ldap-user-manager/www/setup/run_checks.php

<?php 

include_once("web_functions.inc.php");
include_once("ldap_functions.inc.php");
include_once("module_functions.inc.php");

validate_setup_cookie();
set_page_access("setup");

render_header();

$show_finish_button = TRUE;

$ldap_connection = open_ldap_connection();

?>
<script>
    $(document).ready(function(){
     $('[data-toggle="popover"]').popover(); 
    });
</script>
<div class="form-group">
  <form action="<?php print "/$THIS_MODULE_PATH/setup_ldap.php"; ?>" method="post">
  <input type="hidden" name="fix_problems">


    <div class='container'>

     <div class="panel panel-default">
      <div class="panel-heading">LDAP connection tests</div>
      <div class="panel-body">
       <ul class="list-group">
<?php

#Can we connect?  The open_ldap_connection() function will call die() if we can't.
print "$li_good Connected to ${LDAP['uri']}</li>\n";

#TLS?
if ($LDAP['starttls'] && $ENCRYPTED == TRUE) {
 print "$li_good Encrypted connection to ${LDAP['uri']} via STARTTLS</li>\n";
}
else {
 print "$li_warn Unable to connect to ${LDAP['uri']} via STARTTLS. ";
 print "<a href='#' data-toggle='popover' title='STARTTLS' data-content='";
 print "The connection to the LDAP server works, but encrypted communication can&#39;t be enabled.";
 print "'>What's this?</a></li>\n";
}


?>
       </ul>
      </div>
     </div>

     <div class="panel panel-default">
      <div class="panel-heading">LDAP OU checks</div>
      <div class="panel-body">
       <ul class="list-group">
<?php

$group_filter = "(&(objectclass=organizationalUnit)(ou=${LDAP['group_ou']}))";
$ldap_group_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $group_filter);
$group_result = ldap_get_entries($ldap_connection, $ldap_group_search);

if ($group_result['count'] != 1) {

 print "$li_fail The group OU (<strong>${LDAP['group_dn']}</strong>) doesn't exist. ";
 print "<a href='#' data-toggle='popover' title='${LDAP['group_dn']}' data-content='";
 print "This is the Organizational Unit (OU) that the groups are stored under.";
 print "'>What's this?</a>";
 print "<label class='pull-right'><input type='checkbox' name='setup_group_ou' class='pull-right' checked>Create?&nbsp;</label>";
 print "</li>\n";
 $show_finish_button = FALSE;
 
}
else {
 print "$li_good The group OU (<strong>${LDAP['group_dn']}</strong>) is present.</li>";
}

$user_filter  = "(&(objectclass=organizationalUnit)(ou=${LDAP['user_ou']}))";
$ldap_user_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $user_filter);
$user_result = ldap_get_entries($ldap_connection, $ldap_user_search);

if ($user_result['count'] != 1) {

 print "$li_fail The user OU (<strong>${LDAP['user_dn']}</strong>) doesn't exist. ";
 print "<a href='#' data-toggle='popover' title='${LDAP['user_dn']}' data-content='";
 print "This is the Organisational Unit (OU) that the user accounts are stored under.";
 print "'>What's this?</a>";
 print "<label class='pull-right'><input type='checkbox' name='setup_user_ou' class='pull-right' checked>Create?&nbsp;</label>";
 print "</li>\n";
 $show_finish_button = FALSE;
 
}
else {
 print "$li_good The user OU (<strong>${LDAP['user_dn']}</strong>) is present.</li>";
}

?>
       </ul>
      </div>
     </div>

     <div class="panel panel-default">
      <div class="panel-heading">LDAP group and settings</div>
      <div class="panel-body">
       <ul class="list-group">
<?php

$gid_filter  = "(&(objectclass=device)(cn=lastGID))";
$ldap_gid_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $gid_filter);
$gid_result = ldap_get_entries($ldap_connection, $ldap_gid_search);

if ($gid_result['count'] != 1) {

 print "$li_warn The <strong>lastGID</strong> entry doesn't exist. ";
 print "<a href='#' data-toggle='popover' title='cn=lastGID,${LDAP['base_dn']}' data-content='";
 print "This is used to store the last group ID used when creating a POSIX group.  Without this the highest current group ID is found and incremented, but this might re-use the GID from a deleted group.";
 print "'>What's this?</a>";
 print "<label class='pull-right'><input type='checkbox' name='setup_last_gid' class='pull-right' checked>Create?&nbsp;</label>";
 print "</li>\n";
 $show_finish_button = FALSE;
 
}
else {
 print "$li_good The <strong>lastGID</strong> entry is present.</li>";
}


$uid_filter  = "(&(objectclass=device)(cn=lastUID))";
$ldap_uid_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $uid_filter);
$uid_result = ldap_get_entries($ldap_connection, $ldap_uid_search);

if ($uid_result['count'] != 1) {

 print "$li_warn The <strong>lastUID</strong> entry doesn't exist. ";
 print "<a href='#' data-toggle='popover' title='cn=lastUID,${LDAP['base_dn']}' data-content='";
 print "This is used to store the last user ID used when creating a POSIX account.  Without this the highest current user ID is found and incremented, but this might re-use the UID from a deleted account.";
 print "'>What's this?</a>";
 print "<label class='pull-right'><input type='checkbox' name='setup_last_uid' class='pull-right' checked>Create?&nbsp;</label>";
 print "</li>\n";
 $show_finish_button = FALSE;
 
}
else {
 print "$li_good The <strong>lastUID</strong> entry is present.</li>";
}


$defgroup_filter  = "(&(objectclass=posixGroup)(cn=${DEFAULT_USER_GROUP}))";
$ldap_defgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $defgroup_filter);
$defgroup_result = ldap_get_entries($ldap_connection, $ldap_defgroup_search);

if ($defgroup_result['count'] != 1) {

 print "$li_warn The default group (<strong>$DEFAULT_USER_GROUP</strong>) doesn't exist. ";
 print "<a href='#' data-toggle='popover' title='Default user group' data-content='";
 print "When we add users we need to assign them a default group ($DEFAULT_USER_GROUP). If this doesn&#39;t exist then a new group will be created to match each user account, which may not be desirable.";
 print "'>What's this?</a>";
 print "<label class='pull-right'><input type='checkbox' name='setup_default_group' class='pull-right' checked>Create?&nbsp;</label>";
 print "</li>\n";
 $show_finish_button = FALSE;
 
}
else {
 print "$li_good The default user group (<strong>$DEFAULT_USER_GROUP</strong>) is present.</li>";
}


$adminsgroup_filter  = "(&(objectclass=posixGroup)(cn=${LDAP['admins_group']}))";
$ldap_adminsgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $adminsgroup_filter);
$adminsgroup_result = ldap_get_entries($ldap_connection, $ldap_adminsgroup_search);

if ($adminsgroup_result['count'] != 1) {

 print "$li_fail The group defining LDAP account administrators (<strong>${LDAP['admins_group']}</strong>) doesn't exist. ";
 print "<a href='#' data-toggle='popover' title='LDAP account administrators group' data-content='";
 print "Only members of this group (${LDAP['admins_group']}) will be able to access the account managment section, so it&#39;s definitely something you&#39;ll want to create.";
 print "'>What's this?</a>";
 print "<label class='pull-right'><input type='checkbox' name='setup_admins_group' class='pull-right' checked>Create?&nbsp;</label>";
 print "</li>\n";
 $show_finish_button = FALSE;
 
}
else {
 print "$li_good The LDAP account administrators group (<strong>${LDAP['admins_group']}</strong>) is present.</li>";

 $admins = ldap_get_group_members($ldap_connection,$LDAP['admins_group']);
 
 if (count($admins) < 1) {
  print "$li_fail The LDAP administration group is empty. You can add an admin account in the next section.</li>";
  $show_finish_button = FALSE;
 }
}





?>
       </ul>
      </div>
     </div>
<?php

##############

if ($show_finish_button == TRUE) {
?>
     </form>
     <div class='well'>
      <form action="/log_in">
       <input type='submit' class="btn btn-success center-block" value='Done'>
      </form>
     </div>
<?php
}
else {
?>
     <div class='well'>
      <input type='submit' class="btn btn-primary center-block" value='Next >'>
     </div>
     </form>
<?php
}


?>
 </div>
</div>
<?php

render_footer();

?>