and_value = explode('=', $targets[0]);
+ if (count($group_target_and_value) != 2) {
+ return FALSE;
+ }
+ list($group_target, $group_target_value) = $group_target_and_value;
+
+ $role_target_and_value = explode('=', $targets[1]);
+ if (count($role_target_and_value) != 2) {
+ return FALSE;
+ }
+ list($role_target, $role_target_value) = $role_target_and_value;
+
+ if ($group_target == 'gid') {
+ $gid = $group_target_value;
+ }
+ elseif ($group_target == 'group-name') {
+ list($og_group, $og_node) = ldap_authorization_og1_get_group($group_target_value, 'group_name', 'object');
+ if (is_object($og_group) && property_exists($og_group, 'gid') && $og_group->gid) {
+ $gid = $og_group->gid;
+ }
+ }
+ else {
+ $entity_type_and_field = explode('.', $group_target);
+ if (count($entity_type_and_field) != 2) {
+ return FALSE;
+ }
+ list($entity_type, $field) = $entity_type_and_field;
+
+ $query = new EntityFieldQuery();
+ $query->entityCondition('entity_type', $entity_type)
+ ->fieldCondition($field, 'value', $group_target_value, '=')
+ ->addMetaData('account', user_load(1)); // run the query as user 1
+
+ $result = $query->execute();
+ if (is_array($result) && isset($result[$entity_type]) && count($result[$entity_type]) == 1) {
+ $entities = array_keys($result[$entity_type]);
+ $gid = ldap_authorization_og1_entity_id_to_gid($entities[0]);
+ }
+ }
+
+ if ($role_target == 'rid') {
+ $rid = $role_target_value;
+ }
+ elseif ($role_target == 'role-name') {
+ $rid = ldap_authorization_og_rid_from_role_name($role_target_value);
+ }
+
+ if ($gid && $rid) {
+ $mappings[$i][1] = ldap_authorization_og_authorization_id($gid, $rid);
+ }
+ else {
+ $mappings[$i][1] = FALSE;
+ }
+ }
+ return $mappings;
+
+ }
+
+
+ /**
+ * Return list of all available consumer ids/authorization ids
+ * @param boolean $reset whether to rebuild array
+ * @return array of consumer ids of form:
+ * array([og-group-id]-[rid], ...)
+ * such as array('7-2', '3-3')
+ */
+
+ public function availableConsumerIDs($reset = FALSE) {
+ if ($reset || ! is_array($this->_availableConsumerIDs)) {
+ $this->refreshConsumerIDs();
+ }
+ return array_keys($this->_availableConsumerIDs);
+ }
+
+/**
+ * some authorization schemes such as organic groups, require a certain order. implement this method
+ * to sort consumer ids/authorization ids before they are granted to the user
+ *
+ * @param string $op 'grant' or 'revoke' signifying what to do with the $consumer_ids
+ *
+ * alters $consumer_ids by reference
+ *
+ * in organic groups, consumer ids are in form gid-rid such as 3-2, 3-3. We want highest authorization available granted.
+ * But, granting member role (2), revokes other roles such as admin in OG. So for granting we want the order:
+ * 3-1, 3-2, 3-3 such that 3-3 is retained. For revoking, the order should not matter, but reverse sorting makes
+ * intuitive sense.
+ */
+
+ public function sortConsumerIds($op, &$consumer_ids) {
+ if ($op == 'revoke') {
+ arsort($consumer_ids, SORT_STRING);
+ }
+ else {
+ asort($consumer_ids, SORT_STRING);
+ }
+ }
+
+/**
+ * revoke an authorization
+ *
+ * extends revokeSingleAuthorization()
+ *
+ * @param drupal user object $user
+ * @param string $authorization_id (aka consumer id) in form organic group gid-rid such as 7-2
+ * @param array $user_auth_data is array specific to this consumer_type. Stored in $user->data['ldap_authorizations']['og_group']
+ *
+ * @return TRUE if revoked or user doesn't have role FALSE if not revoked or failed.
+ *
+ * this function does not save the user object or alter $user_auth_data.
+ * this is handled in the abstract class.
+ */
+
+ public function revokeSingleAuthorization(&$user, $authorization_id, &$user_auth_data) {
+
+ if ($this->ogVersion == 1) {
+ list($gid, $rid) = @explode('-', $authorization_id);
+ }
+ else {
+ list($group_type, $gid, $rid) = @explode(':', $authorization_id);
+ }
+
+ // CASE 1: Bad Parameters
+ if (!$authorization_id || !$gid || !$rid || !is_object($user) || ($this->ogVersion == 2 && !$group_type)) {
+ watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
+ improper parameters.',
+ array(),
+ WATCHDOG_ERROR);
+ return FALSE;
+ }
+
+ $ldap_granted = $this->hasLdapGrantedAuthorization($user, $authorization_id);
+ $granted = $this->hasAuthorization($user, $authorization_id);
+ if ($this->ogVersion == 1) { // og 7.x-1.x
+ $users_group_roles = og_get_user_roles($gid, $user->uid);
+ }
+ else { // og 7.x-2.x
+ $users_group_roles = og_get_user_roles($group_type, $gid, $user->uid);
+ }
+
+ // CASE 2: user doesnt have grant to revoke
+ if (!$granted || ($granted && !$ldap_granted)) {
+ return TRUE; // don't do anything. don't log since non-event
+ }
+
+ // CASE 3: revoke
+
+
+ if (count($users_group_roles) == 1) { // ungroup if only single role left
+ if ($this->ogVersion == 1) { // og 7.x-1.x
+ $entity = og_ungroup($gid, 'user', $user->uid, TRUE);
+ }
+ else { // og 7.x-2.x
+ $entity = og_ungroup($group_type, $gid, 'user', $user->uid);
+ }
+ $result = (boolean)($entity);
+ $watchdog_tokens['%action'] = 'og_ungroup';
+ }
+ else { // if more than one role left, just revoke single role.
+ if ($this->ogVersion == 1) { // og 7.x-1.x
+ og_role_revoke($gid, $user->uid, $rid);
+ }
+ else { // og 7.x-2.x
+ og_role_revoke($group_type, $gid, $user->uid, $rid);
+ }
+ $watchdog_tokens['%action'] = 'og_role_revoke';
+ return TRUE;
+ }
+
+ if ($this->detailedWatchdogLog) {
+ watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.revokeSingleAuthorization()
+ revoked: gid=%gid, rid=%rid, action=%action for username=%username',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+
+ return $result;
+
+ }
+
+ /**
+ * add user to group and grant a role.
+ *
+ * extends grantSingleAuthorization()
+ *
+ * @param drupal user objet $user
+ * @param string $authorization_id in form organic group gid-rid such as 7-2
+ * @param array $user_auth_data is array specific to this consumer_type. Stored in $user->data['ldap_authorizations']['og_group']
+ *
+ * @return TRUE if granted or grant exists, FALSE if not grantable or failed.
+ */
+ public function grantSingleAuthorization(&$user, $authorization_id, &$user_auth_data) {
+ $result = FALSE;
+ $watchdog_tokens = array('%authorization_id' => $authorization_id, '%username' => $user->name, '%ogversion' => $this->ogVersion);
+ if ($this->detailedWatchdogLog) {
+ watchdog('ldap_auth_og',
+ 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
+ beginning to grant authorization for $group_name=%group_name to user %username',
+ $watchdog_tokens,
+ WATCHDOG_DEBUG);
+ }
+ if ($this->ogVersion == 1) {
+ list($gid, $rid) = @explode('-', $authorization_id);
+ }
+ else {
+ list($group_type, $gid, $rid) = @explode(':', $authorization_id);
+ $watchdog_tokens['%group_type'] = $group_type;
+ }
+ $watchdog_tokens['%gid'] = $gid;
+ $watchdog_tokens['%rid'] = $rid;
+ $watchdog_tokens['%uid'] = $user->uid;
+ $available_consumer_ids = $this->availableConsumerIDs(TRUE);
+
+ // CASE 1: Bad Parameters
+ if (!$authorization_id || !$gid || !$rid || !is_object($user) || ($this->ogVersion == 2 && !$group_type)) {
+ watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
+ improper parameters.',
+ $watchdog_tokens,
+ WATCHDOG_ERROR);
+ return FALSE;
+ }
+
+ // CASE 2: gid-rid does not exist
+ if (!in_array($authorization_id, $available_consumer_ids)) {
+ $result = FALSE;
+ watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
+ failed to grant %username the group-role %authorization_id because group-role does not exist',
+ $watchdog_tokens,
+ WATCHDOG_ERROR);
+ return FALSE;
+ }
+
+ $ldap_granted = $this->hasLdapGrantedAuthorization($user, $authorization_id);
+ $granted = $this->hasAuthorization($user, $authorization_id);
+
+ // CASE 3: user already granted permissions via ldap grant
+ if ($ldap_granted && $granted) {
+ watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
+ <hr />not granted: gid=%gid, for username=%username,
+ <br />because user already belongs to group',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+ return TRUE;
+ }
+
+ // CASE 4: user already granted permissions, but NOT via ldap grant
+ if ($granted && !$ldap_granted) { // need to make ldap granted
+ watchdog('ldap_authorization_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
+ <hr />membership already exists for: gid=%gid, rid=%rid, for username=%username,
+ <br />but made ldap granted.',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+ return TRUE; // return true so is made ldap granted, even though membership is not created.
+ }
+
+ // CASE 5: grant role
+ if ($this->detailedWatchdogLog) {
+ watchdog('ldap_auth_og',
+ 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
+ calling og_role_grant(%group_type, %gid, %uid, %rid).
+ og version=%ogversion',
+ $watchdog_tokens,
+ WATCHDOG_DEBUG);
+ }
+ if ($this->ogVersion == 2) {
+ $values = array(
+ 'entity_type' => 'user',
+ 'entity' => $user->uid,
+ 'field_name' => FALSE,
+ 'state' => OG_STATE_ACTIVE,
+ );
+ $og_membership = og_group($group_type, $gid, $values);
+ og_role_grant($group_type, $gid, $user->uid, $rid);
+ }
+ else {
+ $values = array(
+ 'entity type' => 'user',
+ 'entity' => $user,
+ 'state' => OG_STATE_ACTIVE,
+ 'membership type' => OG_MEMBERSHIP_TYPE_DEFAULT,
+ );
+ watchdog('ldap_auth_og', 'og_group1', $watchdog_tokens, WATCHDOG_DEBUG);
+ $user_entity = og_group($gid, $values);
+ watchdog('ldap_auth_og', 'og_role_grant1', $watchdog_tokens, WATCHDOG_DEBUG);
+ og_role_grant($gid, $user->uid, $rid);
+ }
+
+ if ($this->detailedWatchdogLog) {
+ watchdog('ldap_auth_og', 'LdapAuthorizationConsumerOG.grantSingleAuthorization()
+ <hr />granted: group_type=%group_type gid=%gid, rid=%rid for username=%username',
+ $watchdog_tokens, WATCHDOG_DEBUG);
+ }
+ return TRUE;
+
+ }
+
+ /**
+ * Return all user authorization ids (group x role) in form gid-rid such as 2-1.
+ * regardless of it they were granted by this module, any authorization ids should be returned.
+ *
+ * @param user object $user
+ * @return array such as array('3-2','7-2')
+ */
+
+ public function usersAuthorizations(&$user) {
+ $authorizations = array();
+ if ($this->ogVersion == 1) {
+ $groups = og_load_multiple(og_get_all_group());
+ $authorizations = array();
+ if (is_object($user) && is_array($groups)) {
+ foreach ($groups as $gid => $discard) {
+ $roles = og_get_user_roles($gid, $user->uid);
+ foreach ($roles as $rid => $discard) {
+ $authorizations[] = ldap_authorization_og_authorization_id($gid, $rid);
+ }
+ }
+ }
+ }
+ else { // og 7.x-2.x
+ $user_entities = entity_load('user', array($user->uid));
+ $memberships = og_get_entity_groups('user', $user_entities[$user->uid]);
+ foreach ($memberships as $entity_type => $entity_memberships) {
+ foreach ($entity_memberships as $og_membership_id => $gid) {
+ $roles = og_get_user_roles($entity_type, $gid, $user->uid);
+ foreach ($roles as $rid => $discard) {
+ $authorizations[] = ldap_authorization_og_authorization_id($gid, $rid, $entity_type);
+ }
+ }
+ }
+ }
+ return $authorizations;
+ }
+
+ /**
+ * @param array authorization ids in "normalized" format of 2-2, 3-2, etc.
+ * @return array friendly authorization is names such as Bakers Groups Member, or Knitters Groups Admin Member
+ */
+ public function convertToFriendlyAuthorizationIds($authorizations) {
+ $authorization_ids_friendly = array();
+ $this->refreshConsumerIDs();
+ foreach ($authorizations as $i => $authorization_id) {
+
+ if ($this->ogVersion == 1) {
+ list($gid, $rid) = explode('-', $authorization_id);
+ $authorization_ids_friendly[] = 'Group: '. $this->ogs[$gid]->label . ', Role: ' . $this->ogRoles[$rid] . " ($authorization_id) ";
+ }
+ else { // @todo make this fiendly authorization ids work\
+ list($entity_type, $gid, $rid) = explode(':', $authorization_id);
+ $authorization_ids_friendly[] = 'Group: '. $this->ogs[$entity_type][$gid]['name'] . ', Role: ' . $this->ogs[$entity_type][$gid]['roles'][$rid] . " ($authorization_id) ";
+ }
+ }
+ return $authorization_ids_friendly;
+ }
+
+ /**
+ * Validate authorization mappings on LDAP Authorization OG Admin form.
+ *
+ * @param string $map_to from mapping tables in authorization configuration form
+ * @param array $form_values from authorization configuration form
+ * @param boolean $clear_cache
+ *
+ * @return array of form array($message_type, $message_text) where message type is status, warning, or error
+ * and $message_text is what the user should see.
+ *
+ */
+ public function validateAuthorizationMappingTarget($map_to, $form_values = NULL, $clear_cache = FALSE) {
+ $has_form_values = is_array($form_values);
+ $message_type = NULL;
+ $message_text = NULL;
+ $tokens = array('!map_to' => $map_to);
+ $available_authorization_ids = $this->availableConsumerIDs($clear_cache);
+ $pass = FALSE;
+ if ($this->ogVersion == 1) {
+ $normalized = $this->normalizeMappings(array(array('placeholder', $map_to)));
+ if (is_array($normalized) && isset($normalized[0][1]) && $normalized[0][1] !== FALSE ) {
+ list($gid, $rid) = explode('-', $normalized[0][1]);
+ $pass = (in_array($normalized[0][1], $available_authorization_ids));
+ }
+ }
+ else {
+ $normalized = TRUE; // not relevant to og 2
+ $parts = explode(':', $map_to);
+ if (count($parts) == 3) {
+ list($entity_type, $entity_id, $rid) = $parts;
+ $pass = isset($this->ogs[$entity_type][$entity_id]['roles'][$rid]);
+ }
+ }
+
+ if (!$pass) {
+ $message_text = '<code>"' . t('!map_to', $tokens) . '"</code> ' . t('does not map to any existing organic groups and roles. ');
+
+ if ($has_form_values) {
+ $create_consumers = (isset($form_values['synchronization_actions']['create_consumers']) && $form_values['synchronization_actions']['create_consumers']);
+ }
+ else {
+ $create_consumers = $this->consumerConf->create_consumers;
+ }
+ if ($normalized === FALSE) {
+ $message_type = 'error';
+ $message_text .= t('Can not normalize mappings. Please check the syntax in Mapping of LDAP to OG Group', $tokens);
+ }
+ elseif ($create_consumers && $this->allowConsumerObjectCreation) {
+ $message_type = 'warning';
+ $message_text .= t('It will be created when needed. If "!map_to" is not intentional, please fix it', $tokens);
+ }
+ elseif (!$this->allowConsumerObjectCreation) {
+ $message_type = 'error';
+ $message_text .= t('Since automatic organic group creation is not possible with this module, an existing group must be mapped to.');
+ }
+ elseif (!$create_consumers) {
+ $message_type = 'error';
+ $message_text .= t('Since automatic organic group creation is disabled, an existing group must be mapped to. Either enable organic group creation or map to an existing group.');
+ }
+ }
+ return array($message_type, $message_text);
+ }
+
+ /**
+ * Get list of mappings based on existing Organic Groups and roles
+ *
+ * @param associative array $tokens of tokens and replacement values
+ * @return html examples of mapping values
+ */
+
+ public function mappingExamples($tokens) {
+
+ if ($this->ogVersion == 1) {
+ $groups = og_get_all_group();
+ $ogEntities = og_load_multiple($groups);
+ $OGroles = og_roles(0);
+
+ $rows = array();
+ foreach($ogEntities as $group) {
+ foreach ($OGroles as $rid => $role) {
+ $example = "<code>ou=IT,dc=myorg,dc=mytld,dc=edu|gid=" . $group->gid . ',rid=' . $rid . '</code><br/>' .
+ '<code>ou=IT,dc=myorg,dc=mytld,dc=edu|group-name=' . $group->label . ',role-name=' . $role . '</code>';
+ $rows[] = array(
+ $group->label,
+ $group->gid,
+ $role,
+ $example,
+ );
+ }
+ }
+
+ $variables = array(
+ 'header' => array('Group Name', 'OG Group ID', 'OG Membership Type', 'example'),
+ 'rows' => $rows,
+ 'attributes' => array(),
+ );
+ }
+ else {
+
+ /**
+ * OG 7.x-2.x mappings:
+ * $entity_type = $group_type,
+ * $bundle = $group_bundle
+ * $etid = $gid where edid is nid, uid, etc.
+ *
+ * og group is: entity_type (eg node) x entity_id ($gid) eg. node:17
+ * group identifier = group_type:gid; aka entity_type:etid e.g. node:17
+ *
+ * membership identifier is: group_type:gid:entity_type:etid
+ * in our case: group_type:gid:user:uid aka entity_type:etid:user:uid e.g. node:17:user:2
+ *
+ * roles are simply rids ((1,2,3) and names (non-member, member, and administrator member) in og_role table
+ * og_users_roles is simply uid x rid x gid
+ *
+ * .. so authorization mappings should look like:
+ * <ldap group>|group_type:gid:rid such as staff|node:17:2
+ */
+
+ $rows = array();
+ foreach ($this->ogs as $entity_type => $entities) {
+ foreach ($entities as $entity_id => $entity) {
+ foreach ($entity['roles'] as $rid => $role) {
+ $group_role_identifier = ldap_authorization_og_authorization_id($entity_id, $rid, $entity_type);
+ $example = "<code>ou=IT,dc=myorg,dc=mytld,dc=edu|$group_role_identifier</code>";
+ $rows[] = array($entity['name'] . ' - ' . $role, $example);
+ }
+ }
+ }
+
+ $variables = array(
+ 'header' => array('Group Name - OG Membership Type', 'example'),
+ 'rows' => $rows,
+ 'attributes' => array(),
+ );
+ }
+
+
+
+
+ $table = theme('table', $variables);
+ $link = l('admin/config/people/ldap/authorization/test/og_group','admin/config/people/ldap/authorization/test/og_group');
+
+$examples =
+<<<EOT
+
+<br/>
+Examples for some (or all) existing OG Group IDs can be found in the table below.
+This is complex. To test what is going to happen, uncheck "When a user logs on" in IV.B.
+and use $link to see what memberships sample users would receive.
+
+$table
+
+EOT;
+ $examples = t($examples, $tokens);
+ return $examples;
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/NOTES.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/NOTES.txt
new file mode 100644
index 0000000..b515d71
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/NOTES.txt
@@ -0,0 +1,33 @@
+
+
+
+
+
+
+
+
+
+
+
+Summary of Methods to Synch LDAP and OG, including via Drupal Roles
+-------------------------------------------------------------------
+
+--------
+LDAP -> Organic Group Memberships and Roles
+
+This is the bridge implemented in LDAP Authorization Organic Groups.
+
+--------
+LDAP -> Drupal Roles -> Organic Group Memberships and Roles
+
+Ideally there would be a module to map Drupal roles to OG group roles for use cases where a small number of groups and roles was involved. This functionality is not desired by og maintainers as of Drupal 7. Modules to do this have existed in the past, but none since Drupal 7.
+
+--------
+LDAP -> Feeds Module -> Organic Group Memberships and Roles
+
+A Feeds Processor would need to be writen for this. As of Drupal 7, none are in the works (see http://drupal.org/node/856644). This would be a fairly simple processor to write since an OG Membership is simply a DB record joining a user or node to the group it is a member of.
+
+
+
+
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/README.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/README.txt
new file mode 100644
index 0000000..d1b3476
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/README.txt
@@ -0,0 +1,36 @@
+
+LDAP Authorization Organic Groups:
+
+----------------------
+LDAP Authorization OG Storage:
+----------------------
+OG authorizations are stored in form gid-rid from the tables og (og.gid) and og_roles (og_roles.rid). E.G. 1-2, 2-3, 3-4. OG in Drupal 7 does not use machine names so numeric ids are the only way to store such identifiers.
+
+such as:
+
+$user->data = array(
+ 'ldap_authorizations' => array(
+ 'og_group' => array (
+ '3-2' => array (
+ 'date_granted' => 1329105152,
+ ),
+ '2-3' => array (
+ 'date_granted' => 1329105152,
+ ),
+ ),
+ 'drupal_role' => array (
+ '7' => array (
+ 'date_granted' => 1329105152,
+ ),
+ '5' => array (
+ 'date_granted' => 1329105152,
+ ),
+ ),
+ );
+
+
+
+----------------------
+To Dos (Too small for issue queue)
+----------------------
+- add support for gid-rid normalized format such as 3-2 in ldap mapping interface
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.info b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.info
new file mode 100644
index 0000000..b6434df
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.info
@@ -0,0 +1,21 @@
+
+name = LDAP Authorization - OG (Organic Groups)
+description = "Implements LDAP authorization for Organic Groups"
+package = "Lightweight Directory Access Protocol"
+dependencies[] = ldap_authorization
+dependencies[] = og
+core = 7.x
+configure = admin/config/people/ldap_authorization_og
+files[] = LdapAuthorizationConsumerOG.class.php
+files[] = ldap_authorization_og.module
+files[] = ldap_authorization_og.inc
+
+
+core = "7.x"
+
+; Information added by drupal.org packaging script on 2012-06-14
+version = "7.x-1.0-beta11"
+core = "7.x"
+project = "ldap"
+datestamp = "1339643179"
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.install b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.install
new file mode 100644
index 0000000..6ddf89b
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.install
@@ -0,0 +1,6 @@
+<?php
+
+/**
+ * @file
+ * Install, update and uninstall functions for the LDAP Authorization OG module.
+ */
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.module b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.module
new file mode 100644
index 0000000..8d43cf9
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/ldap_authorization_og/ldap_authorization_og.module
@@ -0,0 +1,213 @@
+<?php
+// $Id: ldap_authorization_og.module,v 1.2 2010/12/13 02:28:51 johnbarclay Exp $
+
+
+
+
+/** @file
+ *
+ * controls organic group membership based on LDAP values
+ *
+ */
+
+/**
+ * Implements hook_ldap_authorization_consumer().
+ */
+
+function ldap_authorization_og_ldap_authorization_consumer() {
+ $types['og_group'] = array(
+ 'consumer_name' => t('OG group'),
+ 'consumer_name_plural' => t('OG groups'),
+ 'consumer_short_name' => t('group'),
+ 'consumer_short_name_plural' => t('groups'),
+ 'consumer_description' => t('An OG group.'),
+ 'consumer_class_name' => 'LdapAuthorizationConsumerOG',
+ 'consumer_class_file' => 'LdapAuthorizationConsumerOG.class.php',
+ 'consumer_module' => 'ldap_authorization_og',
+ 'consumer_mapping_directions' => 'Mappings should be of form:<br/>
+ <code>[raw authorization id]|[og group match field]=[og group match id],[og role match field]=[og role match id]</code>
+ <br/>such as:<br/>
+ <code>
+ Campus Accounts|group-name=knitters,role-name=administrator member<br/>
+ ou=Underlings,dc=myorg,dc=mytld,dc=edu|gid=7,rid=28<br/>
+ ou=IT,dc=myorg,dc=mytld,dc=edu|node.field_state_id=IL,role-name=administrator member<br/>
+ </code>',
+ );
+
+ return $types;
+}
+
+/**
+ * Format authorization id
+ *
+ * @param int $gid as organic group gid
+ * @param int $rid as organic group rig
+ * @param array $group_entity as entity associated with organic group
+ *
+ * @return string "normalized" authorization id such as 3-3
+ */
+function ldap_authorization_og_authorization_id($gid, $rid, $entity_type = NULL) {
+ return (ldap_authorization_og_og_version() == 1) ? $gid . '-' . $rid : join(':', array($entity_type, $gid, $rid));
+}
+
+
+function ldap_authorization_og_og_version() {
+ return (function_exists('og_action_info')) ? 2 : 1;
+}
+
+/**
+ * Convert entity id to group id
+ *
+ * @param int $entity_id as id of entity associated with organic group
+ * @return int og group id
+ */
+function ldap_authorization_og1_entity_id_to_gid($entity_id) {
+
+ $gid = db_select('og', 'og')
+ ->fields('og', array('gid'))
+ ->condition('og.etid', $entity_id, '=')
+ ->range(0,1)
+ ->execute()
+ ->fetchField();
+ return ($gid && is_scalar($gid)) ? $gid : FALSE;
+
+}
+
+/**
+ * Generic function to convert between query values and organic groups structures and attributes
+ *
+ * @param mixed $value signifies query value e.g. 'bakers', 7 etc.
+ * @param mixed $value_type signifies query type e.g. 'group_name', 'gid', etc.
+ * @param string $return signifying return type. e.g. 'object', 'label', 'name', 'gid'
+ * @return mixed organic group object, gid, label, etc.
+ */
+function ldap_authorization_og1_get_group($value, $value_type = 'group_name', $return = 'object') {
+
+ $groups = og_load_multiple(og_get_all_group());
+ $group = NULL;
+ $node = NULL;
+
+ if ($value_type == 'gid') {
+ $group = $groups[$value];
+ }
+ elseif ($value_type == 'group_name') {
+ foreach ($groups as $gid => $discard) {
+ $group_obj = og_load($gid);
+ $group_node = node_load($group_obj->etid);
+ if ($group_node && $group_node->type == $value) {
+ $group = $group_obj;
+ $node = $group_node;
+ break;
+ }
+ }
+ }
+
+ if ($return == 'object' && is_object($group) && is_object($node)) {
+ return array($group, $node);
+ }
+ elseif ($return == 'label' || $return == 'name' && is_object($group)) {
+ return $group->label;
+ }
+ elseif ($return == 'gid' && is_object($group)) {
+ return $group->gid;
+ }
+ else {
+ return FALSE;
+ }
+}
+
+
+
+/**
+ * Generic function to convert between query values and organic groups structures and attributes
+ *
+ * @param mixed $value signifies query value e.g. 'bakers', 7 etc.
+ * @param mixed $value_type signifies query type e.g. 'group_name', 'gid', etc.
+ * @param string $return signifying return type. e.g. 'object', 'label', 'name', 'gid'
+ * @return mixed organic group object, label, etc.
+ */
+function ldap_authorization_og2_get_group($entity_type, $value, $value_type = 'group_name', $return = 'object') {
+ require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
+
+ list($groups, $availableConsumerIDs) = LdapAuthorizationConsumerOG::og2Groups();
+ $group = NULL;
+ $node = NULL;
+
+ if ($value_type == 'gid') {
+ $group = $groups[$entity_type][$value];
+ }
+ elseif ($value_type == 'group_name') {
+ foreach ($groups[$entity_type] as $gid => $group) {
+ if ($group['name'] == $value) {
+ $node = node_load($gid);
+ break;
+ }
+ }
+ }
+
+ if ($return == 'object' && is_array($group) && is_object($node)) {
+ return array($group, $node);
+ }
+ elseif ($return == 'label' || $return == 'name' && is_object($node)) {
+ return $node->title;
+ }
+ else {
+ return FALSE;
+ }
+}
+
+
+/**
+ * Test if a user has a particular group role
+ *
+ * @param int $gid as og group id
+ * @param int $uid as user id
+ * @param string $role_name as og role name
+ *
+ * @return boolean signifying if user has group x role
+ */
+function ldap_authorization_og1_has_role($gid, $uid, $role_name) {
+ $rid = ldap_authorization_og_rid_from_role_name($role_name);
+ $roles = og_get_user_roles($gid, $uid);
+ return (is_array($roles) && isset($roles[$rid]));
+}
+
+function ldap_authorization_og2_has_role($gid, $uid, $role_name) {
+ $rid = ldap_authorization_og2_rid_from_role_name('node', $gid, $role_name);
+ $roles = og_get_user_roles('node', $gid, $uid);
+ return (is_array($roles) && isset($roles[$rid]));
+}
+/**
+ * Derive og role id from role name
+ *
+ * @param string $role_name as og role name
+ * @return int og role id
+ */
+function ldap_authorization_og_rid_from_role_name($role_name) {
+ $roles = og_roles(0);
+ $rids = array_flip($roles);
+ return isset($rids[$role_name]) ? $rids[$role_name] : FALSE;
+}
+
+/**
+ * Derive og role id from role name
+ *
+ * @param string $role_name as og role name
+ * @return int og role id
+ */
+function ldap_authorization_og2_rid_from_role_name($entity_type, $gid, $role_name) {
+ list($groups, $availableConsumerIDs) = LdapAuthorizationConsumerOG::og2Groups();
+ $roles = $groups[$entity_type][$gid]['roles'];
+ $rids = array_flip($roles);
+ return isset($rids[$role_name]) ? $rids[$role_name] : FALSE;
+}
+
+
+/**
+ * implements hook_form_alter()
+ */
+function ldap_authorization_og_form_ldap_authorization_admin_form_alter(&$form, $form_state) {
+ if ($form['status']['consumer_type']['#value'] == 'og_group') {
+ $form['filter_and_mappings']['use_filter']['#type'] = 'hidden';
+ }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_authentication.test_data.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_authentication.test_data.inc
new file mode 100644
index 0000000..97b46fb
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_authentication.test_data.inc
@@ -0,0 +1,22 @@
+<?php
+// $Id$
+/**
+ * @file
+ * ldap_authentication test data
+ */
+
+$variables['user_register'] = USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL;
+$variables['user_email_verification'] = 1;
+
+$authentication = array(
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_authorization.test_data.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_authorization.test_data.inc
new file mode 100644
index 0000000..509cc0d
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_authorization.test_data.inc
@@ -0,0 +1,38 @@
+<?php
+// $Id$
+/**
+ * @file
+ * ldap_authorization test data
+ */
+
+$authorization['drupal_role'] = array(
+
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 0,
+ 'deriveFromDnAttr' => NULL,
+
+ 'deriveFromAttr' => 1,
+ 'deriveFromAttrAttr' => array('memberOf'),
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => NULL,
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => NULL,
+
+ 'mappings' => array(
+ 0 => array('cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'netadmins'),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 0,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_servers.test_data.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_servers.test_data.inc
new file mode 100644
index 0000000..2a73919
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.ldap_servers.test_data.inc
@@ -0,0 +1,69 @@
+<?php
+// $Id$
+/**
+ * @file
+ * simpletest fake data
+ */
+
+$servers['fake_server1']['properties'] = array(
+ 'name' => 'Test LDAP Server 1 for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=education,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+ );
+
+$servers['fake_server1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$servers['fake_server1']['search_results']['member=cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 1 => array('count' => 1, 'dn' => 'cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 2,
+);
+
+
+/**
+ * fake ldap data. should return data in format that php ldap extension methods would
+ *
+ * users go in $servers[<sid>]['users'][<dn>] where <sid> is the server id
+ */
+$servers['fake_server1']['users']['cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'verykool@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'verykool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 1,
+ ),
+);
+
+/**
+ * test users should include service account if one is being used
+ */
+$servers['fake_server1']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 1,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.test
new file mode 100644
index 0000000..6df3cc7
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/1197636/1197636.test
@@ -0,0 +1,46 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * see getInfo() for test summary
+ */
+
+require_once(drupal_get_path('module', 'ldap_authorization') . '/tests/LdapAuthorizationTestCase.class.php');
+
+class LdapAuthorizationTestCase1197636 extends LdapAuthorizationTestCase {
+
+ public static function getInfo() {
+ return array(
+ 'group' => 'LDAP Authorization',
+ 'name' => 'Issue #1197636',
+ 'description' => 'ldap authorization. Issue #1197636. User cannot logon with ldap authorization enabled.',
+ );
+ }
+
+ function testLogon() {
+
+ $this->ldapTestId = 'Issue #1197636';
+ $this->serversData = '1197636/1197636.ldap_servers.test_data.inc';
+ $this->authorizationData = '1197636/1197636.ldap_authorization.test_data.inc';
+ $this->authenticationData = '1197636/1197636.ldap_authentication.test_data.inc';
+ $this->prepTestData();
+
+ $edit = array(
+ 'name' => 'verykool',
+ 'pass' => 'goodpwd',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $this->ldapTestId);
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('verykool'), 'Ldap user properly authmapped.', $this->ldapTestId);
+
+ $verykool = user_load_by_name('verykool');
+ $this->assertTrue((is_object($verykool) && @(int)$verykool->uid > 1), 'Ldap user exists with uid > 1.', $this->ldapTestId);
+
+ $correct_roles = in_array('netadmins', array_values($verykool->roles));
+ $this->assertTrue($correct_roles, 'verykool granted roles on actual logon "netadmins" drupal roles ', $this->ldapTestId);
+
+ $this->drupalGet('user/logout');
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/BasicTests.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/BasicTests.test
new file mode 100644
index 0000000..bb9a1c2
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/BasicTests.test
@@ -0,0 +1,278 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * see getInfo() for test summary
+ */
+
+require_once(drupal_get_path('module', 'ldap_authorization') . '/tests/LdapAuthorizationTestCase.class.php');
+
+class LdapAuthorizationBasicTests extends LdapAuthorizationTestCase {
+
+ public function setUp($addl_modules = array()) {
+ parent::setUp(array());
+ }
+
+ public static function getInfo() {
+ return array(
+ 'group' => 'LDAP Authorization',
+ 'name' => 'LDAP Authorization: Basic Tests',
+ 'description' => 'Basic functionality tests.',
+ );
+ }
+
+ /**
+ * just make sure install succeeds. doesn't really need to be tested
+ */
+ function testSimpleStuff() {
+ $this->ldapTestId = $this->module_name . ': setup success';
+ // just to give warning if setup doesn't succeed. may want to take these out at some point.
+ $setup_success = (
+ module_exists('ldap_authentication') &&
+ module_exists('ldap_servers') &&
+ module_exists('ldap_authorization') &&
+ module_exists('ldap_authorization_drupal_role') &&
+ (variable_get('ldap_simpletest', 0) == 1)
+ );
+ $this->assertTrue($setup_success, ' ldap_authorizations setup successful', $this->ldapTestId);
+
+
+ $this->ldapTestId = $this->module_name . ': test for api functions';
+ // no need for prep for this.
+ $api_functions = array(
+ 'ldap_authorization_get_consumer_object' => array(1, 1),
+ 'ldap_authorization_get_consumers' => array(3, 0),
+ 'ldap_authorizations_user_authorizations' => array(4, 1),
+ );
+
+ foreach ($api_functions as $api_function_name => $param_count) {
+ $reflector = new ReflectionFunction($api_function_name);
+ $this->assertTrue(
+ function_exists($api_function_name) &&
+ $param_count[1] == $reflector->getNumberOfRequiredParameters() &&
+ $param_count[0] == $reflector->getNumberOfParameters()
+ , ' api function ' . $api_function_name . ' parameters and required parameters count unchanged.', $this->ldapTestId);
+ }
+
+ $this->ldapTestId = $this->module_name . ': cron test';
+ $this->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization enabled.'), $this->ldapTestId);
+
+
+ /**
+ * authorizations are tested in ldap_authorization.Derivations.test
+ *
+ * this is geared toward testing logon functionality
+ */
+
+ $this->ldapTestId = 'BasicTests';
+ $this->serversData = 'BasicTests/ldap_servers.inc';
+ $this->authorizationData = 'BasicTests/ldap_authorization.simple.inc';
+ $this->authenticationData = 'BasicTests/ldap_authentication.inc';
+ $this->consumerType = 'drupal_role';
+ $this->prepTestData();
+
+ // test for same role mapped multiple times: issue #1174332
+ $edit = array(
+ 'name' => 'verykool',
+ 'pass' => 'goodpwd',
+ );
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $this->ldapTestId);
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('verykool'), 'Ldap user properly authmapped.', $this->ldapTestId);
+
+ $verykool = user_load_by_name('verykool');
+ $correct_roles = in_array('content editors', array_values($verykool->roles)) && in_array('content approvers', array_values($verykool->roles));
+ if (!$correct_roles) {
+ debug('verykool roles'); debug($verykool->roles);
+ }
+ $this->assertTrue($correct_roles, 'verykool granted 2 roles on actual logon "content editors" and "content approvers" drupal roles ', $this->ldapTestId . '.duplicate_entry');
+
+ $this->drupalGet('user/logout');
+
+
+ /**
+ * test that exportables are supported. since exportables is just used for loading
+ * and saving the configuration,
+ *
+ * -- test auth conf loads correctly and conf is saved correctly when ctools enabled
+ * -- test auth conf loads correctly and conf is saved correctly when ctools not enabled
+ * -- @todo: test auth conf loads correctly from an enabled Features module
+ * -- @todo: its difficult to test generation of a feature module. ignore this as configurables in d8 will be different
+ */
+
+ $ctools_originally_enabled = module_exists('ctools');
+ foreach (array('no_ctools', 'ctools') as $mode) { // should add 'feature' instance to test feature
+
+ if ($mode == 'ctools') {
+ module_enable(array('ctools'));
+ $label_text = "ctool enabled";
+ }
+ elseif ($mode == 'no_ctools') {
+ module_disable(array('ctools'), TRUE);
+ $label_text = "ctools disabled";
+ }
+
+ // make small change and make sure additional rows are not created,
+ // change is saved, change is loaded, and numeric id is present.
+ // #1601270, #1468990, #1588854
+ $rows = db_query('select * from ldap_authorization')->fetchAllAssoc('numeric_consumer_conf_id');
+ $initial_count = count(array_keys($rows));
+
+ $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
+ $consumer_conf_admin->status = 0;
+ // $consumer_conf_admin->deriveFromDnAttr = "blah";
+ $consumer_conf_admin->save();
+ $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
+
+ $rows = db_query('select * from ldap_authorization')->fetchAllAssoc('numeric_consumer_conf_id');
+ $second_count = count(array_keys($rows));
+ $this->ldapTestId = $this->module_name . ": $label_text save doesn't break record count";
+ $this->assertTrue(($initial_count == $second_count), t("ldap_authorization record count consistent with $label_text, intiial count = $initial_count, final count=$second_count"), $this->ldapTestId);
+
+ $this->ldapTestId = $this->module_name . ": $label_text saves status correctly";
+ $this->assertTrue(($consumer_conf_admin->status === 0), t("ldap_authorization status saved correctly."), $this->ldapTestId);
+
+ $this->ldapTestId = $this->module_name . ": $label_text loads numericConsumerConfId correctly";
+ $this->assertTrue(($consumer_conf_admin->numericConsumerConfId > 0), t("ldap_authorization loaded numericConsumerConfId correctly.(" . $consumer_conf_admin->numericConsumerConfId . ")"), $this->ldapTestId);
+
+ $consumer_conf_admin->status = 1;
+ $consumer_conf_admin->save();
+ $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
+
+ }
+ if ($ctools_originally_enabled) {
+ module_enable(array('ctools'));
+ }
+ else {
+ module_disable(array('ctools'), TRUE);
+ }
+}
+
+/**
+ * flag (binary switches) tests clumped together
+ */
+function testFlags() {
+
+ $this->ldapTestId = 'Flags';
+ $this->serversData = 'BasicTests/ldap_servers.inc';
+ $this->authorizationData = 'BasicTests/ldap_authorization.flags.inc';
+ $this->authenticationData = 'BasicTests/ldap_authentication.inc';
+ $this->consumerType = 'drupal_role';
+ $this->prepTestData();
+
+ /**
+ * test: LDAP_authorz.Flags.enable
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' => 'jkool@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query'); // just see if the correct ones are derived.
+ $roles1 = $new_authorizations[$this->consumerType];
+
+
+ $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
+ $consumer_conf_admin->status = 0;
+ $consumer_conf_admin->save();
+ $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $roles2 = isset($new_authorizations[$this->consumerType]) ? $new_authorizations[$this->consumerType] : array();
+ $this->assertTrue((count($roles1) == 1 && count($roles2) == 0), 'disable consumer configuration disallows authorizations.', $this->ldapTestId . '.enable');
+
+
+ /**
+ * LDAP_authorz.Flags.onlyLdapAuthenticated (I) - create normal user and apply authorization query
+ */
+ $consumer_conf_admin->onlyApplyToLdapAuthenticated = 1;
+ $consumer_conf_admin->status = 1;
+ $consumer_conf_admin->save();
+
+ // remove authmap for jkool then test
+ $jkool = user_save($user, array('name' => 'jkool', 'mail' => 'jkool@guests.myuniversity.edu'));
+ user_set_authmaps($jkool, array('authname_ldap_authentication' => NULL));
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query'); // just see if the correct ones are derived.
+ $roles = isset($new_authorizations['drupal_role']) ? $new_authorizations['drupal_role'] : array();
+ $this->assertTrue((count($roles) == 0), ' only apply to ldap authenticated grants no roles for non ldap user.', $this->ldapTestId . '.enable');
+ user_set_authmaps($jkool, array('authname_ldap_authentication' => 'jkool'));
+
+ /**
+ * LDAP_authorz.Flags.applyOnLogon (IV.B) - execute logon and check that roles are applied
+ */
+
+
+
+ /**
+ * LDAP_authorz.Flags.revokeRoles (IV.C) - select this option, grant user role not deserved, and execute manual call
+ */
+
+ // set correct roles
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'set');
+ $consumer_conf_admin->onlyApplyToLdapAuthenticated = 0;
+ $consumer_conf_admin->revokeLdapProvisioned = 1;
+ $consumer_conf_admin->save();
+
+ // add an underserved, ldap granted drupal role
+ $jkool = user_load($jkool->uid);
+
+ $data = array(
+ 'roles' => array(3 => 'administrator'),
+ 'data' => array('ldap_authorizations' =>
+ array(
+ 'drupal_role' =>
+ array(
+ 'administrator' =>
+ array('date_granted' => 1304216778),
+ ),
+ ),
+ ),
+ );
+ $jkool = user_save($jkool, $data);
+ $was_set = isset($jkool->roles[3]);
+ //debug('user load jkool1, was_set='. $was_set); debug($jkool);
+ // apply correct authorizations. should remove the administrator role.
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'set', $this->consumerType, 'logon');
+ // debug('authorizations'); debug(array($new_authorizations, $notifications));
+ $jkool = user_load($jkool->uid);
+// debug('user load jkool'); debug($jkool);
+ $this->assertTrue(($was_set && !isset($jkool->roles[3])), ' revoke ldap granted roles when no longer deserved.', $this->ldapTestId . '.revokeRoles');
+
+
+ /**
+ * LDAP_authorz.Flags.regrantRoles IV.C) - select this option, execute manual call to get deserved roles, remove a role, execute manual call to get deserved roles, make sure role regranted
+ */
+
+
+ /**
+ * LDAP_authorz.Flags.createRoles IV.C) - select this option, delete some roles or make sure they don't exist. manually execute. check role created and granted to user
+ */
+
+ // take roles away from user
+ $jkool = user_load($jkool->uid);
+ $data = array(
+ 'roles' => array(),
+ 'data' => array('ldap_authorizations' => array()),
+ );
+ $jkool = user_save($jkool, $data);
+
+ $consumer_conf_admin->createConsumers = 1;
+ $consumer_conf_admin->save();
+
+ // make sure role doesn't exist
+ if (in_array('guests', array_values(user_roles()))) {
+ user_role_delete('guests');
+ }
+ $guest_role_deleted = !in_array('guests', array_values(user_roles()));
+
+ // set authorizations for user. this should create role
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'set', 'drupal_role', 'logon');
+ $jkool = user_load($jkool->uid);
+ $guest_role_recreated = in_array('guests', array_values(user_roles()));
+ $roles_by_name = array_flip(user_roles());
+ // debug('roles_by_name'); debug($roles_by_name);
+ $jkool_granted_guest = isset($jkool->roles[$roles_by_name['guests']]);
+ $this->assertTrue(($guest_role_deleted && $guest_role_recreated && $jkool_granted_guest), ' create consumers (e.g. roles)', $this->ldapTestId . '.createRoles');
+
+}
+
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/flags.ldap_authorization.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/flags.ldap_authorization.inc
new file mode 100644
index 0000000..a675e32
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/flags.ldap_authorization.inc
@@ -0,0 +1,47 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization config
+ *
+ */
+
+ $authorization['consumer_conf']['drupal_role'] = array(
+
+ 'consumerType' => 'drupal_role',
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 1,
+ 'deriveFromDnAttr' => 'ou',
+
+ 'deriveFromAttr' => 0,
+ 'deriveFromAttrAttr' => array(),
+ 'deriveFromAttrUseFirstAttr' => 0,
+ 'deriveFromAttrNested' => 0,
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => NULL,
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => NULL,
+ 'deriveFromEntryNested' => 1,
+
+ 'mappings' => array(
+ array('Campus Accounts', 'campus accounts'),
+ array('guest accounts', 'guests'),
+ array('special guests', 'special guests'),
+ array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'sysadmins'),
+ ),
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authentication.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authentication.inc
new file mode 100644
index 0000000..72a327f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authentication.inc
@@ -0,0 +1,19 @@
+<?php
+// $Id$
+/**
+ * @file
+ * simpltest authentication config
+ */
+
+$authentication = array(
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authorization.flags.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authorization.flags.inc
new file mode 100644
index 0000000..840ffd9
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authorization.flags.inc
@@ -0,0 +1,44 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+$authorization['drupal_role'] = array(
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 1,
+ 'deriveFromDnAttr' => 'ou',
+
+ 'deriveFromAttr' => 0,
+ 'deriveFromAttrAttr' => array(),
+ 'deriveFromAttrNested' => 0,
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => array(),
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => NULL,
+ 'deriveFromEntryNested' => 0,
+
+ 'mappings' => array(
+ array('Campus Accounts', 'campus accounts'),
+ array('guest accounts', 'guests'),
+ array('special guests', 'special guests'),
+ array('cn=sysadmins,ou=it,dc=ad,dc=myuniveristy,dc=edu', 'sysadmins'),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authorization.simple.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authorization.simple.inc
new file mode 100644
index 0000000..b895430
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_authorization.simple.inc
@@ -0,0 +1,43 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+$authorization['drupal_role'] = array(
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 0,
+ 'deriveFromDnAttr' => NULL,
+
+ 'deriveFromAttr' => 1,
+ 'deriveFromAttrAttr' => array('memberOf'),
+ 'deriveFromAttrNested' => 0,
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => array('ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => 'uniquemember',
+ 'deriveFromEntryNested' => 0,
+ 'deriveFromEntryAttrMatchingUserAttr' => 'dn',
+
+ 'mappings' => array(
+ 0 => array('cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu', 'content editors'),
+ 1 => array('cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu', 'content approvers'),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_servers.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_servers.inc
new file mode 100644
index 0000000..fcc766f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/BasicTests/ldap_servers.inc
@@ -0,0 +1,198 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpltest authorization config
+ */
+
+$servers['ldapauthor1']['properties'] = array(
+ 'name' => 'Test LDAP Server 1 for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=education,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+ );
+
+
+
+$servers['ldapauthor1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$servers['ldapauthor1']['search_results']['(member=cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 1 => array('count' => 1, 'dn' => 'cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 2,
+ );
+
+$servers['ldapauthor1']['search_results']['(member=cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 1,
+ );
+
+/**
+ * fake user data array below 'attr' should mimick ldap user result data
+ */
+$servers['ldapauthor1']['users']['cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jdoe@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jdoe', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jkool@guests.myuniversity.edu', 'count' => 1),
+ 'mailcode' => array( 0 => '17', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+// duplicate of previous with escaped commas in cn.
+$servers['ldapauthor1']['users']['cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'wilmaf@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'wilmaf', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=punctuated\,comma\,freaks,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+// duplicate of previous with quoted cn.
+$servers['ldapauthor1']['users']['cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'barneyr@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'barneyr', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn="punctuated,comma,freaks",ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'verykool@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'verykool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberof' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'CN=NETadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'cn=phone operators,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 3 => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu',
+ 4 => 'cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 5,
+ ),
+ );
+
+$servers['ldapauthor1']['users']['cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'newkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'newkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'joeprogrammer', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+/**
+ * nested groups for both derive by attr and derive by entry
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ */
+
+
+/**
+ * derive by attr entries deriveFromAttrAttr=memberOf
+ */
+$servers['ldapauthor1']['groups']['cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1), // bogus recursion to test bogus recursion
+ );
+
+$servers['ldapauthor1']['groups']['cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array('count' => 0),
+ );
+
+
+// nested group queries
+$servers['ldapauthor1']['search_results']['(|((dn=cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu)(dn=cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu))']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 2,
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'count' => 2,
+ );
+
+
+
+/**
+ * test users should include service account if one is being used
+ */
+$servers['ldapauthor1']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 2,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/DeriveFromAttr.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/DeriveFromAttr.test
new file mode 100644
index 0000000..2a84b44
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/DeriveFromAttr.test
@@ -0,0 +1,265 @@
+<?php
+// $Id$
+/**
+ * @file
+ * see getInfo() for test summary
+ */
+
+require_once(drupal_get_path('module', 'ldap_authorization') . '/tests/LdapAuthorizationTestCase.class.php');
+
+class LdapAuthorizationDeriveFromAttr extends LdapAuthorizationTestCase {
+
+ public static function getInfo() {
+ return array(
+ 'group' => 'LDAP Authorization',
+ 'name' => 'LDAP Authorization: Derive from User Attributes',
+ 'description' => 'e.g. memberOf attribute in Active Directory. Tests are in absence of logons to isolate mapping logic.',
+ );
+ }
+
+
+ function testDeriveFromAttr() {
+ $this->ldapTestId = 'DeriveFromAttr';
+ $this->serversData = 'DeriveFromAttr/ldap_servers.inc';
+ $this->authorizationData = 'DeriveFromAttr/ldap_authorization.inc';
+ $this->authenticationData = 'DeriveFromAttr/ldap_authentication.inc';
+ $this->consumerType = 'drupal_role';
+ $this->prepTestData();
+
+ /**
+ * test: DeriveFromAttr.nomatch no matches on dn attribute.
+ *
+ * should not match any mappings
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $unkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'unkool', 'mail' => 'unkool@nowhere.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query', $this->consumerType); // just see if the correct ones are derived.
+ // debug("new_authorizations, notifications"); debug(array($new_authorizations, $notifications));
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
+
+
+ /**
+ * test: DeriveFromAttr.onematch matches on one dn attribute.
+ *
+ * should match on 'cn=SYSadmins,ou=it,dc=ad,dc=myuniversity,dc=edu' which maps to 'sysadmins'
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' => 'jkool@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query', $this->consumerType); // just see if the correct ones are derived.
+
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('sysadmins', $new_authorizations['drupal_role']));
+ $this->assertTrue($correct_roles, 'user account jkool tested for granting drupal_role "sysadmins"', $this->ldapTestId . '.onematch');
+
+ $correct_roles = (bool)(isset($new_authorizations['drupal_role']) && in_array('mailgroup17', $new_authorizations['drupal_role']));
+ $this->assertTrue($correct_roles, 'user account jkool tested for granting drupal_role "mailgroup17" from numeric ldap value', $this->ldapTestId . '.numeric_attr_value');
+ user_delete($user->uid);
+
+ /**
+ * test: DeriveFromAttr.escaped: same as DeriveFromAttr.onematch with cn that has escaped commas in it.
+ * 'dn' => 'cn=Doe\, John,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $wilmaf = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'wilmaf', 'mail' => 'wilmaf@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($wilmaf, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('sysadmins', $new_authorizations['drupal_role']));
+ $this->assertTrue($correct_roles, 'user account wilma tested for granting drupal_role "sysadmins"', $this->ldapTestId . '.escaped');
+ user_delete($user->uid);
+
+ /**
+ * test: DeriveFromAttr.manymatch many matches on dn attribute.
+ *
+ * cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu
+ *
+ * should match on 'cn=SYSadmins,ou=it,dc=ad,dc=myuniversity,dc=edu' and 'cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu'
+ * which map to 'sysadmins' and 'netadmins' drupal roles
+ *
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $verykool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'verykool', 'mail' => 'verykool@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) &&
+ in_array('netadmins', $new_authorizations[$this->consumerType]) &&
+ in_array('sysadmins', $new_authorizations[$this->consumerType])
+ );
+ $this->assertTrue($correct_roles, 'user account verykool tested for granting "netadmins" and "sysadmins" drupal roles ', $this->ldapTestId . '.manymatch');
+ $this->assertTrue($correct_roles, 'user account verykool tested for case insensitivity ', $this->ldapTestId . '.caseinsensitive');
+ user_delete($user->uid);
+
+
+ /**
+ * test: convert full dn to value of first attribute (consumer->deriveFromAttrUseFirstAttr = TRUE)
+ * e.g. cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu would be converted to netadmins
+ */
+
+ $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
+ $consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
+ $consumer_conf_admin->save();
+ $user = $this->drupalCreateUser(array());
+ $verykool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'verykool', 'mail' => 'verykool@guests.myuniversity.edu'), TRUE, $user);
+ // debug('verykool test'); debug($verykool);
+
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType); // just see if the correct ones are derived.
+
+ // debug('netadmins2 test'); debug(array($new_authorizations, $notifications));
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('netadmins2', $new_authorizations['drupal_role']));
+ if (!$correct_roles) {
+ debug('new authorizations'); debug($new_authorizations);
+ }
+ $this->assertTrue($correct_roles, 'user account verykool tested for granting drupal_role "netadmins2"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr');
+ $consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
+ $consumer_conf_admin->save();
+ user_delete($user->uid);
+
+
+ /**
+ * test: same as previous test with escaped commas in memberOf DN to make sure escaping is dealt with correctly
+ *
+ * 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ * 1 => 'cn=punctuated\,comma\,freaks,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ *
+ * should return sysadmins and "punctuated,comma,freaks" which map to
+ * NULL and "comma freaks"
+ */
+
+ $consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
+ $consumer_conf_admin->save();
+ $user = $this->drupalCreateUser(array());
+ $wilmaf = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'wilmaf', 'mail' => 'wilmaf@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($wilmaf, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('comma freaks', $new_authorizations['drupal_role']));
+ $this->assertTrue($correct_roles, 'user account wilmaf tested for granting drupal_role "comma freaks"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr.escaped');
+ $consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
+ $consumer_conf_admin->save();
+ user_delete($user->uid);
+
+
+ /**
+ * test: same as previous test with quoted DN
+ *
+ * should return sysadmins and "punctuated,comma,freaks" which map to
+ * NULL and "comma freaks"
+ */
+
+ $consumer_conf_admin->deriveFromAttrUseFirstAttr = 1;
+ $consumer_conf_admin->save();
+ $user = $this->drupalCreateUser(array());
+ $barneyr = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'barneyr', 'mail' => 'barneyr@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($barneyr, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('comma freaks', $new_authorizations['drupal_role']));
+ $this->assertTrue($correct_roles, 'user account barneyr tested for granting drupal_role "comma freaks"', $this->ldapTestId . '.deriveFromAttrUseFirstAttr.quoted');
+ $consumer_conf_admin->deriveFromAttrUseFirstAttr = 0;
+ $consumer_conf_admin->save();
+ user_delete($user->uid);
+
+
+ /**
+ * test: PHP to transform Drupal login username to LDAP UserName attribute.
+ * convert verykool@gmail.com username to verykool ldap UserName attribute
+ */
+ module_enable(array('php'));
+ $php = " \$parts = explode(\"@\", \$name); \n if (count(\$parts) == 2) {\n print \$parts[0];\n }; \n ";
+ $this->testFunctions->setFakeServerProperty('ldapauthor1', 'ldapToDrupalUserPhp', $php);
+ $user = $this->drupalCreateUser(array());
+ $verykool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'verykool@gmail.com', 'mail' => 'verykool@gmail.com'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query', $this->consumerType); // just see if the correct ones are derived.
+ // correct roles imply username correctly transformed to authmap
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('netadmins', $new_authorizations['drupal_role']) && in_array('sysadmins', $new_authorizations['drupal_role']));
+ $this->assertTrue($correct_roles, 'php transform drupal username verykool@gmail.com to ldap username attribute verykool"', $this->ldapTestId . '.ldapToDrupalUserPhp');
+ $this->testFunctions->setFakeServerProperty('ldap_test_server__ldapauthor1', 'ldapToDrupalUserPhp', NULL);
+ user_delete($user->uid);
+ module_disable(array('php'));
+
+
+ }
+
+ function testDeriveFromAttrNested() {
+ $this->ldapTestId = 'DeriveFromAttr.nested';
+ $this->serversData = 'DeriveFromAttr/ldap_servers.nested.inc';
+ $this->authorizationData = 'DeriveFromAttr/ldap_authorization.nested.inc';
+
+ $this->authenticationData = 'DeriveFromAttr/ldap_authentication.inc';
+ $this->consumerType = 'drupal_role';
+
+ $this->prepTestData();
+
+ /**
+ * test: DeriveFromAttr.nested.nomatch no user entry found.
+ *
+ * should not match any groups
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $unkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'unkool', 'mail' => 'unkool@nowhere.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $this->assertTrue((!isset($new_authorizations[$this->consumerType]) || count($new_authorizations[$this->consumerType]) == 0), 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
+
+
+ /**
+ * test: DeriveFromAttr.nested.no_parent_groups (result is single group)
+ *
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $justin = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'justin', 'mail' => 'justin@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($justin, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 1, 'user account justin tested for granting 1 drupal roles ', $this->ldapTestId . '.no_parent_groups');
+ $correct_roles = (bool)(
+ isset($new_authorizations[$this->consumerType])
+ && in_array('cn=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ );
+ $this->assertTrue($correct_roles, 'user account justin tested for granting drupal_role "cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu"', $this->ldapTestId . '.no_parent_groups');
+
+
+ /**
+ * test: DeriveFromAttr.nested.parents1 (results are 4 nested groups)
+ */
+ $user = $this->drupalCreateUser(array());
+ $newkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'newkool', 'mail' => 'newkool@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($newkool, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 4, 'user account newkool tested for granting 4 drupal roles ', $this->ldapTestId . '.nomatch');
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType])
+ && in_array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ && in_array('cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ && in_array('cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ && in_array('cn=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ );
+ $this->assertTrue($correct_roles, 'user account newkool tested for granting correct drupal roles', $this->ldapTestId . '.parents1');
+
+
+ /**
+ * test: DeriveFromAttr.nested.parents2 (results are 4 nested groups)
+ */
+ $user = $this->drupalCreateUser(array());
+ $joeprogrammer = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'joeprogrammer', 'mail' => 'joeprogrammer@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($joeprogrammer, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 4, 'user account joeprogrammer tested for granting 4 drupal roles ', $this->ldapTestId . '.nomatch');
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType])
+ && in_array('cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ && in_array('cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ && in_array('cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ && in_array('cn=people,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ );
+ $this->assertTrue($correct_roles, 'user joeprogrammer tested for granting correct drupal roles', $this->ldapTestId . '.parents2');
+
+
+
+ /**
+ * test: DeriveFromAttr.nested.recursion (tests some recursive patterns)
+ */
+ $user = $this->drupalCreateUser(array());
+ $memento = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'memento', 'mail' => 'memento@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($memento, 'query', $this->consumerType); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 2, 'user account memento tested for granting 2 roles ', $this->ldapTestId . '.recursion');
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType])
+ && in_array('cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ && in_array('cn=recursive,dc=ad,dc=myuniversity,dc=edu', $new_authorizations[$this->consumerType])
+ );
+ $this->assertTrue($correct_roles, 'user memento tested for granting correct drupal roles', $this->ldapTestId . '.recursion');
+
+
+ }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authentication.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authentication.inc
new file mode 100644
index 0000000..72a327f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authentication.inc
@@ -0,0 +1,19 @@
+<?php
+// $Id$
+/**
+ * @file
+ * simpltest authentication config
+ */
+
+$authentication = array(
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authorization.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authorization.inc
new file mode 100644
index 0000000..c2fb9c3
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authorization.inc
@@ -0,0 +1,51 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+
+$authorization['drupal_role'] = array(
+
+ 'consumerType' => 'drupal_role', // change as desired
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 0,
+ 'deriveFromDnAttr' => NULL,
+
+ 'deriveFromAttr' => 1,
+ 'deriveFromAttrAttr' => array('memberOf', 'mailcode'),
+ 'deriveFromAttrUseFirstAttr' => 0,
+ 'deriveFromAttrNested' => 0,
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => NULL,
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => NULL,
+ 'deriveFromEntryUseFirstAttr' => 0,
+ 'deriveFromEntryNested' => 0,
+
+ 'mappings' => array(
+ array('cn=SYSadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'sysadmins'),
+ array('cn=netadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'netadmins'),
+ array('cn=phone operators,ou=it,dc=ad,dc=myuniversity,dc=edu', 'netadmins'),
+ array('netadmins', 'netadmins2'),
+ array('punctuated,comma,freaks', 'comma freaks'),
+ array('17', 'mailgroup17'),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authorization.nested.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authorization.nested.inc
new file mode 100644
index 0000000..e719abc
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_authorization.nested.inc
@@ -0,0 +1,45 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+
+$authorization['drupal_role'] = array(
+
+ 'consumerType' => 'drupal_role', // change as desired
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 0,
+ 'deriveFromDnAttr' => NULL,
+
+ 'deriveFromAttr' => 1,
+ 'deriveFromAttrAttr' => array('memberOf'),
+ 'deriveFromAttrUseFirstAttr' => 0,
+ 'deriveFromAttrNested' => 1,
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => NULL,
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => NULL,
+ 'deriveFromEntryNested' => 0,
+ 'deriveFromEntryUseFirstAttr' => 0,
+ 'deriveFromEntryAttrMatchingUserAttr' => 'dn',
+
+ 'mappings' => array(),
+
+ 'useMappingsAsFilter' => 0,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_servers.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_servers.inc
new file mode 100644
index 0000000..4ebe5a6
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_servers.inc
@@ -0,0 +1,211 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpltest authorization config
+ */
+
+$servers['ldapauthor1']['properties'] = array(
+ 'name' => 'Test LDAP Server for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=education,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+ );
+
+
+
+$servers['ldapauthor1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$servers['ldapauthor1']['search_results']['(member=cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 1 => array('count' => 1, 'dn' => 'cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 2,
+ );
+
+$servers['ldapauthor1']['search_results']['(member=cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 1,
+ );
+
+/**
+ * fake user data array below 'attr' should mimick ldap user result data
+ */
+$servers['ldapauthor1']['users']['cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jdoe@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jdoe', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jkool@guests.myuniversity.edu', 'count' => 1),
+ 'mailcode' => array( 0 => '17', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+// duplicate of previous with escaped commas in cn.
+$servers['ldapauthor1']['users']['cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'wilmaf@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'wilmaf', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn="punctuated,comma,freaks",ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+// duplicate of previous with quoted cn.
+$servers['ldapauthor1']['users']['cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'barneyr@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'barneyr', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn="punctuated,comma,freaks",ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'verykool@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'verykool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'meMBErof' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'CN=NETadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'cn=phone operators,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 3,
+ ),
+ );
+
+/**
+ * test users should include service account if one is being used
+ */
+
+$servers['ldapauthor1']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 2,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+
+$servers['ldapauthor1']['users']['cn=justin,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=justin,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'justin@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'justin', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'newkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'newkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'joeprogrammer', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+/**
+ * nested groups for derive by attr
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ * above 3 users results should be:
+ * cn=newkool
+ * cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ * cn=joeprogrammer
+ * cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ * cn=service-account
+ * CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu
+ */
+
+
+/**
+ * derive by attr entries deriveFromAttrAttr=memberOf
+ */
+$servers['ldapauthor1']['groups']['cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1), // bogus recursion to test bogus recursion
+ );
+
+$servers['ldapauthor1']['groups']['cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array('count' => 0),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_servers.nested.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_servers.nested.inc
new file mode 100644
index 0000000..8573cdf
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromAttr/ldap_servers.nested.inc
@@ -0,0 +1,258 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpltest authorization config
+ */
+
+$servers['ldapauthor1']['properties'] = array(
+ 'name' => 'Test LDAP Server for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+ );
+
+$servers['ldapauthor1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$servers['ldapauthor1']['search_results']['(&(objectClass=group)(memberOf=*)(|(distinguishedname=cn=people,dc=ad,dc=myuniversity,dc=edu)))']['dc=ad,dc=myuniversity,dc=edu'] = array(
+ 'count' => 0,
+ );
+
+$servers['ldapauthor1']['search_results']['(&(objectClass=group)(memberOf=*)(|(distinguishedname=cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu)))']['dc=ad,dc=myuniversity,dc=edu'] = array(
+ 'count' => 1,
+ 0 =>
+ array (
+ 'memberof' =>
+ array (
+ 'count' => 1,
+ 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 0 => 'memberof',
+ 'count' => 1,
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+
+ 0 => array(
+ 'count' => 2,
+ 'memberOf' => array(
+ 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 1
+ ),
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+
+$servers['ldapauthor1']['search_results']['(&(objectClass=group)(memberOf=*)(|(distinguishedname=cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu)))']['dc=ad,dc=myuniversity,dc=edu'] = array(
+ 'count' => 1,
+ 0 => array(
+ 'count' => 2,
+ 'memberOf' => array(
+ 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 1
+ ),
+ 'dn' => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+$servers['ldapauthor1']['search_results']['(&(objectClass=group)(memberOf=*)(|(distinguishedname=cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu)))']['dc=ad,dc=myuniversity,dc=edu'] = array(
+ 'count' => 1,
+ 0 => array(
+ 'count' => 2,
+ 'memberOf' => array(
+ 0 => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 1
+ ),
+ 'dn' => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+$servers['ldapauthor1']['search_results']['(&(objectClass=group)(memberOf=*)(|(distinguishedname=cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu)))']['dc=ad,dc=myuniversity,dc=edu'] = array(
+ 'count' => 1,
+ 0 => array(
+ 'count' => 2,
+ 'memberOf' => array(
+ 0 => 'cn=people,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 1
+ ),
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+
+
+
+/**
+ * test users should include service account if one is being used
+ */
+
+$servers['ldapauthor1']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 2,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=justin,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=justin,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'justin@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'justin', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=newkool,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=newkool,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'newkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'newkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'joeprogrammer', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+/**
+ * nested groups for derive by attr
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ * above 4 users results should be:
+ *
+ * cn=unkool
+ * cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu
+ *
+ * cn=justin
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ * cn=newkool
+ * cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ * cn=joeprogrammer
+ * cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+
+ */
+
+
+/**
+ * derive by attr entries deriveFromAttrAttr=memberOf
+ */
+$servers['ldapauthor1']['groups']['cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1), // bogus recursion to test bogus recursion
+ );
+
+$servers['ldapauthor1']['groups']['cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=people,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=people,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array('count' => 0),
+ );
+
+/**
+ * some recursion tests
+ */
+
+$servers['ldapauthor1']['users']['cn=memento,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=memento,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'memento@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'memento', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=recursive,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=recursive,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=recursive,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=recursive,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['search_results']['(&(objectClass=group)(memberOf=*)(|(distinguishedname=cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu)))']['dc=ad,dc=myuniversity,dc=edu'] = array(
+ 'count' => 1,
+ 0 => array(
+ 'count' => 2,
+ 'memberOf' => array(
+ 0 => 'cn=recursive,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 1
+ ),
+ 'dn' => 'cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+$servers['ldapauthor1']['search_results']['(&(objectClass=group)(memberOf=*)(|(distinguishedname=cn=recursive,dc=ad,dc=myuniversity,dc=edu)))']['dc=ad,dc=myuniversity,dc=edu'] = array(
+ 'count' => 1,
+ 0 => array(
+ 'count' => 2,
+ 'memberOf' => array(
+ 0 => 'cn=recursive,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=lessrecursive,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ 'dn' => 'cn=recursive,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/DeriveFromDN.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/DeriveFromDN.test
new file mode 100644
index 0000000..c1b8bf4
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/DeriveFromDN.test
@@ -0,0 +1,102 @@
+<?php
+// $Id$
+/**
+ * @file
+ * see getInfo() for test summary
+ */
+
+require_once(drupal_get_path('module', 'ldap_authorization') . '/tests/LdapAuthorizationTestCase.class.php');
+
+class LdapAuthorizationDeriveEntry extends LdapAuthorizationTestCase {
+
+ public static function getInfo() {
+ return array(
+ 'group' => 'LDAP Authorization',
+ 'name' => 'LDAP Authorization: Derivations from DN',
+ 'description' => 'Test ldap authorization logic for derivation of roles from user DN. ',
+
+ );
+ }
+
+ function testDeriveFromDN() {
+
+ $this->ldapTestId = 'DeriveFromDN';
+ $this->serversData = 'DeriveFromDN/ldap_servers.inc';
+ $this->authorizationData = 'DeriveFromDN/ldap_authorization.inc';
+ $this->authenticationData = 'DeriveFromDN/ldap_authentication.inc';
+ $this->consumerType = 'drupal_role';
+ $this->prepTestData();
+
+ /**
+ * test: DeriveFromDN.nomatch no matches on dn attribute.
+ *
+ * cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu
+ *
+ * should not match any mappings
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $unkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'unkool', 'mail' => 'unkool@nowhere.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query'); // just see if the correct ones are derived.
+ debug("new_authorizations, notifications"); debug(array($new_authorizations, $notifications));
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
+
+
+
+ /**
+ * test: DeriveFromDN.onematch matches on one dn attribute.
+ *
+ * cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu
+ *
+ * should match on 'guest accounts' which maps to 'guests'
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' => 'jkool@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query'); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations['drupal_role']) && in_array('guests', $new_authorizations['drupal_role']));
+ $this->assertTrue($correct_roles, 'user account jkool tested for granting drupal_role "guests"', $this->ldapTestId . '.onematch');
+
+ /**
+ * test: DeriveFromDN.manymatch many matches on dn attribute.
+ *
+ * cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu
+ *
+ * should match on 'special guests' and 'guest account' which map to 'special guests' and 'guests' drupal roles
+ *
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $verykool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'verykool', 'mail' => 'verykool@myuniversity.edu'), TRUE, $user);
+
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query'); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations['drupal_role']) &&
+ in_array('guests', $new_authorizations[$this->consumerType]) &&
+ in_array('special guests', $new_authorizations[$this->consumerType])
+ );
+
+ $this->assertTrue($correct_roles, 'user account verykool tested for granting "guests" and "special guests" drupal roles ', $this->ldapTestId . '.manymatch');
+ $this->assertTrue($correct_roles, 'user account verykool tested for case insensitivity ', $this->ldapTestId . '.caseinsensitive');
+
+
+ /**
+ * test that authorizations are applied when logging (and account created)
+ * that is, don't just call ldap_authorizations_user_authorizations() in query mode as in previous tests
+ */
+
+ $edit = array(
+ 'name' => 'newkool',
+ 'pass' => 'goodpwd',
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'));
+
+ $newkool = user_load_by_name('newkool');
+ $granted_roles = array_values($newkool->roles);
+ $this->assertTrue(in_array('guests', $granted_roles) && in_array('special guests', $granted_roles), 'Proper roles granted to newkool on actual logon');
+ $this->drupalLogout();
+
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_authentication.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_authentication.inc
new file mode 100644
index 0000000..72a327f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_authentication.inc
@@ -0,0 +1,19 @@
+<?php
+// $Id$
+/**
+ * @file
+ * simpltest authentication config
+ */
+
+$authentication = array(
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_authorization.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_authorization.inc
new file mode 100644
index 0000000..e714dc2
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_authorization.inc
@@ -0,0 +1,46 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+$authorization['drupal_role'] = array(
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 1,
+ 'deriveFromDnAttr' => 'ou',
+
+ 'deriveFromAttr' => 0,
+ 'deriveFromAttrAttr' => array(),
+ 'deriveFromAttrNested' => 0,
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => NULL,
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => NULL,
+ 'deriveFromEntryNested' => 0,
+ 'deriveFromEntryUseFirstAttr' => 0,
+
+
+ 'mappings' => array(
+ 0 => array('Campus Accounts', 'campus accounts'),
+ 1 => array('guest accounts', 'guests'),
+ 2 => array('special guests', 'special guests'),
+ 3 => array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'sysadmins'),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_servers.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_servers.inc
new file mode 100644
index 0000000..046345e
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromDN/ldap_servers.inc
@@ -0,0 +1,148 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpltest authorization config
+ */
+
+$servers['ldapauthor1']['properties'] = array(
+ 'name' => 'Test LDAP Server for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=education,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+ );
+
+
+
+$servers['ldapauthor1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$servers['ldapauthor1']['search_results']['(member=cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 1 => array('count' => 1, 'dn' => 'cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 2,
+ );
+
+$servers['ldapauthor1']['search_results']['(member=cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 1,
+ );
+
+/**
+ * fake user data array below 'attr' should mimick ldap user result data
+ */
+$servers['ldapauthor1']['users']['cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jdoe@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jdoe', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jkool@guests.myuniversity.edu', 'count' => 1),
+ 'mailcode' => array( 0 => '17', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+// duplicate of previous with escaped commas in cn.
+$servers['ldapauthor1']['users']['cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'wilmaf@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'wilmaf', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=punctuated\,comma\,freaks,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+// duplicate of previous with quoted cn.
+$servers['ldapauthor1']['users']['cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'barneyr@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'barneyr', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn="punctuated,comma,freaks",ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'verykool@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'verykool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'meMBErof' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'CN=NETadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'cn=phone operators,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 3,
+ ),
+ );
+
+
+
+$servers['ldapauthor1']['users']['cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'newkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'newkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'joeprogrammer', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+
+
+/**
+ * test users should include service account if one is being used
+ */
+$servers['ldapauthor1']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 2,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.notes.cn.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.notes.cn.txt
new file mode 100644
index 0000000..345b973
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.notes.cn.txt
@@ -0,0 +1,241 @@
+
+This is a counterpart to DeriveFromEntry.notes.txt using cn, groupOfUniqueNames, and uid
+
+========================================
+Derive From Entry walk-through NOT nested:
+========================================
+
+--- configuration ------
+0. authorization.deriveFromEntry = 1
+1. authorization.deriveFromEntryEntries = array('it', 'people')
+1b. authorization.deriveFromEnryEntryAttribute' = 'cn'
+2. authorization.deriveFromEntryMembershipAttr = 'uniquemember'
+2a. authorization.deriveFromEntryAttrMatchingUserAttr = 'dn'
+4. authorization.deriveFromEntrySearchAll = 0
+5. authorization.deriveFromEntryNested = 0
+6. authorization.deriveFromEntryUseFirstAttr = 0
+7. server.groupObjectClass = 'groupOfUniqueNames'
+
+user ldap entry in question:
+ 'dn' => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => 'joeprogrammer',
+ 'uid' => 'joeprogrammer',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu'),
+ 'uid' => array( 0 => 'joeprogrammer'),
+
+
+--- walk-through ------
+1). foreach base dn, execute the following query:
+
+(&
+(objectClass=groupOfUniqueNames)
+(|(cn=it)(cn=people))
+(uniquemember=cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu)
+)
+
+in psuedo code:
+(&
+(objectClass=[server.groupObjectClass])
+(|([authorization.deriveFromEnryEntryAttribute]=[authorization.deriveFromEntryEntries[i]])...([authorization.deriveFromEnryEntryAttribute]=[authorization.deriveFromEntryEntries[n]]))
+([authorization.deriveFromEntryMembershipAttr]=[user_ldap_entry[deriveFromEntryAttrMatchingUserAttr]])
+)
+
+
+2. All entries returned represent groups that user is a member of.
+Their DNs are added to the list of authorizations or the first attribute value
+if authorization.deriveFromEntryUseFirstAttr is true.
+
+
+========================================
+Derive From Entry walk-through NESTED:
+========================================
+
+--- configuration ------
+0. authorization.deriveFromEntry = 1
+1. authorization.deriveFromEntryEntries = array('it', 'people')
+1b. authorization.deriveFromEnryEntryAttribute' = 'cn'
+2. authorization.deriveFromEntryMembershipAttr = 'uniquemember'
+2b. authorization.deriveFromEntryAttrMatchingUserAttr = 'dn'
+4. authorization.deriveFromEntrySearchAll = 0
+5. authorization.deriveFromEntryNested = 1
+6. authorization.deriveFromEntryUseFirstAttr = 0
+7. server.groupObjectClass = 'groupOfUniqueNames'
+
+user ldap entry in question:
+ 'dn' => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu'),
+ 'uid' => array( 0 => 'joeprogrammer'),
+
+
+--- walk-through ------
+1). foreach base dn, execute the following query:
+
+(&
+(objectClass=groupOfUniqueNames)
+(|(cn=it)(cn=people))
+)
+
+in psuedo code:
+(&
+(objectClass=[server.groupObjectClass])
+(|([authorization.deriveFromEnryEntryAttribute]=[authorization.deriveFromEntryEntries[i]])...([authorization.deriveFromEnryEntryAttribute]=[authorization.deriveFromEntryEntries[n]]))
+)
+
+
+2. All entries returned represent groups that user MIGHT be a member of. examples:
+
+ 'dn' => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'it'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+ 'dn' => 'cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'people'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+
+
+
+3. foreach returned entry from query 1. (authorization.deriveFromEntryEntries):
+
+ if 'uniquemember' contains a value matching 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu', add that entry's DN to authorizations
+ in psuedo code: if group[authorization.deriveFromEntryMembershipAttr] contains user[authorization.deriveFromEntryAttrMatchingUserAttr],
+ add corresponding authorization.deriveFromEntryEntries entry to authorizations
+
+
+ else recurse through uniquemembers. if user's entry is found, add corresponding
+ authorization.deriveFromEntryEntries entry to authorizations
+
+
+4A. recursion:
+
+In the above example the first recursion query looks like:
+(&
+ (objectClass=groupofuniquenames)
+ (|
+ (cn=developers)
+ (cn=sysadmins)
+ (cn=joeprojectmanager)
+ )
+)
+
+which might return:
+
+ 'dn' => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'developers'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+ 'dn' => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'sysadmins'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+since uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu is found in the first entry,
+ "it" (the ancestor group) is added to the list of authorizations.
+
+
+4B. In the above example the second recursion query would look like:
+
+(&
+ (objectClass=groupofuniquenames)
+ (|
+ (cn=students)
+ (cn=staff)
+ )
+)
+
+which returns:
+
+ 'dn' => 'cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'staff'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'uid=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+
+ 'dn' => 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'students'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+4C. leading to the queries:
+
+(&
+ (objectClass=groupofuniquenames)
+ (|
+ (cn=jdoe)
+ )
+)
+...which returns no entries
+
+and
+4D.
+(&
+ (objectClass=groupofuniquenames)
+ (|
+ (cn=it)
+ (cn=unkool)
+ )
+)
+
+which returns:
+
+ 'dn' => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'it'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+4E. leading to the query:
+
+ (&
+ (objectClass=groupofuniquenames)
+ (|
+ (cn=developers)
+ (cn=sysadmins)
+ (cn=joeprojectmanager)
+ )
+ )
+
+which returns:
+
+ 'dn' => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'developers'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+ 'dn' => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => array( 0 => 'sysadmins'),
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+since uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu is found in the first entry,
+"people" (the ancestor group) is added to the list of authorizations.
+
+==================================================================
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.notes.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.notes.txt
new file mode 100644
index 0000000..1506164
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.notes.txt
@@ -0,0 +1,274 @@
+
+========================================
+Derive From Entry Configuration Options:
+========================================
+0. Use Derive from Entry
+Property: authorization.deriveFromEntry as boolean
+
+1a. List of groups' ldap entry attribute values. Can be cn, uid, dn etc. of the entry. These entries contain multivalued attributes which are member users or nested groups.
+Property: authorization.deriveFromEntryEntries as array of ldap entry attributes
+e.g.: array('cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu')
+e.g.: array('it', 'people')
+
+1b. Attribute who's value is contained in 1a. This pair will be used to search from group entries.
+Property: authorization.deriveFromEntryEntriesAttr as LDAP attribute name
+e.g. 'dn', 'cn', ...
+
+2. Name of multivalued attribute whose value contains members.
+Property: authorization.deriveFromEntryMembershipAttr as LDAP attribute name
+e.g.: 'uniquemember', 'member'
+
+3. User's LDAP Entry Attribute which will be held in deriveFromEntryMembershipAttr
+Property: authorization.deriveFromEntryAttrMatchingUserAttr as LDAP attribute name
+e.g.: 'dn', 'cn'
+
+4. Search all enabled LDAP servers for matching users
+Property: authorization.deriveFromEntrySearchAll as boolean
+
+5. Include nested groups.
+Property: authorization.deriveFromEntryNested: boolean
+
+6. Convert full dn to value of first attribute.
+Property: authorization.deriveFromEntryUseFirstAttr: boolean
+
+7. Class of entries that represent groupgs.
+Property: server.groupObjectClass as LDAP attribute value held in objectClass.
+e.g.: 'groupOfUniqueNames', 'group'
+
+
+========================================
+Derive From Entry walk-through NOT nested:
+========================================
+
+--- configuration ------
+0. authorization.deriveFromEntry = 1
+1. authorization.deriveFromEntryEntries = array('cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu')
+1b. authorization.deriveFromEnryEntryAttribute' = 'distinguishedname'
+2. authorization.deriveFromEntryMembershipAttr = 'uniquemember'
+3. authorization.deriveFromEntryAttrMatchingUserAttr = 'dn'
+4. authorization.deriveFromEntrySearchAll = 0
+5. authorization.deriveFromEntryNested = 0
+6. authorization.deriveFromEntryUseFirstAttr = 1
+7. server.groupObjectClass = 'groupOfUniqueNames'
+
+user ldap entry in question:
+ 'dn' => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'cn' => 'joeprogrammer',
+ 'uid' => 'joeprogrammer',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu'),
+ 'uid' => array( 0 => 'joeprogrammer'),
+
+
+--- walk-through ------
+1). foreach base dn, execute the following query:
+
+(&
+(objectClass=groupOfUniqueNames)
+(|(distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=people,cn=groups,dc=ad,dc=myuniversity,dc=edu))
+(uniquemember=cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu)
+)
+
+in psuedo code:
+(&
+(objectClass=[server.groupObjectClass])
+(|([authorization.deriveFromEnryEntryAttribute]=[authorization.deriveFromEntryEntries[i]])...([authorization.deriveFromEnryEntryAttribute]=[authorization.deriveFromEntryEntries[n]]))
+([authorization.deriveFromEntryMembershipAttr]=[user_ldap_entry[deriveFromEntryAttrMatchingUserAttr]])
+)
+
+
+2. All entries returned represent groups that user is a member of.
+Their DNs are added to the list of authorizations or the first attribute value
+if authorization.deriveFromEntryUseFirstAttr is true.
+
+
+========================================
+Derive From Entry walk-through NESTED:
+========================================
+
+--- configuration ------
+0. authorization.deriveFromEntry = 1
+1. authorization.deriveFromEntryEntries = array('cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu')
+1b. authorization.deriveFromEnryEntryAttribute = 'distinguishedname'
+2. authorization.deriveFromEntryMembershipAttr = 'uniquemember'
+3. authorization.deriveFromEntryAttrMatchingUserAttr = 'dn'
+4. authorization.deriveFromEntrySearchAll = 0
+5. authorization.deriveFromEntryNested = 1
+6. authorization.deriveFromEntryUseFirstAttr = 1
+7. server.groupObjectClass = 'groupOfUniqueNames'
+
+user ldap entry in question:
+ 'dn' => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu'),
+ 'uid' => array( 0 => 'joeprogrammer'),
+
+
+--- walk-through ------
+1). foreach base dn, execute the following query:
+
+(&
+(objectClass=groupOfUniqueNames)
+(|(distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)(cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu))
+)
+
+in psuedo code:
+(&
+(objectClass=[server.groupObjectClass])
+(|([authorization.deriveFromEnryEntryAttribute]=[authorization.deriveFromEntryEntries[i]])...([authorization.deriveFromEnryEntryAttribute]=[authorization.deriveFromEntryEntries[n]]))
+)
+
+
+2. All entries returned represent groups that user MIGHT be a member of. examples:
+
+ 'dn' => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+ 'dn' => 'cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+
+
+
+3. foreach returned entry from query 1. (authorization.deriveFromEntryEntries):
+
+ if 'uniquemember' contains a value matching 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu', add that entry's DN to authorizations
+ in psuedo code: if group[authorization.deriveFromEntryMembershipAttr] contains user[authorization.deriveFromEntryAttrMatchingUserAttr],
+ add corresponding authorization.deriveFromEntryEntries entry to authorizations
+
+
+ else recurse through uniquemembers. if user's entry is found, add corresponding
+ authorization.deriveFromEntryEntries entry to authorizations
+ (not the DN that has the user in uniquemembers)
+
+
+4A. recursion:
+
+In the above example the first recursion query looks like:
+(&
+ (objectClass=groupofuniquenames)
+ (|
+ (distinguishedname=cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu)
+ (distinguishedname=cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=eduu)
+ (distinguishedname=uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu)
+ )
+)
+
+which might return:
+
+ 'dn' => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+ 'dn' => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+since uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu is found in the first entry,
+ cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu (the ancestor group) is added
+ to the list of authorizations.
+ Since authorization.deriveFromEntryUseFirstAttr = 1, its truncated to "it"
+
+
+4B. In the above example the second recursion query would look like:
+
+(&
+ (objectClass=groupofuniquenames)
+ (|
+ (distinguishedname=cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu)
+ (distinguishedname=cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu)
+ )
+)
+
+which returns:
+
+ 'dn' => 'cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'uid=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+
+ 'dn' => 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+4C. leading to the queries:
+
+(&
+ (objectClass=groupofuniquenames)
+ (|
+ (distinguishedname=uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu)
+ )
+)
+...which returns no entries
+
+and
+4D.
+(&
+ (objectClass=groupofuniquenames)
+ (|
+ (distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)
+ (distinguishedname=uid=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu)
+ )
+)
+
+which returns:
+
+ 'dn' => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+
+ 0 => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+4E. leading to the query:
+
+ (&
+ (objectClass=groupofuniquenames)
+ (|
+ (distinguishedname=cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu)
+ (distinguishedname=cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu)
+ (distinguishedname=uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu)
+ )
+ )
+
+which returns:
+
+ 'dn' => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+ 'dn' => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'objectclass' => array( 0 => 'groupofuniquenames'),
+ 'uniquemember' => array(
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ ),
+
+since uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu is found in the first entry,
+cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu (the ancestor group)
+is added to the list of authorizations.
+Since authorization.deriveFromEntryUseFirstAttr = 1, its truncated to "people"
+
+
+==================================================================
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.test
new file mode 100644
index 0000000..c76bc86
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/DeriveFromEntry.test
@@ -0,0 +1,141 @@
+<?php
+// $Id$
+/**
+ * @file
+ * see getInfo() for test summary
+ */
+
+require_once(drupal_get_path('module', 'ldap_authorization') . '/tests/LdapAuthorizationTestCase.class.php');
+
+class LdapAuthorizationDerivationsTests extends LdapAuthorizationTestCase {
+
+ public static function getInfo() {
+ return array(
+ 'group' => 'LDAP Authorization',
+ 'name' => 'LDAP Authorization: Derive From Entry',
+ 'description' => 'Tests are in absence of logons to isolate mapping logic.',
+
+ );
+ }
+
+ function testDeriveFromEntry() {
+
+ $this->ldapTestId = 'DeriveFromEntry.not_nested';
+ $this->serversData = 'DeriveFromEntry/ldap_servers.inc';
+ $this->authorizationData = 'DeriveFromEntry/ldap_authorization.inc';
+ $this->authenticationData = 'DeriveFromEntry/ldap_authentication.inc';
+ $this->consumerType = 'drupal_role';
+ $this->prepTestData();
+
+ /**
+ * test: DeriveFromEntry.nomatch no matches on dn attribute.
+ *
+ * should not match any mappings
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $unkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'unkool', 'mail' => 'unkool@nowhere.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query'); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
+
+
+ /**
+ * test: DeriveFromEntry.not_nested.one_match where group has childgroups
+ *
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $joeprojectmanager = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'joeprojectmanager', 'mail' => 'joeprojectmanager@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($joeprojectmanager, 'query'); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('it', $new_authorizations[$this->consumerType]));
+ $this->assertTrue($correct_roles, 'user account joeprojectmanager tested for granting drupal_role "it"', $this->ldapTestId . '.onematch');
+
+
+ /**
+ * test: DeriveFromEntry.not_nested.one_match2 where group has no child groups
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $jdoe = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jdoe', 'mail' => 'jdoe@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jdoe, 'query'); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) &&
+ in_array('students', $new_authorizations[$this->consumerType]));
+ $this->assertTrue($correct_roles, 'user account jdoe tested for granting "students" drupal roles ', $this->ldapTestId . '.one_match2');
+ if (!$correct_roles) {
+ debug('new_authorizations'); debug($new_authorizations);
+ }
+
+ }
+
+
+ function testDeriveFromEntryNested() {
+
+ $this->ldapTestId = 'DeriveFromEnty.nested';
+ $this->serversData = 'DeriveFromEntry/ldap_servers.inc';
+ $this->authorizationData = 'DeriveFromEntry/ldap_authorization.nested.inc';
+ $this->authenticationData = 'DeriveFromEntry/ldap_authentication.inc';
+ $this->consumerType = 'drupal_role';
+ $this->prepTestData();
+
+
+ /**
+ * test: DeriveFromEntry.nested.nomatch no matches on dn attribute.
+ *
+ * should not match any mappings
+ */
+
+ // even though unkool is in staff, only students and it groups are considered
+ $user = $this->drupalCreateUser(array());
+ $unkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'unkool', 'mail' => 'unkool@nowhere.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query'); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
+
+
+ /**
+ * test: DeriveFromEntry.not_nested.one_match
+ * joeprojectmanager belongs to it,staff,people
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $joeprojectmanager = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'joeprojectmanager', 'mail' => 'joeprojectmanager@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($joeprojectmanager, 'query'); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('it', $new_authorizations[$this->consumerType]));
+ $this->assertTrue($correct_roles, 'user account joeprojectmanager tested for granting drupal_role "it"', $this->ldapTestId . '.onematch');
+ if (!$correct_roles) {
+ debug('new_authorizations'); debug($new_authorizations);
+ }
+
+
+
+ /**
+ * test: DeriveFromEnty.nested.parents1
+ * joeprogrammer belongs to it,sysadmins,developers,staff,people
+ */
+ $user = $this->drupalCreateUser(array());
+ $joeprogrammer = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'joeprogrammer', 'mail' => 'joeprogrammer@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($joeprogrammer, 'query'); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 1, 'user account joeprogrammer tested for granting it roles ', $this->ldapTestId . '.nomatch');
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('it', $new_authorizations[$this->consumerType]));
+ $this->assertTrue($correct_roles, 'user account joeprogrammer tested for granting correct drupal role it', $this->ldapTestId . '.parents1');
+ if (!$correct_roles) {
+ debug('new_authorizations'); debug($new_authorizations);
+ }
+
+
+ /**
+ * test: DeriveFromEnty.nested.parents2 (results are 4 nested groups)
+ * jdoe: meber of students, people
+ */
+ $user = $this->drupalCreateUser(array());
+ $jdoe = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jdoe', 'mail' => 'jdoe@myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jdoe, 'query'); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations[$this->consumerType]) == 1, 'user account jdoe tested for granting student drupal role ', $this->ldapTestId . '.nomatch');
+ $correct_roles = (bool)(isset($new_authorizations[$this->consumerType]) && in_array('students', $new_authorizations[$this->consumerType]));
+ $this->assertTrue($correct_roles, 'user jdoe tested for granting correct drupal role student', $this->ldapTestId . '.parents2');
+ if (!$correct_roles) {
+ debug('new_authorizations'); debug($new_authorizations);
+ }
+
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authentication.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authentication.inc
new file mode 100644
index 0000000..72a327f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authentication.inc
@@ -0,0 +1,19 @@
+<?php
+// $Id$
+/**
+ * @file
+ * simpltest authentication config
+ */
+
+$authentication = array(
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authorization.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authorization.inc
new file mode 100644
index 0000000..fc6b6e5
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authorization.inc
@@ -0,0 +1,48 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+$authorization['drupal_role'] = array(
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 0,
+ 'deriveFromDnAttr' => NULL,
+
+ 'deriveFromAttr' => 0,
+ 'deriveFromAttrAttr' => array(),
+ 'deriveFromAttrNested' => 0,
+
+ 'deriveFromEntry' => 1,
+ 'deriveFromEntryEntries' => array('cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'deriveFromEntryEntriesAttr' => 'distinguishedname',
+ 'deriveFromEntryMembershipAttr' => 'uniquemember',
+ 'deriveFromEntryNested' => 0,
+ 'deriveFromEntryUseFirstAttr' => 0,
+ 'deriveFromEntryAttrMatchingUserAttr' => 'dn',
+
+ 'mappings' => array(
+ 0 => array('cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'it'),
+ 1 => array('cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'sysadmins'),
+ 2 => array('cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'developers'),
+ 3 => array('cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'staff'),
+ 4 => array('cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'students'),
+ 5 => array('cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'people'),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authorization.nested.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authorization.nested.inc
new file mode 100644
index 0000000..b876be5
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_authorization.nested.inc
@@ -0,0 +1,53 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+
+$authorization['drupal_role'] = array(
+
+ 'consumerType' => 'drupal_role', // change as desired
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 0,
+ 'deriveFromDnAttr' => NULL,
+
+ 'deriveFromAttr' => 0,
+ 'deriveFromAttrAttr' => array('memberOf'),
+ 'deriveFromAttrUseFirstAttr' => 0,
+ 'deriveFromAttrNested' => 0,
+
+ 'deriveFromEntry' => 1,
+ 'deriveFromEntryEntries' => array('cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'deriveFromEntryEntriesAttr' => 'distinguishedname',
+ 'deriveFromEntryMembershipAttr' => 'uniquemember',
+ 'deriveFromEntryNested' => 1,
+ 'deriveFromEntryUseFirstAttr' => 0,
+ 'deriveFromEntryAttrMatchingUserAttr' => 'dn',
+
+ 'mappings' => array(
+ 0 => array('cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'it'),
+ 1 => array('cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'sysadmins'),
+ 2 => array('cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'developers'),
+ 3 => array('cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'staff'),
+ 4 => array('cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'students'),
+ 5 => array('cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu', 'people'),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_servers.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_servers.inc
new file mode 100644
index 0000000..5b2d440
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/DeriveFromEntry/ldap_servers.inc
@@ -0,0 +1,243 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpltest server config
+ */
+
+$servers['ldapauthor1']['properties'] = array(
+ 'name' => 'Test LDAP Server for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => '',
+ 'user_attr' => 'uid',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'groupOfUniqueNames',
+ );
+
+
+
+$servers['ldapauthor1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+
+/**
+ * fake user data array below 'attr' should mimick ldap user result data
+ */
+
+/***** users ********/
+
+$servers['ldapauthor1']['users']['uid=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'uid=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'uid=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu'),
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'uid' => array( 0 => 'unkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu'),
+ 'mail' => array( 0 => 'jdoe@myuniversity.edu', 'count' => 1),
+ 'uid' => array( 0 => 'jdoe', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['uid=joesysadmin,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'uid=joesysadmin,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'uid=joesysadmin,ou=it,dc=ad,dc=myuniversity,dc=edu'),
+ 'mail' => array( 0 => 'joesysadmin@myuniversity.edu', 'count' => 1),
+ 'uid' => array( 0 => 'joesysadmin', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu'),
+ 'mail' => array( 0 => 'joeprojectmanager@myuniversity.edu', 'count' => 1),
+ 'uid' => array( 0 => 'joeprojectmanager', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu'),
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu', 'count' => 1),
+ 'uid' => array( 0 => 'joeprogrammer', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['uid=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'uid=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'uid=service-account,dc=ad,dc=myuniversity,dc=edu'),
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'uid' => array( 0 => 'service-account', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+/***** groups ********/
+
+$servers['ldapauthor1']['groups']['cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'objectclass' => array( 0 => 'groupofuniquenames', 'count' => 1),
+ 'uniquemember' => array(
+ 'count' => 2,
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+$servers['ldapauthor1']['groups']['cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'objectclass' => array( 0 => 'groupofuniquenames', 'count' => 1),
+ 'uniquemember' => array(
+ 'count' => 1,
+ 0 => 'uid=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+$servers['ldapauthor1']['groups']['cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'count' => 3,
+ 'dn' => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'objectclass' => array( 0 => 'groupofuniquenames', 'count' => 1),
+ 'uniquemember' => array(
+ 'count' => 3,
+ 0 => 'cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+
+$servers['ldapauthor1']['groups']['cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'objectclass' => array( 0 => 'groupofuniquenames', 'count' => 1),
+ 'uniquemember' => array(
+ 'count' => 2,
+ 0 => 'cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'uid=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+$servers['ldapauthor1']['groups']['cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'objectclass' => array( 0 => 'groupofuniquenames', 'count' => 1),
+ 'uniquemember' => array(
+ 'count' => 1,
+ 0 => 'uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+$servers['ldapauthor1']['groups']['cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'distinguishedname' => array( 0 => 'cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'objectclass' => array( 0 => 'groupofuniquenames', 'count' => 1),
+ 'uniquemember' => array(
+ 'count' => 2,
+ 0 => 'cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ );
+
+
+
+// ************************** search results **************************************/
+
+$base_dn = 'dc=ad,dc=myuniversity,dc=edu';
+
+
+$filter = '(&(|(distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu)))(uniquemember=uid=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 0,
+ );
+
+// search filter for non nested groups
+
+$filter = '(&(|(distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu))(uniquemember=uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 1,
+ 0 => $servers['ldapauthor1']['groups']['cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ );
+
+$filter = '(|(distinguishedname=uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 1,
+ 0 => $servers['ldapauthor1']['users']['uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ );
+
+$filter = '(&(objectClass=groupOfUniqueNames)(|(distinguishedname=uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu)))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 1,
+ 0 => $servers['ldapauthor1']['users']['uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ );
+
+
+// search filter for non nested groups
+$filter = '(&(|(distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu))(uniquemember=uid=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 1,
+ 0 => $servers['ldapauthor1']['groups']['cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'] ,
+ );
+
+$filter = "(&(objectClass=groupOfUniqueNames)(|(distinguishedname=cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu)))";
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 2,
+ 0 => $servers['ldapauthor1']['groups']['cn=developers,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ 1 => $servers['ldapauthor1']['groups']['cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ 2 => $servers['ldapauthor1']['users']['uid=joeprojectmanager,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ );
+
+$filter = '(|(distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 2,
+ 0 => $servers['ldapauthor1']['groups']['cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ 1 => $servers['ldapauthor1']['groups']['cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ );
+
+$filter = '(|(distinguishedname=cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 2,
+ 0 => $servers['ldapauthor1']['groups']['cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ 1 => $servers['ldapauthor1']['groups']['cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ );
+
+
+$filter = '(|(distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 2,
+ 0 => $servers['ldapauthor1']['groups']['cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ 1 => $servers['ldapauthor1']['groups']['cn=students,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ );
+
+$filter = '(&(|(distinguishedname=cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu)(cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu)))';
+$servers['ldapauthor1']['search_results'][$filter][$base_dn] = array(
+ 'count' => 2,
+ 0 => $servers['ldapauthor1']['groups']['cn=people,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ 1 => $servers['ldapauthor1']['groups']['cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ );
+
+$servers['ldapauthor1']['search_results']['(|((dn=cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu)(dn=cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu))']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 'count' => 1,
+ 0 => array('count' => 2,
+ 0 => $servers['ldapauthor1']['groups']['cn=sysadmins,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ 1 => $servers['ldapauthor1']['groups']['cn=staff,cn=groups,dc=ad,dc=myuniversity,dc=edu']['attr'],
+ ),
+
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/LdapAuthorizationTestCase.class.php b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/LdapAuthorizationTestCase.class.php
new file mode 100644
index 0000000..18cea05
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/LdapAuthorizationTestCase.class.php
@@ -0,0 +1,106 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletests for ldap authorization
+ *
+ */
+require_once(drupal_get_path('module', 'ldap_servers') . '/tests/LdapTestFunctions.class.php');
+require_once(drupal_get_path('module', 'ldap_authorization') . '/LdapAuthorizationConsumerConfAdmin.class.php');
+
+
+class LdapAuthorizationTestCase extends DrupalWebTestCase {
+
+ public $module_name = 'ldap_authorization';
+ public $testFunctions;
+
+ // storage for test data
+ public $useFeatureData;
+ public $featurePath;
+ public $featureName;
+
+ public $ldapTestId;
+ public $serversData;
+ public $authorizationData;
+ public $authenticationData;
+ public $testData = array();
+
+ public $sid; // current, or only, sid
+ public $consumerType = 'drupal_role'; // current, or only, consumer type being tested
+
+ function setUp($addl_modules = array()) {
+ parent::setUp(array_merge(array('ldap_authentication', 'ldap_authorization', 'ldap_authorization_drupal_role'), $addl_modules));
+ variable_set('ldap_simpletest', 1);
+ variable_set('ldap_help_watchdog_detail', 0);
+ }
+
+ function tearDown() {
+ parent::tearDown();
+ variable_del('ldap_help_watchdog_detail');
+ variable_del('ldap_simpletest');
+ }
+
+
+ function prepTestData() {
+
+ $servers = array();
+ $variables = array();
+ $authentication = array();
+ $authorization = array();
+ $this->testFunctions = new LdapTestFunctions();
+ if ($this->useFeatureData) {
+ module_enable(array('ctools'), TRUE);
+ module_enable(array('strongarm'), TRUE);
+ module_enable(array('features'), TRUE);
+ module_enable(array($this->featureName), TRUE);
+ // will need to set non exportables such as bind password also
+ // also need to create fake ldap server data. use
+
+ if (! (module_exists('ctools') && module_exists('strongarm') && module_exists('features') && module_exists('$this->featureName')) ) {
+ drupal_set_message(t('Features and Strongarm modules must be available to use Features as configuratio of simpletests'), 'warning');
+ }
+
+
+ // with test data stored in features, need to get server properties from ldap_server properties
+ require_once(drupal_get_path('module', $this->featureName) . '/' . $this->featureName . '.ldap_servers.inc');
+ require_once(drupal_get_path('module', $this->featureName) . '/fake_ldap_server_data.inc');
+ $function_name = $this->featureName . '_default_ldap_servers';
+ $servers = call_user_func($function_name);
+ foreach ($servers as $sid => $server) {
+ $this->testData['servers'][$sid]['properties'] = (array)$server; // convert to array
+ $this->testData['servers'][$sid]['properties']['inDatabase'] = TRUE;
+ $this->testData['servers'][$sid]['properties']['bindpw'] = 'goodpwd';
+ $this->testData['servers'][$sid] = array_merge($this->testData['servers'][$sid], $fake_ldap_server_data[$sid]);
+ }
+
+ // make included fake sid match feature sid
+ $this->testFunctions->prepTestConfiguration($this->testData, FALSE);
+ }
+ else {
+ include(drupal_get_path('module', 'ldap_authorization') . '/tests/' . $this->authorizationData);
+ $this->testData['authorization'] = $authorization;
+
+ include(drupal_get_path('module', 'ldap_authorization') . '/tests/' . $this->authenticationData);
+ $this->testData['authentication'] = $authentication;
+
+ include(drupal_get_path('module', 'ldap_authorization') . '/tests/' . $this->serversData);
+ $this->testData['servers'] = $servers;
+
+ $this->testData['variables'] = $variables;
+
+ // if only one server, set as default in authentication and authorization
+ if (count($this->testData['servers']) == 1) {
+ $sids = array_keys($servers);
+ $this->sid = $sids[0];
+ foreach ($this->testData['authorization'] as $consumer_type => $consumer_conf) {
+ $this->testData['authorization'][$consumer_type]['consumerType'] = $consumer_type;
+ $this->testData['authorization'][$consumer_type]['sid'] = $this->sid;
+ }
+ $this->testData['authentication']['sids'] = array($this->sid => $this->sid);
+ $this->testData['servers'][$this->sid]['sid'] = $this->sid;
+ }
+ $this->testFunctions->prepTestConfiguration($this->testData, FALSE);
+ }
+ }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/Og.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/Og.test
new file mode 100644
index 0000000..5783e95
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/Og.test
@@ -0,0 +1,424 @@
+<?php
+
+/**
+ * @file simpletest for Ldap Authorization OG Module
+ */
+
+require_once(drupal_get_path('module', 'ldap_authorization') . '/tests/LdapAuthorizationTestCase.class.php');
+require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
+
+class LdapAuthorizationOgTests extends LdapAuthorizationTestCase {
+ public static function getInfo() {
+ return array(
+ 'group' => 'LDAP Authorization',
+ 'name' => 'OG 7.x-1.x Tests.',
+ 'description' => 'Test ldap authorization og.',
+ );
+ }
+
+ public $consumerType = 'og_group';
+
+ function setUp($addl_modules = array()) {
+ parent::setUp(array('ldap_authorization_og', 'og_example'));
+
+
+ if (ldap_authorization_og_og_version() != 1) {
+ debug('LdapAuthorizationOg2Tests must be run with OG 7.x-1.x');
+ return;
+ }
+
+ $this->groups = array();
+ require('ldap_authorization.inc');
+
+ foreach ($og_roles as $og_role_name => $discard) {
+ $role = new stdClass;
+ $role->name = $og_role_name;
+ $role->gid = 0;
+ $status = og_role_save($role);
+ }
+
+ foreach ($og_groups as $og_name => $og_conf) {
+ $label = $og_conf['label'];
+ if ($og_conf['entity_type'] == 'node') {
+ $group_type_obj = $this->drupalCreateContentType(array('name' => $label, 'type' => $label));
+ og_create_field(OG_GROUP_FIELD, 'node', $group_type_obj->type);
+ $group_node = $this->drupalCreateNode(array(
+ 'title' => $label,
+ 'type' => $group_type_obj->type,
+ 'og_group' => array(
+ LANGUAGE_NONE => array(
+ 0 => array(
+ 'value' =>TRUE)))));
+ $group = og_create_group(array(
+ 'entity_type' => 'node',
+ 'etid' => $group_node->nid,
+ ));
+ }
+ }
+ }
+
+
+
+ /**
+ * just make sure install succeeds and
+ */
+ function testBasicFunctionsAndApi() {
+ if (ldap_authorization_og_og_version() != 1) {
+ debug('LdapAuthorizationOg2Tests must be run with OG 7.x-1.x');
+ return;
+ }
+ $this->ldapTestId = $this->module_name . ': setup success';
+ // just to give warning if setup doesn't succeed. may want to take these out at some point.
+ $setup_success = (
+ module_exists('ldap_authentication') &&
+ module_exists('ldap_servers') &&
+ module_exists('ldap_authorization') &&
+ module_exists('ldap_authorization_drupal_role') &&
+ module_exists('ldap_authorization_og') &&
+ (variable_get('ldap_simpletest', 0) == 1)
+ );
+ $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
+
+ $this->ldapTestId = $this->module_name . ': cron test';
+ $this->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization og enabled.'), $this->ldapTestId);
+
+
+ /***
+ * I. some basic tests to make sure og module's apis are working before testing ldap_authorization_og
+ * if these aren't working as expected, no ldap authorization og functionality will work.
+ */
+
+ $web_user = $this->drupalCreateUser();
+ $this->ldapTestId = $this->module_name . ': og functions';
+
+ list($og_knitters, $og_knitters_node) = ldap_authorization_og1_get_group('knitters', 'group_name','object');
+ list($og_bakers, $og_bakers_node) = ldap_authorization_og1_get_group('bakers', 'group_name','object');
+ list($og_butchers, $og_butchers_node) = ldap_authorization_og1_get_group('butchers', 'group_name','object');
+ $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE );
+ $member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE );
+ $admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
+
+ og_role_grant($og_knitters->gid, $web_user->uid, $member_rid);
+ og_role_grant($og_bakers->gid, $web_user->uid, $member_rid);
+ og_role_grant($og_bakers->gid, $web_user->uid, $admin_rid);
+
+
+ /**
+ * basic granting tests to make sure og_role_grant, ldap_authorization_og_rid_from_role_name,
+ * and ldap_authorization_og1_get_group functions work
+ */
+
+ $ids = array($web_user->uid);
+ $user_entity = entity_load('user', $ids);
+ $this->assertTrue(og_is_member($og_knitters->gid, 'user', $user_entity),
+ 'User is member of Group og_knitters without LDAP (based on og_is_member() function)', $this->ldapTestId);
+ $this->assertTrue(ldap_authorization_og1_has_role($og_knitters->gid, $web_user->uid, OG_AUTHENTICATED_ROLE ),
+ 'User is member of Group og_knitters without LDAP (based on ldap_authorization_og1_has_role() function)', $this->ldapTestId);
+ $this->assertTrue(ldap_authorization_og1_has_role($og_bakers->gid, $web_user->uid, OG_AUTHENTICATED_ROLE ),
+ 'User is member of Group og_bakers without LDAP (based on dap_authorization_og_has_role() function)', $this->ldapTestId);
+ $this->assertTrue(ldap_authorization_og1_has_role($og_bakers->gid, $web_user->uid, OG_ADMINISTRATOR_ROLE),
+ 'User is administrator member of Group og_bakers without LDAP (based on dap_authorization_og_has_role() function)', $this->ldapTestId);
+ //
+
+ /***
+ * II.A. construct ldapauthorization og object and test methods.
+ * (unit tests for methods and class without any ldap user context).
+ */
+
+ $this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class';
+
+ $og_auth = new LdapAuthorizationConsumerOG('og_group');
+ $this->assertTrue(is_object($og_auth),
+ 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
+
+ $this->assertTrue($og_auth->hasAuthorization($web_user, '2-3'),
+ 'hasAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId);
+
+ $this->assertTrue($og_auth->consumerType == 'og_group',
+ 'LdapAuthorizationConsumerOG ConsumerType set properly', $this->ldapTestId);
+
+ $consumer_ids = $og_auth->availableConsumerIDs();
+ $should_haves = array('1-1','1-2','1-3','2-1','2-2','2-3','3-1','3-2','3-3');
+ $match = (boolean)(count(array_intersect($consumer_ids, $should_haves)) == count($should_haves));
+ $this->assertTrue($match,
+ 'LdapAuthorizationConsumerOG availableConsumerIDs()', $this->ldapTestId);
+
+ $should_haves = array('1-1','1-2','2-1','2-3');
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $match = (boolean)(count(array_intersect($web_user_authorizations, $should_haves)) == count($should_haves));
+ $this->assertTrue($match,
+ 'LdapAuthorizationConsumerOG usersAuthorizations()', $this->ldapTestId);
+
+ $baker_nonmember_id = ldap_authorization_og_authorization_id($og_bakers->gid, $anonymous_rid);
+ $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_groups'], array($baker_nonmember_id), NULL, TRUE);
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $this->assertTrue(in_array($baker_nonmember_id, $web_user_authorizations),
+ 'LdapAuthorizationConsumerOG authorizationRevoke() test revoke on nonmeber role', $this->ldapTestId);
+
+ $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers->gid, $member_rid);
+ $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id), NULL, TRUE);
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $this->assertTrue(in_array($butcher_member_id, $web_user_authorizations),
+ 'LdapAuthorizationConsumerOG authorizationGrant()', $this->ldapTestId);
+ $this->assertTrue($og_auth->hasLdapGrantedAuthorization($web_user, $butcher_member_id),
+ 'hasLdapGrantedAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId);
+
+ $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id), NULL, TRUE);
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $this->assertFalse(in_array($butcher_member_id, $web_user_authorizations),
+ 'LdapAuthorizationConsumerOG authorizationRevoke()', $this->ldapTestId);
+
+
+ $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id), NULL, TRUE);
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $this->assertFalse(in_array($butcher_member_id, $web_user_authorizations),
+ 'LdapAuthorizationConsumerOG authorizationRevoke() attempt to revoke role that user doesnt have', $this->ldapTestId);
+
+ $result = $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array('212-212'), NULL, TRUE);
+ $this->assertFalse($result,
+ 'LdapAuthorizationConsumerOG authorizationRevoke() test revoke of bogus authorization', $this->ldapTestId);
+
+ $result = $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array('212-212'), NULL, TRUE);
+ $this->assertFalse($result,
+ 'LdapAuthorizationConsumerOG authorizationGrant() test grant of bogus authorization', $this->ldapTestId);
+
+ $result = $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array('bogusformat'), NULL, TRUE);
+ $this->assertFalse($result,
+ 'LdapAuthorizationConsumerOG authorizationRevoke() test revoke malformed params', $this->ldapTestId);
+
+ $result = $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array('bogusformat'), NULL, TRUE);
+ $this->assertFalse($result,
+ 'LdapAuthorizationConsumerOG authorizationGrant() test grant malformed params', $this->ldapTestId);
+
+ /***
+ * II.B. Also test function in ldap_authorization_og.module
+ */
+
+ $normalized_authorization_id = ldap_authorization_og_authorization_id(3, 2);
+ $this->assertTrue($normalized_authorization_id == '3-2', ' ldap_authorizations og ldap_authorization_og_authorization_id() function works', $this->ldapTestId);
+
+ $gid = ldap_authorization_og1_entity_id_to_gid(4345);
+ $this->assertTrue($gid === FALSE, ' ldap_authorizations og ldap_authorization_og1_entity_id_to_gid() returns false for bogus data', $this->ldapTestId);
+
+
+ // create entity and get gid
+ $gid = ldap_authorization_og1_entity_id_to_gid($og_knitters->etid);
+ $this->assertTrue($og_knitters->gid == $gid, 'ldap_authorization_og1_entity_id_to_gid() function works', $this->ldapTestId);
+
+ $bakers_gid = ldap_authorization_og1_get_group($og_bakers->gid, 'gid', 'gid');
+ $this->assertTrue($bakers_gid == $og_bakers->gid, 'ldap_authorization_og1_get_group() function gid return works with query type gid', $this->ldapTestId);
+
+ $bakers_label = ldap_authorization_og1_get_group($og_bakers->gid, 'gid', 'label');
+ $this->assertTrue($bakers_label == 'bakers', 'ldap_authorization_og1_get_group() function label return works with query type gid', $this->ldapTestId);
+
+ $test = ldap_authorization_og1_has_role($og_bakers->gid, $web_user->uid, OG_ADMINISTRATOR_ROLE);
+ $this->assertTrue($test, 'ldap_authorization_og1_has_role() function works', $this->ldapTestId);
+
+ $test = ldap_authorization_og1_has_role($og_knitters->gid, $web_user->uid, OG_ADMINISTRATOR_ROLE);
+ $this->assertTrue($test === FALSE, 'ldap_authorization_og1_has_role() function fails with FALSE', $this->ldapTestId);
+
+ $test = ldap_authorization_og_rid_from_role_name('sdfsdfsdfsdf');
+ $this->assertTrue($test === FALSE, 'ldap_authorization_og_rid_from_role_name() function fails with FALSE', $this->ldapTestId);
+
+ }
+ /***
+ * III. functional tests based on various configurations, without actual user logon process
+ * (will need to be expanded when batch, feed, etc, processing is added, but those
+ * functional tests should not need to done for all ldap consumer types.
+ */
+ function testAuthorizationsWithoutLogon() {
+ if (ldap_authorization_og_og_version() != 1) {
+ debug('LdapAuthorizationOg2Tests must be run with OG 7.x-1.x');
+ return;
+ }
+ $this->ldapTestId = $this->module_name . ': og authorizations on logon';
+ // just to give warning if setup doesn't succeed. may want to take these out at some point.
+ $setup_success = (
+ module_exists('ldap_authentication') &&
+ module_exists('ldap_servers') &&
+ module_exists('ldap_authorization') &&
+ module_exists('ldap_authorization_drupal_role') &&
+ module_exists('ldap_authorization_og') &&
+ (variable_get('ldap_simpletest', 0) == 1)
+ );
+ $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
+
+ $web_user = $this->drupalCreateUser();
+
+ $this->ldapTestId = 'OgWithoutLogon';
+ $this->serversData = 'Og/ldap_servers.inc';
+ $this->authorizationData = 'Og/ldap_authorization.inc';
+ $this->authenticationData = 'Og/ldap_authentication.inc';
+ $this->consumerType = 'og_group';
+ $this->prepTestData();
+
+ $og_auth = new LdapAuthorizationConsumerOG('og_group');
+ $this->assertTrue(is_object($og_auth),
+ 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
+
+ list($og_knitters, $og_knitters_node) = ldap_authorization_og1_get_group('knitters', 'group_name','object');
+ list($og_bakers, $og_bakers_node) = ldap_authorization_og1_get_group('bakers', 'group_name','object');
+ list($og_butchers, $og_butchers_node) = ldap_authorization_og1_get_group('butchers', 'group_name','object');
+ $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
+ $member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
+ $admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
+ $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers->gid, $member_rid);
+ $butcher_admin_id = ldap_authorization_og_authorization_id($og_butchers->gid, $admin_rid);
+ $knitters_nonmember_id = ldap_authorization_og_authorization_id($og_knitters->gid, $anonymous_rid);
+ $knitters_member_id = ldap_authorization_og_authorization_id($og_knitters->gid, $member_rid);
+ /**
+ * cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu
+ * should not match any mappings
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $unkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'unkool', 'mail' => 'unkool@nowhere.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query'); // just see if the correct ones are derived.
+ $this->assertTrue(count($new_authorizations) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
+
+ /**
+ * jkool: guest accounts, cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * should yield: butchers member and butchers admin member
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' => 'jkool@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query'); // just see if the correct ones are derived.
+
+ $correct_roles = (bool)(
+ isset($new_authorizations['og_group']) &&
+ in_array($butcher_member_id, $new_authorizations['og_group']) &&
+ in_array($butcher_admin_id, $new_authorizations['og_group'])
+ );
+ if (!$correct_roles) {
+ debug('jkool og ldap authorizations'); debug($new_authorizations); debug($new_authorizations);
+ }
+ $this->assertTrue($correct_roles, "user account jkool tested for granting og butchers member and admin ($butcher_member_id and $butcher_admin_id)", $this->ldapTestId . '.onematch');
+
+ /**
+ verykool: 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', special guests, guest accounts
+ should yield: butchers and knitters member roles
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $verykool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'verykool', 'mail' => 'verykool@myuniversity.edu'), TRUE, $user);
+
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query'); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations['og_group']) &&
+ in_array($butcher_member_id, $new_authorizations[$this->consumerType]) &&
+ in_array($knitters_member_id, $new_authorizations[$this->consumerType])
+ );
+ if (!$correct_roles) {
+ debug('verykool og ldap authorizations'); debug($new_authorizations); debug($new_authorizations);
+ }
+ $this->assertTrue($correct_roles, "user account verykool tested for granting og knitters member ($knitters_member_id) and og butchers member ($butcher_member_id) ", $this->ldapTestId . '.manymatch');
+ $this->assertTrue($correct_roles, 'user account verykool tested for case insensitivity ', $this->ldapTestId . '.caseinsensitive');
+}
+
+ /**
+ * IV. Test authorizations granted on logon
+ */
+ function testAuthorizationsOnLogon() {
+ if (ldap_authorization_og_og_version() != 1) {
+ debug('LdapAuthorizationOg2Tests must be run with OG 7.x-1.x');
+ return;
+ }
+ $this->ldapTestId = $this->module_name . ': og authorizations on logon';
+ // just to give warning if setup doesn't succeed. may want to take these out at some point.
+ $setup_success = (
+ module_exists('ldap_authentication') &&
+ module_exists('ldap_servers') &&
+ module_exists('ldap_authorization') &&
+ module_exists('ldap_authorization_drupal_role') &&
+ module_exists('ldap_authorization_og') &&
+ (variable_get('ldap_simpletest', 0) == 1)
+ );
+ $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
+
+ $web_user = $this->drupalCreateUser();
+
+ $this->ldapTestId = 'OgLogon';
+ $this->serversData = 'Og/ldap_servers.inc';
+ $this->authorizationData = 'Og/ldap_authorization.inc';
+ $this->authenticationData = 'Og/ldap_authentication.inc';
+ $this->consumerType = 'og_group';
+ $this->prepTestData();
+
+ $og_auth = new LdapAuthorizationConsumerOG('og_group');
+ $this->assertTrue(is_object($og_auth),
+ 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
+
+ list($og_knitters, $og_knitters_node) = ldap_authorization_og1_get_group('knitters', 'group_name','object');
+ list($og_bakers, $og_bakers_node) = ldap_authorization_og1_get_group('bakers', 'group_name','object');
+ list($og_butchers, $og_butchers_node) = ldap_authorization_og1_get_group('butchers', 'group_name','object');
+ $anonymous_rid = ldap_authorization_og_rid_from_role_name(OG_ANONYMOUS_ROLE);
+ $member_rid = ldap_authorization_og_rid_from_role_name(OG_AUTHENTICATED_ROLE);
+ $admin_rid = ldap_authorization_og_rid_from_role_name(OG_ADMINISTRATOR_ROLE);
+ $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers->gid, $member_rid);
+ $butcher_admin_id = ldap_authorization_og_authorization_id($og_butchers->gid, $admin_rid);
+ $knitters_nonmember_id = ldap_authorization_og_authorization_id($og_knitters->gid, $anonymous_rid);
+ $knitters_member_id = ldap_authorization_og_authorization_id($og_knitters->gid, $member_rid);
+ /**
+ verykool: 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', special guests, guest accounts
+ should yield: 'gid=3,rid=3', 'gid=3,rid=2', group-name=knitters,role-name=member
+ */
+ $verykool = user_load_by_name('verykool');
+ if (is_object($verykool)) {
+ user_delete($verykool->uid);
+ }
+
+ $edit = array(
+ 'name' => 'verykool',
+ 'pass' => 'goodpwd',
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $this->ldapTestId);
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('verykool'), 'Ldap user properly authmapped.', $this->ldapTestId);
+
+ $verykool = user_load_by_name('verykool');
+ $existing_authorizations = $og_auth->usersAuthorizations($verykool);
+ $correct_roles = in_array($butcher_member_id, $existing_authorizations) && in_array($knitters_member_id, $existing_authorizations);
+ if (!$correct_roles) {
+ debug('verykool og authorizations'); debug($existing_authorizations);
+ }
+ $this->assertTrue($correct_roles, 'verykool granted butcher and knitter memberships', $this->ldapTestId );
+
+ $this->drupalGet('user/logout');
+
+
+ /**
+ * jkool: guest accounts, cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * should yield: 'gid=3,rid=2', 'gid=3,rid=3'
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' => 'jkool@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query'); // just see if the correct ones are derived.
+
+ user_delete($jkool->uid);
+
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'goodpwd',
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $this->ldapTestId);
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('jkool'), 'Ldap user properly authmapped.', $this->ldapTestId);
+
+ $jkool = user_load_by_name('jkool');
+ $existing_authorizations = $og_auth->usersAuthorizations($jkool);
+
+ $correct_roles = in_array($butcher_admin_id, $existing_authorizations);
+ if (!$correct_roles) {
+ debug('jkool og authorizations'); debug($existing_authorizations);
+ }
+ $this->assertTrue($correct_roles, 'jkool granted admin role', $this->ldapTestId );
+
+ $this->drupalGet('user/logout');
+
+
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/Og2.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/Og2.test
new file mode 100644
index 0000000..01c93c9
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/Og2.test
@@ -0,0 +1,487 @@
+<?php
+
+/**
+ * @file simpletest for Ldap Authorization OG Module, for og 7.x-2.x
+ *
+ * Manual testing to accompany simpletests:
+ * - logon with og authorization disabled and make sure nothing happens
+ * - logon with og authorization enabled and make sure admin and member group memberships granted
+ * - change mappings so no roles granted
+ * - logon and make sure memberships revoked
+ */
+
+require_once(drupal_get_path('module', 'ldap_authorization') . '/tests/LdapAuthorizationTestCase.class.php');
+require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
+
+class LdapAuthorizationOg2Tests extends LdapAuthorizationTestCase {
+
+ public $group_type = NULL;
+ public $group_content_type = NULL;
+ public $group_nodes = array();
+ public $user1;
+
+ public static function getInfo() {
+ return array(
+ 'group' => 'LDAP Authorization',
+ 'name' => 'OG 7.x-2.x Tests.',
+ 'description' => 'Test ldap authorization og 2.',
+ );
+ }
+
+ public $consumerType = 'og_group';
+
+ function setUp($addl_modules = array()) {
+ parent::setUp(array('ldap_authorization_og', 'og_example'));
+
+ if (ldap_authorization_og_og_version() != 2) {
+ debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
+ return;
+ }
+ $this->user1 = $this->drupalCreateUser();
+ $this->groups = array();
+ require('ldap_authorization_og2.inc');
+
+ foreach ($og_roles as $og_role_name => $og_role) {
+ $role = new stdClass;
+ $role->gid = 0;
+ $role->group_type = $og_role['entity_type'];
+ $role->group_bundle = $og_role['bundle_type'];
+ $role->name = $og_role_name;
+ $status = og_role_save($role);
+ }
+
+ // Create group and group content node types.
+ $this->group_type = $this->drupalCreateContentType()->type;
+ og_create_field(OG_GROUP_FIELD, 'node', $this->group_type);
+
+ $this->group_content_type = $this->drupalCreateContentType()->type;
+ og_create_field(OG_AUDIENCE_FIELD, 'node', $this->group_content_type);
+
+ foreach ($og_groups as $og_name => $og_conf) {
+ $label = $og_conf['label'];
+ if ($og_conf['entity_type'] == 'node') {
+ $settings = array();
+ $settings['type'] = $this->group_type;
+ $settings[OG_GROUP_FIELD][LANGUAGE_NONE][0]['value'] = 1;
+ $settings['uid'] = $this->user1->uid;
+ $settings['title'] = $og_conf['label'];
+ $settings['type'] = $og_conf['bundle'];
+ $this->group_nodes[$og_name] = $this->drupalCreateNode($settings);
+ }
+ }
+
+ }
+
+
+
+ /**
+ * just make sure install succeeds and
+ */
+ function testBasicFunctionsAndApi() {
+
+ if (ldap_authorization_og_og_version() != 2) {
+ debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
+ return;
+ }
+
+ $this->ldapTestId = $this->module_name . ': setup success';
+ // just to give warning if setup doesn't succeed. may want to take these out at some point.
+ $setup_success = (
+ module_exists('ldap_authentication') &&
+ module_exists('ldap_servers') &&
+ module_exists('ldap_authorization') &&
+ module_exists('ldap_authorization_drupal_role') &&
+ module_exists('ldap_authorization_og') &&
+ (variable_get('ldap_simpletest', 0) == 1)
+ );
+ $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
+
+ $this->ldapTestId = $this->module_name . ': cron test';
+ $this->assertTrue(drupal_cron_run(), t('Cron can run with ldap authorization og enabled.'), $this->ldapTestId);
+
+
+ /***
+ * I. some basic tests to make sure og module's apis are working before testing ldap_authorization_og
+ * if these aren't working as expected, no ldap authorization og functionality will work.
+ */
+
+ $web_user = $this->drupalCreateUser();
+ $this->ldapTestId = $this->module_name . ': og functions';
+
+ list($og_knitters, $og_knitters_node) = ldap_authorization_og2_get_group('node', 'knitters', 'group_name', 'object');
+ list($og_bakers, $og_bakers_node) = ldap_authorization_og2_get_group('node', 'bakers', 'group_name', 'object');
+ list($og_butchers, $og_butchers_node) = ldap_authorization_og2_get_group('node', 'butchers', 'group_name', 'object');
+
+ $anonymous_rid = ldap_authorization_og2_rid_from_role_name('node', $og_knitters_node->nid, OG_ANONYMOUS_ROLE);
+ $member_rid = ldap_authorization_og2_rid_from_role_name('node', $og_bakers_node->nid, OG_AUTHENTICATED_ROLE);
+ $admin_rid = ldap_authorization_og2_rid_from_role_name('node', $og_butchers_node->nid, OG_ADMINISTRATOR_ROLE);
+
+ /**
+ * II.0 basic granting tests to make sure og_role_grant, ldap_authorization_og_rid_from_role_name,
+ * and ldap_authorization_og2_get_group functions work
+ * og_is_member($group_type, $gid, $entity_type = 'user', $entity = NULL, $states = array(OG_STATE_ACTIVE))
+ */
+
+ $values = array(
+ 'entity_type' => 'user',
+ 'entity' => $web_user->uid,
+ 'field_name' => FALSE,
+ 'state' => OG_STATE_ACTIVE,
+ );
+ $og_membership = og_group('node', $og_knitters_node->nid, $values);
+ $og_membership = og_group('node', $og_bakers_node->nid, $values);
+ $og_membership = og_group('node', $og_butchers_node->nid, $values);
+
+ og_role_grant('node', $og_knitters_node->nid, $web_user->uid, $member_rid);
+ og_role_grant('node', $og_bakers_node->nid, $web_user->uid, $member_rid);
+ og_role_grant('node', $og_bakers_node->nid, $web_user->uid, $admin_rid);
+
+ $web_user = user_load($web_user->uid, TRUE); // need to reload because of issue with og_group and og_role_grant
+ $ids = array($web_user->uid);
+ $user_entity = entity_load('user', $ids);
+ $this->assertTrue(og_is_member('node', $og_knitters_node->nid, 'user', $web_user),
+ 'User is member of Group og_knitters without LDAP (based on og_is_member() function)', $this->ldapTestId);
+ $this->assertTrue(ldap_authorization_og2_has_role($og_knitters_node->nid, $web_user->uid, OG_AUTHENTICATED_ROLE ),
+ 'User is member of Group og_knitters without LDAP (based on ldap_authorization_og2_has_role() function)', $this->ldapTestId);
+ $this->assertTrue(ldap_authorization_og2_has_role($og_bakers_node->nid, $web_user->uid, OG_AUTHENTICATED_ROLE ),
+ 'User is member of Group og_bakers without LDAP (based on dap_authorization_og_has_role() function)', $this->ldapTestId);
+ $this->assertTrue(ldap_authorization_og2_has_role($og_bakers_node->nid, $web_user->uid, OG_ADMINISTRATOR_ROLE),
+ 'User is administrator member of Group og_bakers without LDAP (based on dap_authorization_og_has_role() function)', $this->ldapTestId);
+
+ /***
+ * II.A. construct ldapauthorization og object and test methods.
+ * (unit tests for methods and class without any ldap user context).
+ */
+
+ $this->ldapTestId = $this->module_name . ': LdapAuthorizationConsumerOG class';
+
+ $og_auth = new LdapAuthorizationConsumerOG('og_group');
+ $this->assertTrue(is_object($og_auth), 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
+
+
+ $this->assertTrue($og_auth->hasAuthorization($web_user, ldap_authorization_og_authorization_id($og_bakers_node->nid, $admin_rid, 'node')),
+ 'hasAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId);
+
+ $this->assertTrue($og_auth->consumerType == 'og_group',
+ 'LdapAuthorizationConsumerOG ConsumerType set properly', $this->ldapTestId);
+
+ $consumer_ids = $og_auth->availableConsumerIDs();
+
+ $should_haves = array();
+
+ require_once(drupal_get_path('module', 'ldap_authorization_og') . '/LdapAuthorizationConsumerOG.class.php');
+ list($groups, $availableConsumerIDs) = LdapAuthorizationConsumerOG::og2Groups();
+
+ foreach ($groups['node'] as $gid => $group) {
+ foreach ($group['roles'] as $rid => $role) {
+ $should_haves[] = ldap_authorization_og_authorization_id($gid, $rid, 'node');
+ }
+ }
+
+ $match = (boolean)(count(array_intersect($consumer_ids, $should_haves)) == count($should_haves));
+ $this->assertTrue($match,
+ 'LdapAuthorizationConsumerOG availableConsumerIDs()', $this->ldapTestId);
+
+ // this is just what is in II.0
+ $should_haves = array(
+ ldap_authorization_og_authorization_id($og_knitters_node->nid, $member_rid, 'node'),
+ ldap_authorization_og_authorization_id($og_bakers_node->nid, $member_rid, 'node'),
+ ldap_authorization_og_authorization_id($og_bakers_node->nid, $admin_rid, 'node'),
+ ldap_authorization_og_authorization_id($og_butchers_node->nid, $member_rid, 'node')
+ );
+
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $match = (boolean)(count(array_intersect($web_user_authorizations, $should_haves)) == count($should_haves));
+ $this->assertTrue($match,
+ 'LdapAuthorizationConsumerOG usersAuthorizations()', $this->ldapTestId);
+
+ $web_user = user_load($web_user->uid, TRUE);
+ $baker_member_id = ldap_authorization_og_authorization_id($og_bakers_node->nid, $member_rid, 'node');
+ // ldap_authorization_og_authorization_id($og_bakers->gid, $anonymous_rid);
+ $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_groups'], array($baker_member_id), NULL, TRUE);
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $this->assertTrue(in_array($baker_member_id, $web_user_authorizations),
+ 'LdapAuthorizationConsumerOG authorizationRevoke() test revoke on member role', $this->ldapTestId);
+
+ $web_user = user_load($web_user->uid, TRUE);
+ $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers_node->nid, $member_rid, 'node');
+ $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id), NULL, TRUE);
+ $web_user = user_load($web_user->uid, TRUE);
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+
+
+ $this->assertTrue(in_array($butcher_member_id, array_values($web_user_authorizations)),
+ 'LdapAuthorizationConsumerOG authorizationGrant()', $this->ldapTestId);
+
+ $this->assertTrue($og_auth->hasLdapGrantedAuthorization($web_user, $butcher_member_id),
+ 'hasLdapGrantedAuthorization() method works for non LDAP provisioned og authorization', $this->ldapTestId);
+
+ $web_user = user_load($web_user->uid, TRUE);
+ $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id), NULL, TRUE);
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $this->assertFalse(in_array($butcher_member_id, $web_user_authorizations),
+ 'LdapAuthorizationConsumerOG authorizationRevoke()', $this->ldapTestId);
+
+ $web_user = user_load($web_user->uid, TRUE);
+ $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array($butcher_member_id), NULL, TRUE);
+ $web_user_authorizations = $og_auth->usersAuthorizations($web_user);
+ $this->assertFalse(in_array($butcher_member_id, $web_user_authorizations),
+ 'LdapAuthorizationConsumerOG authorizationRevoke() attempt to revoke role that user doesnt have', $this->ldapTestId);
+
+ $web_user = user_load($web_user->uid, TRUE);
+ $result = $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array('node:454:44334'), NULL, TRUE);
+ $this->assertFalse($result,
+ 'LdapAuthorizationConsumerOG authorizationRevoke() test revoke of bogus authorization', $this->ldapTestId);
+
+ $web_user = user_load($web_user->uid, TRUE);
+ $result = $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array('node:454:44334'), NULL, TRUE);
+ $this->assertFalse($result,
+ 'LdapAuthorizationConsumerOG authorizationGrant() test grant of bogus authorization', $this->ldapTestId);
+
+ $web_user = user_load($web_user->uid, TRUE);
+ $result = $og_auth->authorizationRevoke($web_user, $web_user->data['ldap_authorizations']['og_group'], array('bogusformat'), NULL, TRUE);
+ $this->assertFalse($result,
+ 'LdapAuthorizationConsumerOG authorizationRevoke() test revoke malformed params', $this->ldapTestId);
+
+ $web_user = user_load($web_user->uid, TRUE);
+ $result = $og_auth->authorizationGrant($web_user, $web_user->data['ldap_authorizations']['og_group'], array('bogusformat'), NULL, TRUE);
+ $this->assertFalse($result,
+ 'LdapAuthorizationConsumerOG authorizationGrant() test grant malformed params', $this->ldapTestId);
+
+ /***
+ * II.B. Also test function in ldap_authorization_og.module
+ */
+
+ $bakers_label = ldap_authorization_og2_get_group('node', 'bakers', 'group_name', 'label');
+ $this->assertTrue($bakers_label == 'bakers', 'ldap_authorization_og2_get_group() function label return works with query type gid', $this->ldapTestId);
+
+ $test = ldap_authorization_og2_has_role($og_bakers_node->nid, $web_user->uid, OG_ADMINISTRATOR_ROLE);
+ $this->assertTrue($test, 'ldap_authorization_og2_has_role() function works', $this->ldapTestId);
+
+ $test = ldap_authorization_og2_has_role($og_knitters_node->nid, $web_user->uid, OG_ADMINISTRATOR_ROLE);
+ $this->assertTrue($test === FALSE, 'ldap_authorization_og2_has_role() function fails with FALSE', $this->ldapTestId);
+
+ }
+ /***
+ * III. functional tests based on various configurations, without actual user logon process
+ * (will need to be expanded when batch, feed, etc, processing is added, but those
+ * functional tests should not need to done for all ldap consumer types.
+ */
+ function testAuthorizationsWithoutLogon() {
+ if (ldap_authorization_og_og_version() != 2) {
+ debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
+ return;
+ }
+ $this->ldapTestId = $this->module_name . ': og authorizations on logon';
+ // just to give warning if setup doesn't succeed. may want to take these out at some point.
+ $setup_success = (
+ module_exists('ldap_authentication') &&
+ module_exists('ldap_servers') &&
+ module_exists('ldap_authorization') &&
+ module_exists('ldap_authorization_drupal_role') &&
+ module_exists('ldap_authorization_og') &&
+ (variable_get('ldap_simpletest', 0) == 1)
+ );
+ $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
+
+ $web_user = $this->drupalCreateUser();
+
+ $this->ldapTestId = 'OgWithoutLogon';
+ $this->serversData = 'Og/ldap_servers.inc';
+ $this->authorizationData = 'Og/ldap_authorization_og2.inc';
+ $this->authenticationData = 'Og/ldap_authentication.inc';
+ $this->consumerType = 'og_group';
+ $this->prepTestData();
+
+ $og_auth = new LdapAuthorizationConsumerOG('og_group');
+ $this->assertTrue(is_object($og_auth),
+ 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
+
+ list($og_knitters, $og_knitters_node) = ldap_authorization_og2_get_group('node','knitters', 'group_name', 'object');
+ list($og_bakers, $og_bakers_node) = ldap_authorization_og2_get_group('node','bakers', 'group_name', 'object');
+ list($og_butchers, $og_butchers_node) = ldap_authorization_og2_get_group('node','butchers', 'group_name', 'object');
+
+ $anonymous_rid = ldap_authorization_og2_rid_from_role_name('node', $og_knitters_node->nid, OG_ANONYMOUS_ROLE);
+ $member_rid = ldap_authorization_og2_rid_from_role_name('node', $og_bakers_node->nid, OG_AUTHENTICATED_ROLE);
+ $admin_rid = ldap_authorization_og2_rid_from_role_name('node', $og_butchers_node->nid, OG_ADMINISTRATOR_ROLE);
+
+ $knitters_nonmember_id = ldap_authorization_og_authorization_id($og_knitters_node->nid, $anonymous_rid, 'node');
+ $knitters_member_id = ldap_authorization_og_authorization_id($og_knitters_node->nid, $member_rid, 'node');
+ $bakers_nonmember_id = ldap_authorization_og_authorization_id($og_bakers_node->nid, $anonymous_rid, 'node');
+ $bakers_member_id = ldap_authorization_og_authorization_id($og_bakers_node->nid, $member_rid, 'node');
+ $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers_node->nid, $member_rid, 'node');
+ $butcher_admin_id = ldap_authorization_og_authorization_id($og_butchers_node->nid, $admin_rid, 'node');
+
+ debug("butcher_member_id=$butcher_member_id,
+ butcher_admin_id=$butcher_admin_id,
+ knitters_nonmember_id=$knitters_nonmember_id,
+ knitters_member_id=$knitters_member_id
+ ");
+ /**
+ * cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu
+ * should not match any mappings
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $unkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'unkool', 'mail' => 'unkool@nowhere.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($unkool, 'query'); // just see if the correct ones are derived.
+ if (count($new_authorizations['og_group']) != 0) {
+ debug('new authorizations'); debug($new_authorizations);
+ }
+ $this->assertTrue(count($new_authorizations['og_group']) == 0, 'user account unkool tested for granting no drupal roles ', $this->ldapTestId . '.nomatch');
+
+ /**
+ * jkool: guest accounts, cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' => 'jkool@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query'); // just see if the correct ones are derived.
+
+ $correct_roles = (bool)(
+ isset($new_authorizations['og_group']) &&
+ in_array($butcher_member_id, $new_authorizations['og_group']) &&
+ in_array($bakers_member_id, $new_authorizations['og_group'])
+ );
+ if (!$correct_roles) {
+ debug('jkool og ldap authorizations'); debug($new_authorizations); debug($new_authorizations);
+ }
+ $this->assertTrue($correct_roles, "user account jkool tested for granting og butchers member and admin ($butcher_member_id and $butcher_admin_id)", $this->ldapTestId . '.onematch');
+
+ /**
+ verykool: 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', special guests, guest accounts
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $verykool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'verykool', 'mail' => 'verykool@myuniversity.edu'), TRUE, $user);
+
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($verykool, 'query'); // just see if the correct ones are derived.
+ $correct_roles = (bool)(isset($new_authorizations['og_group']) &&
+ in_array($butcher_member_id, $new_authorizations[$this->consumerType]) &&
+ in_array($bakers_member_id, $new_authorizations[$this->consumerType])
+ );
+ if (!$correct_roles) {
+ debug('verykool og ldap authorizations'); debug($new_authorizations); debug($new_authorizations);
+ }
+ $this->assertTrue($correct_roles, "user account verykool tested for granting og knitters member ($knitters_member_id) and og butchers member ($butcher_member_id) ", $this->ldapTestId . '.manymatch');
+ $this->assertTrue($correct_roles, 'user account verykool tested for case insensitivity ', $this->ldapTestId . '.caseinsensitive');
+}
+
+ /**
+ * IV. Test authorizations granted on logon
+ */
+ function testAuthorizationsOnLogon() {
+ if (ldap_authorization_og_og_version() != 2) {
+ debug('LdapAuthorizationOg2Tests must be run with OG 7.x-2.x');
+ return;
+ }
+ $this->ldapTestId = $this->module_name . ': og authorizations on logon';
+
+ $setup_success = (
+ module_exists('ldap_authentication') &&
+ module_exists('ldap_servers') &&
+ module_exists('ldap_authorization') &&
+ module_exists('ldap_authorization_drupal_role') &&
+ module_exists('ldap_authorization_og') &&
+ (variable_get('ldap_simpletest', 0) == 1)
+ );
+ $this->assertTrue($setup_success, ' ldap_authorizations og setup successful', $this->ldapTestId);
+
+ $web_user = $this->drupalCreateUser();
+
+ $this->ldapTestId = 'OgLogon';
+ $this->serversData = 'Og/ldap_servers.inc';
+ $this->authorizationData = 'Og/ldap_authorization_og2.inc';
+ $this->authenticationData = 'Og/ldap_authentication.inc';
+ $this->consumerType = 'og_group';
+ $this->prepTestData();
+
+ $og_auth = new LdapAuthorizationConsumerOG('og_group');
+ $this->assertTrue(is_object($og_auth),
+ 'Successfully instantiated LdapAuthorizationConsumerOG', $this->ldapTestId);
+
+ list($og_knitters, $og_knitters_node) = ldap_authorization_og2_get_group('node','knitters', 'group_name','object');
+ list($og_bakers, $og_bakers_node) = ldap_authorization_og2_get_group('node','bakers', 'group_name','object');
+ list($og_butchers, $og_butchers_node) = ldap_authorization_og2_get_group('node','butchers', 'group_name','object');
+
+ $anonymous_rid = ldap_authorization_og2_rid_from_role_name('node', $og_knitters_node->nid, OG_ANONYMOUS_ROLE);
+ $member_rid = ldap_authorization_og2_rid_from_role_name('node', $og_knitters_node->nid, OG_AUTHENTICATED_ROLE);
+ $admin_rid = ldap_authorization_og2_rid_from_role_name('node', $og_knitters_node->nid, OG_ADMINISTRATOR_ROLE);
+
+ $knitters_nonmember_id = ldap_authorization_og_authorization_id($og_knitters_node->nid, $anonymous_rid, 'node');
+ $knitters_member_id = ldap_authorization_og_authorization_id($og_knitters_node->nid, $member_rid, 'node');
+ $bakers_nonmember_id = ldap_authorization_og_authorization_id($og_bakers_node->nid, $anonymous_rid, 'node');
+ $bakers_member_id = ldap_authorization_og_authorization_id($og_bakers_node->nid, $member_rid, 'node');
+ $butcher_member_id = ldap_authorization_og_authorization_id($og_butchers_node->nid, $member_rid, 'node');
+ $butcher_admin_id = ldap_authorization_og_authorization_id($og_butchers_node->nid, $admin_rid, 'node');
+
+ debug("
+ butcher_member_id=$butcher_member_id,<br/>
+ butcher_admin_id=$butcher_admin_id,<br/>
+ bakers_nonmember_id=$bakers_nonmember_id,<br/>
+ bakers_member_id=$bakers_member_id,<br/>
+ knitters_nonmember_id=$knitters_nonmember_id,<br/>
+ knitters_member_id=$knitters_member_id<br/>
+ ");
+ /**
+ verykool: 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', special guests, guest accounts
+ */
+ $verykool = user_load_by_name('verykool');
+ if (is_object($verykool)) {
+ user_delete($verykool->uid);
+ }
+
+ $edit = array(
+ 'name' => 'verykool',
+ 'pass' => 'goodpwd',
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $this->ldapTestId);
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('verykool'), 'Ldap user properly authmapped.', $this->ldapTestId);
+
+ $verykool = user_load_by_name('verykool');
+ $existing_authorizations = $og_auth->usersAuthorizations($verykool);
+ $correct_roles = in_array($butcher_member_id, $existing_authorizations) && in_array($bakers_member_id, $existing_authorizations);
+ if (!$correct_roles) {
+ debug('verykool og authorizations'); debug($existing_authorizations);
+ }
+ $this->assertTrue($correct_roles, 'verykool granted butcher and knitter memberships', $this->ldapTestId );
+
+ $this->drupalGet('user/logout');
+
+
+ /**
+ * jkool: guest accounts, cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ */
+
+ $user = $this->drupalCreateUser(array());
+ $jkool = $this->testFunctions->drupalLdapUpdateUser(array('name' => 'jkool', 'mail' => 'jkool@guests.myuniversity.edu'), TRUE, $user);
+ list($new_authorizations, $notifications) = ldap_authorizations_user_authorizations($jkool, 'query'); // just see if the correct ones are derived.
+
+ user_delete($jkool->uid);
+
+ $edit = array(
+ 'name' => 'jkool',
+ 'pass' => 'goodpwd',
+ );
+
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'New Ldap user with good password authenticated.', $this->ldapTestId);
+ $this->assertTrue($this->testFunctions->ldapUserIsAuthmapped('jkool'), 'Ldap user properly authmapped.', $this->ldapTestId);
+
+ $jkool = user_load_by_name('jkool');
+ $existing_authorizations = $og_auth->usersAuthorizations($jkool);
+
+ $correct_roles = in_array($butcher_member_id, $existing_authorizations);
+ if (!$correct_roles) {
+ debug('jkool og authorizations'); debug($existing_authorizations);
+ }
+ $this->assertTrue($correct_roles, 'jkool granted admin role', $this->ldapTestId );
+
+ $this->drupalGet('user/logout');
+
+
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authentication.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authentication.inc
new file mode 100644
index 0000000..72a327f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authentication.inc
@@ -0,0 +1,19 @@
+<?php
+// $Id$
+/**
+ * @file
+ * simpltest authentication config
+ */
+
+$authentication = array(
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authorization.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authorization.inc
new file mode 100644
index 0000000..570be65
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authorization.inc
@@ -0,0 +1,88 @@
+<?php
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+/**
+ *
+ * mapping notes
+
+ jkool: guest accounts, cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ should yield: 'gid=3,rid=2', 'gid=3,rid=3'
+
+ verykool: 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', special guests, guest accounts
+ should yield: 'gid=3,rid=3', 'gid=3,rid=2', group-name=knitters,role-name=member
+
+**/
+
+$authorization['og_group'] = array(
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 1,
+ 'deriveFromDnAttr' => 'ou',
+
+ 'deriveFromAttr' => 1,
+ 'deriveFromAttrAttr' => array('memberOf', 'mailcode'),
+ 'deriveFromAttrUseFirstAttr' => 0,
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => array(),
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => array(),
+
+ 'mappings' => array(
+ 0 => array('cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'group-name=knitters,role-name=member',
+ ),
+ 1 => array('cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'gid=3,rid=2'
+ ),
+ 2 => array('guest accounts',
+ 'gid=3,rid=2'
+ ),
+ 3 => array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'group-name=knitters,role-name=prince'
+ ),
+ 4 => array('special guests',
+ 'group-name=knitters,role-name=member'
+ ),
+ 5 => array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'group-name=knitters,role-name=administrator member'
+ ),
+ 6 => array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'gid=3,rid=3'
+ ),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 0,
+ 'regrantLdapProvisioned' => 1,
+);
+
+ /**
+ * 5 => array('cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'node.field_state_id=IL,rid=2'
+ ),
+ **/
+
+$og_groups = array(
+ 'knitters' => array('entity_type' => 'node', 'label' => 'knitters'),
+ 'bakers' => array('entity_type' => 'node', 'label' => 'bakers'),
+ 'butchers' => array('entity_type' => 'node', 'label' => 'butchers'),
+ );
+
+$og_roles = array(
+ 'prince' => array(),
+ 'pauper' => array(),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authorization_og2.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authorization_og2.inc
new file mode 100644
index 0000000..9a1af2c
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_authorization_og2.inc
@@ -0,0 +1,88 @@
+<?php
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+/**
+ *
+ * mapping notes
+
+ jkool: guest accounts, cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ should yield: 'gid=3,rid=2', 'gid=3,rid=3'
+
+ verykool: 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', special guests, guest accounts
+ should yield: 'gid=3,rid=3', 'gid=3,rid=2', group-name=knitters,role-name=member
+
+**/
+
+$authorization['og_group'] = array(
+ 'consumerModule' => 'ldap_authorization_og',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 1,
+
+ 'deriveFromDn' => 1,
+ 'deriveFromDnAttr' => 'ou',
+
+ 'deriveFromAttr' => 1,
+ 'deriveFromAttrAttr' => array('memberOf', 'mailcode'),
+ 'deriveFromAttrUseFirstAttr' => 0,
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => array(),
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => array(),
+
+ 'mappings' => array(
+ 0 => array('cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'node:1:2',
+ ),
+ 1 => array('cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'node:2:2'
+ ),
+ 2 => array('guest accounts',
+ 'node:2:2'
+ ),
+ 3 => array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'node:2:2'
+ ),
+ 4 => array('special guests',
+ 'node:3:2'
+ ),
+ 5 => array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'node:3:2'
+ ),
+ 6 => array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'node:3:2'
+ ),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 0,
+ 'regrantLdapProvisioned' => 1,
+);
+
+ /**
+ * 5 => array('cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu',
+ 'node.field_state_id=IL,rid=2'
+ ),
+ **/
+
+$og_groups = array(
+ 'knitters' => array('entity_type' => 'node', 'bundle' => 'group', 'label' => 'knitters'),
+ 'bakers' => array('entity_type' => 'node', 'bundle' => 'group', 'label' => 'bakers'),
+ 'butchers' => array('entity_type' => 'node', 'bundle' => 'group', 'label' => 'butchers'),
+ );
+
+$og_roles = array(
+ 'prince' => array('entity_type' => 'node', 'bundle_type' => 'group'),
+ 'pauper' => array('entity_type' => 'node', 'bundle_type' => 'group'),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_servers.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_servers.inc
new file mode 100644
index 0000000..e4f20c1
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Og/ldap_servers.inc
@@ -0,0 +1,237 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpltest authorization config
+ */
+
+$servers['ldapauthor1']['properties'] = array(
+ 'name' => 'Test LDAP Server 1 for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=education,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+ );
+
+
+
+$servers['ldapauthor1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$servers['ldapauthor1']['search_results']['(member=cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 1 => array('count' => 1, 'dn' => 'cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 2,
+ );
+
+$servers['ldapauthor1']['search_results']['(member=cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 1,
+ );
+
+/**
+ * fake user data array below 'attr' should mimick ldap user result data
+ */
+$servers['ldapauthor1']['users']['cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jdoe@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jdoe', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jkool@guests.myuniversity.edu', 'count' => 1),
+ 'mailcode' => array( 0 => '17', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+// duplicate of previous with escaped commas in cn.
+$servers['ldapauthor1']['users']['cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'wilmaf@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'wilmaf', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=punctuated\,comma\,freaks,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+// duplicate of previous with quoted cn.
+$servers['ldapauthor1']['users']['cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'barneyr@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'barneyr', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn="punctuated,comma,freaks",ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'verykool@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'verykool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'meMBErof' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'CN=NETadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'cn=phone operators,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 3,
+ ),
+ );
+
+
+
+$servers['ldapauthor1']['users']['cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'newkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'newkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'joeprogrammer', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+/**
+ * nested groups for both derive by attr and derive by entry
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ */
+
+
+/**
+ * derive by attr entries deriveFromAttrAttr=memberOf
+ */
+$servers['ldapauthor1']['groups']['cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1), // bogus recursion to test bogus recursion
+ );
+
+$servers['ldapauthor1']['groups']['cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array('count' => 0),
+ );
+
+
+/**
+ * derive by entry entries
+ * deriveFromEntryMembershipAttr=members
+ * deriveFromEntryAttrMatchingUserAttr=dn
+ * groupObjectClass=group
+ */
+/**
+$servers['ldapauthor1']['groups']['cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ 'members' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1), // bogus recursion to test bogus recursion
+ );
+
+$servers['ldapauthor1']['groups']['cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+ **/
+// nested group queries
+$servers['ldapauthor1']['search_results']['(|((dn=cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu)(dn=cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu))']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 2,
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'count' => 2,
+ );
+
+
+
+/**
+ * test users should include service account if one is being used
+ */
+$servers['ldapauthor1']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 2,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/Other.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/Other.test
new file mode 100644
index 0000000..f6ecb72
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/Other.test
@@ -0,0 +1,84 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * see getInfo() for test summary
+ */
+
+require_once(drupal_get_path('module', 'ldap_authorization') . '/tests/LdapAuthorizationTestCase.class.php');
+
+class LdapAuthorizationOtherAuthenticationTests extends LdapAuthorizationTestCase {
+ public static function getInfo() {
+ return array(
+ 'group' => 'LDAP Authorization',
+ 'name' => 'non ldap_authentication',
+ 'description' => 'Test for ldap authorization without ldap_authentication module authentication',
+
+ );
+ }
+
+ /**
+ * test drupal user authentication with ldap authorization
+ */
+ function testDrupalAuthnWithLdapAuthor() {
+ $this->ldapTestId = $this->module_name . ': drupal authentication';
+
+ $this->ldapTestId = 'AuthorizationIntegration';
+ $this->serversData = 'Other/ldap_servers.inc';
+ $this->authorizationData = 'Other/ldap_authorization.inc';
+ $this->authenticationData = 'Other/ldap_authentication.inc';
+ //set authentication data anyway even though module disabled to keep prepTestData() method simple
+ $this->consumerType = 'drupal_role';
+ $this->prepTestData();
+ module_disable(array('ldap_authentication'));
+ $this->ldapTestId = $this->module_name . ': test for integration with drupal authentication';
+
+ $consumer_conf_admin = ldap_authorization_get_consumer_admin_object($this->consumerType);
+ $consumer_conf_admin->onlyApplyToLdapAuthenticated = 0;
+ $consumer_conf_admin->save();
+
+
+ $verykool = $this->drupalCreateUser(array('access content'));
+ $password = $verykool->pass_raw;
+ $verykool = user_save($verykool, array('name' => 'verykool'));
+ $edit = array('pass' => $password, 'name' => 'verykool');
+ $this->drupalPost('user', $edit, t('Log in'));
+ $this->assertText(t('Member for'), 'Drupal User successfully authenticated with ldap authorization.', $this->ldapTestId);
+
+ $verykool = user_load_by_name('verykool');
+ $correct_roles = in_array('special guests', array_values($verykool->roles)) && in_array('guests', array_values($verykool->roles));
+ $this->assertTrue($correct_roles, 'verykool granted correct drupal roles via ldap authorization with drupal authentication ', $this->ldapTestId . '.duplicate_entry');
+ $this->drupalGet('user/logout');
+ user_delete($verykool->uid);
+
+
+ }
+
+
+
+ /**
+ * test cas user authentication with ldap authorization
+ */
+
+ function x_testCasAuthnWithLdapAuthor() {
+ $this->ldapTestId = $this->module_name . ': drupal authentication';
+
+ $this->ldapTestId = 'AuthorizationIntegration';
+ $this->serversData = 'ldapauthor1.ldap_server.test_data.inc';
+ $this->authorizationData = 'Derivations.ldap_authorization.DeriveFromDN.inc';
+ $this->authenticationData = 'ldapauthor1.ldap_authentication.test_data.inc';
+ $this->consumerType = 'drupal_role';
+ $this->prepTestData();
+
+ $this->ldapTestId = $this->module_name . ': test for integration with drupal authentication';
+
+ // create drupal user that has ldap entry mapping
+ // enable authorization but not authentication
+ // test user logon and authorizations
+
+ }
+
+
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_authentication.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_authentication.inc
new file mode 100644
index 0000000..72a327f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_authentication.inc
@@ -0,0 +1,19 @@
+<?php
+// $Id$
+/**
+ * @file
+ * simpltest authentication config
+ */
+
+$authentication = array(
+ 'authenticationMode' => LDAP_AUTHENTICATION_EXCLUSIVE,
+ 'loginConflictResolve' => LDAP_AUTHENTICATION_CONFLICT_LOG,
+ 'acctCreation' => LDAP_AUTHENTICATION_ACCT_CREATION_LDAP_BEHAVIOR,
+ 'ldapUserHelpLinkUrl' => '',
+ 'ldapUserHelpLinkText' => '',
+ 'emailOption' => LDAP_AUTHENTICATION_EMAIL_FIELD_DISABLE,
+ 'emailUpdate' => LDAP_AUTHENTICATION_EMAIL_UPDATE_ON_LDAP_CHANGE_DISABLE,
+ 'allowOnlyIfTextInDn' => NULL,
+ 'excludeIfTextInDn' => NULL,
+ 'allowTestPhp' => NULL,
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_authorization.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_authorization.inc
new file mode 100644
index 0000000..74d8bac
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_authorization.inc
@@ -0,0 +1,42 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpletest authorization configuration
+ */
+
+$authorization['drupal_role'] = array(
+ 'consumerModule' => 'ldap_authorization_drupal_role',
+
+ 'description' => 'UIUC AD',
+ 'status' => 1,
+ 'onlyApplyToLdapAuthenticated' => 0,
+
+ 'deriveFromDn' => 1,
+ 'deriveFromDnAttr' => 'ou',
+
+ 'deriveFromAttr' => 0,
+ 'deriveFromAttrAttr' => array(),
+
+ 'deriveFromEntry' => 0,
+ 'deriveFromEntryEntries' => NULL,
+ 'deriveFromEntryEntriesAttr' => NULL,
+ 'deriveFromEntryMembershipAttr' => NULL,
+
+ 'mappings' => array(
+ 0 => array('Campus Accounts', 'campus accounts'),
+ 1 => array('guest accounts', 'guests'),
+ 2 => array('special guests', 'special guests'),
+ 3 => array('cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'sysadmins'),
+ ),
+
+ 'useMappingsAsFilter' => 1,
+
+ 'synchOnLogon' => 1,
+ 'synchManually' => 1,
+
+ 'revokeLdapProvisioned' => 1,
+ 'createConsumers' => 1,
+ 'regrantLdapProvisioned' => 1,
+);
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_servers.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_servers.inc
new file mode 100644
index 0000000..e4f20c1
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_authorization/tests/Other/ldap_servers.inc
@@ -0,0 +1,237 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * simpltest authorization config
+ */
+
+$servers['ldapauthor1']['properties'] = array(
+ 'name' => 'Test LDAP Server 1 for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=education,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+ );
+
+
+
+$servers['ldapauthor1']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$servers['ldapauthor1']['search_results']['(member=cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 1 => array('count' => 1, 'dn' => 'cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 2,
+ );
+
+$servers['ldapauthor1']['search_results']['(member=cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 1,
+ );
+
+/**
+ * fake user data array below 'attr' should mimick ldap user result data
+ */
+$servers['ldapauthor1']['users']['cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jdoe@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jdoe', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jkool@guests.myuniversity.edu', 'count' => 1),
+ 'mailcode' => array( 0 => '17', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+// duplicate of previous with escaped commas in cn.
+$servers['ldapauthor1']['users']['cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Flintstone\, Wilma,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'wilmaf@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'wilmaf', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn=punctuated\,comma\,freaks,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+// duplicate of previous with quoted cn.
+$servers['ldapauthor1']['users']['cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=Rubble\, Barney,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'barneyr@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'barneyr', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'cn="punctuated,comma,freaks",ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2
+ ),
+ );
+
+
+$servers['ldapauthor1']['users']['cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'verykool@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'verykool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'meMBErof' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'CN=NETadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 2 => 'cn=phone operators,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 3,
+ ),
+ );
+
+
+
+$servers['ldapauthor1']['users']['cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'newkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'newkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['users']['cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=joeprogrammer,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'joeprogrammer@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'joeprogrammer', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+/**
+ * nested groups for both derive by attr and derive by entry
+ * cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu
+ * cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu
+ * cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu
+ *
+ */
+
+
+/**
+ * derive by attr entries deriveFromAttrAttr=memberOf
+ */
+$servers['ldapauthor1']['groups']['cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1), // bogus recursion to test bogus recursion
+ );
+
+$servers['ldapauthor1']['groups']['cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array( 0 => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'memberOf' => array('count' => 0),
+ );
+
+
+/**
+ * derive by entry entries
+ * deriveFromEntryMembershipAttr=members
+ * deriveFromEntryAttrMatchingUserAttr=dn
+ * groupObjectClass=group
+ */
+/**
+$servers['ldapauthor1']['groups']['cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=it,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ 'members' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1), // bogus recursion to test bogus recursion
+ );
+
+$servers['ldapauthor1']['groups']['cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=developers,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=people,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$servers['ldapauthor1']['groups']['cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'ObjectClass' => 'group',
+ 'members' => array( 0 => 'cn=newkool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+ **/
+// nested group queries
+$servers['ldapauthor1']['search_results']['(|((dn=cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu)(dn=cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu))']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 2,
+ 'dn' => 'cn=staff,ou=people,dc=ad,dc=myuniversity,dc=edu',
+ 'dn' => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'count' => 2,
+ );
+
+
+
+/**
+ * test users should include service account if one is being used
+ */
+$servers['ldapauthor1']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 2,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsDrupalUserLdapEntryFetcher.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsDrupalUserLdapEntryFetcher.inc
new file mode 100644
index 0000000..8811965
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsDrupalUserLdapEntryFetcher.inc
@@ -0,0 +1,141 @@
+<?php
+
+/**
+ * @file
+ * FeedsDrupalUserLdapEntryFetcher
+ */
+
+define('LDAP_FEEDS_DRUPAL_USER_FETCHER_FILTER_AUTHENTICATED', FALSE);
+define('LDAP_FEEDS_DRUPAL_USER_FETCHER_FILTER_ROLES', FALSE);
+
+class FeedsDrupalUserLdapEntryFetcherResult extends FeedsFetcherResult {
+
+ public $filterLdapAuthenticated;
+ public $availableDrupalUserAttributes;
+ public $filterRoles;
+
+ /**
+ * Constructor.
+ */
+ public function __construct($source_config) {
+ $this->availableDrupalUserAttributes = ldap_feeds_drupal_user_attributes();
+ $this->filterLdapAuthenticated = isset($source_config['filterLdapAuthenticated']) ? $source_config['filterLdapAuthenticated'] : LDAP_FEEDS_DRUPAL_USER_FETCHER_FILTER_AUTHENTICATED;
+ $this->filterRoles = isset($source_config['filterRoles']) ? $source_config['filterRoles'] : LDAP_FEEDS_DRUPAL_USER_FETCHER_FILTER_ROLES;
+
+ parent::__construct('');
+ $this->ldap_result = $this->getRaw();
+ return $this->ldap_result;
+ }
+
+ /**
+ * Overrides parent::getRaw();
+ */
+ public function getRaw() {
+
+ // needs to loop through all users, and query ldap for each, one at a time
+
+ $query = new EntityFieldQuery;
+ $entities = $query
+ ->entityCondition('entity_type', 'user')
+ ->execute();
+ $users = entity_load('user', array_keys($entities['user']));
+ $selectedRoles = array_filter($this->filterRoles);
+ $filterOnRoles = (boolean)(count($selectedRoles));
+
+ foreach ($users as $uid => $user) {
+ if (
+ $uid == 0 ||
+ $uid == 1 ||
+ ($this->filterLdapAuthenticated && !isset($user->data['ldap_authentication'])) ||
+ ($filterOnRoles && !array_intersect(array_values($selectedRoles), array_keys($user->roles)))
+ ) {
+ continue;
+ }
+
+ if ($ldap_entry = ldap_servers_get_user_ldap_data($user)) {
+ unset($ldap_entry['mail']);
+ $ldap_entry['attr']['count'] = $ldap_entry['attr']['count'] + count($this->availableDrupalUserAttributes);
+ foreach ($this->availableDrupalUserAttributes as $attr_name => $attr_conf) {
+ $ldap_entry['attr'][] = $attr_conf['token'];
+ $ldap_entry['attr'][$attr_conf['token']]['count'] = 1;
+ $ldap_entry['attr'][$attr_conf['token']][0] = (string)$user->{$attr_name};
+ }
+
+ $results[] = $ldap_entry;
+ }
+ }
+ $results['count'] = count($results);
+ // drupal_set_message("<pre>" . print_r($results, TRUE));
+ return $results;
+ }
+}
+
+/**
+ * Fetches data via LDAP Query.
+ */
+class FeedsDrupalUserLdapEntryFetcher extends FeedsFetcher {
+
+ /**
+ * Implements FeedsFetcher::fetch().
+ */
+ public function fetch(FeedsSource $source) {
+ $source_config = $source->getConfigFor($this);
+ $result = new FeedsDrupalUserLdapEntryFetcherResult($source_config);
+ return $result;
+ }
+
+ /**
+ * Override parent::configDefaults().
+ */
+ public function configDefaults() {
+ return array(
+ 'filterLdapAuthenticated' => array(),
+ 'availableDrupalUserAttributes' => ldap_feeds_drupal_user_attributes(),
+ 'filterRoles' => array(),
+ );
+ }
+
+ /**
+ * Override parent::configForm().
+ */
+ public function configForm(&$form_state) {
+
+ $form = array();
+ $form['filterLdapAuthenticated'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Only return ldap authenticated users.'),
+ '#default_value' => $this->config['filterLdapAuthenticated'],
+ '#description' => t('If checked, only users who are associated with ldap accounts will be returned.'),
+ );
+
+ return $form;
+ }
+
+ /**
+ * Override parent::sourceFormValidate().
+ */
+ public function sourceFormValidate(&$values) {
+
+ }
+
+ /**
+ * Override parent::sourceForm().
+ */
+ public function sourceForm($source_config) {
+ $tokens = array(
+ '!edit_link' => l(t('Edit Feed'), 'admin/structure/feeds/edit/' . $this->id),
+ );
+
+ $form_state = array();
+ $form = $this->configForm($form_state);
+ $form['addendum'] = array(
+ '#type' => 'markup',
+ '#markup' => t('This import is configured at !edit_link.', $tokens),
+ );
+
+ return $form;
+ }
+
+
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsLdapEntryParser.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsLdapEntryParser.inc
new file mode 100644
index 0000000..0090df4
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsLdapEntryParser.inc
@@ -0,0 +1,141 @@
+<?php
+
+/**
+ * @file
+ *
+ * Provides the Parser for an ldap entry array.
+ */
+
+class FeedsLdapEntryParser extends FeedsParser {
+ public $ldap_result;
+
+ /**
+ * Implements FeedsParser::parse().
+ */
+ public function parse(FeedsSource $source, FeedsFetcherResult $fetcher_result) {
+
+ $mappings = feeds_importer($this->id)->processor->config['mappings'];
+ $ldap_entries = $fetcher_result->ldap_result;
+ $parsed_items = array();
+ for ($i = 0; $i < $ldap_entries['count']; $i++) {
+ $ldap_entry = $ldap_entries[$i];
+ $parsed_item = array('dn' => (string)$ldap_entry['dn']);
+ foreach ($mappings as $j => $map) {
+ $source = $map['source'];
+ if (isset($ldap_entry['attr'])) {
+ // exception need because of unconvential format of ldap data returned from $ldap_server->user_lookup
+ $ldap_attributes = $ldap_entry['attr'];
+ }
+ else {
+ $ldap_attributes = $ldap_entry;
+ }
+ if ($source != 'dn' && isset($ldap_attributes[$source][0])) {
+ if ($ldap_attributes[$source]['count'] == 1 && is_scalar($ldap_attributes[$source][0])) {
+ $parsed_item[$source] = (string)$ldap_attributes[$source][0];
+ }
+/** removed until design decisions on multivalued attributes are made
+ elseif ($ldap_entry['count'] > 1) {
+ switch ($this->config['multivalued']) {
+ case LDAP_FEEDS_QUERY_FETCHER_MULTI_COMMA:
+ unset($ldap_entry[$source]['count']);
+ $parsed_item[$source] = join(',', $ldap_entry[$source]);
+ break;
+ case LDAP_FEEDS_QUERY_FETCHER_MULTI_SHOW_FIRST:
+ $parsed_item[$source] = $ldap_entry[$source][0];
+ break;
+
+ case LDAP_FEEDS_QUERY_FETCHER_MULTI_IGNORE:
+ break;
+
+ case LDAP_FEEDS_QUERY_FETCHER_MULTI_ARRAY:
+ for ($k = 0; $k < $ldap_entry[$source]['count'] - 1; $k++) {
+ if (is_scalar($ldap_entry[$source][$k])) {
+ $parsed_item[$source . '[' . $k . ']'] = (string)$ldap_entry[$source][$k];
+ }
+ }
+ }
+ }
+ */
+ }
+ }
+ $parsed_items[] = $parsed_item;
+ }
+ $result = new FeedsParserResult();
+ $result->items = $parsed_items;
+ return $result;
+ }
+
+
+ /**
+ * Source form.
+ */
+ public function sourceForm($source_config) {
+ $form = array();
+ $mappings = feeds_importer($this->id)->processor->config['mappings'];
+ if (empty($source_config)) {
+ $source_config = $this->config;
+ }
+ return $form;
+ }
+
+ /**
+ * Override parent::configFormValidate().
+ */
+ public function configFormValidate(&$values) {
+ $this->setConfig(array('sources' => $values));
+ $this->save();
+ }
+
+
+ /**
+ * Override parent::getMappingSources().
+ */
+ public function getMappingSources() {
+ return FALSE;
+ }
+
+ /**
+ * Override parent::configDefaults().
+ */
+ public function configDefaults() {
+ /** removed until design decisions on multivalued attributes are made
+ return array(
+ 'multivalued' => LDAP_FEEDS_QUERY_FETCHER_MULTI_DEFAULT,
+ );
+
+ */
+ return array();
+ }
+
+ /**
+ * Override parent::configForm().
+ */
+ public function configForm(&$form_state) {
+ $form = array();
+
+ /** removed until design decisions on multivalued attributes are made
+ $form['multivalued'] = array(
+ '#type' => 'radios',
+ '#title' => t('How should ldap attribute with mulitple values be parsed?'),
+ '#options' => array(
+ LDAP_FEEDS_QUERY_FETCHER_MULTI_COMMA => 'Flatten and separate with commas. The source name will be the attribute name such as "memberof"',
+ LDAP_FEEDS_QUERY_FETCHER_MULTI_SHOW_FIRST => 'Only use first value. The source name will be the attribute name such as "memberof"',
+ LDAP_FEEDS_QUERY_FETCHER_MULTI_IGNORE => 'Ignore these. The data is problematic anyway. Data will be discarded by parser.',
+ LDAP_FEEDS_QUERY_FETCHER_MULTI_ARRAY => 'Give each value its own key, such as memberof[0] and memberof[1]. The source name will be memberof[0], memberof[1], etc.',
+ ),
+ '#default_value' => $this->config['multivalued'],
+ '#description' => 'For example, in the Active Directory the memberof attribute will have many items, each representing a group.
+ Generally this data is hard to map to anything other than a flattenned version such as a comma separated list.
+ '#default_value' => LDAP_FEEDS_QUERY_FETCHER_DEFAULT,
+ );
+
+ */
+
+ return $form;
+ }
+
+ public function sourceDefaults() {
+ return array();
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsLdapQueryFetcher.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsLdapQueryFetcher.inc
new file mode 100644
index 0000000..abfe08c
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/FeedsLdapQueryFetcher.inc
@@ -0,0 +1,119 @@
+<?php
+
+/**
+ * @file
+ * FeedsLdapQueryFetcher
+ */
+
+
+/**
+ * FeedsLdapQueryFetcherResult
+ */
+class FeedsLdapQueryFetcherResult extends FeedsFetcherResult {
+ public $query_ids = array();
+ public $ldap_result;
+
+ /**
+ * Constructor.
+ */
+ public function __construct($source_config) {
+ $this->query_ids = (isset($source_config['query_ids']) && is_array($source_config['query_ids'])) ? $source_config['query_ids'] : array();
+ parent::__construct('');
+ $this->ldap_result = $this->getRaw();
+ return $this->ldap_result;
+ }
+
+ /**
+ * Overrides parent::getRaw();
+ */
+ public function getRaw() {
+
+ $results = array();
+ foreach ($this->query_ids as $i => $query_id) {
+ $ldapQuery = ldap_query_get_queries($query_id, 'enabled', TRUE);
+ $more_results = $ldapQuery->query();
+ if (is_array($more_results)) {
+ $results = array_merge($results, $more_results);
+ }
+ }
+ return $results;
+ }
+}
+
+/**
+ * Fetches data via LDAP Query.
+ */
+class FeedsLdapQueryFetcher extends FeedsFetcher {
+
+ /**
+ * Implements FeedsFetcher::fetch().
+ */
+ public function fetch(FeedsSource $source) {
+ $source_config = $source->getConfigFor($this);
+ $result = new FeedsLdapQueryFetcherResult($source_config);
+ return $result;
+ }
+
+
+ /**
+ * Override parent::configDefaults().
+ */
+ public function configDefaults() {
+ return array(
+ 'query_ids' => array(),
+ );
+ }
+
+ /**
+ * Override parent::configForm().
+ */
+ public function configForm(&$form_state) {
+ $queries = ldap_query_get_queries(NULL, 'enabled');
+ $query_options = array(0 => '--- select one or more queries ---');
+ foreach ($queries as $qid => $query) {
+ $query_options[$qid] = $query->name;
+ }
+ $form = array();
+ $form['query_ids'] = array(
+ '#type' => 'select',
+ '#title' => t('LDAP Query'),
+ '#multiple' => TRUE,
+ '#size' => min(10, count($query_options)),
+ '#required' => TRUE,
+ '#default_value' => $this->config['query_ids'],
+ '#description' => t('If more than one query is selected, results from all the queries will be returned.') .
+ ' ' .
+ t('Queries can be added and edited at !link', array('!link' => l(t('LDAP Query Admin'), LDAP_QUERY_INDEX_BASE_PATH))),
+ '#options' => $query_options,
+ );
+
+ return $form;
+ }
+
+ /**
+ * Override parent::sourceForm().
+ */
+ public function sourceForm($source_config) {
+
+ $tokens = array(
+ '!edit_link' => l(t('Edit Feed'), 'admin/structure/feeds/edit/' . $this->id),
+ );
+
+ $form_state = array();
+ $form = $this->configForm($form_state);
+ $form['preamble'] = array(
+ '#type' => 'markup',
+ '#markup' => t('This import is configured at !edit_link.', $tokens),
+ );
+
+ return $form;
+ }
+
+ /**
+ * Override parent::sourceFormValidate().
+ */
+ public function sourceFormValidate(&$values) {
+ // could execute query and see if it returns anything for validation
+ }
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/README.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/README.txt
new file mode 100644
index 0000000..ac9a918
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/README.txt
@@ -0,0 +1,9 @@
+
+- Documentation:
+ http://drupal.org/node/1300810
+
+- LDAP Feeds Example: Synch LDAP Data to Drupal User
+ http://drupal.org/node/1300812
+
+- LDAP Feeds Query Fetcher Example:
+ http://drupal.org/node/1300822
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/TODO.txt b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/TODO.txt
new file mode 100644
index 0000000..f010ce7
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/TODO.txt
@@ -0,0 +1,11 @@
+
+- add ldap token evaluation to feeds such that multiple attributes can be parsed
+- add functionality to populate user->data['ldap_authentication'] and other user populating data
+- simpletests
+- documenation of use cases
+- inclusion of sample feeds as exportables
+- deal with multivalued attributes. this is already built into tokenization and should be resolved from there by
+ using token nameing structure there. see ldap_server_tokenize_entry() function and http://drupal.org/node/1245736
+- create mapper for feeds user processor for user->data array
+- add mapper/processor hook for creating ldap authmapping option on importing. does this need to extend user processor?
+- figure out how to programmatically call importer on user logon so importer can execute post logon
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/ldap_feeds.info b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/ldap_feeds.info
new file mode 100644
index 0000000..80852cc
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/ldap_feeds.info
@@ -0,0 +1,20 @@
+name = LDAP Feeds
+description = VERY MUCH IN ALPHA STATE. Included feeds fetcher for a generic ldap query and ldap entry parser to turn fetcher data into feeds compatible parser result. Used to automate content creation based on ldap queries.
+
+package = "Lightweight Directory Access Protocol"
+
+dependencies[] = feeds
+dependencies[] = ldap_servers
+dependencies[] = ldap_query
+
+configure = admin/structure/feeds
+
+core = 7.x
+php = 5.2
+
+; Information added by drupal.org packaging script on 2012-06-14
+version = "7.x-1.0-beta11"
+core = "7.x"
+project = "ldap"
+datestamp = "1339643179"
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/ldap_feeds.module b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/ldap_feeds.module
new file mode 100644
index 0000000..b722c92
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/ldap_feeds.module
@@ -0,0 +1,175 @@
+<?php
+
+
+/**
+ * Implements hook_feeds_plugins().
+ */
+function ldap_feeds_feeds_plugins() {
+
+ $path = drupal_get_path('module', 'ldap_feeds');
+ $info = array();
+
+ $info['FeedsLdapQueryFetcher'] = array(
+ 'name' => 'LDAP Query Fetcher',
+ 'description' => 'Fetch content from ldap query',
+ 'handler' => array(
+ 'parent' => 'FeedsFetcher', // This is the key name, not the class name.
+ 'class' => 'FeedsLdapQueryFetcher',
+ 'file' => 'FeedsLdapQueryFetcher.inc',
+ 'path' => $path,
+ ),
+ );
+
+ $info['FeedsDrupalUserLdapEntryFetcher'] = array(
+ 'name' => 'Drupal User LDAP Entry Fetcher',
+ 'description' => 'Fetches one entry for each LDAP authenticated user. Fetches both LDAP entry attributes such as
+ <code>cn, dn,</code> etc.
+ and Drupal user data such as <code>uid, name, mail, created, status, language, </code>and <code>signature</code>.',
+ 'handler' => array(
+ 'parent' => 'FeedsFetcher', // This is the key name, not the class name.
+ 'class' => 'FeedsDrupalUserLdapEntryFetcher',
+ 'file' => 'FeedsDrupalUserLdapEntryFetcher.inc',
+ 'path' => $path,
+ ),
+ );
+
+ $info['FeedsLdapEntryParser'] = array(
+ 'name' => t('LDAP Entry Parser for Feeds'),
+ 'description' => t('Parse an LDAP Entry Array'),
+ 'handler' => array(
+ 'parent' => 'FeedsParser',
+ 'class' => 'FeedsLdapEntryParser',
+ 'file' => 'FeedsLdapEntryParser.inc',
+ 'path' => $path,
+ ),
+ );
+
+ return $info;
+
+}
+
+/**
+ * Implements hook_enable().
+ *
+ * Clear Feed's plugin cache so that this plugin shows up.
+ */
+function ldap_feeds_enable() {
+ cache_clear_all('plugins:feeds:plugins', 'cache');
+}
+
+function ldap_feeds_drupal_user_attributes() {
+
+ $attributes = array(
+ 'uid' => array('token' => 'drupal.uid', 'description' => 'Drupal used id. e.g. 413'),
+ 'name' => array('token' => 'drupal.name', 'description' => 'Drupal username. e.g. jdoe'),
+ 'mail' => array('token' => 'drupal.mail', 'description' => 'Drupal email address. e.g. jdoe@gmail.com'),
+ 'created' => array('token' => 'drupal.created', 'description' => 'Drupal account created timestamp in unix e.g. 432432432'),
+ 'status' => array('token' => 'drupal.status', 'description' => 'Drupal user status e.g. 1 or 0'),
+ 'language' => array('token' => 'drupal.language', 'description' => 'Drupal language.'),
+ 'signature' => array('token' => 'drupal.signature', 'description' => 'Drupal signature. e.g. Happy Joe'),
+ 'login' => array('token' => 'drupal.login', 'description' => 'Drupal unix timestamp of last login e.g. 1317494439'),
+ 'init' => array('token' => 'drupal.init', 'description' => 'Drupal user init e.g. jdoe@gmail.com'),
+ );
+ // ldap_authentication and some other modules may want to add additional drupal user tokens
+ // largely derived from the $user->data array, but possibly from related data such as authmaps
+ // some use cases for alter are simply edge cases
+
+ drupal_alter('ldap_feeds_drupal_user_attributes', $attributes);
+
+ return $attributes;
+}
+
+/**
+ * show some sample ldap user data to help with mapping interface
+ */
+
+function ldap_feeds_form_feeds_ui_mapping_form_alter(&$form, &$form_state, $form_id) {
+
+ if (@$form['#importer']->config['fetcher']['plugin_key'] == 'FeedsDrupalUserLdapEntryFetcher') {
+ ldap_feeds_drupal_user_legend($form);
+ }
+ elseif (@$form['#importer']->config['fetcher']['plugin_key'] == 'FeedsLdapQueryFetcher') {
+ ldap_feeds_query_legend($form);
+ }
+}
+
+/**
+ * add additional data to mapping form for ldap query fetcher
+ */
+function ldap_feeds_query_legend(&$form) {
+
+ /**
+ $importer = feeds_importer($form['#importer']->id);
+ $source = feeds_source($form['#importer']->id);
+ $fetcher_result = new FeedsLdapQueryFetcher($source->config);
+ $records = $fetcher_result->getRaw(); // FeedsSource $source
+
+ foreach ($records[0] as $field_name => $value) {
+ $sources[$field_name] = array(
+ 'name' => array('#markup' => $field_name),
+ 'description' => array('#markup' => _ldap_feeds_query_legend($records, $field_name)));
+ }
+ $form['legendset']['#description'] = t('Name column is the value that should go in the SOURCE column above. Description column are from first few records of query in fetcher.', $tokens);
+ $form['legendset']['legend']['sources'] = $sources;
+ **/
+
+}
+
+function _ldap_feeds_query_legend($records, $field_name) {
+ $examples = array();
+ foreach ($records as $i => $record) {
+ $examples[] = $record[$field_name];
+ if ($i > 5 ) {
+ break;
+ }
+ }
+ return join(', ', array_filter($examples));
+}
+/**
+ * add additional data to mapping form for drupal user fetcher
+ */
+function ldap_feeds_drupal_user_legend(&$form) {
+
+ $sources = array();
+ $servers = ldap_servers_get_servers(NULL, 'enabled');
+ $form['legendset']['#description'] = "";
+ $drupal_user_attributes = $form['#importer']->config['fetcher']['config']['availableDrupalUserAttributes'];
+
+ foreach ($drupal_user_attributes as $attr_name => $attr_conf) {
+ $id = $attr_conf['token'];
+ $sources[$id] = array('name' => array('#markup' => $id), 'description' => array('#markup' => ''));
+ }
+
+ foreach ($servers as $sid => $ldap_server) {
+ if ($ldap_server->testingDrupalUsername) {
+ $account = user_load_by_name($ldap_server->testingDrupalUsername);
+
+ foreach ($drupal_user_attributes as $attr_name => $attr_conf) {
+ $id = $attr_conf['token'];
+ if ($account) {
+ $sources[$id] = array('name' => array('#markup' => $id), 'description' => array('#markup' => $account->{$attr_name}));
+ }
+ }
+
+ $user_ldap_entry = ldap_servers_get_user_ldap_data($ldap_server->testingDrupalUsername, $sid);
+ foreach ($user_ldap_entry['attr'] as $id => $value) {
+ if (!is_numeric($id) && is_scalar($user_ldap_entry['attr'][$id][0]) && $user_ldap_entry['attr'][$id]['count'] == 1) {
+ $sources[$id] = array('name' => array('#markup' => $id), 'description' => array('#markup' => $user_ldap_entry['attr'][$id][0]));
+ }
+ elseif ($user_ldap_entry['attr'][$id]['count'] > 1) {
+ $item = t('MULTIVALUED ATTRIBUTE:') . join(" , \n", $user_ldap_entry['attr'][$id]);
+ $sources[$id] = array('name' => array('#markup' => $id), 'description' => array('#markup' => $item));
+ }
+ }
+ $form['legendset']['#description'] .= t('LDAP Attributes in the source "description" column are from testing ldap user (%testing_user) on the server %sid, which is configured in
+ the ldap server form.', array('%sid' => $sid, '%testing_user' => $ldap_server->testingDrupalUsername));
+ }
+ else {
+ foreach (array('dn' => 'distinguished name', 'cn' => 'cname') as $id => $value) {
+ $sources[$id] = array('name' => array('#markup' => $id), 'description' => array('#markup' => $value));
+ }
+ }
+ }
+ $form['legendset']['legend']['sources'] = $sources;
+
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/tests/LdapServerTestData.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/tests/LdapServerTestData.inc
new file mode 100644
index 0000000..f3bdf41
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/tests/LdapServerTestData.inc
@@ -0,0 +1,143 @@
+<?php
+// $Id: LdapServerTest.class.inc,v 1.4.2.1 2011/02/08 06:01:00 johnbarclay Exp $
+
+/**
+ * @file
+ * test configurations for LdapServerTest.class.php
+ * file name should be of form LdapServerTestData.<sid>.inc
+ * where sid is the server id data is used for.
+ *
+ */
+
+$test_data = array();
+
+/**
+ * $test_data['properties'] are all the initial properties of the instantiated LdapServerTest object
+ */
+
+$test_data['server']['properties'] = array(
+
+ 'sid' => 'ldapfeeds',
+ 'name' => 'Test LDAP Server 1 for LDAP Authorization' ,
+ 'inDatabase' => TRUE,
+ 'status' => 1,
+ 'ldap_type' => 'ad',
+ 'address' => 'ad.myuniversity.edu',
+ 'port' => 389,
+ 'tls' => FALSE,
+ 'bind_method' => LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT,
+ 'basedn' => array(
+ 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=education,dc=ad,dc=myuniversity,dc=edu',
+ 'ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ ),
+ 'binddn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'bindpw' => 'goodpwd',
+ 'user_dn_expression' => 'user_dn_expression',
+ 'user_attr' => 'sAMAccountName',
+ 'mail_attr' => 'mail',
+ 'ldapToDrupalUserPhp' => NULL,
+ 'testingDrupalUsername' => 'jdoe',
+ 'groupObjectClass' => 'group',
+
+ );
+
+/**
+ *
+ * method responses are stored in array $test_data['methodResponses']
+ * where keys are:
+ * <method_name>
+ * parameter1,
+ * parameter2,
+ * ...
+ *
+ * and value is the response test ldap server is expected to return. values
+ * can be scalar, array, object, etc, depending on what the method being mimicked
+ * is expected to return
+ */
+
+$test_data['server']['methodResponses']['connect'] = LDAP_SUCCESS;
+
+$test_data['server']['search_results']['objectclass=user']['ou=campus accounts,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array(
+ 'count' => 4,
+ 'dn' => 'cn=jkool,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => 'jkool@myuniversity.edu',
+ 'cn' => 'jkool',
+ 'sn' => 'kool',
+ ),
+ 1 => array(
+ 'count' => 4,
+ 'dn' => 'cn=bkool,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => 'bkool@myuniversity.edu',
+ 'cn' => 'bkool',
+ 'sn' => 'kool',
+ ),
+ 2 => array(
+ 'count' => 4,
+ 'dn' => 'cn=rkool,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => 'rkool@myuniversity.edu',
+ 'cn' => 'rkool',
+ 'sn' => 'kool',
+ ),
+ 'count' => 3,
+ );
+
+$test_data['server']['search_results']['(member=cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu)']['ou=groups,dc=ad,dc=myuniversity,dc=edu'] = array(
+ 0 => array('count' => 1, 'dn' => 'cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu'),
+ 'count' => 1,
+ );
+
+/**
+ * fake user data array below 'attr' should mimick ldap user result data
+ */
+$test_data['server']['users']['cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jdoe,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jdoe@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jdoe', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
+
+
+$test_data['server']['users']['cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=jkool,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'jkool@guests.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$test_data['server']['users']['cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=unkool,ou=lost,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'unkool@nowhere.myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'jkool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'memberOf' => array( 0 => 'cn=unknown_people,ou=nowhere,dc=ad,dc=myuniversity,dc=edu', 'count' => 1),
+ );
+
+$test_data['server']['users']['cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=verykool,ou=special guests,ou=guest accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'verykool@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'verykool', 'count' => 1),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ 'meMBErof' => array(
+ 0 => 'cn=sysadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 1 => 'CN=NETadmins,ou=it,dc=ad,dc=myuniversity,dc=edu',
+ 'count' => 2,
+ ),
+ );
+
+
+/**
+ * test users should include service account if one is being used
+ */
+$test_data['server']['users']['cn=service-account,dc=ad,dc=myuniversity,dc=edu']['attr'] = array(
+ 'dn' => 'cn=service-account,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => array( 0 => 'service-account@myuniversity.edu', 'count' => 1),
+ 'sAMAccountName' => array( 0 => 'service-account', 'count' => 1),
+ 'memberOf' => array(
+ 0 => 'CN=service_accounts,OU=ServiceAccountGroups,DC=ad,DC=myuniversity,DC=edu',
+ 'count' => 2,
+ ),
+ 'password' => array( 0 => 'goodpwd', 'count' => 1),
+ );
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/tests/feeds_ldap_query_fetcher.test b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/tests/feeds_ldap_query_fetcher.test
new file mode 100644
index 0000000..bb9b395
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_feeds/tests/feeds_ldap_query_fetcher.test
@@ -0,0 +1,167 @@
+<?php
+// $Id: $
+
+/**
+ * @file
+ * File fetcher tests.
+ */
+
+
+
+require_once(drupal_get_path('module', 'feeds') . '/tests/feeds.test.inc');
+
+class LdapFeedsTestCase extends FeedsWebTestCase {
+
+ /**
+ * Describe this test.
+ */
+ public function getInfo() {
+ return array(
+ 'name' => t('Ldap query fetcher'),
+ 'description' => t('Tests for Ldap query fetcher.'),
+ 'group' => t('LDAP'),
+ );
+ }
+
+ public $testFunctions;
+
+
+ function setUp() {
+ parent::setUp(array('ldap_servers')); // don't need any real servers, configured, just ldap_servers code base
+ variable_set('ldap_simpletest', 1);
+ }
+
+
+ function tearDown() {
+ parent::tearDown();
+ variable_del('ldap_simpletest');
+ }
+
+/**
+ * prepTestData create fake ldap server configuration.
+ *
+ * @param string $testid the name of the test. used to determine which configuration file to include
+ * @return object consumer configuration object (class = LdapAuthorizationConsumerConfAdmin)
+ *
+ */
+ function prepTestData($testid) {
+ $this->testFunctions = new LdapTestFunctions();
+ // create fake ldap server configuration instance
+ include(drupal_get_path('module', 'ldap_feeds') . '/tests/LdapServerTestData.inc');
+ $this->testFunctions->prepTestServers($test_data['servers']);
+
+ }
+
+
+ // see readme.txt for test steps also.
+
+ /**
+ * This test should create a complete importer
+ */
+ //public function testLdapQueryFetcherAndParser() {
+
+
+ /** the following code is not finished or tested
+ $test_id = 'LdapQueryFetcherAndParser';
+ $conf_id = 'LdapQueryFetcherAndParser';
+ $consumer_conf_admin = $this->prepTestData($conf_id);
+
+ // Set up an importer.
+ $this->createImporterConfiguration('Node import', 'node');
+
+ // 1. create importer (Basic Settings at admin/structure/feeds/edit/node/settings)
+ $basic_settings = array(
+ 'name' => 'ldap_test_importer',
+ 'description' => 'ldap_test_importer',
+ 'content_type' => '',
+ );
+ $this->drupalPost('admin/structure/feeds/edit/node/settings', $basic_settings, 'Save');
+
+
+ // 2. setup fetcher
+ $this->setPlugin('node', 'FeedsLdapQueryFetcher');
+ $fetcher_conf = array(
+ 'sid' => 'ldapfeeds',
+ 'basedn' => 'ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'filter' => 'objectclass=user',
+ 'attributes' => '"dn","mail","cn","sn"',
+ 'sizelimit' => 5
+ );
+ $this->drupalPost('admin/structure/feeds/edit/node/settings/FeedsLdapQueryFetcher', $fetcher_conf, 'Save');
+
+ // 3. set parser.
+ $this->setPlugin('node', 'FeedsLdapEntryParser');
+ // no settings for parser.
+
+
+ // 4. set processor
+ $this->setPlugin('node', 'FeedsNodeProcessor');
+ //@todo need to have field_sn and field_mail in this content type.
+ $bundle = $this->createContentType(NULL, array(
+ 'field_sn' => 'text',
+ 'field_mail' => 'text',
+ ));
+ $mappings = array(
+ '0' => array(
+ 'source' => 'dn',
+ 'target' => 'title',
+ ),
+ '1' => array(
+ 'source' => 'cn',
+ 'target' => 'body',
+ ),
+ '2' => array(
+ 'source' => 'sn',
+ 'target' => 'field_sn',
+ ),
+ '3' => array(
+ 'source' => 'mail',
+ 'target' => 'field_mail',
+ ),
+ );
+ $this->addMappings('node', $mappings);
+
+ //@todo what is path to import without feed node?
+ $edit = array();
+ $this->drupalPost('import/test_ldap', $edit, t('Import'));
+ $this->assertText('Created 3 nodes');
+
+ $query = new EntityFieldQuery;
+
+ $entities = $query
+ ->entityCondition('entity_type', 'node')
+ ->entityCondition('bundle', $bundle)
+ ->fieldOrderBy('field_mail', 'value', 'ASC')
+ ->execute();
+ $nodes = entity_load('node', array_keys($entities['node']));
+
+ /**
+ *
+ 0 => array(
+ 'count' => 4,
+ 'dn' => 'cn=bkool,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => 'bkool@myuniversity.edu',
+ 'cn' => 'bkool',
+ 'sn' => 'kool',
+ ),
+
+ * 1 => array(
+ 'count' => 4,
+ 'dn' => 'cn=jkool,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => 'jkool@myuniversity.edu',
+ 'cn' => 'jkool',
+ 'sn' => 'kool',
+ ),
+
+ 2 => array(
+ 'count' => 4,
+ 'dn' => 'cn=rkool,ou=campus accounts,dc=ad,dc=myuniversity,dc=edu',
+ 'mail' => 'rkool@myuniversity.edu',
+ 'cn' => 'rkool',
+ 'sn' => 'kool',
+ ),
+
+ */
+
+ // }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.css b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.css
new file mode 100644
index 0000000..fec2122
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.css
@@ -0,0 +1,10 @@
+/* $Id: ldap_help.css,v 1.1 2011/02/07 23:12:23 johnbarclay Exp $ */
+ form#dblog-filter-form div#edit-type-wrapper,
+table#admin-dblog th img
+{ display: none;}
+code.export-summary {font-weight: normal;}
+
+table#admin-dblog th a,
+table#admin-dblog th {text-decoration: none; color: #000000;}
+th code {}
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.info b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.info
new file mode 100644
index 0000000..134f3b2
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.info
@@ -0,0 +1,14 @@
+; $Id: ldap_help.info,v 1.1.2.1 2011/02/08 20:05:41 johnbarclay Exp $
+name = LDAP Help
+description = "LDAP Help for configuration and reporting issues."
+package = "Lightweight Directory Access Protocol"
+core = 7.x
+
+dependencies[] = ldap_servers
+
+; Information added by drupal.org packaging script on 2012-06-14
+version = "7.x-1.0-beta11"
+core = "7.x"
+project = "ldap"
+datestamp = "1339643179"
+
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.install b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.install
new file mode 100644
index 0000000..a547563
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.install
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @file
+ * LDAP Help Install File
+ */
+
+
+/**
+ * Implements hook_uninstall().
+ */
+function ldap_help_uninstall() {
+ //$result = db_query('DELETE FROM {variables} WHERE name like "ldap_authentication_%"');
+ variable_del('ldap_help_watchdog_detail');
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.issues.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.issues.inc
new file mode 100644
index 0000000..f82b3d7
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.issues.inc
@@ -0,0 +1,60 @@
+<?php
+// $Id: ldap_help.module,v 1.1.2.1 2011/02/08 06:14:20 johnbarclay Exp $
+
+/**
+ * @file
+ * The ldap_help issues provides a filtered watchdog view for ldap issues.
+ *
+ */
+
+function ldap_help_issues() {
+
+ $text = '<h3>' . t('LDAP Help Module') . '</h3><p>' .
+ t('How to report bugs in LDAP Project.') . '</p>';
+ ldap_server_module_load_include('inc', 'ldap_help', 'ldap_help.status');
+ $ldap_config = ldap_help_status('html');
+
+ $path = drupal_get_path("module", "ldap_servers");
+
+ $text .= <<<EOT
+
+ <ol>
+ <li>Search for existing issues. Include all statuses and versions
+ in you search; a closed issue may be relevant.
+<a href="http://drupal.org/project/issues/search/ldap">http://drupal.org/project/issues/search/ldap</a>
+</li>
+
+ </ul>
+</li>
+
+
+<li>Look for common problems/solutions at: <a href="http://drupal.org/node/997082">http://drupal.org/node/997082</a>.
+This is editable, so actively participate in updateing this documentation.
+
+</li>
+<li>
+Additional directions are at the beginning of the add issue form at
+<a href="http://drupal.org/node/add/project-issue/ldap">http://drupal.org/node/add/project-issue/ldap.</a>
+
+</li>
+
+</ul>
+
+</li>
+
+
+</ol>
+
+<div style="border: 1px solid #000000; padding: 10px; margin: 10px; text-align: center;">
+ <p>Cut and past the html below into a file called<code>ldap_config.html</code> and attach it when reporting errors.
+ <br/>The table below is the same. Check that no sensitive data is in it.</p>
+ <form>
+ <textarea rows=10 cols=120 border=1 style="border: 1px solid #000000">$ldap_config</textarea>
+ </form>
+</div>
+$ldap_config
+EOT;
+
+
+ return $text;
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.module b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.module
new file mode 100644
index 0000000..d46ad6f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.module
@@ -0,0 +1,91 @@
+<?php
+// $Id: ldap_help.module,v 1.1.2.1 2011/02/08 06:14:20 johnbarclay Exp $
+/**
+ * @file
+ * The ldaphelp module is a module to help admins debug ldap_integration modules.
+ *
+ */
+
+
+
+/**
+ * Implements hook_init().
+ */
+function ldap_help_init() {
+ drupal_add_css(drupal_get_path('module', 'ldap_help') . '/ldap_help.css', 'module');
+}
+
+/**
+ * Implements hook_menu().
+ */
+function ldap_help_menu() {
+ $items = array();
+ $items['admin/config/people/ldap/help'] = array(
+ 'title' => 'Help',
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 9,
+ 'description' => 'Debugging and Configuration Help with LDAP',
+ 'file' => 'ldap_help.resources.inc',
+ 'page callback' => 'ldap_help_main',
+ 'access arguments' => array('administer site configuration'),
+ );
+
+ $items['admin/config/people/ldap/help/intro'] = array(
+ 'title' => 'Resources',
+ 'type' => MENU_DEFAULT_LOCAL_TASK,
+ );
+
+ $items['admin/config/people/ldap/help/status'] = array(
+ 'title' => 'Status',
+ 'description' => 'LDAP status page',
+ 'page callback' => 'ldap_help_status',
+ 'access arguments' => array('administer site configuration'),
+ 'file' => 'ldap_help.status.inc',
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 4,
+ );
+
+ $items['admin/config/people/ldap/help/watchdog'] = array(
+ 'title' => 'Watchdog',
+ 'description' => 'LDAP watchdog logs',
+ 'page callback' => 'ldap_help_watchdog',
+ 'access arguments' => array('administer site configuration'),
+ 'file' => 'ldap_help.watchdog.inc',
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 5,
+ );
+
+ $items['admin/config/people/ldap/help/issues'] = array(
+ 'title' => 'Issue Reporting',
+ 'description' => 'Creating LDAP Issue Queue Items',
+ 'page callback' => 'ldap_help_issues',
+ 'access arguments' => array('administer site configuration'),
+ 'file' => 'ldap_help.issues.inc',
+ 'type' => MENU_LOCAL_TASK,
+ 'weight' => 7,
+ );
+
+ return $items;
+}
+
+function ldap_help_form_ldap_servers_settings_alter(&$form, &$form_state) {
+ $form['watchdog_detail'] = array('#type' => 'fieldset', '#title' => t('Log detailed LDAP Actions'));
+ $form['watchdog_detail']['watchdog_detail'] = array(
+ '#type' => 'checkbox',
+ '#title' => t('Enabled Detailed LDAP Watchdog logging. This is generally for
+ debugging and reporting issues with the ldap modules and should not be left
+ on.'),
+ '#default_value' => variable_get('ldap_help_watchdog_detail', 0),
+ );
+ $form['#submit'][] = 'ldap_help_watchdog_detail_submit';
+}
+
+
+function ldap_help_watchdog_detail_submit($form, &$form_state) {
+ if ($form_state['submitted']) {
+ $watchdog_detail = $form_state['values']['watchdog_detail'];
+ if ($watchdog_detail != variable_get('ldap_help_watchdog_detail', 0)) {
+ variable_set('ldap_help_watchdog_detail', $watchdog_detail);
+ }
+ }
+}
diff --git a/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.resources.inc b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.resources.inc
new file mode 100644
index 0000000..705243f
--- /dev/null
+++ b/kolab.org/www/drupal-7.15/sites/all/modules/ldap/ldap_help/ldap_help.resources.inc
@@ -0,0 +1,61 @@
+<?php
+// $Id: ldap_help.resources.inc,v 1.1 2011/02/07 23:12:23 johnbarclay Exp $
+/**
+ * @file
+ * The ldap_help resources are just links.
+ *
+ */
+function ldap_help_main() {
+
+ $text = '<h3>' . t('LDAP Help Module') . '</h3><p>' .
+ t('This module is meant to assist Drupal admins in configuring, debugging, sharing, and submitting
+ support and bug request related to LDAP modules.') . '<strong><em> ' .
+ t('LDAP Help Module should be disabled unless you are debugging or configuring ldap problems.') . ' </em></strong>' .
+ t('It adds no functionality to the LDAP modules.') . '</p>';
+
+ $path = drupal_get_path("module", "ldap_servers");
+
+ $text .= <<<EOT
+
+ <h3>LDAP Module Resources</h3>
+ <ul>
+ <li>The <a href="http://drupal.org/node/997082">Drupal.org Documentation</a> covers basics of module.</li>
+ <li>Search <a href="http://drupal.org/project/issues/search/ldap">issue queue</a> For best results,
+ select version and category before searching.</li>
+ <li><a href="http://drupal.org/project/issues/ldap">View all issues</a></li>
+ <li><a href="http://docs.moodle.org/20/en/LDAP_authentication">Moodle LDAP module documentation</a> is
+ well done and provides insight into LDAP in a PHP environment.</li>
+ </ul>
+
+ <h3>Your local LDAP Documentation and Administrators</h3>
+ <p>You would be surprised how much is documented about your local ldap. Find your organization's LDAP documentation and
+ support staff before you stuggle blindly.