HomeLab/ldap-user-manager
2
0
Fork 0
mirror of https://github.com/wheelybird/ldap-user-manager.git synced 2025-01-18 23:42:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add attribute fields for groups and allow user-defined attributes to be displayed. Move alert banner JS to a function.

Browse Source
This commit is contained in:
Brian Lycett 2022-04-04 13:55:56 +01:00
parent 2ff87e98dc
commit 9092a3a39b
8 changed files with 427 additions and 371 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
www/account_manager/groups.php
View File

@ -14,37 +14,18 @@ $ldap_connection = open_ldap_connection();
if (isset($_POST['delete_group'])) {
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 4000);
</script>
<?php
$this_group = $_POST['delete_group'];
$this_group = urldecode($this_group);
$del_group = ldap_delete_group($ldap_connection,$this_group);
if ($del_group) {
?>
<div class="alert alert-success" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">Group <strong><?php print $this_group; ?> was deleted.</p>
</div>
<?php
render_alert_banner("Group <strong>$this_group</strong> was deleted.");
}
else {
?>
<div class="alert alert-danger" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">Group <strong><?php print $this_group; ?></strong> wasn't deleted.</p>
</div>
<?php
render_alert_banner("Group <strong>$this_group</strong> wasn't deleted. See the logs for more information.","danger",15000);
}
}
$groups = ldap_get_group_list($ldap_connection);

24
www/account_manager/index.php
View File

@ -14,39 +14,21 @@ $ldap_connection = open_ldap_connection();
if (isset($_POST['delete_user'])) {
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 4000);
</script>
<?php
$this_user = $_POST['delete_user'];
$this_user = urldecode($this_user);
$del_user = ldap_delete_account($ldap_connection,$this_user);
if ($del_user) {
?>
<div class="alert alert-success" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">User <strong><?php print $this_user; ?> was deleted.</p>
</div>
<?php
render_alert_banner("User <strong>$this_user</strong> was deleted.");
}
else {
?>
<div class="alert alert-danger" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">User <strong><?php print $this_user; ?></strong> wasn't deleted.</p>
</div>
<?php
render_alert_banner("User <strong>$this_user</strong> wasn't deleted. See the logs for more information.","danger",15000);
}
}
#'
$people = ldap_get_user_list($ldap_connection);
?>

29
www/account_manager/new_user.php
View File

@ -6,7 +6,11 @@ include_once "web_functions.inc.php";
include_once "ldap_functions.inc.php";
include_once "module_functions.inc.php";
$attribute_map = ldap_complete_account_attribute_array();
$attribute_map = $LDAP['default_attribute_map'];
if (isset($LDAP['account_additional_attributes'])) { $attribute_map = ldap_complete_attribute_array($attribute_map,$LDAP['account_additional_attributes']); }
if (! array_key_exists($LDAP['account_attribute'], $attribute_map)) {
$attribute_r = array_merge($attribute_map, array($LDAP['account_attribute'] => array("label" => "Account UID")));
}
if ( isset($_POST['setup_admin_account']) ) {
$admin_setup = TRUE;
@ -321,18 +325,17 @@ $tabindex=1;
<input type="hidden" name="create_account">
<input type="hidden" id="pass_score" value="0" name="pass_score">
<?php
foreach ($attribute_map as $attribute => $attr_r) {
$label = $attr_r['label'];
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple,$tabindex);
$tabindex++;
}
?>
<?php
foreach ($attribute_map as $attribute => $attr_r) {
$label = $attr_r['label'];
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple,$tabindex);
$tabindex++;
}
?>
<div class="form-group" id="password_div">
<label for="password" class="col-sm-3 control-label">Password</label>

379
www/account_manager/show_group.php
View File

@ -12,19 +12,18 @@ render_submenu();
$ldap_connection = open_ldap_connection();
if (!isset($_POST['group_name']) and !isset($_GET['group_name'])) {
?>
<div class="alert alert-danger">
<p class="text-center">The group name is missing.</p>
</div>
<?php
render_footer();
exit(0);
render_footer();
exit(0);
}
else {
$group_cn = (isset($_POST['group_name']) ? $_POST['group_name'] : $_GET['group_name']);
$group_cn = urldecode($group_cn);
$group_cn = (isset($_POST['group_name']) ? $_POST['group_name'] : $_GET['group_name']);
$group_cn = urldecode($group_cn);
}
if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE and !preg_match("/$USERNAME_REGEX/",$group_cn)) {
@ -33,14 +32,20 @@ if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE and !preg_match("/$USERNAME_REGEX/",$grou
<p class="text-center">The group name is invalid.</p>
</div>
<?php
render_footer();
exit(0);
render_footer();
exit(0);
}
######################################################################################
$initialise_group = FALSE;
$attribute_map = $LDAP['default_group_attribute_map'];
if (isset($LDAP['group_additional_attributes'])) {
$attribute_map = ldap_complete_attribute_array($attribute_map,$LDAP['group_additional_attributes']);
}
$to_update = array();
$this_group = array();
if (isset($_POST['new_group'])) {
$new_group = TRUE;
@ -57,99 +62,123 @@ elseif (isset($_POST['initialise_group'])) {
}
else {
$new_group = FALSE;
$initialise_group = TRUE;
$current_members = ldap_get_group_members($ldap_connection,$group_cn);
$full_dn = ldap_get_dn_of_group($ldap_connection,$group_cn);
$this_group = ldap_get_group_entry($ldap_connection,$group_cn);
$full_dn = $this_group[0]['dn'];
$has_been = "updated";
}
foreach ($attribute_map as $attribute => $attr_r) {
if (isset($this_group[0][$attribute]) and $this_group[0][$attribute]['count'] > 0) {
$$attribute = $this_group[0][$attribute];
}
else {
$$attribute = array();
}
if (isset($_POST[$attribute])) {
$this_attribute = array();
if (is_array($_POST[$attribute])) {
$this_attribute['count'] = count($_POST[$attribute]);
foreach($_POST[$attribute] as $key => $value) {
$this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
}
else {
$this_attribute['count'] = 1;
$this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
if ($this_attribute != $$attribute) {
$$attribute = $this_attribute;
$to_update[$attribute] = $this_attribute;
unset($to_update[$attribute]['count']);
}
}
if (!isset($$attribute) and isset($attr_r['default'])) {
$$attribute['count'] = 1;
$$attribute[0] = $attr_r['default'];
}
}
if (!isset($gidnumber[0]) or !is_numeric($gidnumber[0])) {
$gidnumber[0]=ldap_get_highest_id($ldap_connection,$type="gid");
$gidnumber['count']=1;
}
######################################################################################
$current_members = ldap_get_group_members($ldap_connection,$group_cn);
$full_dn = ldap_get_dn_of_group($ldap_connection,$group_cn);
$all_accounts = ldap_get_user_list($ldap_connection);
$all_people = array();
foreach ($all_accounts as $this_person => $attrs) {
array_push($all_people, $this_person);
array_push($all_people, $this_person);
}
$non_members = array_diff($all_people,$current_members);
if (isset($_POST["update_members"])) {
$updated_membership = array();
$updated_membership = array();
foreach ($_POST as $index => $member) {
if (is_numeric($index)) {
array_push($updated_membership,$member);
foreach ($_POST['membership'] as $index => $member) {
if (is_numeric($index)) {
array_push($updated_membership,filter_var($member, FILTER_SANITIZE_FULL_SPECIAL_CHARS));
}
}
}
if ($group_cn == $LDAP['admins_group'] and !array_search($USER_ID, $updated_membership)){
array_push($updated_membership,$USER_ID);
}
if ($group_cn == $LDAP['admins_group'] and !array_search($USER_ID, $updated_membership)){
array_push($updated_membership,$USER_ID);
}
$members_to_del = array_diff($current_members,$updated_membership);
$members_to_add = array_diff($updated_membership,$current_members);
$members_to_del = array_diff($current_members,$updated_membership);
$members_to_add = array_diff($updated_membership,$current_members);
if ($initialise_group == TRUE) {
$initial_member = array_shift($members_to_add);
$group_add = ldap_new_group($ldap_connection,$group_cn,$initial_member);
}
foreach ($members_to_add as $this_member) {
ldap_add_member_to_group($ldap_connection,$group_cn,$this_member);
}
if ($initialise_group == TRUE) {
$initial_member = array_shift($members_to_add);
$group_add = ldap_new_group($ldap_connection,$group_cn,$initial_member,$to_update);
}
elseif(count($to_update) > 0) {
$updated_attr = ldap_update_group_attributes($ldap_connection,$group_cn,$to_update);
if ($updated_attr) {
render_alert_banner("The group attributes have been updated.");
}
else {
render_alert_banner("There was a problem updating the group attributes. See the logs for more information.","danger",15000);
}
}
foreach ($members_to_del as $this_member) {
ldap_delete_member_from_group($ldap_connection,$group_cn,$this_member);
}
foreach ($members_to_add as $this_member) {
ldap_add_member_to_group($ldap_connection,$group_cn,$this_member);
}
$non_members = array_diff($all_people,$updated_membership);
$group_members = $updated_membership;
foreach ($members_to_del as $this_member) {
ldap_delete_member_from_group($ldap_connection,$group_cn,$this_member);
}
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
if ($rfc2307bis_available == TRUE and count($group_members) == 0) {
$non_members = array_diff($all_people,$updated_membership);
$group_members = $updated_membership;
$group_members = ldap_get_group_members($ldap_connection,$group_cn);
$non_members = array_diff($all_people,$group_members);
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
if ($rfc2307bis_available == TRUE and count($group_members) == 0) {
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 15000);
</script>
<div class="alert alert-danger" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">Groups can't be empty, so the final member hasn't been removed. You could try deleting the group.</p>
</div>
<?php
}
else {
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 4000);
</script>
<div class="alert alert-success" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">The group has been <?php print $has_been; ?>.</p>
</div>
<?php
$group_members = ldap_get_group_members($ldap_connection,$group_cn);
$non_members = array_diff($all_people,$group_members);
render_alert_banner("Groups can't be empty, so the final member hasn't been removed. You could try deleting the group","danger",15000);
}
else {
render_alert_banner("The group has been ${has_been}.");
}
}
else {
$group_members = $current_members;
$group_members = $current_members;
}
ldap_close($ldap_connection);
@ -177,7 +206,7 @@ ldap_close($ldap_connection);
for (var i = 0; i < member_list.length; ++i) {
var hidden = document.createElement("input");
hidden.type = "hidden";
hidden.name = i;
hidden.name = 'membership[]';
hidden.value = member_list[i]['textContent'];
members_form.appendChild(hidden);
@ -205,7 +234,10 @@ ldap_close($ldap_connection);
$('.list-right ul li.active').removeClass('active');
actives.remove();
}
$("#submit_members").prop("disabled", false);
if ($("#membership_list").length > 0) {
$("#submit_members").prop("disabled", false);
$("#submit_attributes").prop("disabled", false);
}
});
$('.dual-list .selector').click(function () {
var $checkBox = $(this);
@ -257,97 +289,132 @@ ldap_close($ldap_connection);
<div class="container">
<div class="col-md-12">
<div class="panel-group">
<div class="panel panel-default">
<div class="panel panel-default">
<div class="panel-heading clearfix">
<h3 class="panel-title pull-left" style="padding-top: 7.5px;"><?php print $group_cn; ?><?php if ($group_cn == $LDAP["admins_group"]) { print " <sup>(admin group)</sup>" ; } ?></h3>
<button class="btn btn-warning pull-right" onclick="show_delete_group_button();" <?php if ($group_cn == $LDAP["admins_group"]) { print "disabled"; } ?>>Delete group</button>
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/groups.php" method="post"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
</div>
<ul class="list-group">
<li class="list-group-item"><?php print $full_dn; ?></li>
</li>
<div class="panel-body">
<div class="panel-heading clearfix">
<h3 class="panel-title pull-left" style="padding-top: 7.5px;"><?php print $group_cn; ?><?php if ($group_cn == $LDAP["admins_group"]) { print " <sup>(admin group)</sup>" ; } ?></h3>
<button class="btn btn-warning pull-right" onclick="show_delete_group_button();" <?php if ($group_cn == $LDAP["admins_group"]) { print "disabled"; } ?>>Delete group</button>
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/groups.php" method="post"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
</div>
<div class="row">
<ul class="list-group">
<li class="list-group-item"><?php print $full_dn; ?></li>
</li>
<div class="dual-list list-left col-md-5">
<strong>Members</strong>
<div class="well">
<div class="panel-body">
<div class="row">
<div class="col-md-10">
<div class="input-group">
<span class="input-group-addon glyphicon glyphicon-search"></span>
<input type="text" name="SearchDualList" class="form-control" placeholder="search" />
<div class="dual-list list-left col-md-5">
<strong>Members</strong>
<div class="well">
<div class="row">
<div class="col-md-10">
<div class="input-group">
<span class="input-group-addon glyphicon glyphicon-search"></span>
<input type="text" name="SearchDualList" class="form-control" placeholder="search" />
</div>
</div>
<div class="col-md-2">
<div class="btn-group">
<a class="btn btn-default selector" title="select all"><i class="glyphicon glyphicon-unchecked"></i></a>
</div>
</div>
</div>
<ul class="list-group" id="membership_list">
<?php
foreach ($group_members as $member) {
if ($group_cn == $LDAP['admins_group'] and $member == $USER_ID) {
print "<div class='list-group-item' style='opacity: 0.5; pointer-events:none;'>$member</div>\n";
}
else {
print "<li class='list-group-item'>$member</li>\n";
}
}
?>
</ul>
</div>
</div>
</div>
<div class="col-md-2">
<div class="btn-group">
<a class="btn btn-default selector" title="select all"><i class="glyphicon glyphicon-unchecked"></i></a>
<div class="list-arrows col-md-1 text-center">
<button class="btn btn-default btn-sm move-left">
<span class="glyphicon glyphicon-chevron-left"></span>
</button>
<button class="btn btn-default btn-sm move-right">
<span class="glyphicon glyphicon-chevron-right"></span>
</button>
<form id="group_members" action="<?php print $CURRENT_PAGE; ?>" method="post">
<input type="hidden" name="update_members">
<input type="hidden" name="group_name" value="<?php print urlencode($group_cn); ?>">
<?php if ($new_group == TRUE) { ?><input type="hidden" name="initialise_group"><?php } ?>
<button id="submit_members" class="btn btn-info" <?php if (count($group_members)==0) print 'disabled'; ?> type="submit" onclick="update_form_with_users()">Save</button>
</div>
<div class="dual-list list-right col-md-5">
<strong>Available accounts</strong>
<div class="well">
<div class="row">
<div class="col-md-2">
<div class="btn-group">
<a class="btn btn-default selector" title="select all"><i class="glyphicon glyphicon-unchecked"></i></a>
</div>
</div>
<div class="col-md-10">
<div class="input-group">
<input type="text" name="SearchDualList" class="form-control" placeholder="search" />
<span class="input-group-addon glyphicon glyphicon-search"></span>
</div>
</div>
</div>
<ul class="list-group">
<?php
foreach ($non_members as $nonmember) {
print "<li class='list-group-item'>$nonmember</li>\n";
}
?>
</ul>
</div>
</div>
</div>
</div>
<ul class="list-group" id="membership_list">
<?php
foreach ($group_members as $member) {
if ($group_cn == $LDAP['admins_group'] and $member == $USER_ID) {
print "<div class='list-group-item' style='opacity: 0.5; pointer-events:none;'>$member</div>\n";
}
else {
print "<li class='list-group-item'>$member</li>\n";
}
}
?>
</ul>
</div>
</div>
<div class="list-arrows col-md-1 text-center">
<button class="btn btn-default btn-sm move-left">
<span class="glyphicon glyphicon-chevron-left"></span>
</button>
<button class="btn btn-default btn-sm move-right">
<span class="glyphicon glyphicon-chevron-right"></span>
</button>
<form id="group_members" action="<?php print $CURRENT_PAGE; ?>" method="post">
<input type="hidden" name="update_members">
<input type="hidden" name="group_name" value="<?php print urlencode($group_cn); ?>">
<?php if ($new_group == TRUE) { ?><input type="hidden" name="initialise_group"><?php } ?>
</form>
<button id="submit_members" class="btn btn-info" disabled type="submit" onclick="update_form_with_users()">Save</button>
</div>
<div class="dual-list list-right col-md-5">
<strong>Available accounts</strong>
<div class="well">
<div class="row">
<div class="col-md-2">
<div class="btn-group">
<a class="btn btn-default selector" title="select all"><i class="glyphicon glyphicon-unchecked"></i></a>
</div>
</div>
<div class="col-md-10">
<div class="input-group">
<input type="text" name="SearchDualList" class="form-control" placeholder="search" />
<span class="input-group-addon glyphicon glyphicon-search"></span>
</div>
</div>
</div>
<ul class="list-group">
<?php
foreach ($non_members as $nonmember) {
print "<li class='list-group-item'>$nonmember</li>\n";
}
?>
</ul>
</div>
</div>
</div>
</div>
</div>
<?php
render_footer();
?>
if ($SIMPLE_INTERFACE == TRUE) {
unset($attribute_map['gidnumber']);
}
if (count($attribute_map) > 0) { ?>
<div class="panel panel-default">
<div class="panel-heading clearfix">
<h3 class="panel-title pull-left" style="padding-top: 7.5px;">Group attributes</h3>
</div>
<div class="panel-body">
<div class="col-md-8">
<?php
$tabindex=1;
foreach ($attribute_map as $attribute => $attr_r) {
$label = $attr_r['label'];
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
print "<div class='row'>";
render_attribute_fields($attribute,$label,$these_values,"",$multiple,$tabindex);
print "</div>";
$tabindex++;
}
?>
<div class="row">
<div class="col-md-4 col-md-offset-3">
<div class="form-group">
<button id="submit_attributes" class="btn btn-info" <?php if (count($group_members)==0) print 'disabled'; ?> type="submit" tabindex="<?php print $tabindex; ?>" onclick="update_form_with_users()">Save</button>
</div>
</div>
</div>
</div>
</div>
</div>
<?php } ?>
</form>
</div>
</div>
</div>
<?php render_footer(); ?>

113
www/account_manager/show_user.php
View File

@ -24,7 +24,11 @@ if ($SIMPLE_INTERFACE == FALSE) {
}
$LDAP['default_attribute_map']["mail"] = array("label" => "Email", "onkeyup" => "check_if_we_should_enable_sending_email();");
$attribute_map = ldap_complete_account_attribute_array();
$attribute_map = $LDAP['default_attribute_map'];
if (isset($LDAP['account_additional_attributes'])) { $attribute_map = ldap_complete_attribute_array($attribute_map,$LDAP['account_additional_attributes']); }
if (! array_key_exists($LDAP['account_attribute'], $attribute_map)) {
$attribute_r = array_merge($attribute_map, array($LDAP['account_attribute'] => array("label" => "Account UID")));
}
if (!isset($_POST['account_identifier']) and !isset($_GET['account_identifier'])) {
?>
@ -164,30 +168,10 @@ if ($ldap_search) {
}
if ($updated_account) {
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 4000);
</script>
<div class="alert alert-success" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">The account has been updated.<?php print $sent_email_message; ?></p>
</div>
<?php
render_alert_banner("The account has been updated. $sent_email_message");
}
else {
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 4000);
</script>
<div class="alert alert-danger" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">There was a problem updating the account. Check the logs for more information.</p>
</div>
<?php
render_alert_banner("There was a problem updating the account. Check the logs for more information.","danger",15000);
}
}
@ -248,19 +232,7 @@ if ($ldap_search) {
$not_member_of = array_diff($all_groups,$updated_group_membership);
$member_of = $updated_group_membership;
?>
<script>
window.setTimeout(function() {
$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); });
}, 4000);
</script>
<div class="alert alert-success" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center">The group membership has been updated.</p>
</div>
<?php
render_alert_banner("The group membership has been updated.");
}
else {
@ -454,48 +426,47 @@ if ($ldap_search) {
<input type="hidden" id="pass_score" value="0" name="pass_score">
<input type="hidden" name="account_identifier" value="<?php print $account_identifier; ?>">
<?php
foreach ($attribute_map as $attribute => $attr_r) {
$label = $attr_r['label'];
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple);
}
?>
<?php
foreach ($attribute_map as $attribute => $attr_r) {
$label = $attr_r['label'];
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple);
}
?>
<div class="form-group" id="password_div">
<label for="password" class="col-sm-3 control-label">Password</label>
<div class="col-sm-6">
<input type="password" class="form-control" id="password" name="password" onkeyup="back_to_hidden('password','confirm'); check_if_we_should_enable_sending_email();">
</div>
<div class="col-sm-1">
<input type="button" class="btn btn-sm" id="password_generator" onclick="random_password(); check_if_we_should_enable_sending_email();" value="Generate password">
</div>
</div>
<div class="form-group" id="confirm_div">
<label for="confirm" class="col-sm-3 control-label">Confirm</label>
<div class="col-sm-6">
<input type="password" class="form-control" id="confirm" name="password_match" onkeyup="check_passwords_match()">
</div>
</div>
<?php if ($can_send_email == TRUE) { ?>
<div class="form-group" id="send_email_div">
<label for="send_email" class="col-sm-3 control-label"> </label>
<div class="form-group" id="password_div">
<label for="password" class="col-sm-3 control-label">Password</label>
<div class="col-sm-6">
<input type="checkbox" class="form-check-input" id="send_email_checkbox" name="send_email" disabled> Email the updated credentials to the user?
<input type="password" class="form-control" id="password" name="password" onkeyup="back_to_hidden('password','confirm'); check_if_we_should_enable_sending_email();">
</div>
<div class="col-sm-1">
<input type="button" class="btn btn-sm" id="password_generator" onclick="random_password(); check_if_we_should_enable_sending_email();" value="Generate password">
</div>
</div>
<div class="form-group" id="confirm_div">
<label for="confirm" class="col-sm-3 control-label">Confirm</label>
<div class="col-sm-6">
<input type="password" class="form-control" id="confirm" name="password_match" onkeyup="check_passwords_match()">
</div>
</div>
<?php if ($can_send_email == TRUE) { ?>
<div class="form-group" id="send_email_div">
<label for="send_email" class="col-sm-3 control-label"> </label>
<div class="col-sm-6">
<input type="checkbox" class="form-check-input" id="send_email_checkbox" name="send_email" disabled> Email the updated credentials to the user?
</div>
</div>
<?php } ?>
<div class="form-group">
<p align='center'><button type="submit" class="btn btn-default">Update account details</button></p>
</div>
<div class="form-group">
<p align='center'><button type="submit" class="btn btn-default">Update account details</button></p>
</div>
</form>

5
www/includes/config.inc.php
View File

@ -12,6 +12,11 @@
"mail" => array("label" => "Email", "onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value);")
);
$LDAP['group_objectclasses'] = array( 'person', 'inetOrgPerson', 'posixAccount' );
$LDAP['default_group_attribute_map'] = array( "gidnumber" => array("label" => "Group ID number")
);
#Mandatory
$LDAP['uri'] = getenv('LDAP_URI');

210
www/includes/ldap_functions.inc.php
View File

@ -438,19 +438,17 @@ function ldap_get_group_list($ldap_connection,$start=0,$entries=NULL,$sort="asc"
##################################
function ldap_get_dn_of_group($ldap_connection,$group_name) {
function ldap_get_group_entry($ldap_connection,$group_name) {
global $log_prefix, $LDAP, $LDAP_DEBUG;
if (isset($group_name)) {
$ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("dn"));
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
if (isset($result[0]['dn'])) {
return $result[0]['dn'];
}
return $result;
}
@ -567,7 +565,7 @@ function ldap_user_group_membership($ldap_connection,$username) {
##################################
function ldap_new_group($ldap_connection,$group_name,$initial_member="") {
function ldap_new_group($ldap_connection,$group_name,$initial_member="",$extra_attributes=array()) {
global $log_prefix, $LDAP, $LDAP_DEBUG;
@ -575,61 +573,70 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="") {
if (isset($group_name)) {
$new_group = ldap_escape($group_name, "", LDAP_ESCAPE_FILTER);
$initial_member = ldap_escape($initial_member, "", LDAP_ESCAPE_FILTER);
$new_group = ldap_escape($group_name, "", LDAP_ESCAPE_FILTER);
$initial_member = ldap_escape($initial_member, "", LDAP_ESCAPE_FILTER);
$update_gid_store=FALSE;
$ldap_search_query = "(${LDAP['group_attribute']}=$new_group,${LDAP['group_dn']})";
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
$ldap_search_query = "(${LDAP['group_attribute']}=$new_group,${LDAP['group_dn']})";
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
if ($result['count'] == 0) {
if ($result['count'] == 0) {
$highest_gid = ldap_get_highest_id($ldap_connection,'gid');
$new_gid = $highest_gid + 1;
if ($rfc2307bis_available == FALSE) { $objectclasses = array('top','posixGroup'); } else { $objectclasses = array('top','groupOfUniqueNames','posixGroup'); }
if (isset($LDAP['group_additional_objectclasses']) and $LDAP['group_additional_objectclasses'] != "") {
$objectclasses = array_merge($objectclasses, explode(",", $LDAP['group_additional_objectclasses']));
}
if ($LDAP['group_membership_uses_uid'] == FALSE and $initial_member != "") { $initial_member = "${LDAP['account_attribute']}=$initial_member,${LDAP['user_dn']}"; }
if ($rfc2307bis_available == FALSE) { $objectclasses = array('top','posixGroup'); } else { $objectclasses = array('top','groupOfUniqueNames','posixGroup'); }
if (isset($LDAP['group_additional_objectclasses']) and $LDAP['group_additional_objectclasses'] != "")
$objectclasses = array_merge($objectclasses, explode(",", $LDAP['group_additional_objectclasses']));
if ($LDAP['group_membership_uses_uid'] == FALSE and $initial_member != "") { $initial_member = "${LDAP['account_attribute']}=$initial_member,${LDAP['user_dn']}"; }
$new_group_array=array( 'objectClass' => $objectclasses,
'cn' => $new_group,
$LDAP['group_membership_attribute'] => $initial_member
);
$new_group_array=array( 'objectClass' => $objectclasses,
'cn' => $new_group,
'gidNumber' => $new_gid,
$LDAP['group_membership_attribute'] => $initial_member
);
$new_group_array = array_merge($new_group_array,$extra_attributes);
$group_dn="cn=$new_group,${LDAP['group_dn']}";
if (!isset($new_group_array["gidnumber"][0]) or !is_numeric($new_group_array["gidnumber"][0])) {
$highest_gid = ldap_get_highest_id($ldap_connection,'gid');
$new_gid = $highest_gid + 1;
$new_group_array["gidnumber"] = $new_gid;
$update_gid_store=TRUE;
}
$add_group = @ ldap_add($ldap_connection, $group_dn, $new_group_array);
$group_dn="cn=$new_group,${LDAP['group_dn']}";
if (! $add_group ) {
$this_error="$log_prefix LDAP: unable to add new group (${group_dn}): " . ldap_error($ldap_connection);
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG add_group array: ". print_r($new_group_array,true),0); }
error_log($this_error,0);
}
else {
error_log("$log_prefix Added new group $group_name",0);
$add_group = @ ldap_add($ldap_connection, $group_dn, $new_group_array);
$this_gid = fetch_id_stored_in_ldap($ldap_connection,"gid");
if ($this_gid != FALSE) {
$update_gid = @ ldap_mod_replace($ldap_connection, "cn=lastGID,${LDAP['base_dn']}", array( 'serialNumber' => $new_gid ));
if ($update_gid) {
error_log("$log_prefix Updated cn=lastGID with $new_gid",0);
if (! $add_group ) {
$this_error="$log_prefix LDAP: unable to add new group (${group_dn}): " . ldap_error($ldap_connection);
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG add_group array: ". print_r($new_group_array,true),0); }
error_log($this_error,0);
}
else {
error_log("$log_prefix Unable to update cn=lastGID to $new_gid - this could cause groups to share the same GID.",0);
}
}
return TRUE;
}
error_log("$log_prefix Added new group $group_name",0);
}
else {
error_log("$log_prefix Create group; group $group_name already exists.",0);
}
if ($update_gid_store == TRUE) {
$this_gid = fetch_id_stored_in_ldap($ldap_connection,"gid");
if ($this_gid != FALSE) {
$update_gid = @ ldap_mod_replace($ldap_connection, "cn=lastGID,${LDAP['base_dn']}", array( 'serialNumber' => $new_gid ));
if ($update_gid) {
error_log("$log_prefix Updated cn=lastGID with $new_gid",0);
}
else {
error_log("$log_prefix Unable to update cn=lastGID to $new_gid - this could cause groups to share the same GID.",0);
}
}
return TRUE;
}
}
}
else {
error_log("$log_prefix Create group; group $group_name already exists.",0);
}
}
else {
error_log("$log_prefix Create group; group name wasn't set.",0);
error_log("$log_prefix Create group; group name wasn't set.",0);
}
return FALSE;
@ -637,6 +644,37 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="") {
}
##################################
function ldap_update_group_attributes($ldap_connection,$group_name,$extra_attributes) {
global $log_prefix, $LDAP, $LDAP_DEBUG;
if (isset($group_name) and (count($extra_attributes) > 0)) {
$group_name = ldap_escape($group_name, "", LDAP_ESCAPE_FILTER);
$group_dn = "${LDAP['group_attribute']}=$group_name,${LDAP['group_dn']}";
$update_group = @ ldap_mod_replace($ldap_connection, $group_dn, $extra_attributes);
if (!$update_group ) {
$this_error="$log_prefix LDAP: unable to update group attributes for group (${group_dn}): " . ldap_error($ldap_connection);
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG update group attributes array: ". print_r($extra_attributes,true),0); }
error_log($this_error,0);
return FALSE;
}
else {
error_log("$log_prefix Updated group attributes for $group_name",0);
return TRUE;
}
}
else {
error_log("$log_prefix Update group attributes; group name wasn't set.",0);
return FALSE;
}
}
##################################
function ldap_delete_group($ldap_connection,$group_name) {
@ -687,58 +725,54 @@ function ldap_get_gid_of_group($ldap_connection,$group_name) {
##################################
function ldap_complete_account_attribute_array() {
function ldap_complete_attribute_array($default_attributes,$additional_attributes) {
global $LDAP;
global $LDAP;
$attribute_r = $LDAP['default_attribute_map'];
$additional_attributes_r = array();
if (is_array($additional_attributes) and count($additional_attributes > 0)) {
if (isset($LDAP['account_additional_attributes'])) {
$user_attribute_r = explode(",", $additional_attributes);
$to_merge = array();
$user_attribute_r = explode(",", $LDAP['account_additional_attributes']);
foreach ($user_attribute_r as $this_attr) {
foreach ($user_attribute_r as $this_attr) {
$this_r = array();
$kv = explode(":", $this_attr);
$attr_name = strtolower(filter_var($kv[0], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
if (substr($attr_name, -1) == '+') {
$this_r['multiple'] = TRUE;
$attr_name = rtrim($attr_name, '+');
}
else {
$this_r['multiple'] = FALSE;
}
$this_r = array();
$kv = explode(":", $this_attr);
$attr_name = strtolower(filter_var($kv[0], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
if (substr($attr_name, -1) == '+') {
$this_r['multiple'] = TRUE;
$attr_name = rtrim($attr_name, '+');
}
else {
$this_r['multiple'] = FALSE;
if (preg_match('/^[a-zA-Z0-9\-]+$/', $attr_name) == 1) {
if (isset($kv[1]) and $kv[1] != "") {
$this_r['label'] = filter_var($kv[1], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
else {
$this_r['label'] = $attr_name;
}
if (isset($kv[2]) and $kv[2] != "") {
$this_r['default'] = filter_var($kv[2], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
$to_merge[$attr_name] = $this_r;
}
}
$attribute_r = array_merge($default_attributes, $to_merge);
if (preg_match('/^[a-zA-Z0-9\-]+$/', $attr_name) == 1) {
return($attribute_r);
if (isset($kv[1]) and $kv[1] != "") {
$this_r['label'] = filter_var($kv[1], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
else {
$this_r['label'] = $attr_name;
}
if (isset($kv[2]) and $kv[2] != "") {
$this_r['default'] = filter_var($kv[2], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
$additional_attributes_r[$attr_name] = $this_r;
}
}
$attribute_r = array_merge($attribute_r, $additional_attributes_r);
}
if (! array_key_exists($LDAP['account_attribute'], $attribute_r)) {
$attribute_r = array_merge($attribute_r, array($LDAP['account_attribute'] => array("label" => "Account UID")));
}
return($attribute_r);
else {
return($default_attributes);
}
}

15
www/includes/web_functions.inc.php
View File

@ -654,6 +654,19 @@ function render_attribute_fields($attribute,$label,$values_r,$onkeyup="",$multip
}
######################################################
function render_alert_banner($message,$alert_class="success",$timeout=4000) {
##EoFilelocal
?>
<script>window.setTimeout(function() {$(".alert").fadeTo(500, 0).slideUp(500, function(){ $(this).remove(); }); }, $<?php print $timeout; ?>);</script>
<div class="alert alert-<?php print $alert_class; ?>" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
<p class="text-center"><?php print $message; ?></p>
</div>
<?php
}
##EoFile
?>