2018-06-01 17:10:45 +01:00
< ? php
2020-12-24 18:24:41 +00:00
$log_prefix = " " ;
2021-03-13 14:11:38 +00:00
#Fixed
$LDAP [ 'account_objectclasses' ] = array ( 'person' , 'inetOrgPerson' , 'posixAccount' );
$LDAP [ 'default_attribute_map' ] = array ( " givenname " => array ( " label " => " First name " , " onkeyup " => " update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value) " ),
" sn " => array ( " label " => " Last name " , " onkeyup " => " update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value) " ),
" uid " => array ( " label " => " System username " , " onkeyup " => " check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); check_email_validity(document.getElementById('mail').value) " ),
" cn " => array ( " label " => " Common Name " , " onkeyup " => " auto_cn_update = false; " ),
" mail " => array ( " label " => " Email " , " onkeyup " => " auto_email_update = false; check_email_validity(document.getElementById('mail').value) " )
);
2018-06-01 17:10:45 +01:00
#Mandatory
$LDAP [ 'uri' ] = getenv ( 'LDAP_URI' );
$LDAP [ 'base_dn' ] = getenv ( 'LDAP_BASE_DN' );
$LDAP [ 'admins_group' ] = getenv ( 'LDAP_ADMINS_GROUP' );
$LDAP [ 'admin_bind_dn' ] = getenv ( 'LDAP_ADMIN_BIND_DN' );
$LDAP [ 'admin_bind_pwd' ] = getenv ( 'LDAP_ADMIN_BIND_PWD' );
2021-03-13 14:11:38 +00:00
$LDAP [ 'connection_type' ] = " plain " ;
2018-06-01 17:10:45 +01:00
#Optional
2021-03-13 14:11:38 +00:00
$LDAP [ 'account_attribute' ] = ( getenv ( 'LDAP_ACCOUNT_ATTRIBUTE' ) ? getenv ( 'LDAP_ACCOUNT_ATTRIBUTE' ) : 'uid' );
2018-06-01 17:10:45 +01:00
$LDAP [ 'group_ou' ] = ( getenv ( 'LDAP_GROUP_OU' ) ? getenv ( 'LDAP_GROUP_OU' ) : 'groups' );
$LDAP [ 'user_ou' ] = ( getenv ( 'LDAP_USER_OU' ) ? getenv ( 'LDAP_USER_OU' ) : 'people' );
2020-12-30 11:03:00 +00:00
$LDAP [ 'forced_rfc2307bis' ] = (( strcasecmp ( getenv ( 'FORCE_RFC2307BIS' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2020-05-06 17:19:20 +01:00
2021-03-13 14:11:38 +00:00
if ( getenv ( 'LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES' )) { $LDAP [ 'account_additional_objectclasses' ] = strtolower ( getenv ( 'LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES' )); }
if ( getenv ( 'LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES' )) { $LDAP [ 'account_additional_attributes' ] = getenv ( 'LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES' ); }
2020-12-24 18:24:41 +00:00
if ( getenv ( 'LDAP_GROUP_MEMBERSHIP_ATTRIBUTE' )) { $LDAP [ 'group_membership_attribute' ] = getenv ( 'LDAP_GROUP_MEMBERSHIP_ATTRIBUTE' ); }
2021-07-22 09:16:38 +01:00
if ( getenv ( 'LDAP_GROUP_MEMBERSHIP_USES_UID' ) {
if ( strtoupper ( getenv ( 'LDAP_GROUP_MEMBERSHIP_USES_UID' )) == TRUE ) { $LDAP [ 'group_membership_uses_uid' ] = TRUE ; }
if ( strtoupper ( getenv ( 'LDAP_GROUP_MEMBERSHIP_USES_UID' )) == FALSE ) { $LDAP [ 'group_membership_uses_uid' ] = FALSE ; }
}
2018-06-01 17:10:45 +01:00
2020-05-01 17:14:04 +01:00
$LDAP [ 'require_starttls' ] = (( strcasecmp ( getenv ( 'LDAP_REQUIRE_STARTTLS' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2020-11-28 18:00:01 +00:00
$LDAP [ 'ignore_cert_errors' ] = (( strcasecmp ( getenv ( 'LDAP_IGNORE_CERT_ERRORS' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2020-12-24 18:24:41 +00:00
$LDAP [ 'rfc2307bis_check_run' ] = FALSE ;
2018-06-01 17:10:45 +01:00
$DEFAULT_USER_GROUP = ( getenv ( 'DEFAULT_USER_GROUP' ) ? getenv ( 'DEFAULT_USER_GROUP' ) : 'everybody' );
2020-05-22 11:03:23 +01:00
$DEFAULT_USER_SHELL = ( getenv ( 'DEFAULT_USER_SHELL' ) ? getenv ( 'DEFAULT_USER_SHELL' ) : '/bin/bash' );
2020-11-28 18:00:01 +00:00
$ORGANISATION_NAME = ( getenv ( 'ORGANISATION_NAME' ) ? getenv ( 'ORGANISATION_NAME' ) : 'LDAP' );
$SITE_NAME = ( getenv ( 'SITE_NAME' ) ? getenv ( 'SITE_NAME' ) : " $ORGANISATION_NAME user manager " );
2021-07-22 09:12:55 +01:00
2020-11-30 16:14:53 +00:00
$SERVER_HOSTNAME = ( getenv ( 'SERVER_HOSTNAME' ) ? getenv ( 'SERVER_HOSTNAME' ) : " ldapusermanager.org " );
2021-07-22 09:12:55 +01:00
$SERVER_PATH = ( getenv ( 'SERVER_PATH' ) ? getenv ( 'SERVER_PATH' ) : " / " );
2018-06-01 17:10:45 +01:00
2021-03-13 14:11:38 +00:00
$ENFORCE_SAFE_SYSTEM_NAMES = (( strcasecmp ( getenv ( 'ENFORCE_SAFE_SYSTEM_NAMES' ), 'FALSE' ) == 0 ) ? FALSE : TRUE );
$POSIX_USERNAME_FORMAT = ( getenv ( 'USERNAME_FORMAT' ) ? getenv ( 'USERNAME_FORMAT' ) : '{first_name}-{last_name}' );
$POSIX_REGEX = ( getenv ( 'USERNAME_REGEX' ) ? getenv ( 'USERNAME_REGEX' ) : '^[a-z][a-zA-Z0-9\._-]{3,32}$' );
2018-06-01 17:10:45 +01:00
#We'll use the username regex for groups too.
2020-08-03 17:35:13 +01:00
if ( getenv ( 'PASSWORD_HASH' )) { $PASSWORD_HASH = strtoupper ( getenv ( 'PASSWORD_HASH' )); }
2020-05-22 11:03:23 +01:00
$ACCEPT_WEAK_PASSWORDS = (( strcasecmp ( getenv ( 'ACCEPT_WEAK_PASSWORDS' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2020-12-24 18:24:41 +00:00
$SESSION_TIMEOUT = ( getenv ( 'SESSION_TIMEOUT' ) ? getenv ( 'SESSION_TIMEOUT' ) : 10 );
2020-05-22 11:03:23 +01:00
2020-05-01 17:14:04 +01:00
$LDAP_DEBUG = (( strcasecmp ( getenv ( 'LDAP_DEBUG' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2020-11-28 18:00:01 +00:00
$LDAP_VERBOSE_CONNECTION_LOGS = (( strcasecmp ( getenv ( 'LDAP_VERBOSE_CONNECTION_LOGS' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2020-05-04 10:48:46 +01:00
$SESSION_DEBUG = (( strcasecmp ( getenv ( 'SESSION_DEBUG' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2018-06-01 17:10:45 +01:00
###
$LDAP [ 'group_dn' ] = " ou= ${ LDAP['group_ou']},${LDAP['base_dn'] } " ;
$LDAP [ 'user_dn' ] = " ou= ${ LDAP['user_ou']},${LDAP['base_dn'] } " ;
###
2020-11-28 18:00:01 +00:00
$SMTP [ 'host' ] = getenv ( 'SMTP_HOSTNAME' );
2020-12-30 11:09:50 +00:00
$SMTP [ 'user' ] = ( getenv ( 'SMTP_USERNAME' ) ? getenv ( 'SMTP_USERNAME' ) : NULL );
$SMTP [ 'pass' ] = ( getenv ( 'SMTP_PASSWORD' ) ? getenv ( 'SMTP_PASSWORD' ) : NULL );
2020-11-28 18:00:01 +00:00
$SMTP [ 'port' ] = ( getenv ( 'SMTP_HOST_PORT' ) ? getenv ( 'SMTP_HOST_PORT' ) : 25 );
2021-07-22 09:12:55 +01:00
$SMTP [ 'ssl' ] = (( strcasecmp ( getenv ( 'SMTP_USE_SSL' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2020-12-30 11:09:50 +00:00
$SMTP [ 'tls' ] = (( strcasecmp ( getenv ( 'SMTP_USE_TLS' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2021-07-22 09:12:55 +01:00
if ( $SMTP [ 'tls' ] == TRUE ) { $SMTP [ 'ssl' ] = FALSE ; }
2020-11-28 18:00:01 +00:00
$SMTP [ 'debug_level' ] = getenv ( 'SMTP_LOG_LEVEL' );
2020-11-30 16:14:53 +00:00
if ( ! is_numeric ( $SMTP [ 'debug_level' ]) or $SMTP [ 'debug_level' ] > 4 or $SMTP [ 'debug_level' ] < 0 ) { $SMTP [ 'debug_level' ] = 0 ; }
2020-11-28 18:00:01 +00:00
$EMAIL_DOMAIN = ( getenv ( 'EMAIL_DOMAIN' ) ? getenv ( 'EMAIL_DOMAIN' ) : Null );
2021-03-13 14:11:38 +00:00
2020-11-28 18:00:01 +00:00
$default_email_from_domain = ( $EMAIL_DOMAIN ? $EMAIL_DOMAIN : 'ldapusermanger.org' );
$EMAIL [ 'from_address' ] = ( getenv ( 'EMAIL_FROM_ADDRESS' ) ? getenv ( 'EMAIL_FROM_ADDRESS' ) : " admin@ " . $default_email_from_domain );
$EMAIL [ 'from_name' ] = ( getenv ( 'EMAIL_FROM_NAME' ) ? getenv ( 'EMAIL_FROM_NAME' ) : $SITE_NAME );
2020-12-24 18:24:41 +00:00
if ( $SMTP [ 'host' ] != " " ) { $EMAIL_SENDING_ENABLED = TRUE ; } else { $EMAIL_SENDING_ENABLED = FALSE ; }
2020-11-28 18:00:01 +00:00
###
2020-12-24 18:24:41 +00:00
$ACCOUNT_REQUESTS_ENABLED = (( strcasecmp ( getenv ( 'ACCOUNT_REQUESTS_ENABLED' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2021-03-13 14:11:38 +00:00
if (( $EMAIL_SENDING_ENABLED == FALSE ) && ( $ACCOUNT_REQUESTS_ENABLED == TRUE )) {
2020-12-24 18:24:41 +00:00
$ACCOUNT_REQUESTS_ENABLED = FALSE ;
error_log ( " $log_prefix Config: ACCOUNT_REQUESTS_ENABLED was set to TRUE but SMTP_HOSTNAME wasn't set, so account requesting has been disabled as we can't send out the request email " , 0 );
}
$ACCOUNT_REQUESTS_EMAIL = ( getenv ( 'ACCOUNT_REQUESTS_EMAIL' ) ? getenv ( 'ACCOUNT_REQUESTS_EMAIL' ) : $EMAIL [ 'from_address' ]);
###
$NO_HTTPS = (( strcasecmp ( getenv ( 'NO_HTTPS' ), 'TRUE' ) == 0 ) ? TRUE : FALSE );
2020-11-28 18:00:01 +00:00
###
2020-05-06 17:19:20 +01:00
2018-06-01 17:10:45 +01:00
$errors = " " ;
if ( empty ( $LDAP [ 'uri' ])) {
$errors .= " <div class='alert alert-warning'><p class='text-center'>LDAP_URI isn't set</p></div> \n " ;
}
if ( empty ( $LDAP [ 'base_dn' ])) {
$errors .= " <div class='alert alert-warning'><p class='text-center'>LDAP_BASE_DN isn't set</p></div> \n " ;
}
if ( empty ( $LDAP [ 'admin_bind_dn' ])) {
$errors .= " <div class='alert alert-warning'><p class='text-center'>LDAP_ADMIN_BIND_DN isn't set</p></div> \n " ;
}
if ( empty ( $LDAP [ 'admin_bind_pwd' ])) {
$errors .= " <div class='alert alert-warning'><p class='text-center'>LDAP_ADMIN_BIND_PWD isn't set</p></div> \n " ;
}
if ( empty ( $LDAP [ 'admins_group' ])) {
$errors .= " <div class='alert alert-warning'><p class='text-center'>LDAP_ADMINS_GROUP isn't set</p></div> \n " ;
}
if ( $errors != " " ) {
2021-03-13 14:11:38 +00:00
render_header ( " Fatal errors " , false );
2018-06-01 17:10:45 +01:00
print $errors ;
render_footer ();
exit ( 1 );
}
#POSIX accounts
$min_uid = 2000 ;
$min_gid = 2000 ;
?>