HomeLab/ldap-user-manager
2
0
Fork 0
mirror of https://github.com/wheelybird/ldap-user-manager.git synced 2025-01-18 23:42:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
ldap-user-manager/setup/run_checks.php

236 lines
7.8 KiB
PHP
Raw Normal View History

Initial functioning version, pre-docker.
2018-06-01 17:10:45 +01:00
<?php
include_once("web_functions.inc.php");
include_once("ldap_functions.inc.php");
include_once("module_functions.inc.php");
validate_setup_cookie();
set_page_access("setup");
render_header($WEBSITE_NAME);
$show_finish_button = True;
$ldap_connection = open_ldap_connection();
?>
<script>
$(document).ready(function(){
$('[data-toggle="popover"]').popover();
});
</script>
<div class="form-group">
<form action="<?php print "/$THIS_MODULE_PATH/setup_ldap.php"; ?>" method="post">
<input type="hidden" name="fix_problems">
<div class='container'>
<div class="panel panel-default">
<div class="panel-heading">LDAP connection tests</div>
<div class="panel-body">
<ul class="list-group">
<?php
#Can we connect? The open_ldap_connection() function will call die() if we can't.
print "$li_good Connected to ${LDAP['uri']}</li>\n";
#TLS?
if ($LDAP['starttls'] && $ENCRYPTED == True) {
print "$li_good Encrypted connection to ${LDAP['uri']} via STARTTLS</li>\n";
}
else {
print "$li_warn Unable to connect to ${LDAP['uri']} via STARTTLS. ";
print "<a href='#' data-toggle='popover' title='STARTTLS' data-content='";
print "The connection to the LDAP server works, but encrypted communication can&#39;t be enabled.";
print "'>What's this?</a></li>\n";
}
?>
</ul>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">LDAP OU checks</div>
<div class="panel-body">
<ul class="list-group">
<?php
$group_filter = "(&(objectclass=organizationalUnit)(ou=${LDAP['group_ou']}))";
$ldap_group_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $group_filter);
$group_result = ldap_get_entries($ldap_connection, $ldap_group_search);
if ($group_result['count'] != 1) {
print "$li_fail The group OU (<strong>${LDAP['group_dn']}</strong>) doesn't exist. ";
print "<a href='#' data-toggle='popover' title='${LDAP['group_dn']}' data-content='";
print "This is the Organizational Unit (OU) that the groups are stored under.";
print "'>What's this?</a>";
print "<label class='pull-right'><input type='checkbox' name='setup_group_ou' class='pull-right' checked>Create?&nbsp;</label>";
print "</li>\n";
$show_finish_button = False;
}
else {
print "$li_good The group OU (<strong>${LDAP['group_dn']}</strong>) is present.</li>";
}
$user_filter = "(&(objectclass=organizationalUnit)(ou=${LDAP['user_ou']}))";
$ldap_user_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $user_filter);
$user_result = ldap_get_entries($ldap_connection, $ldap_user_search);
if ($user_result['count'] != 1) {
print "$li_fail The user OU (<strong>${LDAP['user_dn']}</strong>) doesn't exist. ";
print "<a href='#' data-toggle='popover' title='${LDAP['user_dn']}' data-content='";
print "This is the Organisational Unit (OU) that the user accounts are stored under.";
print "'>What's this?</a>";
print "<label class='pull-right'><input type='checkbox' name='setup_user_ou' class='pull-right' checked>Create?&nbsp;</label>";
print "</li>\n";
$show_finish_button = False;
}
else {
print "$li_good The user OU (<strong>${LDAP['user_dn']}</strong>) is present.</li>";
}
?>
</ul>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">LDAP group and settings</div>
<div class="panel-body">
<ul class="list-group">
<?php
$gid_filter = "(&(objectclass=device)(cn=lastGID))";
$ldap_gid_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $gid_filter);
$gid_result = ldap_get_entries($ldap_connection, $ldap_gid_search);
if ($gid_result['count'] != 1) {
print "$li_warn The <strong>lastGID</strong> entry doesn't exist. ";
print "<a href='#' data-toggle='popover' title='cn=lastGID,${LDAP['base_dn']}' data-content='";
print "This is used to store the last group ID used when creating a POSIX group. Without this the highest current group ID is found and incremented, but this might re-use the GID from a deleted group.";
print "'>What's this?</a>";
print "<label class='pull-right'><input type='checkbox' name='setup_last_gid' class='pull-right' checked>Create?&nbsp;</label>";
print "</li>\n";
$show_finish_button = False;
}
else {
print "$li_good The <strong>lastGID</strong> entry is present.</li>";
}
$uid_filter = "(&(objectclass=device)(cn=lastUID))";
$ldap_uid_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $uid_filter);
$uid_result = ldap_get_entries($ldap_connection, $ldap_uid_search);
if ($uid_result['count'] != 1) {
print "$li_warn The <strong>lastUID</strong> entry doesn't exist. ";
print "<a href='#' data-toggle='popover' title='cn=lastUID,${LDAP['base_dn']}' data-content='";
print "This is used to store the last user ID used when creating a POSIX account. Without this the highest current user ID is found and incremented, but this might re-use the UID from a deleted account.";
print "'>What's this?</a>";
print "<label class='pull-right'><input type='checkbox' name='setup_last_uid' class='pull-right' checked>Create?&nbsp;</label>";
print "</li>\n";
$show_finish_button = False;
}
else {
print "$li_good The <strong>lastUID</strong> entry is present.</li>";
}
$defgroup_filter = "(&(objectclass=posixGroup)(cn=${DEFAULT_USER_GROUP}))";
$ldap_defgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $defgroup_filter);
$defgroup_result = ldap_get_entries($ldap_connection, $ldap_defgroup_search);
if ($defgroup_result['count'] != 1) {
print "$li_warn The default group (<strong>$DEFAULT_USER_GROUP</strong>) doesn't exist. ";
print "<a href='#' data-toggle='popover' title='Default user group' data-content='";
print "When we add users we need to assign them a default group ($DEFAULT_USER_GROUP). If this doesn&#39;t exist then a new group will be created to match each user account, which may not be desirable.";
print "'>What's this?</a>";
print "<label class='pull-right'><input type='checkbox' name='setup_default_group' class='pull-right' checked>Create?&nbsp;</label>";
print "</li>\n";
$show_finish_button = False;
}
else {
print "$li_good The default user group (<strong>$DEFAULT_USER_GROUP</strong>) is present.</li>";
}
$adminsgroup_filter = "(&(objectclass=posixGroup)(cn=${LDAP['admins_group']}))";
$ldap_adminsgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $adminsgroup_filter);
$adminsgroup_result = ldap_get_entries($ldap_connection, $ldap_adminsgroup_search);
if ($adminsgroup_result['count'] != 1) {
print "$li_fail The group defining LDAP account administrators (<strong>${LDAP['admins_group']}</strong>) doesn't exist. ";
print "<a href='#' data-toggle='popover' title='LDAP account administrators group' data-content='";
print "Only members of this group (${LDAP['admins_group']}) will be able to access the account managment section, so it&#39;s definitely something you&#39;ll want to create.";
print "'>What's this?</a>";
print "<label class='pull-right'><input type='checkbox' name='setup_admins_group' class='pull-right' checked>Create?&nbsp;</label>";
print "</li>\n";
$show_finish_button = False;
}
else {
print "$li_good The LDAP account administrators group (<strong>${LDAP['admins_group']}</strong>) is present.</li>";
$admins = ldap_get_group_members($ldap_connection,$LDAP['admins_group']);
if (count($admins) < 1) {
print "$li_fail The LDAP administration group is empty. You can add an admin account in the next section.</li>";
$show_finish_button = False;
}
}
?>
</ul>
</div>
</div>
<?php
##############
if ($show_finish_button == True) {
?>
</form>
<div class='well'>
<form action="/log_in">
<input type='submit' class="btn btn-success center-block" value='Done'>
</form>
</div>
<?php
}
else {
?>
<div class='well'>
<input type='submit' class="btn btn-primary center-block" value='Next >'>
</div>
</form>
<?php
}
?>
</div>
</div>
<?php
render_footer();
?>
Reference in New Issue Copy Permalink