ldap-user-manager/www/includes/config.inc.php

<?php

 #Mandatory

 $LDAP['uri'] = getenv('LDAP_URI');
 $LDAP['base_dn'] = getenv('LDAP_BASE_DN');
 $LDAP['admins_group'] = getenv('LDAP_ADMINS_GROUP');
 $LDAP['admin_bind_dn'] = getenv('LDAP_ADMIN_BIND_DN');
 $LDAP['admin_bind_pwd'] = getenv('LDAP_ADMIN_BIND_PWD');


 #Optional

 $LDAP['group_ou'] = (getenv('LDAP_GROUP_OU') ? getenv('LDAP_GROUP_OU') : 'groups');
 $LDAP['user_ou'] = (getenv('LDAP_USER_OU') ? getenv('LDAP_USER_OU') : 'people');

 $LDAP['nis_schema'] = ((strcasecmp(getenv('LDAP_USES_NIS_SCHEMA'),'TRUE') == 0) ? TRUE : FALSE);

 if ($LDAP['nis_schema'] == TRUE) {
  $default_membership_attribute = 'memberuid';
  $default_group_membership_uses_uid = TRUE;
 }
 else {
  $default_membership_attribute = 'uniquemember';
  $default_group_membership_uses_uid = FALSE;
 }

 $LDAP['group_membership_attribute'] = (getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE') ? getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE') : $default_membership_attribute);
 $LDAP['group_membership_uses_uid'] = ((strcasecmp(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID'),'TRUE') == 0) ? TRUE : $default_group_membership_uses_uid);

 $LDAP['account_attribute'] = 'uid';
 $LDAP['require_starttls'] = ((strcasecmp(getenv('LDAP_REQUIRE_STARTTLS'),'TRUE') == 0) ? TRUE : FALSE);

 $DEFAULT_USER_GROUP = (getenv('DEFAULT_USER_GROUP') ? getenv('DEFAULT_USER_GROUP') : 'everybody');
 $DEFAULT_USER_SHELL = (getenv('DEFAULT_USER_SHELL') ? getenv('DEFAULT_USER_SHELL') : '/bin/bash');

 $EMAIL_DOMAIN = (getenv('EMAIL_DOMAIN') ? getenv('EMAIL_DOMAIN') : Null);

 $LOGIN_TIMEOUT_MINS = (getenv('SESSION_TIMEOUT') ? getenv('SESSION_TIMEOUT') : 10);
 $SITE_NAME = (getenv('SITE_NAME') ? getenv('SITE_NAME') : 'LDAP user manager');

 $USERNAME_FORMAT = (getenv('USERNAME_FORMAT') ? getenv('USERNAME_FORMAT') : '{first_name}-{last_name}');
 $USERNAME_REGEX = (getenv('USERNAME_REGEX') ? getenv('USERNAME_REGEX') : '^[a-z][a-zA-Z0-9\._-]{3,32}$');
 #We'll use the username regex for groups too.

 if (getenv('PASSWORD_HASH')) { $PASSWORD_HASH = strtoupper(getenv('PASSWORD_HASH')); }

 $ACCEPT_WEAK_PASSWORDS = ((strcasecmp(getenv('ACCEPT_WEAK_PASSWORDS'),'TRUE') == 0) ? TRUE : FALSE);

 $LDAP_DEBUG = ((strcasecmp(getenv('LDAP_DEBUG'),'TRUE') == 0) ? TRUE : FALSE);
 $SESSION_DEBUG = ((strcasecmp(getenv('SESSION_DEBUG'),'TRUE') == 0) ? TRUE : FALSE);

 ###

 $LDAP['group_dn'] = "ou=${LDAP['group_ou']},${LDAP['base_dn']}";
 $LDAP['user_dn'] = "ou=${LDAP['user_ou']},${LDAP['base_dn']}";

 ###

 $log_prefix = date('Y-m-d H:i:s') . " - LDAP manager - $USER_ID - ";

 $errors = "";

 if (empty($LDAP['uri'])) {
  $errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_URI isn't set</p></div>\n";
 }
 if (empty($LDAP['base_dn'])) {
  $errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_BASE_DN isn't set</p></div>\n";
 }
 if (empty($LDAP['admin_bind_dn'])) {
  $errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_ADMIN_BIND_DN isn't set</p></div>\n";
 }
 if (empty($LDAP['admin_bind_pwd'])) {
  $errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_ADMIN_BIND_PWD isn't set</p></div>\n";
 }
 if (empty($LDAP['admins_group'])) {
  $errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_ADMINS_GROUP isn't set</p></div>\n";
 }

 if ($errors != "") {
  render_header();
  print $errors;
  render_footer();
  exit(1);
 }

 #POSIX accounts
 $min_uid = 2000;
 $min_gid = 2000;

?>
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`<?php`

			`#Mandatory`

			`$LDAP['uri'] = getenv('LDAP_URI');`
			`$LDAP['base_dn'] = getenv('LDAP_BASE_DN');`
			`$LDAP['admins_group'] = getenv('LDAP_ADMINS_GROUP');`
			`$LDAP['admin_bind_dn'] = getenv('LDAP_ADMIN_BIND_DN');`
			`$LDAP['admin_bind_pwd'] = getenv('LDAP_ADMIN_BIND_PWD');`


			`#Optional`

			`$LDAP['group_ou'] = (getenv('LDAP_GROUP_OU') ? getenv('LDAP_GROUP_OU') : 'groups');`
			`$LDAP['user_ou'] = (getenv('LDAP_USER_OU') ? getenv('LDAP_USER_OU') : 'people');`

Changes to allow this to work with both NIS and BIS schemas. 2020-05-06 17:19:20 +01:00			`$LDAP['nis_schema'] = ((strcasecmp(getenv('LDAP_USES_NIS_SCHEMA'),'TRUE') == 0) ? TRUE : FALSE);`

			`if ($LDAP['nis_schema'] == TRUE) {`
			`$default_membership_attribute = 'memberuid';`
			`$default_group_membership_uses_uid = TRUE;`
			`}`
			`else {`
			`$default_membership_attribute = 'uniquemember';`
			`$default_group_membership_uses_uid = FALSE;`
			`}`

			`$LDAP['group_membership_attribute'] = (getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE') ? getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE') : $default_membership_attribute);`
			`$LDAP['group_membership_uses_uid'] = ((strcasecmp(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID'),'TRUE') == 0) ? TRUE : $default_group_membership_uses_uid);`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
Code tidy, encode URLs and add no-https option 2020-01-10 12:01:31 +00:00			`$LDAP['account_attribute'] = 'uid';`
Added an LDAP debugging option 2020-05-01 17:14:04 +01:00			`$LDAP['require_starttls'] = ((strcasecmp(getenv('LDAP_REQUIRE_STARTTLS'),'TRUE') == 0) ? TRUE : FALSE);`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
			`$DEFAULT_USER_GROUP = (getenv('DEFAULT_USER_GROUP') ? getenv('DEFAULT_USER_GROUP') : 'everybody');`
Hashing (#22) * Added ALLOW_WEAK_PASSWORDS and PASSWORD_HASH options, some bug and log format fixes * Fixed incorrect variable name in check for password hash setting. 2020-05-22 11:03:23 +01:00			`$DEFAULT_USER_SHELL = (getenv('DEFAULT_USER_SHELL') ? getenv('DEFAULT_USER_SHELL') : '/bin/bash');`

Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`$EMAIL_DOMAIN = (getenv('EMAIL_DOMAIN') ? getenv('EMAIL_DOMAIN') : Null);`

			`$LOGIN_TIMEOUT_MINS = (getenv('SESSION_TIMEOUT') ? getenv('SESSION_TIMEOUT') : 10);`
Add Docker components and setup instructions. Warn on insecure LDAP connections 2018-06-04 15:20:53 +01:00			`$SITE_NAME = (getenv('SITE_NAME') ? getenv('SITE_NAME') : 'LDAP user manager');`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
fix USERNAME_FORMAT variable typo 2018-07-12 11:05:25 +01:00			`$USERNAME_FORMAT = (getenv('USERNAME_FORMAT') ? getenv('USERNAME_FORMAT') : '{first_name}-{last_name}');`
Issue 29 - config.inc.php does not take USERNAME_REGEX from environment 2020-07-06 09:31:56 +01:00			`$USERNAME_REGEX = (getenv('USERNAME_REGEX') ? getenv('USERNAME_REGEX') : '^[a-z][a-zA-Z0-9\._-]{3,32}$');`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`#We'll use the username regex for groups too.`

Better passwords (#35) * Add support for stronger hashes (#34) * Add generate_salt function * Add suport for clear text passwords If someone wants to shoot themselves in the foot, they are free to do it * Add support for blowfish * Add support for extended DES * Add support for md5crypt * Fix salt generation call * Add support for sha256crypt * Add support for sha512crypt * Update previous functions * Add a default cause * Fix some shenanigans and log cleanup * Couple minor fixes * Let password hash checking be done in the password function * Update the README with new passwords * Change the default fallback to SSHA * Put crypt algos in an array ordered by preference so we can fail to the most secure algo available * Remove superfluous count++ * Updated password hashing code Co-authored-by: Angelin01 <angeloborsoiross@hotmail.com> 2020-08-03 17:35:13 +01:00			`if (getenv('PASSWORD_HASH')) { $PASSWORD_HASH = strtoupper(getenv('PASSWORD_HASH')); }`
Hashing (#22) * Added ALLOW_WEAK_PASSWORDS and PASSWORD_HASH options, some bug and log format fixes * Fixed incorrect variable name in check for password hash setting. 2020-05-22 11:03:23 +01:00
			`$ACCEPT_WEAK_PASSWORDS = ((strcasecmp(getenv('ACCEPT_WEAK_PASSWORDS'),'TRUE') == 0) ? TRUE : FALSE);`

Added an LDAP debugging option 2020-05-01 17:14:04 +01:00			`$LDAP_DEBUG = ((strcasecmp(getenv('LDAP_DEBUG'),'TRUE') == 0) ? TRUE : FALSE);`
Add debugging for user sessions and authentication. 2020-05-04 10:48:46 +01:00			`$SESSION_DEBUG = ((strcasecmp(getenv('SESSION_DEBUG'),'TRUE') == 0) ? TRUE : FALSE);`
Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00
			`###`

			`$LDAP['group_dn'] = "ou=${LDAP['group_ou']},${LDAP['base_dn']}";`
			`$LDAP['user_dn'] = "ou=${LDAP['user_ou']},${LDAP['base_dn']}";`

			`###`

Changes to allow this to work with both NIS and BIS schemas. 2020-05-06 17:19:20 +01:00			`$log_prefix = date('Y-m-d H:i:s') . " - LDAP manager - $USER_ID - ";`

Initial functioning version, pre-docker. 2018-06-01 17:10:45 +01:00			`$errors = "";`

			`if (empty($LDAP['uri'])) {`
			`$errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_URI isn't set</p></div>\n";`
			`}`
			`if (empty($LDAP['base_dn'])) {`
			`$errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_BASE_DN isn't set</p></div>\n";`
			`}`
			`if (empty($LDAP['admin_bind_dn'])) {`
			`$errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_ADMIN_BIND_DN isn't set</p></div>\n";`
			`}`
			`if (empty($LDAP['admin_bind_pwd'])) {`
			`$errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_ADMIN_BIND_PWD isn't set</p></div>\n";`
			`}`
			`if (empty($LDAP['admins_group'])) {`
			`$errors .= "<div class='alert alert-warning'><p class='text-center'>LDAP_ADMINS_GROUP isn't set</p></div>\n";`
			`}`

			`if ($errors != "") {`
			`render_header();`
			`print $errors;`
			`render_footer();`
			`exit(1);`
			`}`

			`#POSIX accounts`
			`$min_uid = 2000;`
			`$min_gid = 2000;`

			`?>`