HomeLab/ldap-user-manager
2
0
Fork 0
mirror of https://github.com/wheelybird/ldap-user-manager.git synced 2025-01-18 23:42:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow for attributes that take multiple values.

Browse Source
This commit is contained in:
Brian Lycett 2022-03-31 10:45:59 +01:00
parent 08c24c96d8
commit f11813f4c7
6 changed files with 263 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -135,10 +135,6 @@ These settings should only be changed if you're trying to make the user manager
* `LDAP_GROUP_MEMBERSHIP_ATTRIBUTE` (default: *memberUID* or *uniqueMember*): The attribute used when adding a user's account to a group. When the `groupOfMembers` objectClass is detected `FORCE_RFC2307BIS` is `TRUE` it defaults to `uniqueMember`, otherwise it'll default to `memberUID`. Explicitly setting this variable will override any default.
* `LDAP_GROUP_ADDITIONAL_OBJECTCLASSES` (no default): A comma-separated list of additional objectClasses to use when creating an group. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
* `LDAP_GROUP_ADDITIONAL_ATTRIBUTE` (no default): A comma-separated list of extra attributes to display when creating an group. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
* `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` (no default): A comma-separated list of additional objectClasses to use when creating an account. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
* `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` (no default): A comma-separated list of extra attributes to display when creating an account. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
@ -317,12 +313,12 @@ If `EMAIL_DOMAIN` is set then the email address field will be automatically upda
## Extra objectClasses and attributes
If you need to use this user manager with an existing LDAP directory and your account records need additional objectClasses and attributes then you can add them via `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` and `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES`.
If you need to use this user manager with an existing LDAP directory and your account records need additional objectClasses and attributes then you can add them via `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` and `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES`.
`LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` is a comma-separated list of objectClasses to add when creating the account record. For example, `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=ldappublickey,couriermailaccount`.
`LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` is a comma-separated list of attributes to be displayed as extra fields on the account management pages.
By default these fields will be empty, with the field named for the attribute, but you can set the field labels and optionally the default values by appending the attribute names with colon-separated values like so: `attribute_name:label:default_value`.
`LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` is a comma-separated list of attributes to be displayed as extra fields on the account management page.
By default these fields will be empty, with the field named for the attribute, but you can set the field labels (and optionally the default values) by appending the attribute names with colon-separated values like so: `attribute_name:label:default_value`.
Multiple attributes are separated by commas, so you can define the label and default values for several attributes as follows: `attribute1:label1:default_value1,attribute2:label2:default_value2,attribute3:label3`.
As an example, to set a mailbox name and quota for the `couriermailaccount` schema you can pass these variables to the container:
@ -330,10 +326,21 @@ As an example, to set a mailbox name and quota for the `couriermailaccount` sche
LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=couriermailaccount
LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES="mailbox:Mailbox:domain.com,quota:Mail quota:20"
```
ObjectClasses often have attributes that must have a value, so you'll need to set a default for those attributes otherwise you'll get errors if you forget to fill in the fields.
This is advanced usage and the user manager doesn't attempt to validate any objectClasses, attributes, labels or default values you pass in. It's up to you to ensure that your LDAP server has the appropriate schemas and that the labels and values are sane.
_Note_: ObjectClasses often have attributes that _must_ have a value, so you should set a default value for these attributes, otherwise if you forget to add a value when filling in the form an error will be thrown on submission.
### Multi-value attributes
If you have an attribute that could have several values, you can add a `+` to end of the attribute name. This will modify the form so you can add or remove extra values for that attribute. For example, if you want to have multiple email aliases when using the _PostfixBookMailAccount_ schema then you can pass these variables to the container:
```
LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES=PostfixBookMailAccount" \
LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=mailAlias+:Email aliases"
```
### Caveat
These settings are advanced usage and the user manager doesn't attempt to validate any objectClasses, attributes, labels or default values you pass in. It's up to you to ensure that your LDAP server has the appropriate schemas and that the labels and values are sane.
***

115
www/account_manager/new_user.php
View File

@ -39,45 +39,72 @@ $invalid_email = FALSE;
$disabled_email_tickbox = TRUE;
$invalid_cn = FALSE;
$invalid_account_identifier = FALSE;
$account_attribute = $LDAP['account_attribute'];
$new_account_r = array();
foreach ($attribute_map as $attribute => $attr_r) {
if (isset($_POST[$attribute])) {
$$attribute = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
elseif (isset($attr_r['default'])) {
$$attribute = $attr_r['default'];
}
if (isset($$attribute)) { $new_account_r[$attribute] = $$attribute; }
if (isset($_POST[$attribute])) {
$this_attribute = array();
if (is_array($_POST[$attribute])) {
$this_attribute['count'] = count($_POST[$attribute]);
foreach($_POST[$attribute] as $key => $value) {
$this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
}
else {
$this_attribute['count'] = 1;
$this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
$$attribute = $this_attribute;
}
if (!isset($$attribute) and isset($attr_r['default'])) {
$$attribute['count'] = 1;
$$attribute[0] = $attr_r['default'];
}
if (isset($$attribute)) {
$new_account_r[$attribute] = $$attribute;
unset($new_account_r[$attribute]['count']);
}
}
##
if (isset($_GET['account_request'])) {
$givenname=filter_var($_GET['first_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$givenname[0]=filter_var($_GET['first_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$new_account_r['givenname'] = $givenname;
$givenname['count'] = 1;
$sn=filter_var($_GET['last_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$new_account_r['sn'] = $sn;
$sn[0]=filter_var($_GET['last_name'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$new_account_r['sn'][0] = $sn;
$sn['count'] = 1;
$uid = generate_username($givenname,$sn);
$new_account_r['uid'] = $uid;
$uid[0] = generate_username($givenname,$sn);
$new_account_r['uid'][0] = $uid;
$uid['count'] = 1;
if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE) {
$cn = "$givenname$sn";
$cn[0] = "$givenname$sn";
}
else {
$cn = "$givenname $sn";
$cn[0] = "$givenname $sn";
}
$new_account_r['cn'] = $cn;
$cn['count'] = 1;
$mail=filter_var($_GET['email'], FILTER_SANITIZE_EMAIL);
if ($mail == "") {
$mail[0]=filter_var($_GET['email'], FILTER_SANITIZE_EMAIL);
if ($mail[0] == "") {
if (isset($EMAIL_DOMAIN)) {
$mail = $uid . "@" . $EMAIL_DOMAIN;
$mail[0] = $uid . "@" . $EMAIL_DOMAIN;
$disabled_email_tickbox = FALSE;
}
}
@ -85,27 +112,34 @@ if (isset($_GET['account_request'])) {
$disabled_email_tickbox = FALSE;
}
$new_account_r['mail'] = $mail;
$mail['count'] = 1;
}
if (isset($_POST['create_account'])) {
$password = $_POST['password'];
$new_account_r['password'] = $password;
$account_identifier = $new_account_r[$LDAP["account_attribute"]];
$new_account_r['password'][0] = $password;
$account_identifier = $new_account_r[$account_attribute][0];
if (!isset($cn) or $cn == "") { $invalid_cn = TRUE; }
$this_cn=$cn[0];
$this_mail=$mail[0];
$this_givenname=$givenname[0];
$this_sn=$sn[0];
$this_password=$password[0];
if (!isset($this_cn) or $this_cn == "") { $invalid_cn = TRUE; }
if ((!isset($account_identifier) or $account_identifier == "") and $invalid_cn != TRUE) { $invalid_account_identifier = TRUE; }
if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $weak_password = TRUE; }
if (isset($mail) and !is_valid_email($mail)) { $invalid_email = TRUE; }
if (isset($this_mail) and !is_valid_email($this_mail)) { $invalid_email = TRUE; }
if (preg_match("/\"|'/",$password)) { $invalid_password = TRUE; }
if ($password != $_POST['password_match']) { $mismatched_passwords = TRUE; }
if ($ENFORCE_SAFE_SYSTEM_NAMES == TRUE and !preg_match("/$USERNAME_REGEX/",$account_identifier)) { $invalid_account_identifier = TRUE; }
if (isset($_POST['send_email']) and isset($mail) and $EMAIL_SENDING_ENABLED == TRUE) { $send_user_email = TRUE; }
if ( isset($givenname)
and isset($sn)
and isset($password)
if ( isset($this_givenname)
and isset($this_sn)
and isset($this_password)
and !$mismatched_passwords
and !$weak_password
and !$invalid_password
@ -124,13 +158,13 @@ if (isset($_POST['create_account'])) {
include_once "mail_functions.inc.php";
$mail_body = parse_mail_text($new_account_mail_body, $password, $account_identifier, $givenname, $sn);
$mail_subject = parse_mail_text($new_account_mail_subject, $password, $account_identifier, $givenname, $sn);
$mail_body = parse_mail_text($new_account_mail_body, $password, $account_identifier, $this_givenname, $this_sn);
$mail_subject = parse_mail_text($new_account_mail_subject, $password, $account_identifier, $this_givenname, $this_sn);
$sent_email = send_email($mail,"$givenname $sn",$mail_subject,$mail_body);
$sent_email = send_email($this_mail,"$this_givenname $this_sn",$mail_subject,$mail_body);
$creation_message = "The account was created";
if ($sent_email) {
$creation_message .= " and an email sent to $mail.";
$creation_message .= " and an email sent to $this_mail.";
}
else {
$creation_message .= " but unfortunately the email wasn't sent.<br>More information will be available in the logs.";
@ -189,7 +223,7 @@ if (isset($_POST['create_account'])) {
$errors="";
if ($invalid_cn) { $errors.="<li>The Common Name is required</li>\n"; }
if ($invalid_account_identifier) { $errors.="<li>The account identifier (" . $attribute_map[$LDAP['account_attribute']]['label'] . ") is invalid.</li>\n"; }
if ($invalid_account_identifier) { $errors.="<li>The account identifier (" . $attribute_map[$account_attribute]['label'] . ") is invalid.</li>\n"; }
if ($weak_password) { $errors.="<li>The password is too weak</li>\n"; }
if ($invalid_password) { $errors.="<li>The password contained invalid characters</li>\n"; }
if ($invalid_email) { $errors.="<li>The email address is invalid</li>\n"; }
@ -273,6 +307,8 @@ $tabindex=1;
</script>
<?php render_dynamic_field_js(); ?>
<div class="container">
<div class="col-sm-8">
@ -288,21 +324,14 @@ $tabindex=1;
<?php
foreach ($attribute_map as $attribute => $attr_r) {
$label = $attr_r['label'];
$onkeyup = $attr_r['onkeyup'];
$label = $attr_r['label'];
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
?>
<div class="form-group" id="<?php print $attribute; ?>_div">
<label for="<?php print $attribute; ?>" class="col-sm-3 control-label"><?php print $label; ?></label>
<div class="col-sm-6">
<input tabindex="<?php print $tabindex; ?>" type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($$attribute)) { print $$attribute; } ?>" <?php
if (isset($attr_r['onkeyup'])) { print "onkeyup=\"${attr_r['onkeyup']};\""; } ?>>
</div>
</div>
<?php
$tabindex++;
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple,$tabindex);
$tabindex++;
}
?>

88
www/account_manager/show_user.php
View File

@ -20,8 +20,6 @@ if ($SMTP['host'] != "") { $can_send_email = TRUE; } else { $can_send_email = FA
$LDAP['default_attribute_map']["uidnumber"] = array("label" => "UID");
$LDAP['default_attribute_map']["gidnumber"] = array("label" => "GID");
$LDAP['default_attribute_map']["loginshell"] = array("label" => "Login shell");
$LDAP['default_attribute_map']["homedirectory"] = array("label" => "Home directory");
$LDAP['default_attribute_map']["mail"] = array("label" => "Email", "onkeyup" => "check_if_we_should_enable_sending_email();");
$attribute_map = ldap_complete_account_attribute_array();
@ -44,25 +42,64 @@ $ldap_connection = open_ldap_connection();
$ldap_search_query="(${LDAP['account_attribute']}=". ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ")";
$ldap_search = ldap_search( $ldap_connection, $LDAP['user_dn'], $ldap_search_query);
#########################
if ($ldap_search) {
$user = ldap_get_entries($ldap_connection, $ldap_search);
foreach ($attribute_map as $attribute => $attr_r) {
if ($user["count"] > 0) {
$$attribute = $user[0][$attribute][0];
foreach ($attribute_map as $attribute => $attr_r) {
if (isset($_POST['update_account']) and isset($_POST[$attribute]) and $_POST[$attribute] != $$attribute) {
$$attribute = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$to_update[$attribute] = $$attribute;
}
elseif (isset($attr_r['default'])) {
$$attribute = $attr_r['default'];
}
if (isset($user[0][$attribute]) and $user[0][$attribute]['count'] > 0) {
$$attribute = $user[0][$attribute];
}
else {
$$attribute = array();
}
if (isset($_POST['update_account']) and isset($_POST[$attribute])) {
$this_attribute = array();
if (is_array($_POST[$attribute])) {
$this_attribute['count'] = count($_POST[$attribute]);
foreach($_POST[$attribute] as $key => $value) {
$this_attribute[$key] = filter_var($value, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
}
else {
$this_attribute['count'] = 1;
$this_attribute[0] = filter_var($_POST[$attribute], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
if ($this_attribute != $$attribute) {
$$attribute = $this_attribute;
$to_update[$attribute] = $this_attribute;
unset($to_update[$attribute]['count']);
}
}
if (!isset($$attribute) and isset($attr_r['default'])) {
$$attribute['count'] = 1;
$$attribute[0] = $attr_r['default'];
}
}
$dn = $user[0]['dn'];
}
$dn = $user[0]['dn'];
else {
?>
<div class="alert alert-danger">
<p class="text-center">This account doesn't exist.</p>
</div>
<?php
render_footer();
exit(0);
}
### Update values
@ -81,16 +118,18 @@ if ($ldap_search) {
and !$weak_password
and !$invalid_password
) {
$to_update['userpassword'] = ldap_hashed_password($password);
$to_update['userpassword'][0] = ldap_hashed_password($password);
}
}
if (array_key_exists($LDAP['account_attribute'], $to_update)) {
$new_rdn = "${LDAP['account_attribute']}=${to_update[$LDAP['account_attribute']]}";
$account_attribute = $LDAP['account_attribute'];
$new_account_identifier = $to_update[$account_attribute][0];
$new_rdn = "${account_attribute}=${new_account_identifier}";
$renamed_entry = ldap_rename($ldap_connection, $dn, $new_rdn, $LDAP['user_dn'], true);
if ($renamed_entry) {
$dn = "${new_rdn},${LDAP['user_dn']}";
$account_identifier = $to_update[$LDAP['account_attribute']];
$account_identifier = $new_account_identifier;
}
else {
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
@ -99,6 +138,7 @@ if ($ldap_search) {
}
$updated_account = @ ldap_mod_replace($ldap_connection, $dn, $to_update);
if (!$updated_account) {
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
error_log("$log_prefix Failed to modify account details for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
@ -366,6 +406,9 @@ if ($ldap_search) {
}
</script>
<?php render_dynamic_field_js(); ?>
<style type='text/css'>
.dual-list .list-group {
margin-top: 8px;
@ -411,20 +454,13 @@ if ($ldap_search) {
<?php
foreach ($attribute_map as $attribute => $attr_r) {
$label = $attr_r['label'];
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>&ast;</sup>"; }
?>
<div class="form-group" id="<?php print $attribute; ?>_div">
<label for="<?php print $attribute; ?>" class="col-sm-3 control-label"><?php print $label; ?></label>
<div class="col-sm-6">
<input type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($$attribute)) { print $$attribute; } ?>" <?php
if (isset($onkeyup)) { print "onkeyup=\"$onkeyup;\""; } ?>>
</div>
</div>
<?php
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
if (isset($attr_r['multiple'])) { $multiple = $attr_r['multiple']; } else { $multiple = FALSE; }
render_attribute_fields($attribute,$label,$these_values,$onkeyup,$multiple);
}
?>

13
www/includes/config.inc.php
View File

@ -5,11 +5,11 @@
#Fixed
$LDAP['account_objectclasses'] = array( 'person', 'inetOrgPerson', 'posixAccount' );
$LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name", "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value)"),
"sn" => array("label" => "Last name", "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value)"),
"uid" => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); check_email_validity(document.getElementById('mail').value)"),
"cn" => array("label" => "Common Name", "onkeyup" => "auto_cn_update = false;"),
"mail" => array("label" => "Email", "onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value)")
$LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name", "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value);"),
"sn" => array("label" => "Last name", "onkeyup" => "update_username(); update_email(); update_cn(); check_email_validity(document.getElementById('mail').value);"),
"uid" => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); check_email_validity(document.getElementById('mail').value);"),
"cn" => array("label" => "Common name", "onkeyup" => "auto_cn_update = false;"),
"mail" => array("label" => "Email", "onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value);")
);
#Mandatory
@ -34,7 +34,8 @@
if (getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES')) { $LDAP['account_additional_attributes'] = getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES'); }
if (getenv('LDAP_GROUP_ADDITIONAL_OBJECTCLASSES')) { $LDAP['group_additional_objectclasses'] = getenv('LDAP_GROUP_ADDITIONAL_OBJECTCLASSES'); }
if (getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTE')) { $LDAP['group_additional_attribute'] = getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTE'); }
if (getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTES')) { $LDAP['group_additional_attributes'] = getenv('LDAP_GROUP_ADDITIONAL_ATTRIBUTES'); }
if (getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE')) { $LDAP['group_membership_attribute'] = getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE'); }
if (getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) {
if (strtoupper(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) == 'TRUE' ) { $LDAP['group_membership_uses_uid'] = TRUE; }

27
www/includes/ldap_functions.inc.php
View File

@ -703,6 +703,14 @@ function ldap_complete_account_attribute_array() {
$this_r = array();
$kv = explode(":", $this_attr);
$attr_name = strtolower(filter_var($kv[0], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
if (substr($attr_name, -1) == '+') {
$this_r['multiple'] = TRUE;
$attr_name = rtrim($attr_name, '+');
}
else {
$this_r['multiple'] = FALSE;
}
if (preg_match('/^[a-zA-Z0-9\-]+$/', $attr_name) == 1) {
@ -741,21 +749,22 @@ function ldap_new_account($ldap_connection,$account_r) {
global $log_prefix, $LDAP, $LDAP_DEBUG, $DEFAULT_USER_SHELL, $DEFAULT_USER_GROUP;
if ( isset($account_r['givenname'])
and isset($account_r['sn'])
and isset($account_r['cn'])
and isset($account_r['uid'])
if ( isset($account_r['givenname'][0])
and isset($account_r['sn'][0])
and isset($account_r['cn'][0])
and isset($account_r['uid'][0])
and isset($account_r[$LDAP['account_attribute']])
and isset($account_r['password'])) {
and isset($account_r['password'][0])) {
$account_identifier = $account_r[$LDAP['account_attribute']];
$ldap_search_query = "(${LDAP['account_attribute']}=" . ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ",${LDAP['user_dn']})";
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['user_dn']}", $ldap_search_query);
$account_identifier = $account_r[$LDAP['account_attribute']][0];
$user_dn=$LDAP['user_dn'];
$ldap_search_query = "(${LDAP['account_attribute']}=" . ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ",$user_dn)";
$ldap_search = @ ldap_search($ldap_connection, $user_dn, $ldap_search_query);
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
if ($result['count'] == 0) {
$hashed_pass = ldap_hashed_password($account_r['password']);
$hashed_pass = ldap_hashed_password($account_r['password'][0]);
unset($account_r['password']);
$objectclasses = $LDAP['account_objectclasses'];

87
www/includes/web_functions.inc.php
View File

@ -569,4 +569,91 @@ EoRenderEmailJS;
}
######################################################
function render_dynamic_field_js() {
?>
<script>
function add_field_to(attribute_name,value=null) {
var parent = document.getElementById(attribute_name + '_input_div');
var input_div = document.createElement('div');
window[attribute_name + '_count'] = (window[attribute_name + '_count'] === undefined) ? 1 : window[attribute_name + '_count'] + 1;
var input_field_id = attribute_name + window[attribute_name + '_count'];
var input_div_id = 'div' + '_' + input_field_id;
input_div.className = 'input-group';
input_div.id = input_div_id;
parent.appendChild(input_div);
var input_field = document.createElement('input');
input_field.type = 'text';
input_field.className = 'form-control';
input_field.id = input_field_id;
input_field.name = attribute_name + '[]';
input_field.value = value;
var button_span = document.createElement('span');
button_span.className = 'input-group-btn';
var remove_button = document.createElement('button');
remove_button.type = 'button';
remove_button.className = 'btn btn-default';
remove_button.onclick = function() { var div_to_remove = document.getElementById(input_div_id); div_to_remove.innerHTML = ""; }
remove_button.innerHTML = '-';
input_div.appendChild(input_field);
input_div.appendChild(button_span);
button_span.appendChild(remove_button);
}
</script>
<?php
}
######################################################
function render_attribute_fields($attribute,$label,$values_r,$onkeyup="",$multiple=FALSE,$tabindex=null) {
?>
<div class="form-group" id="<?php print $attribute; ?>_div">
<label for="<?php print $attribute; ?>" class="col-sm-3 control-label"><?php print $label; ?></label>
<div class="col-sm-6" id="<?php print $attribute; ?>_input_div">
<?php if ($multiple != TRUE) { ?>
<input <?php if (isset($tabindex)) { ?>tabindex="<?php print $tabindex; ?>" <?php } ?>type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>" value="<?php if (isset($values_r[0])) { print $values_r[0]; } ?>" <?php if ($onkeyup != "") { print "onkeyup=\"$onkeyup\""; } ?>>
<?php }
else {
?><div class="input-group">
<input type="text" class="form-control" id="<?php print $attribute; ?>" name="<?php print $attribute; ?>[]" value="<?php if (isset($values_r[0])) { print $values_r[0]; } ?>">
<div class="input-group-btn"><button type="button" class="btn btn-default" onclick="add_field_to('<?php print $attribute; ?>')">+</i></button></div>
</div>
<?php
if (isset($values_r['count']) and $values_r['count'] > 0) {
$remaining_values = array_slice($values_r, 2);
print "<script>";
foreach($remaining_values as $this_value) { print "add_field_to('$attribute','$this_value');"; }
print "</script>";
}
}
?>
</div>
</div>
<?php
}
##EoFilelocal
?>