mirror of
https://github.com/wheelybird/ldap-user-manager.git
synced 2025-01-18 15:32:54 +01:00
Code tidy, encode URLs and add no-https option
This commit is contained in:
parent
c3244bdd7f
commit
495d31521a
@ -1,18 +1,18 @@
|
|||||||
FROM php:7.0-apache
|
FROM php:7.0-apache
|
||||||
|
|
||||||
COPY www/ /opt/ldap_user_manager
|
|
||||||
COPY entrypoint /usr/local/bin/entrypoint
|
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y --no-install-recommends libldb-dev libldap2-dev && rm -rf /var/lib/apt/lists/* && ln -s /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/libldap.so \
|
RUN apt-get update && apt-get install -y --no-install-recommends libldb-dev libldap2-dev && rm -rf /var/lib/apt/lists/* && ln -s /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/libldap.so \
|
||||||
&& ln -s /usr/lib/x86_64-linux-gnu/liblber.so /usr/lib/liblber.so
|
&& ln -s /usr/lib/x86_64-linux-gnu/liblber.so /usr/lib/liblber.so
|
||||||
RUN docker-php-source extract && docker-php-ext-install -j$(nproc) ldap && docker-php-source delete
|
RUN docker-php-source extract && docker-php-ext-install -j$(nproc) ldap && docker-php-source delete
|
||||||
|
|
||||||
RUN chmod a+x /usr/local/bin/entrypoint
|
|
||||||
RUN a2enmod rewrite ssl
|
RUN a2enmod rewrite ssl
|
||||||
RUN a2dissite 000-default default-ssl
|
RUN a2dissite 000-default default-ssl
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
EXPOSE 443
|
EXPOSE 443
|
||||||
|
|
||||||
|
COPY www/ /opt/ldap_user_manager
|
||||||
|
COPY entrypoint /usr/local/bin/entrypoint
|
||||||
|
RUN chmod a+x /usr/local/bin/entrypoint
|
||||||
|
|
||||||
CMD ["apache2-foreground"]
|
CMD ["apache2-foreground"]
|
||||||
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
||||||
|
12
README.md
12
README.md
@ -47,7 +47,7 @@ docker run \
|
|||||||
-e "SERVER_HOSTNAME=lum.example.com" \
|
-e "SERVER_HOSTNAME=lum.example.com" \
|
||||||
-e "LDAP_URI=ldap://ldap.example.com" \
|
-e "LDAP_URI=ldap://ldap.example.com" \
|
||||||
-e "LDAP_BASE_DN=dc=example,dc=com" \
|
-e "LDAP_BASE_DN=dc=example,dc=com" \
|
||||||
-e "LDAP_STARTTLS=TRUE" \
|
-e "LDAP_REQUIRE_STARTTLS=TRUE" \
|
||||||
-e "LDAP_ADMINS_GROUP=admins" \
|
-e "LDAP_ADMINS_GROUP=admins" \
|
||||||
-e "LDAP_ADMIN_BIND_DN=cn=admin,dc=example,dc=com" \
|
-e "LDAP_ADMIN_BIND_DN=cn=admin,dc=example,dc=com" \
|
||||||
-e "LDAP_ADMIN_BIND_PWD=secret"\
|
-e "LDAP_ADMIN_BIND_PWD=secret"\
|
||||||
@ -78,6 +78,7 @@ Optional:
|
|||||||
----
|
----
|
||||||
|
|
||||||
* `SERVER_HOSTNAME` (default: *example.com*): The hostname that this interface will be served from.
|
* `SERVER_HOSTNAME` (default: *example.com*): The hostname that this interface will be served from.
|
||||||
|
* `NO_HTTPS` (default: *FALSE*): If you set this to *TRUE* then the server will run in HTTP mode, without any encryption. This is insecure and should only be used for testing.
|
||||||
|
|
||||||
* `LDAP_USER_OU` (default: *people*): The name of the OU used to store user accounts (without the base DN appended).
|
* `LDAP_USER_OU` (default: *people*): The name of the OU used to store user accounts (without the base DN appended).
|
||||||
|
|
||||||
@ -85,8 +86,6 @@ Optional:
|
|||||||
* `LDAP_GROUP_MEMBERSHIP_ATTRIBUTE` (default: *uniqueMember*): The attribute used when adding a user to a group.
|
* `LDAP_GROUP_MEMBERSHIP_ATTRIBUTE` (default: *uniqueMember*): The attribute used when adding a user to a group.
|
||||||
* `LDAP_GROUP_MEMBERSHIP_USES_UID`(default: *FALSE*): If *TRUE* then the entry for a member of a group will be just the username. Otherwise it's the member's full DN.
|
* `LDAP_GROUP_MEMBERSHIP_USES_UID`(default: *FALSE*): If *TRUE* then the entry for a member of a group will be just the username. Otherwise it's the member's full DN.
|
||||||
|
|
||||||
* `LDAP_ACCOUNT_ATTRIBUTE` (default: *uid*): The attribute used to identify account usernames.
|
|
||||||
|
|
||||||
* `LDAP_REQUIRE_STARTTLS` (default: *TRUE*): If *TRUE* then a TLS connection is required for this interface to work. If set to *FALSE* then the interface will work without STARTTLS, but a warning will be displayed on the page.
|
* `LDAP_REQUIRE_STARTTLS` (default: *TRUE*): If *TRUE* then a TLS connection is required for this interface to work. If set to *FALSE* then the interface will work without STARTTLS, but a warning will be displayed on the page.
|
||||||
|
|
||||||
* `LDAP_TLS_CACERT` (no default): If you need to use a specific CA certificate for TLS connections to the LDAP server (when `LDAP_REQUIRE_STARTTLS` is set) then assign the contents of the CA certificate to this variable. e.g. `-e LDAP_TLS_CERT=$(</path/to/ca.crt)`
|
* `LDAP_TLS_CACERT` (no default): If you need to use a specific CA certificate for TLS connections to the LDAP server (when `LDAP_REQUIRE_STARTTLS` is set) then assign the contents of the CA certificate to this variable. e.g. `-e LDAP_TLS_CERT=$(</path/to/ca.crt)`
|
||||||
@ -106,8 +105,7 @@ Optional:
|
|||||||
Webserver SSL setup
|
Webserver SSL setup
|
||||||
---
|
---
|
||||||
|
|
||||||
The webserver (Apache HTTPD) expects to find `/opt/ssl/server.key` and `/opt/ssl/server.crt`, and these certificates should match `SERVER_HOSTNAME`.
|
When `NO_HTTPS` is set to **false** (the default), the webserver (Apache HTTPD) expects to find `/opt/ssl/server.key` and `/opt/ssl/server.crt`, and these certificates should match `SERVER_HOSTNAME`. If these files aren't found then the startup script will create self-signed certificates based on `SERVER_HOSTNAME`. To use your own key and certificate then you need to bind-mount a directory containing them to `/opt/ssl`. The script will also look for `/opt/ssl/chain.pem` if you need to add a certificate chain file (the Apache `SSLCertificateChainFile` option).
|
||||||
If those files aren't found then the startup script will create self-signed certificates based on `SERVER_HOSTNAME`. To use your own key and certificate then you need to bind-mount a directory containing them to `/opt/ssl`. The script will also look for `/opt/ssl/chain.pem` if you need to add a certificate chain file (the Apache `SSLCertificateChainFile` option).
|
|
||||||
|
|
||||||
e.g.:
|
e.g.:
|
||||||
```
|
```
|
||||||
@ -152,5 +150,5 @@ If `EMAIL_DOMAIN` is set then the email address field will be automatically upda
|
|||||||
Details on accounts and groups
|
Details on accounts and groups
|
||||||
---
|
---
|
||||||
|
|
||||||
This interface will create POSIX user accounts and groups, which allows you to use your LDAP directory for Linux/Unix accounts.
|
This interface will create POSIX user accounts and groups, which allows you to use your LDAP directory for Linux/Unix accounts. The accounts created use `person`, `inetOrgPerson` & `posixAccount` objectClasses. Usernames are defined via the `uid` attribute and groups are created as with `posixGroup` and `groupOfUniqueNames` objectClasses (the latter in case you want to use the `memberOf` LDAP module).
|
||||||
Groups are also created as a `groupOfUniqueNames` type in case you want to use the `memberOf` LDAP module.
|
|
||||||
|
138
entrypoint
138
entrypoint
@ -5,7 +5,6 @@ ssl_dir="/opt/ssl"
|
|||||||
|
|
||||||
if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME=example.com; fi
|
if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME=example.com; fi
|
||||||
|
|
||||||
|
|
||||||
#If LDAP_TLS_CACERT is set then write it out as a file
|
#If LDAP_TLS_CACERT is set then write it out as a file
|
||||||
#and set up the LDAP client conf to use it.
|
#and set up the LDAP client conf to use it.
|
||||||
|
|
||||||
@ -15,79 +14,99 @@ if [ "$LDAP_TLS_CACERT" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
########################
|
if [ "$NO_HTTPS" = "TRUE" ]; then
|
||||||
#If there aren't any SSL certs then create a CA and then CA-signed certificate
|
|
||||||
|
|
||||||
if [ ! -f "${ssl_dir}/server.key" ] && [ ! -f "${ssl_dir}/server.crt" ]; then
|
cat <<EoHTTPC >/etc/apache2/sites-enabled/lum.conf
|
||||||
|
|
||||||
mkdir -p $ssl_dir
|
<VirtualHost *:80>
|
||||||
confout="${ssl_dir}/conf"
|
|
||||||
keyout="${ssl_dir}/server.key"
|
|
||||||
certout="${ssl_dir}/server.crt"
|
|
||||||
cakey="${ssl_dir}/ca.key"
|
|
||||||
cacert="${ssl_dir}/ca.crt"
|
|
||||||
serialfile="${ssl_dir}/serial"
|
|
||||||
|
|
||||||
echo "Generating CA key"
|
ServerName $SERVER_HOSTNAME
|
||||||
openssl genrsa -out $cakey 2048
|
DocumentRoot /opt/ldap_user_manager
|
||||||
if [ $? -ne 0 ]; then exit 1 ; fi
|
|
||||||
|
|
||||||
echo "Generating CA certificate"
|
DirectoryIndex index.php index.html
|
||||||
openssl req \
|
|
||||||
-x509 \
|
|
||||||
-new \
|
|
||||||
-nodes \
|
|
||||||
-subj "/C=GB/ST=GB/L=GB/O=CA/OU=CA/CN=Wheelybird" \
|
|
||||||
-key $cakey \
|
|
||||||
-sha256 \
|
|
||||||
-days 7300 \
|
|
||||||
-out $cacert
|
|
||||||
if [ $? -ne 0 ]; then exit 1 ; fi
|
|
||||||
|
|
||||||
echo "Generating openssl configuration"
|
<Directory /opt/ldap_user_manager>
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
cat <<EoCertConf>$confout
|
</VirtualHost>
|
||||||
|
EoHTTPC
|
||||||
|
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
########################
|
||||||
|
#If there aren't any SSL certs then create a CA and then CA-signed certificate
|
||||||
|
|
||||||
|
if [ ! -f "${ssl_dir}/server.key" ] && [ ! -f "${ssl_dir}/server.crt" ]; then
|
||||||
|
|
||||||
|
mkdir -p $ssl_dir
|
||||||
|
confout="${ssl_dir}/conf"
|
||||||
|
keyout="${ssl_dir}/server.key"
|
||||||
|
certout="${ssl_dir}/server.crt"
|
||||||
|
cakey="${ssl_dir}/ca.key"
|
||||||
|
cacert="${ssl_dir}/ca.crt"
|
||||||
|
serialfile="${ssl_dir}/serial"
|
||||||
|
|
||||||
|
echo "Generating CA key"
|
||||||
|
openssl genrsa -out $cakey 2048
|
||||||
|
if [ $? -ne 0 ]; then exit 1 ; fi
|
||||||
|
|
||||||
|
echo "Generating CA certificate"
|
||||||
|
openssl req \
|
||||||
|
-x509 \
|
||||||
|
-new \
|
||||||
|
-nodes \
|
||||||
|
-subj "/C=GB/ST=GB/L=GB/O=CA/OU=CA/CN=Wheelybird" \
|
||||||
|
-key $cakey \
|
||||||
|
-sha256 \
|
||||||
|
-days 7300 \
|
||||||
|
-out $cacert
|
||||||
|
if [ $? -ne 0 ]; then exit 1 ; fi
|
||||||
|
|
||||||
|
echo "Generating openssl configuration"
|
||||||
|
|
||||||
|
cat <<EoCertConf>$confout
|
||||||
subjectAltName = DNS:${SERVER_HOSTNAME},IP:127.0.0.1
|
subjectAltName = DNS:${SERVER_HOSTNAME},IP:127.0.0.1
|
||||||
extendedKeyUsage = serverAuth
|
extendedKeyUsage = serverAuth
|
||||||
EoCertConf
|
EoCertConf
|
||||||
|
|
||||||
echo "Generating server key..."
|
echo "Generating server key..."
|
||||||
openssl genrsa -out $keyout 2048
|
openssl genrsa -out $keyout 2048
|
||||||
if [ $? -ne 0 ]; then exit 1 ; fi
|
if [ $? -ne 0 ]; then exit 1 ; fi
|
||||||
|
|
||||||
echo "Generating server signing request..."
|
echo "Generating server signing request..."
|
||||||
openssl req \
|
openssl req \
|
||||||
-subj "/CN=${SERVER_HOSTNAME}" \
|
-subj "/CN=${SERVER_HOSTNAME}" \
|
||||||
-sha256 \
|
-sha256 \
|
||||||
-new \
|
-new \
|
||||||
-key $keyout \
|
-key $keyout \
|
||||||
-out /tmp/server.csr
|
-out /tmp/server.csr
|
||||||
if [ $? -ne 0 ]; then exit 1 ; fi
|
if [ $? -ne 0 ]; then exit 1 ; fi
|
||||||
|
|
||||||
echo "Generating server cert..."
|
echo "Generating server cert..."
|
||||||
openssl x509 \
|
openssl x509 \
|
||||||
-req \
|
-req \
|
||||||
-days 7300 \
|
-days 7300 \
|
||||||
-sha256 \
|
-sha256 \
|
||||||
-in /tmp/server.csr \
|
-in /tmp/server.csr \
|
||||||
-CA $cacert \
|
-CA $cacert \
|
||||||
-CAkey $cakey \
|
-CAkey $cakey \
|
||||||
-CAcreateserial \
|
-CAcreateserial \
|
||||||
-CAserial $serialfile \
|
-CAserial $serialfile \
|
||||||
-out $certout \
|
-out $certout \
|
||||||
-extfile $confout
|
-extfile $confout
|
||||||
if [ $? -ne 0 ]; then exit 1 ; fi
|
if [ $? -ne 0 ]; then exit 1 ; fi
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
########################
|
########################
|
||||||
#Create Apache config
|
#Create Apache config
|
||||||
|
|
||||||
|
if [ -f "/opt/tls/chain.pem" ]; then $ssl_chain="SSLCertificateChainFile /opt/tls/chain.pem"; fi
|
||||||
|
|
||||||
if [ -f "/opt/tls/chain.pem" ]; then $ssl_chain="SSLCertificateChainFile /opt/tls/chain.pem"; fi
|
cat <<EoHTTPSC >/etc/apache2/sites-enabled/lum.conf
|
||||||
|
|
||||||
cat <<EoC >/etc/apache2/sites-enabled/lum.conf
|
|
||||||
|
|
||||||
Listen 443
|
Listen 443
|
||||||
|
|
||||||
@ -114,11 +133,10 @@ Listen 443
|
|||||||
SSLCertificateKeyFile /opt/ssl/server.key
|
SSLCertificateKeyFile /opt/ssl/server.key
|
||||||
$ssl_chain
|
$ssl_chain
|
||||||
|
|
||||||
php_value include_path "/opt/ldap_user_manager/includes"
|
|
||||||
|
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
EoC
|
EoHTTPSC
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
########################
|
########################
|
||||||
#Run Apache
|
#Run Apache
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include_once __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
include_once __DIR__ . "/../includes/module_functions.inc.php";
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
include_once "module_functions.inc.php";
|
||||||
set_page_access("admin");
|
set_page_access("admin");
|
||||||
|
|
||||||
render_header("LDAP manager");
|
render_header("LDAP manager");
|
||||||
@ -21,6 +23,8 @@ if (isset($_POST['delete_group'])) {
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
$this_group = $_POST['delete_group'];
|
$this_group = $_POST['delete_group'];
|
||||||
|
$this_group = urldecode($this_group);
|
||||||
|
|
||||||
if (preg_match("/$USERNAME_REGEX/",$this_group)) {
|
if (preg_match("/$USERNAME_REGEX/",$this_group)) {
|
||||||
|
|
||||||
$del_group = ldap_delete_group($ldap_connection,$this_group);
|
$del_group = ldap_delete_group($ldap_connection,$this_group);
|
||||||
@ -84,7 +88,7 @@ render_js_username_check();
|
|||||||
<tbody>
|
<tbody>
|
||||||
<?php
|
<?php
|
||||||
foreach ($groups as $group){
|
foreach ($groups as $group){
|
||||||
print " <tr>\n <td><a href='/$THIS_MODULE_PATH/show_group.php?group_name=$group'>$group</a></td>\n </tr>\n";
|
print " <tr>\n <td><a href='/$THIS_MODULE_PATH/show_group.php?group_name=" . urlencode($group) . "'>$group</a></td>\n </tr>\n";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</tbody>
|
</tbody>
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include_once __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
include_once __DIR__ . "/../includes/module_functions.inc.php";
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
include_once "module_functions.inc.php";
|
||||||
set_page_access("admin");
|
set_page_access("admin");
|
||||||
|
|
||||||
render_header("LDAP manager");
|
render_header("LDAP manager");
|
||||||
@ -21,6 +23,8 @@ if (isset($_POST['delete_user'])) {
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
$this_user = $_POST['delete_user'];
|
$this_user = $_POST['delete_user'];
|
||||||
|
$this_user = urldecode($this_user);
|
||||||
|
|
||||||
if (preg_match("/$USERNAME_REGEX/",$this_user)) {
|
if (preg_match("/$USERNAME_REGEX/",$this_user)) {
|
||||||
|
|
||||||
$del_user = ldap_delete_account($ldap_connection,$this_user);
|
$del_user = ldap_delete_account($ldap_connection,$this_user);
|
||||||
@ -65,7 +69,7 @@ ldap_close($ldap_connection);
|
|||||||
<tbody>
|
<tbody>
|
||||||
<?php
|
<?php
|
||||||
foreach ($people as $username => $attribs){
|
foreach ($people as $username => $attribs){
|
||||||
print " <tr>\n <td><a href='/$THIS_MODULE_PATH/show_user.php?username=$username'>$username</a></td>\n";
|
print " <tr>\n <td><a href='/$THIS_MODULE_PATH/show_user.php?username=" . urlencode($username) . "'>$username</a></td>\n";
|
||||||
print " <td>" . $people[$username]['givenname'] . "</td>\n";
|
print " <td>" . $people[$username]['givenname'] . "</td>\n";
|
||||||
print " <td>" . $people[$username]['sn'] . "</td>\n";
|
print " <td>" . $people[$username]['sn'] . "</td>\n";
|
||||||
print " <td>" . $people[$username]['mail'] . "</td>\n";
|
print " <td>" . $people[$username]['mail'] . "</td>\n";
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include_once __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
include_once __DIR__ . "/../includes/module_functions.inc.php";
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
include_once "module_functions.inc.php";
|
||||||
|
|
||||||
if ( $_POST['setup_admin_account'] ) {
|
if ( $_POST['setup_admin_account'] ) {
|
||||||
$admin_setup = TRUE;
|
$admin_setup = TRUE;
|
||||||
@ -180,7 +182,7 @@ render_js_email_generator('username','email');
|
|||||||
</script>
|
</script>
|
||||||
|
|
||||||
<div class="container">
|
<div class="container">
|
||||||
<div class="col-sm-7">
|
<div class="col-sm-8">
|
||||||
|
|
||||||
<div class="panel panel-default">
|
<div class="panel panel-default">
|
||||||
<div class="panel-heading text-center"><?php print $page_title; ?></div>
|
<div class="panel-heading text-center"><?php print $page_title; ?></div>
|
||||||
@ -193,35 +195,35 @@ render_js_email_generator('username','email');
|
|||||||
<input type="hidden" id="pass_score" value="0" name="pass_score">
|
<input type="hidden" id="pass_score" value="0" name="pass_score">
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="first_name" class="col-sm-2 control-label">First name</label>
|
<label for="first_name" class="col-sm-3 control-label">First name</label>
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
<input type="text" class="form-control" id="first_name" name="first_name" <?php if (isset($first_name)){ print " value='$first_name'"; } ?> onkeyup="update_username(); update_email();">
|
<input type="text" class="form-control" id="first_name" name="first_name" <?php if (isset($first_name)){ print " value='$first_name'"; } ?> onkeyup="update_username(); update_email();">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="last_name" class="col-sm-2 control-label">Last name</label>
|
<label for="last_name" class="col-sm-3 control-label">Last name</label>
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
<input type="text" class="form-control" id="last_name" name="last_name" <?php if (isset($last_name)){ print " value='$last_name'"; } ?> onkeyup="update_username(); update_email();">
|
<input type="text" class="form-control" id="last_name" name="last_name" <?php if (isset($last_name)){ print " value='$last_name'"; } ?> onkeyup="update_username(); update_email();">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group" id="username_div">
|
<div class="form-group" id="username_div">
|
||||||
<label for="username" class="col-sm-2 control-label">Username</label>
|
<label for="username" class="col-sm-3 control-label">Username</label>
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
<input type="text" class="form-control" id="username" name="username" <?php if (isset($username)){ print " value='$username'"; } ?> onkeyup="check_username_validity(document.getElementById('username').value); update_email();">
|
<input type="text" class="form-control" id="username" name="username" <?php if (isset($username)){ print " value='$username'"; } ?> onkeyup="check_username_validity(document.getElementById('username').value); update_email();">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group" id="email_div">
|
<div class="form-group" id="email_div">
|
||||||
<label for="username" class="col-sm-2 control-label">Email</label>
|
<label for="username" class="col-sm-3 control-label">Email</label>
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
<input type="text" class="form-control" id="email" name="email" <?php if (isset($email)){ print " value='$email'"; } ?> onkeyup="auto_email_update = false;">
|
<input type="text" class="form-control" id="email" name="email" <?php if (isset($email)){ print " value='$email'"; } ?> onkeyup="auto_email_update = false;">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group" id="password_div">
|
<div class="form-group" id="password_div">
|
||||||
<label for="password" class="col-sm-2 control-label">Password</label>
|
<label for="password" class="col-sm-3 control-label">Password</label>
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
<input type="text" class="form-control" id="password" name="password" onkeyup="back_to_hidden('password','confirm');">
|
<input type="text" class="form-control" id="password" name="password" onkeyup="back_to_hidden('password','confirm');">
|
||||||
</div>
|
</div>
|
||||||
@ -231,7 +233,7 @@ render_js_email_generator('username','email');
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group" id="confirm_div">
|
<div class="form-group" id="confirm_div">
|
||||||
<label for="confirm" class="col-sm-2 control-label">Confirm</label>
|
<label for="confirm" class="col-sm-3 control-label">Confirm</label>
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
<input type="password" class="form-control" id="confirm" name="password_match" onkeyup="check_passwords_match()">
|
<input type="password" class="form-control" id="confirm" name="password_match" onkeyup="check_passwords_match()">
|
||||||
</div>
|
</div>
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include_once __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
include_once __DIR__ . "/../includes/module_functions.inc.php";
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
include_once "module_functions.inc.php";
|
||||||
set_page_access("admin");
|
set_page_access("admin");
|
||||||
|
|
||||||
render_header("LDAP manager");
|
render_header("LDAP manager");
|
||||||
@ -22,6 +24,7 @@ exit(0);
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$group_cn = (isset($_POST['group_name']) ? $_POST['group_name'] : $_GET['group_name']);
|
$group_cn = (isset($_POST['group_name']) ? $_POST['group_name'] : $_GET['group_name']);
|
||||||
|
$group_cn = urldecode($group_cn);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!preg_match("/$USERNAME_REGEX/",$group_cn)) {
|
if (!preg_match("/$USERNAME_REGEX/",$group_cn)) {
|
||||||
@ -41,8 +44,8 @@ if (isset($_POST['new_group'])) {
|
|||||||
|
|
||||||
######################################################################################
|
######################################################################################
|
||||||
|
|
||||||
|
$ldap_search_query="cn=" . ldap_escape($group_cn, "", LDAP_ESCAPE_FILTER);
|
||||||
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "cn=$group_cn");
|
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
|
||||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||||
|
|
||||||
$current_members = array();
|
$current_members = array();
|
||||||
@ -260,7 +263,7 @@ ldap_close($ldap_connection);
|
|||||||
</button>
|
</button>
|
||||||
<form id="group_members" action="<?php print $CURRENT_PAGE; ?>" method="post">
|
<form id="group_members" action="<?php print $CURRENT_PAGE; ?>" method="post">
|
||||||
<input type="hidden" name="update_members">
|
<input type="hidden" name="update_members">
|
||||||
<input type="hidden" name="group_name" value="<?php print $group_cn; ?>">
|
<input type="hidden" name="group_name" value="<?php print urlencode($group_cn); ?>">
|
||||||
</form>
|
</form>
|
||||||
<button id="submit_members" class="btn btn-info" disabled type="submit" onclick="update_form_with_users()">Save</button>
|
<button id="submit_members" class="btn btn-info" disabled type="submit" onclick="update_form_with_users()">Save</button>
|
||||||
</div>
|
</div>
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include_once __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
include_once __DIR__ . "/../includes/module_functions.inc.php";
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
include_once "module_functions.inc.php";
|
||||||
set_page_access("admin");
|
set_page_access("admin");
|
||||||
|
|
||||||
render_header();
|
render_header();
|
||||||
@ -37,20 +39,21 @@ exit(0);
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$username = (isset($_POST['username']) ? $_POST['username'] : $_GET['username']);
|
$username = (isset($_POST['username']) ? $_POST['username'] : $_GET['username']);
|
||||||
|
$username = urldecode($username);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!preg_match("/$USERNAME_REGEX/",$username)) {
|
if (!preg_match("/$USERNAME_REGEX/",$username)) {
|
||||||
?>
|
?>
|
||||||
<div class="alert alert-danger">
|
<div class="alert alert-danger">
|
||||||
<p class="text-center">The username is invalid.</p>
|
<p class="text-center">The username <b><?php print "$username"; ?></b> is invalid.</p>
|
||||||
</div>
|
</div>
|
||||||
<?php
|
<?php
|
||||||
render_footer();
|
render_footer();
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$ldap_search_query="(${LDAP['account_attribute']}=". ldap_escape($username, "", LDAP_ESCAPE_FILTER) . ")";
|
||||||
$ldap_search = ldap_search( $ldap_connection, $LDAP['base_dn'], "(${LDAP['account_attribute']}=$username)" );
|
$ldap_search = ldap_search( $ldap_connection, $LDAP['base_dn'], $ldap_search_query);
|
||||||
|
|
||||||
|
|
||||||
if ($ldap_search) {
|
if ($ldap_search) {
|
||||||
@ -325,7 +328,7 @@ if ($ldap_search) {
|
|||||||
<div class="panel-heading clearfix">
|
<div class="panel-heading clearfix">
|
||||||
<h3 class="panel-title pull-left" style="padding-top: 7.5px;"><?php print $user[0]['uid'][0]; ?></h3>
|
<h3 class="panel-title pull-left" style="padding-top: 7.5px;"><?php print $user[0]['uid'][0]; ?></h3>
|
||||||
<button class="btn btn-warning pull-right" onclick="show_delete_user_button();">Delete account</button>
|
<button class="btn btn-warning pull-right" onclick="show_delete_user_button();">Delete account</button>
|
||||||
<form action="/<?php print $THIS_MODULE_PATH; ?>/index.php" method="post"><input type="hidden" name="delete_user" value="<?php print $username; ?>"><button class="btn btn-danger pull-right invisible" id="delete_user">Confirm deletion</button></form>
|
<form action="/<?php print $THIS_MODULE_PATH; ?>/index.php" method="post"><input type="hidden" name="delete_user" value="<?php print urlencode($username); ?>"><button class="btn btn-danger pull-right invisible" id="delete_user">Confirm deletion</button></form>
|
||||||
</div>
|
</div>
|
||||||
<div class="panel-body">
|
<div class="panel-body">
|
||||||
<form class="form-horizontal" action="" method="post">
|
<form class="form-horizontal" action="" method="post">
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include_once __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
|
||||||
set_page_access("user");
|
set_page_access("user");
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
$LDAP['group_membership_attribute'] = (getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE') ? getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE') : 'uniquemember');
|
$LDAP['group_membership_attribute'] = (getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE') ? getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE') : 'uniquemember');
|
||||||
$LDAP['group_membership_uses_uid'] = ((strcmp(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID'),'TRUE') == 0) ? TRUE : FALSE);
|
$LDAP['group_membership_uses_uid'] = ((strcmp(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID'),'TRUE') == 0) ? TRUE : FALSE);
|
||||||
|
|
||||||
$LDAP['account_attribute'] = (getenv('LDAP_ACCOUNT_ATTRIBUTE') ? getenv('LDAP_ACCOUNT_ATTRIBUTE') : 'uid');
|
$LDAP['account_attribute'] = 'uid';
|
||||||
$LDAP['require_starttls'] = ((strcmp(getenv('LDAP_REQUIRE_STARTTLS'),'TRUE') == 0) ? TRUE : FALSE);
|
$LDAP['require_starttls'] = ((strcmp(getenv('LDAP_REQUIRE_STARTTLS'),'TRUE') == 0) ? TRUE : FALSE);
|
||||||
|
|
||||||
$DEFAULT_USER_GROUP = (getenv('DEFAULT_USER_GROUP') ? getenv('DEFAULT_USER_GROUP') : 'everybody');
|
$DEFAULT_USER_GROUP = (getenv('DEFAULT_USER_GROUP') ? getenv('DEFAULT_USER_GROUP') : 'everybody');
|
||||||
|
@ -1,14 +1,15 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
$log_prefix = date('Y-m-d H:i:s') . " - LDAP manager - $USER_ID - ";
|
$log_prefix = date('Y-m-d H:i:s') . " - LDAP manager - $USER_ID - ";
|
||||||
|
$LDAP_CONNECTION_WARNING = FALSE;
|
||||||
|
|
||||||
###################################
|
###################################
|
||||||
|
|
||||||
function open_ldap_connection() {
|
function open_ldap_connection() {
|
||||||
|
|
||||||
global $log_prefix, $LDAP, $LDAP_CONNECTION_WARNING;
|
global $log_prefix, $LDAP, $SENT_HEADERS;
|
||||||
|
|
||||||
$ldap_connection = ldap_connect($LDAP['uri']);
|
$ldap_connection = @ ldap_connect($LDAP['uri']);
|
||||||
|
|
||||||
if (!$ldap_connection) {
|
if (!$ldap_connection) {
|
||||||
print "Problem: Can't connect to the LDAP server at ${LDAP['uri']}";
|
print "Problem: Can't connect to the LDAP server at ${LDAP['uri']}";
|
||||||
@ -18,10 +19,9 @@ function open_ldap_connection() {
|
|||||||
|
|
||||||
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||||
|
|
||||||
|
|
||||||
if (!preg_match("/^ldaps:/", $LDAP['uri'])) {
|
if (!preg_match("/^ldaps:/", $LDAP['uri'])) {
|
||||||
|
|
||||||
$tls_result = ldap_start_tls($ldap_connection);
|
$tls_result = @ ldap_start_tls($ldap_connection);
|
||||||
|
|
||||||
if ($tls_result != TRUE) {
|
if ($tls_result != TRUE) {
|
||||||
|
|
||||||
@ -32,16 +32,17 @@ function open_ldap_connection() {
|
|||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
print "<div style='position: fixed;bottom: 0;width: 100%;' class='alert alert-warning'>WARNING: Insecure LDAP connection to ${LDAP['uri']}</div>";
|
if ($SENT_HEADERS == TRUE) {
|
||||||
|
print "<div style='position: fixed;bottom: 0px;width: 100%;height: 20px;border-bottom:solid 20px yellow;'>WARNING: Insecure LDAP connection to ${LDAP['uri']}</div>";
|
||||||
|
}
|
||||||
ldap_close($ldap_connection);
|
ldap_close($ldap_connection);
|
||||||
$ldap_connection = ldap_connect($LDAP['uri']);
|
$ldap_connection = @ ldap_connect($LDAP['uri']);
|
||||||
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$bind_result = ldap_bind( $ldap_connection, $LDAP['admin_bind_dn'], $LDAP['admin_bind_pwd']);
|
$bind_result = @ ldap_bind( $ldap_connection, $LDAP['admin_bind_dn'], $LDAP['admin_bind_pwd']);
|
||||||
|
|
||||||
if ($bind_result != TRUE) {
|
if ($bind_result != TRUE) {
|
||||||
print "Problem: Failed to bind as ${LDAP['admin_bind_dn']}";
|
print "Problem: Failed to bind as ${LDAP['admin_bind_dn']}";
|
||||||
@ -63,7 +64,8 @@ function ldap_auth_username($ldap_connection,$username, $password) {
|
|||||||
|
|
||||||
global $log_prefix, $LDAP;
|
global $log_prefix, $LDAP;
|
||||||
|
|
||||||
$ldap_search = ldap_search( $ldap_connection, $LDAP['base_dn'], "${LDAP['account_attribute']}=${username}");
|
$ldap_search_query="${LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER);
|
||||||
|
$ldap_search = ldap_search( $ldap_connection, $LDAP['base_dn'], $ldap_search_query );
|
||||||
|
|
||||||
if (!$ldap_search) {
|
if (!$ldap_search) {
|
||||||
error_log("$log_prefix Couldn't search for $username",0);
|
error_log("$log_prefix Couldn't search for $username",0);
|
||||||
@ -127,7 +129,8 @@ function ldap_get_user_list($ldap_connection,$start=0,$entries=NULL,$sort="asc",
|
|||||||
|
|
||||||
global $log_prefix, $LDAP;
|
global $log_prefix, $LDAP;
|
||||||
|
|
||||||
if (!isset($fields)) { $fields = array("uid", "givenname", "sn", "mail"); }
|
if (!isset($fields)) { $fields = array_unique( array("${LDAP['account_attribute']}", "givenname", "sn", "mail")); }
|
||||||
|
|
||||||
if (!isset($sort_key)) { $sort_key = $LDAP['account_attribute']; }
|
if (!isset($sort_key)) { $sort_key = $LDAP['account_attribute']; }
|
||||||
|
|
||||||
$ldap_search = ldap_search($ldap_connection, "${LDAP['user_dn']}", "(&(${LDAP['account_attribute']}=*)$filters)", $fields);
|
$ldap_search = ldap_search($ldap_connection, "${LDAP['user_dn']}", "(&(${LDAP['account_attribute']}=*)$filters)", $fields);
|
||||||
@ -241,7 +244,8 @@ function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=N
|
|||||||
|
|
||||||
global $log_prefix, $LDAP;
|
global $log_prefix, $LDAP;
|
||||||
|
|
||||||
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(cn=$group_name)", array($LDAP['group_membership_attribute']));
|
$ldap_search_query = "(cn=". ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||||
|
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_membership_attribute']));
|
||||||
|
|
||||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||||
|
|
||||||
@ -267,7 +271,8 @@ function ldap_is_group_member($ldap_connection,$group_name,$username) {
|
|||||||
|
|
||||||
global $log_prefix, $LDAP;
|
global $log_prefix, $LDAP;
|
||||||
|
|
||||||
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(cn=$group_name)");
|
$ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||||
|
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
|
||||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||||
|
|
||||||
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
||||||
@ -292,7 +297,8 @@ function ldap_new_group($ldap_connection,$group_name) {
|
|||||||
|
|
||||||
if (isset($group_name)) {
|
if (isset($group_name)) {
|
||||||
|
|
||||||
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(cn=$group_name,${LDAP['group_dn']})");
|
$ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']})";
|
||||||
|
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
|
||||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||||
|
|
||||||
if ($result['count'] == 0) {
|
if ($result['count'] == 0) {
|
||||||
@ -343,7 +349,8 @@ function ldap_delete_group($ldap_connection,$group_name) {
|
|||||||
|
|
||||||
if (isset($group_name)) {
|
if (isset($group_name)) {
|
||||||
|
|
||||||
$delete = ldap_delete($ldap_connection, "cn=$group_name,${LDAP['group_dn']}");
|
$delete_query = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
|
||||||
|
$delete = ldap_delete($ldap_connection, $delete_query);
|
||||||
|
|
||||||
if ($delete) {
|
if ($delete) {
|
||||||
error_log("$log_prefix Deleted group $group_name",0);
|
error_log("$log_prefix Deleted group $group_name",0);
|
||||||
@ -367,7 +374,8 @@ function ldap_get_gid_of_group($ldap_connection,$group_name) {
|
|||||||
|
|
||||||
if (isset($group_name)) {
|
if (isset($group_name)) {
|
||||||
|
|
||||||
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(cn=$group_name)", array("gidNumber"));
|
$ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||||
|
$ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("gidNumber"));
|
||||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||||
|
|
||||||
if (isset($result[0]['gidnumber'][0]) and is_numeric($result[0]['gidnumber'][0])) {
|
if (isset($result[0]['gidnumber'][0]) and is_numeric($result[0]['gidnumber'][0])) {
|
||||||
@ -389,7 +397,8 @@ function ldap_new_account($ldap_connection,$first_name,$last_name,$username,$pas
|
|||||||
|
|
||||||
if (isset($first_name) and isset($last_name) and isset($username) and isset($password)) {
|
if (isset($first_name) and isset($last_name) and isset($username) and isset($password)) {
|
||||||
|
|
||||||
$ldap_search = ldap_search($ldap_connection, "${LDAP['user_dn']}", "(${LDAP['account_attribute']}=$username,${LDAP['user_dn']})");
|
$ldap_search_query = "(${LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER) . ",${LDAP['user_dn']})";
|
||||||
|
$ldap_search = ldap_search($ldap_connection, "${LDAP['user_dn']}", $ldap_search_query);
|
||||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||||
|
|
||||||
if ($result['count'] == 0) {
|
if ($result['count'] == 0) {
|
||||||
@ -425,7 +434,7 @@ function ldap_new_account($ldap_connection,$first_name,$last_name,$username,$pas
|
|||||||
'mail' => $email
|
'mail' => $email
|
||||||
);
|
);
|
||||||
|
|
||||||
$add_account = ldap_add($ldap_connection,
|
$add_account = ldap_add($ldap_connection,
|
||||||
"${LDAP['account_attribute']}=$username,${LDAP['user_dn']}",
|
"${LDAP['account_attribute']}=$username,${LDAP['user_dn']}",
|
||||||
$user_info
|
$user_info
|
||||||
);
|
);
|
||||||
@ -471,7 +480,8 @@ function ldap_delete_account($ldap_connection,$username) {
|
|||||||
|
|
||||||
if (isset($username)) {
|
if (isset($username)) {
|
||||||
|
|
||||||
$delete = ldap_delete($ldap_connection, "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}");
|
$delete_query = "${LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER) . ",${LDAP['user_dn']}";
|
||||||
|
$delete = ldap_delete($ldap_connection, $delete_query);
|
||||||
|
|
||||||
if ($delete) {
|
if ($delete) {
|
||||||
error_log("$log_prefix Deleted account for $username",0);
|
error_log("$log_prefix Deleted account for $username",0);
|
||||||
@ -493,7 +503,7 @@ function ldap_add_member_to_group($ldap_connection,$group_name,$username) {
|
|||||||
|
|
||||||
global $log_prefix, $LDAP;
|
global $log_prefix, $LDAP;
|
||||||
|
|
||||||
$group_dn = "cn=${group_name},${LDAP['group_dn']}";
|
$group_dn = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
|
||||||
|
|
||||||
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
||||||
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
|
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
|
||||||
@ -520,7 +530,7 @@ function ldap_delete_member_from_group($ldap_connection,$group_name,$username) {
|
|||||||
|
|
||||||
global $log_prefix, $LDAP;
|
global $log_prefix, $LDAP;
|
||||||
|
|
||||||
$group_dn = "cn=${group_name},${LDAP['group_dn']}";
|
$group_dn = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
|
||||||
|
|
||||||
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
||||||
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
|
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
|
||||||
@ -549,7 +559,8 @@ function ldap_change_password($ldap_connection,$username,$new_password) {
|
|||||||
|
|
||||||
#Find DN of user
|
#Find DN of user
|
||||||
|
|
||||||
$ldap_search = ldap_search( $ldap_connection, $LDAP['base_dn'], "${LDAP['account_attribute']}=${username}");
|
$ldap_search_query = "${LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER);
|
||||||
|
$ldap_search = ldap_search( $ldap_connection, $LDAP['base_dn'], $ldap_search_query);
|
||||||
if ($ldap_search) {
|
if ($ldap_search) {
|
||||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||||
if ($result["count"] == 1) {
|
if ($result["count"] == 1) {
|
||||||
|
@ -8,6 +8,7 @@ $IS_SETUP_ADMIN = FALSE;
|
|||||||
$ACCESS_LEVEL_NAME = array('account','admin');
|
$ACCESS_LEVEL_NAME = array('account','admin');
|
||||||
unset($USER_ID);
|
unset($USER_ID);
|
||||||
$CURRENT_PAGE=htmlentities($_SERVER['PHP_SELF']);
|
$CURRENT_PAGE=htmlentities($_SERVER['PHP_SELF']);
|
||||||
|
$SENT_HEADERS = FALSE;
|
||||||
|
|
||||||
$paths=explode('/',getcwd());
|
$paths=explode('/',getcwd());
|
||||||
$THIS_MODULE_PATH=end($paths);
|
$THIS_MODULE_PATH=end($paths);
|
||||||
@ -69,7 +70,7 @@ function validate_passkey_cookie() {
|
|||||||
|
|
||||||
list($user_id,$c_passkey) = explode(":",$_COOKIE['orf_cookie']);
|
list($user_id,$c_passkey) = explode(":",$_COOKIE['orf_cookie']);
|
||||||
$filename = preg_replace('/[^a-zA-Z0-9]/','_', $user_id);
|
$filename = preg_replace('/[^a-zA-Z0-9]/','_', $user_id);
|
||||||
$session_file = file_get_contents("/tmp/$filename");
|
$session_file = @ file_get_contents("/tmp/$filename");
|
||||||
if (!$session_file) {
|
if (!$session_file) {
|
||||||
$VALIDATED = FALSE;
|
$VALIDATED = FALSE;
|
||||||
unset($USER_ID);
|
unset($USER_ID);
|
||||||
@ -156,7 +157,7 @@ function log_out($method='normal') {
|
|||||||
|
|
||||||
function render_header($title="",$menu=TRUE) {
|
function render_header($title="",$menu=TRUE) {
|
||||||
|
|
||||||
global $SITE_NAME, $IS_ADMIN, $LDAP_CONNECTION_WARNING;
|
global $SITE_NAME, $IS_ADMIN, $SENT_HEADERS;
|
||||||
|
|
||||||
if (empty($title)) { $title = $SITE_NAME; }
|
if (empty($title)) { $title = $SITE_NAME; }
|
||||||
|
|
||||||
@ -179,6 +180,8 @@ function render_header($title="",$menu=TRUE) {
|
|||||||
render_menu();
|
render_menu();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$SENT_HEADERS = TRUE;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/includes/web_functions.inc.php";
|
set_include_path( __DIR__ . "/includes/");
|
||||||
|
include_once "web_functions.inc.php";
|
||||||
|
|
||||||
render_header();
|
render_header();
|
||||||
|
|
||||||
if (isset($_GET['logged_out'])) {
|
if (isset($_GET['logged_out'])) {
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
|
include "web_functions.inc.php";
|
||||||
|
include "ldap_functions.inc.php";
|
||||||
|
|
||||||
if (isset($_POST["user_id"]) and isset($_POST["password"])) {
|
if (isset($_POST["user_id"]) and isset($_POST["password"])) {
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
include __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
|
include_once "web_functions.inc.php";
|
||||||
log_out();
|
log_out();
|
||||||
?>
|
?>
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
|
||||||
if (isset($_POST["admin_password"])) {
|
if (isset($_POST["admin_password"])) {
|
||||||
|
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include_once __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
include_once __DIR__ . "/../includes/module_functions.inc.php";
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
include_once "module_functions.inc.php";
|
||||||
|
|
||||||
validate_setup_cookie();
|
validate_setup_cookie();
|
||||||
set_page_access("setup");
|
set_page_access("setup");
|
||||||
|
@ -1,8 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
include_once __DIR__ . "/../includes/web_functions.inc.php";
|
set_include_path( ".:" . __DIR__ . "/../includes/");
|
||||||
include_once __DIR__ . "/../includes/ldap_functions.inc.php";
|
|
||||||
include_once __DIR__ . "/../includes/module_functions.inc.php";
|
include_once "web_functions.inc.php";
|
||||||
|
include_once "ldap_functions.inc.php";
|
||||||
|
include_once "module_functions.inc.php";
|
||||||
|
|
||||||
validate_setup_cookie();
|
validate_setup_cookie();
|
||||||
set_page_access("setup");
|
set_page_access("setup");
|
||||||
|
Loading…
x
Reference in New Issue
Block a user