Skip to content
Snippets Groups Projects
Commit a6fb4f90 authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Add an attribute policy (either add, merge or replace values) to AttributeAddFromLDAP. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3375 44740490-163a-0410-bde0-09ae8108e29a
parent be27563d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/ldap/docs/ldap.txt
+ 18
0
View file @ a6fb4f90
......@@ -249,6 +249,24 @@ specific configuration options:
*/
'attributes' => array('mail', 'jpegPhoto' => 'jpegphoto'),
/**
* The attribute policy that defines what to do with attributes that are
* already part of the attributes of the user. Can be one of:
*
* - add: blindly add the values. If the attribute already exists and has
* the same value, the result of the filter will be two equal values.
*
* - merge: carefully merge the values. If a value is already part of
* the attribute, do not add a duplicate.
*
* - replace: if the attribute is present before running the filter,
* replace its values with the ones obtained at this point.
*
* Default: merge
* Required: No
*/
'attribute.policy' => 'merge',
/**
* The search filter to find the user in LDAP.
*
......
modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
+ 30
2
View file @ a6fb4f90
......@@ -48,6 +48,13 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
protected $search_filter;
/**
* What to do with attributes when the target already exists. Either replace, merge or add.
*
* @var string
*/
protected $attr_policy;
/**
* Initialize this filter.
*
......@@ -114,6 +121,9 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
$this->search_attributes[$new_attribute] = $this->config->getString('search.attribute');
}
$this->search_filter = $this->config->getString('search.filter');
// get the attribute policy
$this->attr_policy = $this->config->getString('attribute.policy', 'merge');
}
......@@ -145,11 +155,17 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
$filter = str_replace($arrSearch, $arrReplace, $this->search_filter);
if (strpos($filter, '%') !== FALSE) {
SimpleSAML_Logger::info('There are non-existing attributes in the search filter. ('.
SimpleSAML_Logger::info('AttributeAddFromLDAP: There are non-existing attributes in the search filter. ('.
$this->search_filter.')');
return;
}
if (!in_array($this->attr_policy, array('merge', 'replace', 'add'))) {
SimpleSAML_Logger::warning("AttributeAddFromLDAP: 'attribute.policy' must be one of 'merge',".
"'replace' or 'add'.");
return;
}
// search for matching entries
try {
$entries = $this->getLdap()->searchformultiple($this->base_dn, $filter,
......@@ -164,11 +180,23 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
if (is_numeric($target)) {
$target = $name;
}
if (isset($attributes[$target]) && $this->attr_policy === 'replace') {
unset($attributes[$target]);
}
$name = strtolower($name);
if (isset($entry[$name])) {
unset($entry[$name]['count']);
if (isset($attributes[$target])) {
$attributes[$target] = array_merge($attributes[$target], array_values($entry[$name]));
foreach(array_values($entry[$name]) as $value) {
if ($this->attr_policy === 'merge') {
if (!in_array($value, $attributes[$target])) {
$attributes[$target][] = $value;
}
} else {
$attributes[$target][] = $value;
}
}
} else {
$attributes[$target] = array_values($entry[$name]);
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment