diff --git a/README.md b/README.md index 2f35fcc..d0d1ebf 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,14 @@ docker run \ --name=lum \ -p 80:80 \ -p 443:443 \ - -e SERVER_HOSTNAME=lum.example.com \ - -e LDAP_URI=ldap://ldap.example.com \ - -e LDAP_BASE_DN=dc=example,dc=com \ - -e LDAP_STARTTLS=TRUE \ - -e LDAP_ADMINS_GROUP=admins \ - -e LDAP_ADMIN_BIND_DN="cn=admin,dc=example,dc=com" \ - -e LDAP_ADMIN_BIND_PWD=secret\ + -e "SERVER_HOSTNAME=lum.example.com" \ + -e "LDAP_URI=ldap://ldap.example.com" \ + -e "LDAP_BASE_DN=dc=example,dc=com" \ + -e "LDAP_STARTTLS=TRUE" \ + -e "LDAP_ADMINS_GROUP=admins" \ + -e "LDAP_ADMIN_BIND_DN=cn=admin,dc=example,dc=com" \ + -e "LDAP_ADMIN_BIND_PWD=secret"\ + -e "EMAIL_DOMAIN=example.com"\ wheelybird/ldap-user-manager ``` Now go to https://lum.example.com/setup. @@ -68,7 +69,7 @@ Optional: * `DEFAULT_USER_GROUP` (default: *everybody*): The group that new accounts are automatically added to when created. *NOTE*: If this group doesn't exist then a group is created with the same name as the username and the user is added to that group. * `DEFAULT_USER_SHELL` (default: */bin/bash*): The shell that will be launched when the user logs into a server. -* `EMAIL_DOMAIN` (no default): The domain name to append to the email address when creating an account (username@email_domain). If unset then the mail attribute won't be set. +* `EMAIL_DOMAIN` (no default): If set then the email address field will be automatically populated in the form of `username@email_domain`). * `USERNAME_FORMAT` (default: *{first_name}-{last_name}*): The template used to dynamically generate usernames. See the _Usernames_ section below. * `USERNAME_REGEX` (default: *^[a-z][a-zA-Z0-9\._-]{3,32}$*): The regular expression used to ensure a username (and group name) is valid. See the _Usernames_ section below. @@ -119,6 +120,8 @@ Currently the available macros are: Anything else in the `USERNAME_FORMAT` string is left as defined, but the username is also checked for validity against `USERNAME_REGEX`. This is to ensure that there aren't any characters forbidden by other systems (i.e. email or Linux/Unix accounts). +If `EMAIL_DOMAIN` is set then the email address field will be automatically updated in the form of `username@email_domain`. Entering anything manually in that field will stop the automatic update of the email field. + Details on accounts and groups --- diff --git a/www/account_manager/index.php b/www/account_manager/index.php index 03ad2e7..42ab836 100644 --- a/www/account_manager/index.php +++ b/www/account_manager/index.php @@ -59,6 +59,7 @@ ldap_close($ldap_connection); Username First name Last name + Email @@ -67,6 +68,7 @@ foreach ($people as $username => $attribs){ print " \n $username\n"; print " " . $people[$username]['givenname'] . "\n"; print " " . $people[$username]['sn'] . "\n"; + print " " . $people[$username]['mail'] . "\n"; print " \n"; } ?> diff --git a/www/account_manager/new_user.php b/www/account_manager/new_user.php index 6689292..fa4ee52 100644 --- a/www/account_manager/new_user.php +++ b/www/account_manager/new_user.php @@ -3,15 +3,34 @@ include_once("web_functions.inc.php"); include_once("ldap_functions.inc.php"); include_once("module_functions.inc.php"); -set_page_access("admin"); -render_header(); -render_submenu(); +if ( $_POST['setup_admin_account'] ) { + $admin_setup = TRUE; + + validate_setup_cookie(); + set_page_access("setup"); + + $completed_action="/log_in"; + $page_title="New administrator account"; + + render_header("Setup administrator account", FALSE); + +} +else { + set_page_access("admin"); + + $completed_action="/$THIS_MODULE_PATH/"; + $page_title="New account"; + + render_header(); + render_submenu(); +} $invalid_password = FALSE; $mismatched_passwords = FALSE; $invalid_username = FALSE; $weak_password = FALSE; +$invalid_email = FALSE; if (isset($_POST['create_account'])) { @@ -21,8 +40,12 @@ if (isset($_POST['create_account'])) { $last_name = stripslashes($_POST['last_name']); $username = stripslashes($_POST['username']); $password = $_POST['password']; + + if ($_POST['email']) { $email = stripslashes($_POST['email']); } + if (!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) { $weak_password = TRUE; } + if (isset($email) and !is_valid_email($email)) { $invalid_email = TRUE; } if (preg_match("/\"|'/",$password)) { $invalid_password = TRUE; } if ($_POST['password'] != $_POST['password_match']) { $mismatched_passwords = TRUE; } if (!preg_match("/$USERNAME_REGEX/",$username)) { $invalid_username = TRUE; } @@ -34,18 +57,30 @@ if (isset($_POST['create_account'])) { and !$mismatched_passwords and !$weak_password and !$invalid_password - and !$invalid_username ) { + and !$invalid_username + and !$invalid_email) { $ldap_connection = open_ldap_connection(); - $new_account = ldap_new_account($ldap_connection, $first_name, $last_name, $username, $password); - + $new_account = ldap_new_account($ldap_connection, $first_name, $last_name, $username, $password, $email); + if ($new_account) { + + if ($admin_setup == TRUE) { + $member_add = ldap_add_member_to_group($ldap_connection, $LDAP['admins_group'], $username); + if (!$member_add) { ?> +
+

The account was created but adding it to the admin group failed.

+
+

Account created.

-
+

@@ -57,9 +92,9 @@ if (isset($_POST['create_account'])) { else { if (!$new_account) { ?>
-

Couldn't create the account.

+

Failed to create the account.

-
-

The password wasn't strong enough.

+

The password is too weak.

+if ($invalid_email) { ?>
-

The passwords didn't match.

+

The email address is invalid.

+
+

The passwords are mismatched.

+
+
@@ -97,19 +137,20 @@ if ($invalid_username) { ?> - +
-
New account
+
+
- onkeyup="update_username()"> + onkeyup="update_username(); update_email();">
- onkeyup="update_username()"> + onkeyup="update_username(); update_email();">
- onkeyup="check_username_validity(document.getElementById('username').value)"> + onkeyup="check_username_validity(document.getElementById('username').value); update_email();"> +
+
+ +
+ +
+ onkeyup="auto_email_update = false;">
- +
diff --git a/www/account_manager/show_user.php b/www/account_manager/show_user.php index a07c819..c81f465 100644 --- a/www/account_manager/show_user.php +++ b/www/account_manager/show_user.php @@ -18,7 +18,8 @@ $attribute_map = array( "givenname" => "First name", "uidnumber" => "UID", "gidnumber" => "GID", "loginshell" => "Login shell", - "homedirectory" => "Home directory" + "homedirectory" => "Home directory", + "mail" => "Email" ); diff --git a/www/includes/ldap_functions.inc.php b/www/includes/ldap_functions.inc.php index 2d37f4a..d713a30 100644 --- a/www/includes/ldap_functions.inc.php +++ b/www/includes/ldap_functions.inc.php @@ -127,7 +127,7 @@ function ldap_get_user_list($ldap_connection,$start=0,$entries=NULL,$sort="asc", global $log_prefix, $LDAP; - if (!isset($fields)) { $fields = array("uid", "givenname", "sn"); } + if (!isset($fields)) { $fields = array("uid", "givenname", "sn", "mail"); } if (!isset($sort_key)) { $sort_key = $LDAP['account_attribute']; } $ldap_search = ldap_search($ldap_connection, "${LDAP['user_dn']}", "(&(${LDAP['account_attribute']}=*)$filters)", $fields); @@ -383,7 +383,7 @@ function ldap_get_gid_of_group($ldap_connection,$group_name) { ################################## -function ldap_new_account($ldap_connection,$first_name,$last_name,$username,$password) { +function ldap_new_account($ldap_connection,$first_name,$last_name,$username,$password,$email) { global $log_prefix, $LDAP, $DEFAULT_USER_SHELL, $DEFAULT_USER_GROUP, $EMAIL_DOMAIN; @@ -424,8 +424,8 @@ function ldap_new_account($ldap_connection,$first_name,$last_name,$username,$pas 'userPassword' => $hashed_pass ); - if (isset($EMAIL_DOMAIN)) { - array_push($user_info, ['mail' => "$username@$EMAIL_DOMAIN"]); + if (isset($email) and $email != "") { + array_push($user_info, ['mail' => $email]); } $add_account = ldap_add($ldap_connection, diff --git a/www/includes/modules.inc.php b/www/includes/modules.inc.php index ae94cc2..61507aa 100644 --- a/www/includes/modules.inc.php +++ b/www/includes/modules.inc.php @@ -1,16 +1,16 @@ 'hidden_on_login', 'change_password' => 'auth', - 'account_manager' => 'admin', + 'account_manager' => 'admin', 'log_out' => 'auth' ); diff --git a/www/includes/web_functions.inc.php b/www/includes/web_functions.inc.php index 0c54e72..81428b9 100644 --- a/www/includes/web_functions.inc.php +++ b/www/includes/web_functions.inc.php @@ -292,12 +292,7 @@ function set_page_access($level) { function is_valid_email($email) { - if (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'.'@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email)) { - return TRUE; - } - else { - return FALSE; - } + return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $email)) ? FALSE : TRUE; } @@ -367,4 +362,27 @@ EoRenderJS; } +###################################################### + +function render_js_email_generator($username_field_id,$email_field_id) { + + global $EMAIL_DOMAIN; + + print << + + var auto_email_update = true; + + function update_email() { + + if ( auto_email_update == true && "$EMAIL_DOMAIN" != "" ) { + var username = document.getElementById('$username_field_id').value; + document.getElementById('$email_field_id').value = username + '@' + "$EMAIL_DOMAIN"; + } + } + +EoRenderEmailJS; + +} + ?> diff --git a/www/setup/run_checks.php b/www/setup/run_checks.php index b0f9349..4474c7c 100644 --- a/www/setup/run_checks.php +++ b/www/setup/run_checks.php @@ -3,8 +3,8 @@ include_once("web_functions.inc.php"); include_once("ldap_functions.inc.php"); include_once("module_functions.inc.php"); -validate_setup_cookie(); +validate_setup_cookie(); set_page_access("setup"); render_header(); diff --git a/www/setup/setup_admin_account.php b/www/setup/setup_admin_account.php deleted file mode 100644 index 288bdf9..0000000 --- a/www/setup/setup_admin_account.php +++ /dev/null @@ -1,204 +0,0 @@ - -
-

Account created.

-
- -

- -

- - -
-

Couldn't create the account.

-
- -
-

Couldn't add the account to the admin group.

-
- -
-

- -

-
- -
-

The password wasn't strong enough.

-
- -
-

The password contained invalid characters.

-
- -
-

The passwords didn't match.

-
- -
-

The username is invalid.

-
- - - - - - -
-
- -
-
New administrator account
-
- -
- - - - -
- -
- onkeyup="update_username()"> -
-
- -
- -
- onkeyup="update_username()"> -
-
- -
- -
- onkeyup="check_username_validity(document.getElementById('username').value)"> -
-
- -
- -
- -
-
- - -
-
-
-
- - -
- -
- -
-
- -
- -
- -
- -
-
- -
-
- diff --git a/www/setup/setup_ldap.php b/www/setup/setup_ldap.php index d2e9358..5a2b829 100644 --- a/www/setup/setup_ldap.php +++ b/www/setup/setup_ldap.php @@ -3,8 +3,8 @@ include_once("web_functions.inc.php"); include_once("ldap_functions.inc.php"); include_once("module_functions.inc.php"); -validate_setup_cookie(); +validate_setup_cookie(); set_page_access("setup"); render_header(); @@ -134,8 +134,8 @@ if (isset($_POST['fix_problems'])) { ?>
-
" method="post"> - + " method="post"> +