mirror of
https://github.com/wheelybird/ldap-user-manager.git
synced 2025-01-18 23:42:54 +01:00
Bugfixes for compatibility with older osixia/openldap versions. Change SIMPLE_INTERFACE to SHOW_POSIX_ATTRIBUTES.
This commit is contained in:
parent
529303f22c
commit
624cd497e1
@ -112,7 +112,7 @@ For example, if you're using Docker Swarm and you've set the LDAP bind password
|
||||
|
||||
* `SITE_NAME` (default: *`ORGANISATION_NAME` user manager*): Change this to replace the title in the menu, e.g. "My Company Account Management".
|
||||
|
||||
* `SIMPLE_INTERFACE` (default: *FALSE*): If set to `TRUE` this will hide most **posixAccount** and **posixGroup** attributes from the account and group forms. This is useful if you won't use the LDAP accounts for server accounts. The Posix values are still set in the background using the default values. Enabling this won't prevent any `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` or `LDAP_GROUP_ADDITIONAL_ATTRIBUTES` from being displayed.
|
||||
* `SHOW_POSIX_ATTRIBUTES` (default: *FALSE*): If set to `TRUE` this show extra attributes for **posixAccount** and **posixGroup** in the account and group forms. Leave this set to `FALSE` if you don't use LDAP accounts to log into servers etc., as it makes the interface much simpler. The Posix values are still set in the background using the default values. This setting doesn't hide any Posix attributes set via `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` or `LDAP_GROUP_ADDITIONAL_ATTRIBUTES`.
|
||||
|
||||
#### LDAP settings
|
||||
|
||||
|
@ -58,7 +58,7 @@ else
|
||||
########################
|
||||
#If there aren't any SSL certs then create a CA and then CA-signed certificate
|
||||
|
||||
if [ ! -f "${ssl_dir}/{$SERVER_CERT_FILENAME:-server.crt}" ] && [ ! -f "${ssl_dir}/{$SERVER_KEY_FILENAME:-server.key}" ]; then
|
||||
if [ ! -f "${ssl_dir}/${SERVER_CERT_FILENAME:-server.crt}" ] && [ ! -f "${ssl_dir}/${SERVER_KEY_FILENAME:-server.key}" ]; then
|
||||
|
||||
mkdir -p $ssl_dir
|
||||
confout="${ssl_dir}/conf"
|
||||
@ -124,7 +124,7 @@ EoCertConf
|
||||
########################
|
||||
#Create Apache config
|
||||
|
||||
if [ -f "${ssl_dir}/{$CA_CERT_FILENAME}" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/{$CA_CERT_FILENAME}"; fi
|
||||
if [ -f "${ssl_dir}/${CA_CERT_FILENAME}" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/${CA_CERT_FILENAME}"; fi
|
||||
|
||||
echo > /etc/apache2/sites-enabled/lum.conf
|
||||
echo > /etc/apache2/ports.conf
|
||||
@ -163,8 +163,8 @@ EoHTTPrd
|
||||
</Directory>
|
||||
|
||||
SSLEngine On
|
||||
SSLCertificateFile ${ssl_dir}/{$SERVER_CERT_FILENAME:-server.crt}
|
||||
SSLCertificateKeyFile ${ssl_dir}/{$SERVER_KEY_FILENAME:-server.key}
|
||||
SSLCertificateFile ${ssl_dir}/${SERVER_CERT_FILENAME:-server.crt}
|
||||
SSLCertificateKeyFile ${ssl_dir}/${SERVER_KEY_FILENAME:-server.key}
|
||||
$ssl_chain
|
||||
|
||||
</VirtualHost>
|
||||
|
@ -8,6 +8,9 @@ include_once "module_functions.inc.php";
|
||||
|
||||
$attribute_map = $LDAP['default_attribute_map'];
|
||||
if (isset($LDAP['account_additional_attributes'])) { $attribute_map = ldap_complete_attribute_array($attribute_map,$LDAP['account_additional_attributes']); }
|
||||
unset($attribute_map['uidnumber']);
|
||||
unset($attribute_map['gidnumber']);
|
||||
|
||||
if (! array_key_exists($LDAP['account_attribute'], $attribute_map)) {
|
||||
$attribute_r = array_merge($attribute_map, array($LDAP['account_attribute'] => array("label" => "Account UID")));
|
||||
}
|
||||
@ -65,19 +68,21 @@ foreach ($attribute_map as $attribute => $attr_r) {
|
||||
|
||||
$this_attribute = array();
|
||||
|
||||
if (is_array($_POST[$attribute])) {
|
||||
$this_attribute['count'] = count($_POST[$attribute]);
|
||||
if (is_array($_POST[$attribute]) and count($_POST[$attribute]) > 0) {
|
||||
foreach($_POST[$attribute] as $key => $value) {
|
||||
$this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
if ($value != "") { $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS); }
|
||||
}
|
||||
if (count($this_attribute) > 0) {
|
||||
$this_attribute['count'] = count($this_attribute);
|
||||
$$attribute = $this_attribute;
|
||||
}
|
||||
}
|
||||
else {
|
||||
elseif ($_POST[$attribute] != "") {
|
||||
$this_attribute['count'] = 1;
|
||||
$this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$$attribute = $this_attribute;
|
||||
}
|
||||
|
||||
$$attribute = $this_attribute;
|
||||
|
||||
}
|
||||
|
||||
if (!isset($$attribute) and isset($attr_r['default'])) {
|
||||
@ -119,7 +124,8 @@ if (isset($_GET['account_request'])) {
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['create_account'])) {
|
||||
|
||||
if (isset($_GET['account_request']) or isset($_POST['create_account'])) {
|
||||
|
||||
if (!isset($uid[0])) {
|
||||
$uid[0] = generate_username($givenname[0],$sn[0]);
|
||||
@ -138,6 +144,11 @@ if (isset($_POST['create_account'])) {
|
||||
unset($new_account_r['cn']['count']);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
if (isset($_POST['create_account'])) {
|
||||
|
||||
$password = $_POST['password'];
|
||||
$new_account_r['password'][0] = $password;
|
||||
$account_identifier = $new_account_r[$account_attribute][0];
|
||||
@ -265,6 +276,7 @@ render_js_username_check();
|
||||
render_js_username_generator('givenname','sn','uid','uid_div');
|
||||
render_js_cn_generator('givenname','sn','cn','cn_div');
|
||||
render_js_email_generator('uid','mail');
|
||||
render_js_homedir_generator('uid','homedirectory');
|
||||
|
||||
$tabindex=1;
|
||||
|
||||
|
@ -40,7 +40,13 @@ if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE and !preg_match("/$USERNAME_REGEX/",$grou
|
||||
######################################################################################
|
||||
|
||||
$initialise_group = FALSE;
|
||||
$new_group = FALSE;
|
||||
$group_exists = FALSE;
|
||||
|
||||
$create_group_message = "Add members to create the new group";
|
||||
$current_members = array();
|
||||
$full_dn = $create_group_message;
|
||||
$has_been = "";
|
||||
|
||||
$attribute_map = $LDAP['default_group_attribute_map'];
|
||||
if (isset($LDAP['group_additional_attributes'])) {
|
||||
@ -52,23 +58,22 @@ $this_group = array();
|
||||
|
||||
if (isset($_POST['new_group'])) {
|
||||
$new_group = TRUE;
|
||||
$current_members = array();
|
||||
$full_dn = $create_group_message;
|
||||
$has_been = "";
|
||||
}
|
||||
elseif (isset($_POST['initialise_group'])) {
|
||||
$new_group = FALSE;
|
||||
$initialise_group = TRUE;
|
||||
$current_members = array();
|
||||
$full_dn = "${LDAP['group_attribute']}=$group_cn,${LDAP['group_dn']}";
|
||||
$has_been = "created";
|
||||
}
|
||||
else {
|
||||
$new_group = FALSE;
|
||||
$current_members = ldap_get_group_members($ldap_connection,$group_cn);
|
||||
$this_group = ldap_get_group_entry($ldap_connection,$group_cn);
|
||||
$full_dn = $this_group[0]['dn'];
|
||||
$has_been = "updated";
|
||||
if ($this_group) {
|
||||
$current_members = ldap_get_group_members($ldap_connection,$group_cn);
|
||||
$full_dn = $this_group[0]['dn'];
|
||||
$has_been = "updated";
|
||||
}
|
||||
else {
|
||||
$new_group = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($attribute_map as $attribute => $attr_r) {
|
||||
@ -96,12 +101,12 @@ foreach ($attribute_map as $attribute => $attr_r) {
|
||||
$this_attribute = array();
|
||||
|
||||
if (is_array($_POST[$attribute])) {
|
||||
$this_attribute['count'] = count($_POST[$attribute]);
|
||||
foreach($_POST[$attribute] as $key => $value) {
|
||||
$this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
if ($value != "") { $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS); }
|
||||
}
|
||||
$this_attribute['count'] = count($this_attribute);
|
||||
}
|
||||
else {
|
||||
elseif ($_POST[$attribute] != "") {
|
||||
$this_attribute['count'] = 1;
|
||||
$this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
}
|
||||
@ -155,52 +160,77 @@ if (isset($_POST["update_members"])) {
|
||||
$members_to_add = array_diff($updated_membership,$current_members);
|
||||
|
||||
if ($initialise_group == TRUE) {
|
||||
|
||||
$initial_member = array_shift($members_to_add);
|
||||
$group_add = ldap_new_group($ldap_connection,$group_cn,$initial_member,$to_update);
|
||||
}
|
||||
elseif(count($to_update) > 0) {
|
||||
|
||||
if (isset($this_group[0]['objectclass'])) {
|
||||
$existing_objectclasses = $this_group[0]['objectclass'];
|
||||
unset($existing_objectclasses['count']);
|
||||
if ($existing_objectclasses != $LDAP['group_objectclasses']) { $to_update['objectclass'] = $LDAP['group_objectclasses']; }
|
||||
}
|
||||
|
||||
$updated_attr = ldap_update_group_attributes($ldap_connection,$group_cn,$to_update);
|
||||
|
||||
if ($updated_attr) {
|
||||
render_alert_banner("The group attributes have been updated.");
|
||||
if (!$group_add) {
|
||||
render_alert_banner("There was a problem creating the group. See the logs for more information.","danger",10000);
|
||||
$group_exists = FALSE;
|
||||
$new_group = TRUE;
|
||||
}
|
||||
else {
|
||||
render_alert_banner("There was a problem updating the group attributes. See the logs for more information.","danger",15000);
|
||||
$group_exists = TRUE;
|
||||
$new_group = FALSE;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
foreach ($members_to_add as $this_member) {
|
||||
ldap_add_member_to_group($ldap_connection,$group_cn,$this_member);
|
||||
}
|
||||
if ($group_exists == TRUE) {
|
||||
|
||||
foreach ($members_to_del as $this_member) {
|
||||
ldap_delete_member_from_group($ldap_connection,$group_cn,$this_member);
|
||||
}
|
||||
if ($initialise_group != TRUE and count($to_update) > 0) {
|
||||
|
||||
$non_members = array_diff($all_people,$updated_membership);
|
||||
$group_members = $updated_membership;
|
||||
if (isset($this_group[0]['objectclass'])) {
|
||||
$existing_objectclasses = $this_group[0]['objectclass'];
|
||||
unset($existing_objectclasses['count']);
|
||||
if ($existing_objectclasses != $LDAP['group_objectclasses']) { $to_update['objectclass'] = $LDAP['group_objectclasses']; }
|
||||
}
|
||||
|
||||
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
|
||||
if ($rfc2307bis_available == TRUE and count($group_members) == 0) {
|
||||
$updated_attr = ldap_update_group_attributes($ldap_connection,$group_cn,$to_update);
|
||||
|
||||
if ($updated_attr) {
|
||||
render_alert_banner("The group attributes have been updated.");
|
||||
}
|
||||
else {
|
||||
render_alert_banner("There was a problem updating the group attributes. See the logs for more information.","danger",15000);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
foreach ($members_to_add as $this_member) {
|
||||
ldap_add_member_to_group($ldap_connection,$group_cn,$this_member);
|
||||
}
|
||||
|
||||
foreach ($members_to_del as $this_member) {
|
||||
ldap_delete_member_from_group($ldap_connection,$group_cn,$this_member);
|
||||
}
|
||||
|
||||
$non_members = array_diff($all_people,$updated_membership);
|
||||
$group_members = $updated_membership;
|
||||
|
||||
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
|
||||
if ($rfc2307bis_available == TRUE and count($group_members) == 0) {
|
||||
|
||||
$group_members = ldap_get_group_members($ldap_connection,$group_cn);
|
||||
$non_members = array_diff($all_people,$group_members);
|
||||
render_alert_banner("Groups can't be empty, so the final member hasn't been removed. You could try deleting the group","danger",15000);
|
||||
}
|
||||
else {
|
||||
render_alert_banner("The group has been ${has_been}.");
|
||||
}
|
||||
|
||||
$group_members = ldap_get_group_members($ldap_connection,$group_cn);
|
||||
$non_members = array_diff($all_people,$group_members);
|
||||
render_alert_banner("Groups can't be empty, so the final member hasn't been removed. You could try deleting the group","danger",15000);
|
||||
}
|
||||
else {
|
||||
render_alert_banner("The group has been ${has_been}.");
|
||||
|
||||
$group_members = array();
|
||||
$non_members = $all_people;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
|
||||
$group_members = $current_members;
|
||||
|
||||
}
|
||||
|
||||
ldap_close($ldap_connection);
|
||||
@ -401,10 +431,6 @@ ldap_close($ldap_connection);
|
||||
</div>
|
||||
<?php
|
||||
|
||||
if ($SIMPLE_INTERFACE == TRUE) {
|
||||
unset($attribute_map['gidnumber']);
|
||||
}
|
||||
|
||||
if (count($attribute_map) > 0) { ?>
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading clearfix">
|
||||
@ -419,7 +445,8 @@ if (count($attribute_map) > 0) { ?>
|
||||
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
|
||||
print "<div class='row'>";
|
||||
$dl_identifider = ($full_dn != $create_group_message) ? $full_dn : "";
|
||||
render_attribute_fields($attribute,$label,$these_values,$dl_identifider,"",$attr_r['inputtype'],$tabindex);
|
||||
if (isset($attr_r['inputtype'])) { $inputtype = $attr_r['inputtype']; } else { $inputtype=""; }
|
||||
render_attribute_fields($attribute,$label,$these_values,$dl_identifider,"",$inputtype,$tabindex);
|
||||
print "</div>";
|
||||
$tabindex++;
|
||||
}
|
||||
|
@ -18,10 +18,6 @@ $to_update = array();
|
||||
|
||||
if ($SMTP['host'] != "") { $can_send_email = TRUE; } else { $can_send_email = FALSE; }
|
||||
|
||||
if ($SIMPLE_INTERFACE == FALSE) {
|
||||
$LDAP['default_attribute_map']["uidnumber"] = array("label" => "UID");
|
||||
$LDAP['default_attribute_map']["gidnumber"] = array("label" => "GID");
|
||||
}
|
||||
$LDAP['default_attribute_map']["mail"] = array("label" => "Email", "onkeyup" => "check_if_we_should_enable_sending_email();");
|
||||
|
||||
$attribute_map = $LDAP['default_attribute_map'];
|
||||
@ -82,12 +78,12 @@ if ($ldap_search) {
|
||||
$this_attribute = array();
|
||||
|
||||
if (is_array($_POST[$attribute])) {
|
||||
$this_attribute['count'] = count($_POST[$attribute]);
|
||||
foreach($_POST[$attribute] as $key => $value) {
|
||||
$this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
if ($value != "") { $this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS); }
|
||||
}
|
||||
$this_attribute['count'] = count($this_attribute);
|
||||
}
|
||||
else {
|
||||
elseif ($_POST[$attribute] != "") {
|
||||
$this_attribute['count'] = 1;
|
||||
$this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
}
|
||||
|
@ -2,25 +2,40 @@
|
||||
|
||||
$log_prefix="";
|
||||
|
||||
# User account defaults
|
||||
|
||||
$DEFAULT_USER_GROUP = (getenv('DEFAULT_USER_GROUP') ? getenv('DEFAULT_USER_GROUP') : 'everybody');
|
||||
$DEFAULT_USER_SHELL = (getenv('DEFAULT_USER_SHELL') ? getenv('DEFAULT_USER_SHELL') : '/bin/bash');
|
||||
$ENFORCE_SAFE_SYSTEM_NAMES = ((strcasecmp(getenv('ENFORCE_SAFE_SYSTEM_NAMES'),'FALSE') == 0) ? FALSE : TRUE);
|
||||
$USERNAME_FORMAT = (getenv('USERNAME_FORMAT') ? getenv('USERNAME_FORMAT') : '{first_name}-{last_name}');
|
||||
$USERNAME_REGEX = (getenv('USERNAME_REGEX') ? getenv('USERNAME_REGEX') : '^[a-z][a-zA-Z0-9\._-]{3,32}$'); #We use the username regex for groups too.
|
||||
|
||||
if (getenv('PASSWORD_HASH')) { $PASSWORD_HASH = strtoupper(getenv('PASSWORD_HASH')); }
|
||||
$ACCEPT_WEAK_PASSWORDS = ((strcasecmp(getenv('ACCEPT_WEAK_PASSWORDS'),'TRUE') == 0) ? TRUE : FALSE);
|
||||
|
||||
$min_uid = 2000;
|
||||
$min_gid = 2000;
|
||||
|
||||
|
||||
#Default attributes and objectclasses
|
||||
|
||||
$LDAP['account_attribute'] = (getenv('LDAP_ACCOUNT_ATTRIBUTE') ? getenv('LDAP_ACCOUNT_ATTRIBUTE') : 'uid');
|
||||
$LDAP['account_objectclasses'] = array( 'person', 'inetOrgPerson', 'posixAccount' );
|
||||
$LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name", "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value);"),
|
||||
"sn" => array("label" => "Last name", "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value);"),
|
||||
"uid" => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); check_email_validity(document.getElementById('mail').value);"),
|
||||
$LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name", "onkeyup" => "update_username(); update_email(); update_cn(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
|
||||
"sn" => array("label" => "Last name", "onkeyup" => "update_username(); update_email(); update_cn(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
|
||||
"uid" => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
|
||||
"cn" => array("label" => "Common name", "onkeyup" => "auto_cn_update = false;"),
|
||||
"mail" => array("label" => "Email", "onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value);")
|
||||
);
|
||||
|
||||
$LDAP['group_attribute'] = (getenv('LDAP_GROUP_ATTRIBUTE') ? getenv('LDAP_GROUP_ATTRIBUTE') : 'cn');
|
||||
$LDAP['group_objectclasses'] = array( 'top', 'posixGroup' ); #groupOfUniqueNames is added automatically if rfc2307bis is available.
|
||||
$LDAP['default_group_attribute_map'] = array( "gidnumber" => array("label" => "Group ID number")
|
||||
);
|
||||
|
||||
$SIMPLE_INTERFACE = ((strcasecmp(getenv('SIMPLE_INTERFACE'),'TRUE') == 0) ? TRUE : FALSE);
|
||||
$LDAP['default_group_attribute_map'] = array( "description" => array("label" => "Description"));
|
||||
|
||||
if ($SIMPLE_INTERFACE == TRUE) {
|
||||
$SHOW_POSIX_ATTRIBUTES = ((strcasecmp(getenv('SHOW_POSIX_ATTRIBUTES'),'TRUE') == 0) ? TRUE : FALSE);
|
||||
|
||||
if ($SHOW_POSIX_ATTRIBUTES != TRUE) {
|
||||
if ($LDAP['account_attribute'] == "uid") {
|
||||
unset($LDAP['default_attribute_map']['cn']);
|
||||
}
|
||||
@ -28,6 +43,13 @@
|
||||
unset($LDAP['default_attribute_map']['uid']);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$LDAP['default_attribute_map']["uidnumber"] = array("label" => "UID");
|
||||
$LDAP['default_attribute_map']["gidnumber"] = array("label" => "GID");
|
||||
$LDAP['default_attribute_map']["homedirectory"] = array("label" => "Home directory", "onkeyup" => "auto_homedir_update = false;");
|
||||
$LDAP['default_attribute_map']["loginshell"] = array("label" => "Shell", "default" => $DEFAULT_USER_SHELL);
|
||||
$LDAP['default_group_attribute_map']["gidnumber"] = array("label" => "Group ID number");
|
||||
}
|
||||
|
||||
|
||||
## LDAP server
|
||||
@ -85,21 +107,6 @@
|
||||
|
||||
$REMOTE_HTTP_HEADERS_LOGIN = ((strcasecmp(getenv('REMOTE_HTTP_HEADERS_LOGIN'),'TRUE') == 0) ? TRUE : FALSE);
|
||||
|
||||
|
||||
# User account defaults
|
||||
|
||||
$DEFAULT_USER_GROUP = (getenv('DEFAULT_USER_GROUP') ? getenv('DEFAULT_USER_GROUP') : 'everybody');
|
||||
$DEFAULT_USER_SHELL = (getenv('DEFAULT_USER_SHELL') ? getenv('DEFAULT_USER_SHELL') : '/bin/bash');
|
||||
$ENFORCE_SAFE_SYSTEM_NAMES = ((strcasecmp(getenv('ENFORCE_SAFE_SYSTEM_NAMES'),'FALSE') == 0) ? FALSE : TRUE);
|
||||
$USERNAME_FORMAT = (getenv('USERNAME_FORMAT') ? getenv('USERNAME_FORMAT') : '{first_name}-{last_name}');
|
||||
$USERNAME_REGEX = (getenv('USERNAME_REGEX') ? getenv('USERNAME_REGEX') : '^[a-z][a-zA-Z0-9\._-]{3,32}$'); #We use the username regex for groups too.
|
||||
|
||||
if (getenv('PASSWORD_HASH')) { $PASSWORD_HASH = strtoupper(getenv('PASSWORD_HASH')); }
|
||||
$ACCEPT_WEAK_PASSWORDS = ((strcasecmp(getenv('ACCEPT_WEAK_PASSWORDS'),'TRUE') == 0) ? TRUE : FALSE);
|
||||
|
||||
$min_uid = 2000;
|
||||
$min_gid = 2000;
|
||||
|
||||
# Sending email
|
||||
|
||||
$SMTP['host'] = getenv('SMTP_HOSTNAME');
|
||||
|
@ -448,7 +448,12 @@ function ldap_get_group_entry($ldap_connection,$group_name) {
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
return $result;
|
||||
if ($result['count'] > 0) {
|
||||
return $result;
|
||||
}
|
||||
else {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -468,7 +473,7 @@ function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=N
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_membership_attribute']));
|
||||
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
$result_count = $result[0]['count'];
|
||||
if ($result) { $result_count = $result['count']; } else { $result_count = 0; }
|
||||
|
||||
$records = array();
|
||||
|
||||
@ -605,7 +610,7 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="",$extra_a
|
||||
|
||||
if (! $add_group ) {
|
||||
$this_error="$log_prefix LDAP: unable to add new group (${group_dn}): " . ldap_error($ldap_connection);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG add_group array: ". print_r($new_group_array,true),0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG add_group array: ". strip_tags(print_r($new_group_array,true)),0); }
|
||||
error_log($this_error,0);
|
||||
}
|
||||
else {
|
||||
@ -622,8 +627,8 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="",$extra_a
|
||||
error_log("$log_prefix Unable to update cn=lastGID to $new_gid - this could cause groups to share the same GID.",0);
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
}
|
||||
@ -824,9 +829,8 @@ function ldap_new_account($ldap_connection,$account_r) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (empty($account_attributes['loginshell'])) { $account_attributes['loginshell'] = $DEFAULT_USER_SHELL; }
|
||||
if (empty($account_attributes['homedirectory'])) { $account_attributes['homedirectory'] = "/home/${account_identifier}"; }
|
||||
if (empty($account_attributes['homedirectory'])) { $account_attributes['homedirectory'] = "/home/" . $account_r['uid'][0]; }
|
||||
|
||||
$add_account = @ ldap_add($ldap_connection,
|
||||
"${LDAP['account_attribute']}=$account_identifier,${LDAP['user_dn']}",
|
||||
|
@ -113,7 +113,6 @@ function validate_passkey_cookie() {
|
||||
|
||||
$this_time=time();
|
||||
$VALIDATED = FALSE;
|
||||
unset($USER_ID);
|
||||
$IS_ADMIN = FALSE;
|
||||
|
||||
if (isset($_COOKIE['orf_cookie'])) {
|
||||
@ -569,6 +568,29 @@ EoRenderEmailJS;
|
||||
}
|
||||
|
||||
|
||||
######################################################
|
||||
|
||||
function render_js_homedir_generator($username_field_id,$homedir_field_id) {
|
||||
|
||||
print <<<EoRenderHomedirJS
|
||||
<script>
|
||||
|
||||
var auto_homedir_update = true;
|
||||
|
||||
function update_homedir() {
|
||||
|
||||
if ( auto_homedir_update == true ) {
|
||||
var username = document.getElementById('$username_field_id').value;
|
||||
document.getElementById('$homedir_field_id').value = "/home/" + username;
|
||||
}
|
||||
|
||||
}
|
||||
</script>
|
||||
|
||||
EoRenderHomedirJS;
|
||||
|
||||
}
|
||||
|
||||
######################################################
|
||||
|
||||
function render_dynamic_field_js() {
|
||||
@ -637,7 +659,8 @@ function render_attribute_fields($attribute,$label,$values_r,$resource_identifie
|
||||
</div>
|
||||
<?php
|
||||
if (isset($values_r['count']) and $values_r['count'] > 0) {
|
||||
$remaining_values = array_slice($values_r, 2);
|
||||
unset($values_r['count']);
|
||||
$remaining_values = array_slice($values_r, 1);
|
||||
print "<script>";
|
||||
foreach($remaining_values as $this_value) { print "add_field_to('$attribute','$this_value');"; }
|
||||
print "</script>";
|
||||
|
Loading…
x
Reference in New Issue
Block a user