mirror of
https://github.com/wheelybird/ldap-user-manager.git
synced 2025-01-31 13:59:19 +01:00
Updated Readme, fixed random number generation for ARM systems, fixed JS to generate the username
This commit is contained in:
Brian Lycett
parent
4e01a09399
commit
04fe22f889
18
README.md
18
README.md
@ -157,7 +157,7 @@ These settings should only be changed if you're trying to make the user manager
|
|||||||
|
|
||||||
* `ACCEPT_WEAK_PASSWORDS` (default: *FALSE*): Set this to *TRUE* to prevent a password being rejected for being too weak. The password strength indicators will still gauge the strength of the password. Don't enable this in a production environment.
|
* `ACCEPT_WEAK_PASSWORDS` (default: *FALSE*): Set this to *TRUE* to prevent a password being rejected for being too weak. The password strength indicators will still gauge the strength of the password. Don't enable this in a production environment.
|
||||||
|
|
||||||
* `REMOTE_HTTP_HEADERS_LOGIN`(default: *FALSE*) Enables session managment from a external Service like Authelia. This setting compromisses your security if your not using a Auth-Proxy infront of this application
|
* `REMOTE_HTTP_HEADERS_LOGIN`(default: *FALSE*) Enables session managment from an external service like Authelia. _This setting will compromise your security if you're not using an Auth-Proxy in front of this application_.
|
||||||
|
|
||||||
#### Email sending settings
|
#### Email sending settings
|
||||||
|
|
||||||
@ -312,13 +312,19 @@ If you need to use this user manager with an existing LDAP directory and your ac
|
|||||||
|
|
||||||
`LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` is a comma-separated list of objectClasses to add when creating the account record. For example, `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=ldappublickey,couriermailaccount`.
|
`LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` is a comma-separated list of objectClasses to add when creating the account record. For example, `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=ldappublickey,couriermailaccount`.
|
||||||
|
|
||||||
To add extra fields for new attributes you need to pass a comma-separated string of the attributes and optionally the label for the attribute (which will be shown on the user form) and a default value to `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` separated by colons (`:`).
|
`LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` is a comma-separated list of attributes to be displayed as extra fields on the account management pages.
|
||||||
The format for configuring an attribute is: `attribute1:label1,default_value1,attribute2:label2:default_value2`. If you don't supply a label then the form field will be labelled with the attribute name.
|
By default these fields will be empty, with the field named for the attribute, but you can set the field labels and optionally the default values by appending the attribute names with colon-separated values like so: `attribute_name:label:default_value`.
|
||||||
An example (for the couriermailaccount objectClass) would be: `mailbox:Mailbox:domain.com,quota:Mail quota:20`
|
Multiple attributes are separated by commas, so you can define the label and default values for several attributes as follows: `attribute1:label1:default_value1,attribute2:label2:default_value2,attribute3:label3`.
|
||||||
|
|
||||||
ObjectClasses often have attributes that must have a value, so you should definitely set a default for those attributes.
|
As an example, to set a mailbox name and quota for the `couriermailaccount` schema you can pass these variables to the container:
|
||||||
|
```
|
||||||
|
LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=couriermailaccount
|
||||||
|
LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES="mailbox:Mailbox:domain.com,quota:Mail quota:20"
|
||||||
|
```
|
||||||
|
|
||||||
This is advanced stuff and the user manager doesn't attempt to validate any objectClasses or any attributes, labels or default values you pass in. It's up to you to ensure that your LDAP server has the appropriate schemas and that the labels and values are sane.
|
ObjectClasses often have attributes that must have a value, so you'll need to set a default for those attributes otherwise you'll get errors if you forget to fill in the fields.
|
||||||
|
|
||||||
|
This is advanced usage and the user manager doesn't attempt to validate any objectClasses, attributes, labels or default values you pass in. It's up to you to ensure that your LDAP server has the appropriate schemas and that the labels and values are sane.
|
||||||
|
|
||||||
***
|
***
|
||||||
|
|
||||||
|
|||||||
@ -24,7 +24,7 @@ function open_ldap_connection($ldap_bind=TRUE) {
|
|||||||
|
|
||||||
if ($tls_result != TRUE) {
|
if ($tls_result != TRUE) {
|
||||||
|
|
||||||
error_log("$log_prefix Failed to start STARTTLS connection to ${LDAP['uri']}: " . ldap_error($ldap_connection),0);
|
if (!preg_match('/^ldap:\/\/127\.0\.0\.([0-9]+)(:[0-9]+)$/', $LDAP['uri'])) { error_log("$log_prefix Failed to start STARTTLS connection to ${LDAP['uri']}: " . ldap_error($ldap_connection),0); }
|
||||||
|
|
||||||
if ($LDAP["require_starttls"] == TRUE) {
|
if ($LDAP["require_starttls"] == TRUE) {
|
||||||
print "<div style='position: fixed;bottom: 0;width: 100%;' class='alert alert-danger'>Fatal: Couldn't create a secure connection to ${LDAP['uri']} and LDAP_REQUIRE_STARTTLS is TRUE.</div>";
|
print "<div style='position: fixed;bottom: 0;width: 100%;' class='alert alert-danger'>Fatal: Couldn't create a secure connection to ${LDAP['uri']} and LDAP_REQUIRE_STARTTLS is TRUE.</div>";
|
||||||
|
|||||||
@ -44,17 +44,20 @@ $DEFAULT_COOKIE_OPTIONS = array( 'expires' => time()+(60 * $SESSION_TIMEOUT),
|
|||||||
|
|
||||||
validate_passkey_cookie();
|
validate_passkey_cookie();
|
||||||
|
|
||||||
if($REMOTE_HTTP_HEADERS_LOGIN) {
|
if ($REMOTE_HTTP_HEADERS_LOGIN) {
|
||||||
login_via_headers();
|
login_via_headers();
|
||||||
} else {
|
} else {
|
||||||
validate_passkey_cookie();
|
validate_passkey_cookie();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
######################################################
|
######################################################
|
||||||
|
|
||||||
function generate_passkey() {
|
function generate_passkey() {
|
||||||
|
|
||||||
$rnd1 = rand(10000000, (int)100000000000);
|
$rnd1 = mt_rand(10000000, mt_getrandmax());
|
||||||
$rnd2 = rand(10000000, (int)100000000000);
|
$rnd2 = mt_rand(10000000, mt_getrandmax());
|
||||||
$rnd3 = rand(10000000, (int)100000000000);
|
$rnd3 = mt_rand(10000000, mt_getrandmax());
|
||||||
return sprintf("%0x",$rnd1) . sprintf("%0x",$rnd2) . sprintf("%0x",$rnd3);
|
return sprintf("%0x",$rnd1) . sprintf("%0x",$rnd2) . sprintf("%0x",$rnd3);
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -87,7 +90,12 @@ function set_passkey_cookie($user_id,$is_admin) {
|
|||||||
$VALIDATED = TRUE;
|
$VALIDATED = TRUE;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
######################################################
|
||||||
|
|
||||||
function login_via_headers() {
|
function login_via_headers() {
|
||||||
|
|
||||||
global $IS_ADMIN, $USER_ID, $VALIDATED, $LDAP;
|
global $IS_ADMIN, $USER_ID, $VALIDATED, $LDAP;
|
||||||
//['admins_group'];
|
//['admins_group'];
|
||||||
$USER_ID = $_SERVER['HTTP_REMOTE_USER'];
|
$USER_ID = $_SERVER['HTTP_REMOTE_USER'];
|
||||||
@ -98,6 +106,7 @@ function login_via_headers() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
######################################################
|
######################################################
|
||||||
|
|
||||||
function validate_passkey_cookie() {
|
function validate_passkey_cookie() {
|
||||||
@ -438,6 +447,7 @@ EoCheckJS;
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
######################################################
|
######################################################
|
||||||
|
|
||||||
function generate_username($fn,$ln) {
|
function generate_username($fn,$ln) {
|
||||||
@ -448,12 +458,13 @@ function generate_username($fn,$ln) {
|
|||||||
$username = str_replace('{first_name}',strtolower($fn), $username);
|
$username = str_replace('{first_name}',strtolower($fn), $username);
|
||||||
$username = str_replace('{first_name_initial}',strtolower($fn[0]), $username);
|
$username = str_replace('{first_name_initial}',strtolower($fn[0]), $username);
|
||||||
$username = str_replace('{last_name}',strtolower($ln), $username);
|
$username = str_replace('{last_name}',strtolower($ln), $username);
|
||||||
$username = str_replace('{first_name_initial}',strtolower($ln[0]), $username);
|
$username = str_replace('{last_name_initial}',strtolower($ln[0]), $username);
|
||||||
|
|
||||||
return $username;
|
return $username;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
######################################################
|
######################################################
|
||||||
|
|
||||||
function render_js_username_generator($firstname_field_id,$lastname_field_id,$username_field_id,$username_div_id) {
|
function render_js_username_generator($firstname_field_id,$lastname_field_id,$username_field_id,$username_div_id) {
|
||||||
@ -494,6 +505,7 @@ EoRenderJS;
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
######################################################
|
######################################################
|
||||||
|
|
||||||
function render_js_cn_generator($firstname_field_id,$lastname_field_id,$cn_field_id,$cn_div_id) {
|
function render_js_cn_generator($firstname_field_id,$lastname_field_id,$cn_field_id,$cn_div_id) {
|
||||||
@ -531,6 +543,7 @@ EoRenderCNJS;
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
######################################################
|
######################################################
|
||||||
|
|
||||||
function render_js_email_generator($username_field_id,$email_field_id) {
|
function render_js_email_generator($username_field_id,$email_field_id) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user