Add an attribute policy (either add, merge or replace values) to AttributeAddFromLDAP.
git-svn-id: http://simplesamlphp.googlecode.com/svn/trunk@3375 44740490-163a-0410-bde0-09ae8108e29a
This commit is contained in:
parent
e5f659b052
commit
22a4768d8e
|
@ -249,6 +249,24 @@ specific configuration options:
|
|||
*/
|
||||
'attributes' => array('mail', 'jpegPhoto' => 'jpegphoto'),
|
||||
|
||||
/**
|
||||
* The attribute policy that defines what to do with attributes that are
|
||||
* already part of the attributes of the user. Can be one of:
|
||||
*
|
||||
* - add: blindly add the values. If the attribute already exists and has
|
||||
* the same value, the result of the filter will be two equal values.
|
||||
*
|
||||
* - merge: carefully merge the values. If a value is already part of
|
||||
* the attribute, do not add a duplicate.
|
||||
*
|
||||
* - replace: if the attribute is present before running the filter,
|
||||
* replace its values with the ones obtained at this point.
|
||||
*
|
||||
* Default: merge
|
||||
* Required: No
|
||||
*/
|
||||
'attribute.policy' => 'merge',
|
||||
|
||||
/**
|
||||
* The search filter to find the user in LDAP.
|
||||
*
|
||||
|
|
|
@ -48,6 +48,13 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
|
|||
protected $search_filter;
|
||||
|
||||
|
||||
/**
|
||||
* What to do with attributes when the target already exists. Either replace, merge or add.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $attr_policy;
|
||||
|
||||
/**
|
||||
* Initialize this filter.
|
||||
*
|
||||
|
@ -114,6 +121,9 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
|
|||
$this->search_attributes[$new_attribute] = $this->config->getString('search.attribute');
|
||||
}
|
||||
$this->search_filter = $this->config->getString('search.filter');
|
||||
|
||||
// get the attribute policy
|
||||
$this->attr_policy = $this->config->getString('attribute.policy', 'merge');
|
||||
}
|
||||
|
||||
|
||||
|
@ -145,11 +155,17 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
|
|||
$filter = str_replace($arrSearch, $arrReplace, $this->search_filter);
|
||||
|
||||
if (strpos($filter, '%') !== FALSE) {
|
||||
SimpleSAML_Logger::info('There are non-existing attributes in the search filter. ('.
|
||||
SimpleSAML_Logger::info('AttributeAddFromLDAP: There are non-existing attributes in the search filter. ('.
|
||||
$this->search_filter.')');
|
||||
return;
|
||||
}
|
||||
|
||||
if (!in_array($this->attr_policy, array('merge', 'replace', 'add'))) {
|
||||
SimpleSAML_Logger::warning("AttributeAddFromLDAP: 'attribute.policy' must be one of 'merge',".
|
||||
"'replace' or 'add'.");
|
||||
return;
|
||||
}
|
||||
|
||||
// search for matching entries
|
||||
try {
|
||||
$entries = $this->getLdap()->searchformultiple($this->base_dn, $filter,
|
||||
|
@ -164,11 +180,23 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
|
|||
if (is_numeric($target)) {
|
||||
$target = $name;
|
||||
}
|
||||
|
||||
if (isset($attributes[$target]) && $this->attr_policy === 'replace') {
|
||||
unset($attributes[$target]);
|
||||
}
|
||||
$name = strtolower($name);
|
||||
if (isset($entry[$name])) {
|
||||
unset($entry[$name]['count']);
|
||||
if (isset($attributes[$target])) {
|
||||
$attributes[$target] = array_merge($attributes[$target], array_values($entry[$name]));
|
||||
foreach(array_values($entry[$name]) as $value) {
|
||||
if ($this->attr_policy === 'merge') {
|
||||
if (!in_array($value, $attributes[$target])) {
|
||||
$attributes[$target][] = $value;
|
||||
}
|
||||
} else {
|
||||
$attributes[$target][] = $value;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$attributes[$target] = array_values($entry[$name]);
|
||||
}
|
||||
|
|
Reference in New Issue