mirror of
https://github.com/wheelybird/ldap-user-manager.git
synced 2025-04-04 16:26:06 +02:00
Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
ce92321285 | ||
|
41c5ac3626 | ||
|
7d1897b171 | ||
|
ce400b3287 | ||
|
ec4d468dcf | ||
|
ccc709e010 | ||
|
40ec4a151c | ||
|
592869247d |
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
.idea
|
||||
ldap-user-manager.iml
|
||||
49
README.md
49
README.md
@ -53,7 +53,7 @@ docker run \
|
||||
-e "LDAP_ADMIN_BIND_PWD=secret"\
|
||||
-e "LDAP_IGNORE_CERT_ERRORS=true" \
|
||||
-e "EMAIL_DOMAIN=ldapusermanager.org" \
|
||||
wheelybird/ldap-user-manager:v1.10
|
||||
wheelybird/ldap-user-manager:v1.11
|
||||
```
|
||||
Change the variable values to suit your environment. Now go to https://lum.example.com/setup.
|
||||
|
||||
@ -105,15 +105,6 @@ For example, if you're using Docker Swarm and you've set the LDAP bind password
|
||||
|
||||
* `SESSION_TIMEOUT` (default: *10 minutes*): How long before an idle session will be timed out.
|
||||
|
||||
|
||||
#### Interface customisation
|
||||
|
||||
* `ORGANISATION_NAME`: (default: *LDAP*): Your organisation's name.
|
||||
|
||||
* `SITE_NAME` (default: *`ORGANISATION_NAME` user manager*): Change this to replace the title in the menu, e.g. "My Company Account Management".
|
||||
|
||||
* `SHOW_POSIX_ATTRIBUTES` (default: *FALSE*): If set to `TRUE` this show extra attributes for **posixAccount** and **posixGroup** in the account and group forms. Leave this set to `FALSE` if you don't use LDAP accounts to log into servers etc., as it makes the interface much simpler. The Posix values are still set in the background using the default values. This setting doesn't hide any Posix attributes set via `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` or `LDAP_GROUP_ADDITIONAL_ATTRIBUTES`.
|
||||
|
||||
#### LDAP settings
|
||||
|
||||
* `LDAP_USER_OU` (default: *people*): The name of the OU used to store user accounts (without the base DN appended).
|
||||
@ -149,7 +140,7 @@ These settings should only be changed if you're trying to make the user manager
|
||||
* `FORCE_RFC2307BIS` (default: *FALSE*): Set to *TRUE* if the auto-detection is failing to spot that the RFC2307BIS schema is available. When *FALSE* the user manager will use auto-detection. See [Using the RFC2307BIS schema](#using-the-rfc2307bis-schema) for more information.
|
||||
|
||||
|
||||
#### User account settings
|
||||
#### User account creation settings
|
||||
|
||||
* `DEFAULT_USER_GROUP` (default: *everybody*): The group that new accounts are automatically added to when created. *NOTE*: If this group doesn't exist then a group is created with the same name as the username and the user is added to that group.
|
||||
|
||||
@ -166,9 +157,23 @@ These settings should only be changed if you're trying to make the user manager
|
||||
* `PASSWORD_HASH` (no default): Select which hashing method which will be used to store passwords in LDAP. Options are (in order of precedence) `SHA512CRYPT`, `SHA256CRYPT`, `MD5CRYPT`, `SSHA`, `SHA`, `SMD5`, `MD5`, `ARGON2`, `CRYPT` & `CLEAR`. If your chosen method isn't available on your system then the strongest available method will be automatically selected - `SSHA` is the strongest method guaranteed to be available. (Note that for `ARGON2` to work your LDAP server will need to have the ARGON2 module enabled. If you don't the passwords will be saved but the user won't be able to authenticate.) Cleartext passwords should NEVER be used in any situation outside of a test.
|
||||
|
||||
* `ACCEPT_WEAK_PASSWORDS` (default: *FALSE*): Set this to *TRUE* to prevent a password being rejected for being too weak. The password strength indicators will still gauge the strength of the password. Don't enable this in a production environment.
|
||||
|
||||
|
||||
#### Website appearance and behaviour settings
|
||||
|
||||
* `ORGANISATION_NAME`: (default: *LDAP*): Your organisation's name.
|
||||
|
||||
* `SITE_NAME` (default: *`ORGANISATION_NAME` user manager*): Change this to replace the title in the menu, e.g. "My Company Account Management".
|
||||
|
||||
* `SITE_LOGIN_LDAP_ATTRIBUTE` (default: *`LDAP_ACCOUNT_ATTRIBUTE`*): The LDAP account attribute to use when logging into the user-manager. For example, set this to `mail` to use email addresses to log in. Use this with extreme caution. The value for this attribute needs to be unique for each account; if more than one result is found when searching for an account then you won't be able to log in.
|
||||
|
||||
* `SITE_LOGIN_FIELD_LABEL` (default: *Username*): This is the label that appears next to the username field on the login page. If you change `SITE_LOGIN_LDAP_ATTRIBUTE` then you might want to change this. For example, `SITE_LOGIN_FIELD_LABEL="Email address"`.
|
||||
|
||||
* `SHOW_POSIX_ATTRIBUTES` (default: *FALSE*): If set to `TRUE` this show extra attributes for **posixAccount** and **posixGroup** in the account and group forms. Leave this set to `FALSE` if you don't use LDAP accounts to log into servers etc., as it makes the interface much simpler. The Posix values are still set in the background using the default values. This setting doesn't hide any Posix attributes set via `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` or `LDAP_GROUP_ADDITIONAL_ATTRIBUTES`.
|
||||
|
||||
* `REMOTE_HTTP_HEADERS_LOGIN`(default: *FALSE*) Enables session managment from an external service like Authelia. _This setting will compromise your security if you're not using an Auth-Proxy in front of this application_.
|
||||
|
||||
|
||||
#### Email sending settings
|
||||
|
||||
To send emails you'll need to use an existing SMTP server. Email sending will be disabled if `SMTP_HOSTNAME` isn't set.
|
||||
@ -177,6 +182,8 @@ To send emails you'll need to use an existing SMTP server. Email sending will b
|
||||
|
||||
* `SMTP_HOST_PORT` (default: *25*): The SMTP port on the SMTP server.
|
||||
|
||||
* `SMTP_HELO_HOST` (no default): The hostname to send with the HELO/EHLO command.
|
||||
|
||||
* `SMTP_USERNAME` (no default): The username to use when the SMTP server requires authentication.
|
||||
|
||||
* `SMTP_PASSWORD` (no default): The password to use when the SMTP server requires authentication.
|
||||
@ -203,6 +210,24 @@ To send emails you'll need to use an existing SMTP server. Email sending will b
|
||||
* `ACCOUNT_REQUESTS_EMAIL` (default: *{EMAIL_FROM_ADDRESS}*): This is the email address that any requests for a new account are sent to.
|
||||
|
||||
|
||||
#### Website customization
|
||||
|
||||
* `$CUSTOM_LOGO` (default: *FALSE*)*: If this is defined with path to image file, then this image will be displayed in header. You need also mount volume with this file.
|
||||
|
||||
* `$CUSTOM_STYLES` (default: *FALSE*)*: If this is defined with path to css file, then this style will be used in header. Also helps vith logo positioninig. You need also mount volume with this file.
|
||||
|
||||
docker-compose.yml example:
|
||||
|
||||
```yaml
|
||||
ldap-user-manager:
|
||||
environment:
|
||||
CUSTOM_LOGO: "../gfx/logo.svg"
|
||||
CUSTOM_STYLES: "../css/custom.css"
|
||||
volumes:
|
||||
- '/opt/openldap/www/gfx:/opt/ldap_user_manager/gfx'
|
||||
- '/opt/openldap/www/css:/opt/ldap_user_manager/css'
|
||||
```
|
||||
|
||||
#### Debugging settings
|
||||
|
||||
* `LDAP_DEBUG` (default: *FALSE*): Set to TRUE to increase the logging level for LDAP requests. This will output passwords to the error log - don't enable this in a production environment. This is for information on problems updating LDAP records and such. To debug problems connecting to the LDAP server in the first place use `LDAP_VERBOSE_CONNECTION_LOGS`.
|
||||
@ -386,7 +411,7 @@ docker run \
|
||||
-e "LDAP_RFC2307BIS_SCHEMA=true" \
|
||||
-e "LDAP_REMOVE_CONFIG_AFTER_SETUP=true" \
|
||||
-e "LDAP_TLS_VERIFY_CLIENT=never" \
|
||||
-p 389:389
|
||||
-p 389:389 \
|
||||
--volume /opt/docker/openldap/var_lib_ldap:/var/lib/ldap \
|
||||
--volume /opt/docker/openldap/etc_ldap_slapd.d:/etc/ldap/slapd.d \
|
||||
osixia/openldap:latest
|
||||
|
||||
@ -30,7 +30,7 @@ if ($ldap_search) {
|
||||
header("Content-Type: application/octet-stream");
|
||||
header("Cache-Control: no-cache private");
|
||||
header("Content-Transfer-Encoding: Binary");
|
||||
header("Content-disposition: attachment; filename='${this_resource}.${this_attribute}'");
|
||||
header("Content-disposition: attachment; filename='{$this_resource}.{$this_attribute}'");
|
||||
header("Content-Length: ". strlen($this_record[$this_attribute][0]));
|
||||
print $this_record[$this_attribute][0];
|
||||
}
|
||||
|
||||
@ -51,7 +51,7 @@ render_js_username_check();
|
||||
<div class="container">
|
||||
|
||||
<div class="form-inline" id="new_group_div">
|
||||
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/show_group.php" method="post">
|
||||
<form action="<?php print "{$THIS_MODULE_PATH}"; ?>/show_group.php" method="post">
|
||||
<input type="hidden" name="new_group">
|
||||
<button type="button" class="btn btn-light"><?php print count($groups);?> group<?php if (count($groups) != 1) { print "s"; }?></button> <button id="show_new_group" class="form-control btn btn-default" type="button" onclick="show_new_group_form();">New group</button>
|
||||
<input type="text" class="form-control invisible" name="group_name" id="group_name" placeholder="Group name" onkeyup="check_entity_name_validity(document.getElementById('group_name').value,'new_group_div');"><button id="add_group" class="form-control btn btn-primary btn-sm invisible" type="submit">Add</button>
|
||||
@ -77,7 +77,7 @@ render_js_username_check();
|
||||
</script>
|
||||
<?php
|
||||
foreach ($groups as $group){
|
||||
print " <tr>\n <td><a href='${THIS_MODULE_PATH}/show_group.php?group_name=" . urlencode($group) . "'>$group</a></td>\n </tr>\n";
|
||||
print " <tr>\n <td><a href='{$THIS_MODULE_PATH}/show_group.php?group_name=" . urlencode($group) . "'>$group</a></td>\n </tr>\n";
|
||||
}
|
||||
?>
|
||||
</tbody>
|
||||
|
||||
@ -63,7 +63,7 @@ foreach ($people as $account_identifier => $attribs){
|
||||
|
||||
$group_membership = ldap_user_group_membership($ldap_connection,$account_identifier);
|
||||
if (isset($people[$account_identifier]['mail'])) { $this_mail = $people[$account_identifier]['mail']; } else { $this_mail = ""; }
|
||||
print " <tr>\n <td><a href='${THIS_MODULE_PATH}/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
|
||||
print " <tr>\n <td><a href='{$THIS_MODULE_PATH}/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
|
||||
print " <td>" . $people[$account_identifier]['givenname'] . "</td>\n";
|
||||
print " <td>" . $people[$account_identifier]['sn'] . "</td>\n";
|
||||
print " <td>$this_mail</td>\n";
|
||||
|
||||
@ -24,7 +24,7 @@ function render_submenu() {
|
||||
else {
|
||||
print '<li>';
|
||||
}
|
||||
print "<a href='${THIS_MODULE_PATH}/{$path}'>" . ucwords($submodule) . "</a></li>\n";
|
||||
print "<a href='{$THIS_MODULE_PATH}/{$path}'>" . ucwords($submodule) . "</a></li>\n";
|
||||
|
||||
}
|
||||
?>
|
||||
|
||||
@ -20,7 +20,7 @@ if ( isset($_POST['setup_admin_account']) ) {
|
||||
validate_setup_cookie();
|
||||
set_page_access("setup");
|
||||
|
||||
$completed_action="${SERVER_PATH}log_in";
|
||||
$completed_action="{$SERVER_PATH}log_in";
|
||||
$page_title="New administrator account";
|
||||
|
||||
render_header("$ORGANISATION_NAME account manager - setup administrator account", FALSE);
|
||||
@ -29,7 +29,7 @@ if ( isset($_POST['setup_admin_account']) ) {
|
||||
else {
|
||||
set_page_access("admin");
|
||||
|
||||
$completed_action="${THIS_MODULE_PATH}/";
|
||||
$completed_action="{$THIS_MODULE_PATH}/";
|
||||
$page_title="New account";
|
||||
$admin_setup = FALSE;
|
||||
|
||||
@ -44,6 +44,8 @@ $weak_password = FALSE;
|
||||
$invalid_email = FALSE;
|
||||
$disabled_email_tickbox = TRUE;
|
||||
$invalid_cn = FALSE;
|
||||
$invalid_givenname = FALSE;
|
||||
$invalid_sn = FALSE;
|
||||
$invalid_account_identifier = FALSE;
|
||||
$account_attribute = $LDAP['account_attribute'];
|
||||
|
||||
@ -160,6 +162,8 @@ if (isset($_POST['create_account'])) {
|
||||
|
||||
if (!isset($this_cn) or $this_cn == "") { $invalid_cn = TRUE; }
|
||||
if ((!isset($account_identifier) or $account_identifier == "") and $invalid_cn != TRUE) { $invalid_account_identifier = TRUE; }
|
||||
if (!isset($this_givenname) or $this_givenname == "") { $invalid_givenname = TRUE; }
|
||||
if (!isset($this_sn) or $this_sn == "") { $invalid_sn = TRUE; }
|
||||
if ((!is_numeric($_POST['pass_score']) or $_POST['pass_score'] < 3) and $ACCEPT_WEAK_PASSWORDS != TRUE) { $weak_password = TRUE; }
|
||||
if (isset($this_mail) and !is_valid_email($this_mail)) { $invalid_email = TRUE; }
|
||||
if (preg_match("/\"|'/",$password)) { $invalid_password = TRUE; }
|
||||
@ -253,6 +257,8 @@ if (isset($_POST['create_account'])) {
|
||||
|
||||
$errors="";
|
||||
if ($invalid_cn) { $errors.="<li>The Common Name is required</li>\n"; }
|
||||
if ($invalid_givenname) { $errors.="<li>First Name is required</li>\n"; }
|
||||
if ($invalid_sn) { $errors.="<li>Last Name is required</li>\n"; }
|
||||
if ($invalid_account_identifier) { $errors.="<li>The account identifier (" . $attribute_map[$account_attribute]['label'] . ") is invalid.</li>\n"; }
|
||||
if ($weak_password) { $errors.="<li>The password is too weak</li>\n"; }
|
||||
if ($invalid_password) { $errors.="<li>The password contained invalid characters</li>\n"; }
|
||||
@ -358,6 +364,7 @@ $tabindex=1;
|
||||
$label = $attr_r['label'];
|
||||
if (isset($attr_r['onkeyup'])) { $onkeyup = $attr_r['onkeyup']; } else { $onkeyup = ""; }
|
||||
if ($attribute == $LDAP['account_attribute']) { $label = "<strong>$label</strong><sup>*</sup>"; }
|
||||
if (isset($attr_r['required']) and $attr_r['required'] == TRUE) { $label = "<strong>$label</strong><sup>*</sup>"; }
|
||||
if (isset($$attribute)) { $these_values=$$attribute; } else { $these_values = array(); }
|
||||
if (isset($attr_r['inputtype'])) { $inputtype = $attr_r['inputtype']; } else { $inputtype = ""; }
|
||||
render_attribute_fields($attribute,$label,$these_values,"",$onkeyup,$inputtype,$tabindex);
|
||||
|
||||
@ -61,7 +61,7 @@ if (isset($_POST['new_group'])) {
|
||||
}
|
||||
elseif (isset($_POST['initialise_group'])) {
|
||||
$initialise_group = TRUE;
|
||||
$full_dn = "${LDAP['group_attribute']}=$group_cn,${LDAP['group_dn']}";
|
||||
$full_dn = "{$LDAP['group_attribute']}=$group_cn,{$LDAP['group_dn']}";
|
||||
$has_been = "created";
|
||||
}
|
||||
else {
|
||||
@ -216,7 +216,7 @@ if (isset($_POST["update_members"])) {
|
||||
render_alert_banner("Groups can't be empty, so the final member hasn't been removed. You could try deleting the group","danger",15000);
|
||||
}
|
||||
else {
|
||||
render_alert_banner("The group has been ${has_been}.");
|
||||
render_alert_banner("The group has been {$has_been}.");
|
||||
}
|
||||
|
||||
}
|
||||
@ -349,7 +349,7 @@ ldap_close($ldap_connection);
|
||||
<div class="panel-heading clearfix">
|
||||
<h3 class="panel-title pull-left" style="padding-top: 7.5px;"><?php print $group_cn; ?><?php if ($group_cn == $LDAP["admins_group"]) { print " <sup>(admin group)</sup>" ; } ?></h3>
|
||||
<button class="btn btn-warning pull-right" onclick="show_delete_group_button();" <?php if ($group_cn == $LDAP["admins_group"]) { print "disabled"; } ?>>Delete group</button>
|
||||
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/groups.php" method="post" enctype="multipart/form-data"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
|
||||
<form action="<?php print "{$THIS_MODULE_PATH}"; ?>/groups.php" method="post" enctype="multipart/form-data"><input type="hidden" name="delete_group" value="<?php print $group_cn; ?>"><button class="btn btn-danger pull-right invisible" id="delete_group">Confirm deletion</button></form>
|
||||
</div>
|
||||
|
||||
<ul class="list-group">
|
||||
|
||||
@ -41,7 +41,7 @@ else {
|
||||
}
|
||||
|
||||
$ldap_connection = open_ldap_connection();
|
||||
$ldap_search_query="(${LDAP['account_attribute']}=". ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search_query="({$LDAP['account_attribute']}=". ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = ldap_search( $ldap_connection, $LDAP['user_dn'], $ldap_search_query);
|
||||
|
||||
|
||||
@ -156,15 +156,15 @@ if ($ldap_search) {
|
||||
if (array_key_exists($LDAP['account_attribute'], $to_update)) {
|
||||
$account_attribute = $LDAP['account_attribute'];
|
||||
$new_account_identifier = $to_update[$account_attribute][0];
|
||||
$new_rdn = "${account_attribute}=${new_account_identifier}";
|
||||
$new_rdn = "{$account_attribute}={$new_account_identifier}";
|
||||
$renamed_entry = ldap_rename($ldap_connection, $dn, $new_rdn, $LDAP['user_dn'], true);
|
||||
if ($renamed_entry) {
|
||||
$dn = "${new_rdn},${LDAP['user_dn']}";
|
||||
$dn = "{$new_rdn},{$LDAP['user_dn']}";
|
||||
$account_identifier = $new_account_identifier;
|
||||
}
|
||||
else {
|
||||
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
|
||||
error_log("$log_prefix Failed to rename the DN for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
error_log("$log_prefix Failed to rename the DN for {$account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
}
|
||||
}
|
||||
|
||||
@ -176,7 +176,7 @@ if ($ldap_search) {
|
||||
|
||||
if (!$updated_account) {
|
||||
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
|
||||
error_log("$log_prefix Failed to modify account details for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
error_log("$log_prefix Failed to modify account details for {$account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
}
|
||||
|
||||
$sent_email_message="";
|
||||
@ -187,9 +187,9 @@ if ($ldap_search) {
|
||||
$mail_body = parse_mail_text($new_account_mail_body, $password, $account_identifier, $givenname[0], $sn[0]);
|
||||
$mail_subject = parse_mail_text($new_account_mail_subject, $password, $account_identifier, $givenname[0], $sn[0]);
|
||||
|
||||
$sent_email = send_email($mail[0],"${givenname[0]} ${sn[0]}",$mail_subject,$mail_body);
|
||||
$sent_email = send_email($mail[0],"{$givenname[0]} {$sn[0]}",$mail_subject,$mail_body);
|
||||
if ($sent_email) {
|
||||
$sent_email_message .= " An email sent to ${mail[0]}.";
|
||||
$sent_email_message .= " An email sent to {$mail[0]}.";
|
||||
}
|
||||
else {
|
||||
$sent_email_message .= " Unfortunately the email wasn't sent; check the logs for more information.";
|
||||
@ -443,7 +443,7 @@ if ($ldap_search) {
|
||||
<div class="panel-heading clearfix">
|
||||
<span class="panel-title pull-left"><h3><?php print $account_identifier; ?></h3></span>
|
||||
<button class="btn btn-warning pull-right align-self-end" style="margin-top: auto;" onclick="show_delete_user_button();" <?php if ($account_identifier == $USER_ID) { print "disabled"; }?>>Delete account</button>
|
||||
<form action="<?php print "${THIS_MODULE_PATH}"; ?>/index.php" method="post"><input type="hidden" name="delete_user" value="<?php print urlencode($account_identifier); ?>"><button class="btn btn-danger pull-right invisible" id="delete_user">Confirm deletion</button></form>
|
||||
<form action="<?php print "{$THIS_MODULE_PATH}"; ?>/index.php" method="post"><input type="hidden" name="delete_user" value="<?php print urlencode($account_identifier); ?>"><button class="btn btn-danger pull-right invisible" id="delete_user">Confirm deletion</button></form>
|
||||
</div>
|
||||
<ul class="list-group">
|
||||
<li class="list-group-item"><?php print $dn; ?></li>
|
||||
@ -542,7 +542,7 @@ if ($ldap_search) {
|
||||
<?php
|
||||
foreach ($member_of as $group) {
|
||||
if ($group == $LDAP["admins_group"] and $USER_ID == $account_identifier) {
|
||||
print "<div class='list-group-item' style='opacity: 0.5; pointer-events:none;'>${group}</div>\n";
|
||||
print "<div class='list-group-item' style='opacity: 0.5; pointer-events:none;'>{$group}</div>\n";
|
||||
}
|
||||
else {
|
||||
print "<li class='list-group-item'>$group</li>\n";
|
||||
|
||||
@ -21,12 +21,30 @@
|
||||
|
||||
$LDAP['account_attribute'] = (getenv('LDAP_ACCOUNT_ATTRIBUTE') ? getenv('LDAP_ACCOUNT_ATTRIBUTE') : 'uid');
|
||||
$LDAP['account_objectclasses'] = array( 'person', 'inetOrgPerson', 'posixAccount' );
|
||||
$LDAP['default_attribute_map'] = array( "givenname" => array("label" => "First name", "onkeyup" => "update_username(); update_email(); update_cn(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
|
||||
"sn" => array("label" => "Last name", "onkeyup" => "update_username(); update_email(); update_cn(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
|
||||
"uid" => array("label" => "System username", "onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); update_homedir(); check_email_validity(document.getElementById('mail').value);"),
|
||||
"cn" => array("label" => "Common name", "onkeyup" => "auto_cn_update = false;"),
|
||||
"mail" => array("label" => "Email", "onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value);")
|
||||
);
|
||||
$LDAP['default_attribute_map'] = array(
|
||||
"givenname" => array(
|
||||
"label" => "First name",
|
||||
"onkeyup" => "update_username(); update_email(); update_cn(); update_homedir(); check_email_validity(document.getElementById('mail').value);",
|
||||
"required" => TRUE,
|
||||
),
|
||||
"sn" => array(
|
||||
"label" => "Last name",
|
||||
"onkeyup" => "update_username(); update_email(); update_cn(); update_homedir(); check_email_validity(document.getElementById('mail').value);",
|
||||
"required" => TRUE,
|
||||
),
|
||||
"uid" => array(
|
||||
"label" => "System username",
|
||||
"onkeyup" => "check_entity_name_validity(document.getElementById('uid').value,'uid_div'); update_email(); update_homedir(); check_email_validity(document.getElementById('mail').value);",
|
||||
),
|
||||
"cn" => array(
|
||||
"label" => "Common name",
|
||||
"onkeyup" => "auto_cn_update = false;",
|
||||
),
|
||||
"mail" => array(
|
||||
"label" => "Email",
|
||||
"onkeyup" => "auto_email_update = false; check_email_validity(document.getElementById('mail').value);",
|
||||
)
|
||||
);
|
||||
|
||||
$LDAP['group_attribute'] = (getenv('LDAP_GROUP_ATTRIBUTE') ? getenv('LDAP_GROUP_ATTRIBUTE') : 'cn');
|
||||
$LDAP['group_objectclasses'] = array( 'top', 'posixGroup' ); #groupOfUniqueNames is added automatically if rfc2307bis is available.
|
||||
@ -83,8 +101,8 @@
|
||||
if (strtoupper(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) == 'FALSE' ) { $LDAP['group_membership_uses_uid'] = FALSE; }
|
||||
}
|
||||
|
||||
$LDAP['group_dn'] = "ou=${LDAP['group_ou']},${LDAP['base_dn']}";
|
||||
$LDAP['user_dn'] = "ou=${LDAP['user_ou']},${LDAP['base_dn']}";
|
||||
$LDAP['group_dn'] = "ou={$LDAP['group_ou']},{$LDAP['base_dn']}";
|
||||
$LDAP['user_dn'] = "ou={$LDAP['user_ou']},{$LDAP['base_dn']}";
|
||||
|
||||
if (isset($account_additional_objectclasses) and $account_additional_objectclasses != "") {
|
||||
$LDAP['account_objectclasses'] = array_merge($LDAP['account_objectclasses'], explode(",", $account_additional_objectclasses));
|
||||
@ -98,6 +116,9 @@
|
||||
$ORGANISATION_NAME = (getenv('ORGANISATION_NAME') ? getenv('ORGANISATION_NAME') : 'LDAP');
|
||||
$SITE_NAME = (getenv('SITE_NAME') ? getenv('SITE_NAME') : "$ORGANISATION_NAME user manager");
|
||||
|
||||
$SITE_LOGIN_LDAP_ATTRIBUTE = (getenv('SITE_LOGIN_LDAP_ATTRIBUTE') ? getenv('SITE_LOGIN_LDAP_ATTRIBUTE') : $LDAP['account_attribute'] );
|
||||
$SITE_LOGIN_FIELD_LABEL = (getenv('SITE_LOGIN_FIELD_LABEL') ? getenv('SITE_LOGIN_FIELD_LABEL') : "Username" );
|
||||
|
||||
$SERVER_HOSTNAME = (getenv('SERVER_HOSTNAME') ? getenv('SERVER_HOSTNAME') : "ldapusermanager.org");
|
||||
$SERVER_PATH = (getenv('SERVER_PATH') ? getenv('SERVER_PATH') : "/");
|
||||
|
||||
@ -113,6 +134,7 @@
|
||||
$SMTP['user'] = (getenv('SMTP_USERNAME') ? getenv('SMTP_USERNAME') : NULL);
|
||||
$SMTP['pass'] = (getenv('SMTP_PASSWORD') ? getenv('SMTP_PASSWORD') : NULL);
|
||||
$SMTP['port'] = (getenv('SMTP_HOST_PORT') ? getenv('SMTP_HOST_PORT') : 25);
|
||||
$SMTP['helo'] = (getenv('SMTP_HELO_HOST') ? getenv('SMTP_HELO_HOST') : NULL);
|
||||
$SMTP['ssl'] = ((strcasecmp(getenv('SMTP_USE_SSL'),'TRUE') == 0) ? TRUE : FALSE);
|
||||
$SMTP['tls'] = ((strcasecmp(getenv('SMTP_USE_TLS'),'TRUE') == 0) ? TRUE : FALSE);
|
||||
if ($SMTP['tls'] == TRUE) { $SMTP['ssl'] = FALSE; }
|
||||
@ -147,6 +169,9 @@
|
||||
|
||||
# Sanity checking
|
||||
|
||||
$CUSTOM_LOGO = (getenv('CUSTOM_LOGO') ? getenv('CUSTOM_LOGO') : FALSE);
|
||||
$CUSTOM_STYLES = (getenv('CUSTOM_STYLES') ? getenv('CUSTOM_STYLES') : FALSE);
|
||||
|
||||
$errors = "";
|
||||
|
||||
if (empty($LDAP['uri'])) {
|
||||
|
||||
@ -10,8 +10,8 @@ function open_ldap_connection($ldap_bind=TRUE) {
|
||||
$ldap_connection = @ ldap_connect($LDAP['uri']);
|
||||
|
||||
if (!$ldap_connection) {
|
||||
print "Problem: Can't connect to the LDAP server at ${LDAP['uri']}";
|
||||
die("Can't connect to the LDAP server at ${LDAP['uri']}");
|
||||
print "Problem: Can't connect to the LDAP server at {$LDAP['uri']}";
|
||||
die("Can't connect to the LDAP server at {$LDAP['uri']}");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -24,15 +24,15 @@ function open_ldap_connection($ldap_bind=TRUE) {
|
||||
|
||||
if ($tls_result != TRUE) {
|
||||
|
||||
if (!preg_match('/^ldap:\/\/127\.0\.0\.([0-9]+)(:[0-9]+)$/', $LDAP['uri'])) { error_log("$log_prefix Failed to start STARTTLS connection to ${LDAP['uri']}: " . ldap_error($ldap_connection),0); }
|
||||
if (!preg_match('/^ldap:\/\/127\.0\.0\.([0-9]+)(:[0-9]+)$/', $LDAP['uri'])) { error_log("$log_prefix Failed to start STARTTLS connection to {$LDAP['uri']}: " . ldap_error($ldap_connection),0); }
|
||||
|
||||
if ($LDAP["require_starttls"] == TRUE) {
|
||||
print "<div style='position: fixed;bottom: 0;width: 100%;' class='alert alert-danger'>Fatal: Couldn't create a secure connection to ${LDAP['uri']} and LDAP_REQUIRE_STARTTLS is TRUE.</div>";
|
||||
print "<div style='position: fixed;bottom: 0;width: 100%;' class='alert alert-danger'>Fatal: Couldn't create a secure connection to {$LDAP['uri']} and LDAP_REQUIRE_STARTTLS is TRUE.</div>";
|
||||
exit(0);
|
||||
}
|
||||
else {
|
||||
if ($SENT_HEADERS == TRUE and !preg_match('/^ldap:\/\/localhost(:[0-9]+)?$/', $LDAP['uri']) and !preg_match('/^ldap:\/\/127\.0\.0\.([0-9]+)(:[0-9]+)$/', $LDAP['uri'])) {
|
||||
print "<div style='position: fixed;bottom: 0px;width: 100%;height: 20px;border-bottom:solid 20px yellow;'>WARNING: Insecure LDAP connection to ${LDAP['uri']}</div>";
|
||||
print "<div style='position: fixed;bottom: 0px;width: 100%;height: 20px;border-bottom:solid 20px yellow;'>WARNING: Insecure LDAP connection to {$LDAP['uri']}</div>";
|
||||
}
|
||||
ldap_close($ldap_connection);
|
||||
$ldap_connection = @ ldap_connect($LDAP['uri']);
|
||||
@ -41,7 +41,7 @@ function open_ldap_connection($ldap_bind=TRUE) {
|
||||
}
|
||||
else {
|
||||
if ($LDAP_DEBUG == TRUE) {
|
||||
error_log("$log_prefix Start STARTTLS connection to ${LDAP['uri']}",0);
|
||||
error_log("$log_prefix Start STARTTLS connection to {$LDAP['uri']}",0);
|
||||
}
|
||||
$LDAP['connection_type'] = "StartTLS";
|
||||
}
|
||||
@ -49,29 +49,29 @@ function open_ldap_connection($ldap_bind=TRUE) {
|
||||
}
|
||||
else {
|
||||
if ($LDAP_DEBUG == TRUE) {
|
||||
error_log("$log_prefix Using an LDAPS encrypted connection to ${LDAP['uri']}",0);
|
||||
error_log("$log_prefix Using an LDAPS encrypted connection to {$LDAP['uri']}",0);
|
||||
}
|
||||
$LDAP['connection_type'] = 'LDAPS';
|
||||
}
|
||||
|
||||
if ($ldap_bind == TRUE) {
|
||||
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Attempting to bind to ${LDAP['uri']} as ${LDAP['admin_bind_dn']}",0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Attempting to bind to {$LDAP['uri']} as {$LDAP['admin_bind_dn']}",0); }
|
||||
$bind_result = @ ldap_bind( $ldap_connection, $LDAP['admin_bind_dn'], $LDAP['admin_bind_pwd']);
|
||||
|
||||
if ($bind_result != TRUE) {
|
||||
|
||||
$this_error = "Failed to bind to ${LDAP['uri']} as ${LDAP['admin_bind_dn']}";
|
||||
if ($LDAP_DEBUG == TRUE) { $this_error .= " with password ${LDAP['admin_bind_pwd']}"; }
|
||||
$this_error = "Failed to bind to {$LDAP['uri']} as {$LDAP['admin_bind_dn']}";
|
||||
if ($LDAP_DEBUG == TRUE) { $this_error .= " with password {$LDAP['admin_bind_pwd']}"; }
|
||||
$this_error .= ": " . ldap_error($ldap_connection);
|
||||
print "Problem: Failed to bind as ${LDAP['admin_bind_dn']}";
|
||||
print "Problem: Failed to bind as {$LDAP['admin_bind_dn']}";
|
||||
error_log("$log_prefix $this_error",0);
|
||||
|
||||
exit(1);
|
||||
|
||||
}
|
||||
elseif ($LDAP_DEBUG == TRUE) {
|
||||
error_log("$log_prefix Bound successfully as ${LDAP['admin_bind_dn']}",0);
|
||||
error_log("$log_prefix Bound successfully as {$LDAP['admin_bind_dn']}",0);
|
||||
}
|
||||
|
||||
}
|
||||
@ -83,14 +83,14 @@ function open_ldap_connection($ldap_bind=TRUE) {
|
||||
|
||||
###################################
|
||||
|
||||
function ldap_auth_username($ldap_connection,$username, $password) {
|
||||
function ldap_auth_username($ldap_connection, $username, $password) {
|
||||
|
||||
# Search for the DN for the given username. If found, try binding with the DN and user's password.
|
||||
# If the binding succeeds, return the DN.
|
||||
|
||||
global $log_prefix, $LDAP, $LDAP_DEBUG;
|
||||
global $log_prefix, $LDAP, $SITE_LOGIN_LDAP_ATTRIBUTE, $LDAP_DEBUG;
|
||||
|
||||
$ldap_search_query="${LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER);
|
||||
$ldap_search_query="{$SITE_LOGIN_LDAP_ATTRIBUTE}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Running LDAP search for: $ldap_search_query"); }
|
||||
|
||||
$ldap_search = @ ldap_search( $ldap_connection, $LDAP['user_dn'], $ldap_search_query );
|
||||
@ -102,38 +102,39 @@ function ldap_auth_username($ldap_connection,$username, $password) {
|
||||
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
if (!$result) {
|
||||
error_log("$log_prefix Couldn't get LDAP entries for ${username}: " . ldap_error($ldap_connection),0);
|
||||
error_log("$log_prefix Couldn't get LDAP entries for {$username}: " . ldap_error($ldap_connection),0);
|
||||
return FALSE;
|
||||
}
|
||||
if ($LDAP_DEBUG == TRUE) {
|
||||
error_log("$log_prefix LDAP search returned " . $result["count"] . " records for $ldap_search_query",0);
|
||||
for ($i=1; $i==$result["count"]; $i++) {
|
||||
error_log("$log_prefix ". "Entry ${i}: " . $result[$i-1]['dn'], 0);
|
||||
error_log("$log_prefix ". "Entry {$i}: " . $result[$i-1]['dn'], 0);
|
||||
}
|
||||
}
|
||||
|
||||
if ($result["count"] == 1) {
|
||||
|
||||
$this_dn = $result[0]['dn'];
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Attempting authenticate as $username by binding with ${this_dn} ",0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Attempting authenticate as $username by binding with {$this_dn} ",0); }
|
||||
$auth_ldap_connection = open_ldap_connection(FALSE);
|
||||
$can_bind = @ ldap_bind( $auth_ldap_connection, $result[0]['dn'], $password);
|
||||
$can_bind = @ ldap_bind($auth_ldap_connection, $result[0]['dn'], $password);
|
||||
|
||||
if ($can_bind) {
|
||||
preg_match("/{$LDAP['account_attribute']}=(.*?),/",$result[0]['dn'],$dn_match);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Able to bind as ${username}",0); }
|
||||
$account_id=$dn_match[1];
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Able to bind as {$username}: dn is {$result[0]['dn']} and account ID is {$account_id}",0); }
|
||||
ldap_close($auth_ldap_connection);
|
||||
return $dn_match[1];
|
||||
return $account_id;
|
||||
}
|
||||
else {
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Unable to bind as ${username}: " . ldap_error($auth_ldap_connection),0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Unable to bind as {$username}: " . ldap_error($auth_ldap_connection),0); }
|
||||
ldap_close($auth_ldap_connection);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
}
|
||||
elseif ($result["count"] > 1) {
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix There was more than one entry for ${ldap_search_query} so it wasn't possible to determine which user to log in as."); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix There was more than one entry for {$ldap_search_query} so it wasn't possible to determine which user to log in as."); }
|
||||
}
|
||||
|
||||
}
|
||||
@ -147,16 +148,16 @@ function ldap_setup_auth($ldap_connection, $password) {
|
||||
#credentials as passed in ADMIN_BIND_*
|
||||
global $log_prefix, $LDAP, $LDAP_DEBUG;
|
||||
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Initial setup: opening another LDAP connection to test authentication as ${LDAP['admin_bind_dn']}.",0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Initial setup: opening another LDAP connection to test authentication as {$LDAP['admin_bind_dn']}.",0); }
|
||||
$auth_ldap_connection = open_ldap_connection();
|
||||
$can_bind = @ldap_bind($auth_ldap_connection, $LDAP['admin_bind_dn'], $password);
|
||||
ldap_close($auth_ldap_connection);
|
||||
if ($can_bind) {
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Initial setup: able to authenticate as ${LDAP['admin_bind_dn']}.",0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix Initial setup: able to authenticate as {$LDAP['admin_bind_dn']}.",0); }
|
||||
return TRUE;
|
||||
}
|
||||
else {
|
||||
$this_error="Initial setup: Unable to authenticate as ${LDAP['admin_bind_dn']}";
|
||||
$this_error="Initial setup: Unable to authenticate as {$LDAP['admin_bind_dn']}";
|
||||
if ($LDAP_DEBUG == TRUE) { $this_error .= " with password $password"; }
|
||||
$this_error .= ". The password used to authenticate for /setup should be the same as set by LDAP_ADMIN_BIND_PWD. ";
|
||||
$this_error .= ldap_error($ldap_connection);
|
||||
@ -217,7 +218,7 @@ function ldap_hashed_password($password) {
|
||||
array_push($available_algos, $algo_name);
|
||||
}
|
||||
else {
|
||||
error_log("$log_prefix password hashing - the system doesn't support ${algo_name}",0);
|
||||
error_log("$log_prefix password hashing - the system doesn't support {$algo_name}",0);
|
||||
}
|
||||
}
|
||||
$available_algos = array_merge($available_algos, $remaining_algos);
|
||||
@ -234,7 +235,7 @@ function ldap_hashed_password($password) {
|
||||
else {
|
||||
$hash_algo = $available_algos[0];
|
||||
}
|
||||
error_log("$log_prefix LDAP password: using '${hash_algo}' as the hashing method",0);
|
||||
error_log("$log_prefix LDAP password: using '{$hash_algo}' as the hashing method",0);
|
||||
|
||||
switch ($hash_algo) {
|
||||
|
||||
@ -308,15 +309,15 @@ function ldap_get_user_list($ldap_connection,$start=0,$entries=NULL,$sort="asc",
|
||||
|
||||
global $log_prefix, $LDAP, $LDAP_DEBUG;
|
||||
|
||||
if (!isset($fields)) { $fields = array_unique( array("${LDAP['account_attribute']}", "givenname", "sn", "mail")); }
|
||||
if (!isset($fields)) { $fields = array_unique( array("{$LDAP['account_attribute']}", "givenname", "sn", "mail")); }
|
||||
|
||||
if (!isset($sort_key)) { $sort_key = $LDAP['account_attribute']; }
|
||||
|
||||
$this_filter = "(&(${LDAP['account_attribute']}=*)$filters)";
|
||||
$this_filter = "(&({$LDAP['account_attribute']}=*)$filters)";
|
||||
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['user_dn']}", $this_filter, $fields);
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['user_dn']}", $this_filter, $fields);
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP returned ${result['count']} users for ${LDAP['user_dn']} when using this filter: $this_filter",0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP returned {$result['count']} users for {$LDAP['user_dn']} when using this filter: $this_filter",0); }
|
||||
|
||||
$records = array();
|
||||
foreach ($result as $record) {
|
||||
@ -347,8 +348,8 @@ function fetch_id_stored_in_ldap($ldap_connection,$type="uid") {
|
||||
|
||||
global $log_prefix, $LDAP, $LDAP_DEBUG;
|
||||
|
||||
$filter = "(&(objectclass=device)(cn=last${type}))";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['base_dn']}", $filter, array('serialNumber'));
|
||||
$filter = "(&(objectclass=device)(cn=last{$type}))";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['base_dn']}", $filter, array('serialNumber'));
|
||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
if (isset($result[0]['serialnumber'][0]) and is_numeric($result[0]['serialnumber'][0])){
|
||||
@ -371,7 +372,7 @@ function ldap_get_highest_id($ldap_connection,$type="uid") {
|
||||
if ($type == "uid") {
|
||||
$this_id = $min_uid;
|
||||
$record_base_dn = $LDAP['user_dn'];
|
||||
$record_filter = "(${LDAP['account_attribute']}=*)";
|
||||
$record_filter = "({$LDAP['account_attribute']}=*)";
|
||||
$record_attribute = "uidnumber";
|
||||
}
|
||||
else {
|
||||
@ -417,10 +418,10 @@ function ldap_get_group_list($ldap_connection,$start=0,$entries=NULL,$sort="asc"
|
||||
global $log_prefix, $LDAP, $LDAP_DEBUG;
|
||||
|
||||
$this_filter = "(&(objectclass=*)$filters)";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $this_filter);
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['group_dn']}", $this_filter);
|
||||
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP returned ${result['count']} groups for ${LDAP['group_dn']} when using this filter: $this_filter",0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP returned {$result['count']} groups for {$LDAP['group_dn']} when using this filter: $this_filter",0); }
|
||||
|
||||
$records = array();
|
||||
foreach ($result as $record) {
|
||||
@ -449,8 +450,8 @@ function ldap_get_group_entry($ldap_connection,$group_name) {
|
||||
|
||||
if (isset($group_name)) {
|
||||
|
||||
$ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
|
||||
$ldap_search_query = "({$LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['group_dn']}", $ldap_search_query);
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
if ($result['count'] > 0) {
|
||||
@ -474,8 +475,8 @@ function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=N
|
||||
|
||||
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
|
||||
|
||||
$ldap_search_query = "(${LDAP['group_attribute']}=". ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_membership_attribute']));
|
||||
$ldap_search_query = "({$LDAP['group_attribute']}=". ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_membership_attribute']));
|
||||
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
if ($result) { $result_count = $result['count']; } else { $result_count = 0; }
|
||||
@ -489,13 +490,13 @@ function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=N
|
||||
if ($key !== 'count' and !empty($value)) {
|
||||
$this_member = preg_replace("/^.*?=(.*?),.*/", "$1", $value);
|
||||
array_push($records, $this_member);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix ${value} is a member",0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix {$value} is a member",0); }
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$actual_result_count = count($records);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP returned $actual_result_count members of ${group_name} when using this search: $ldap_search_query and this filter: ${LDAP['group_membership_attribute']}",0); }
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix LDAP returned $actual_result_count members of {$group_name} when using this search: $ldap_search_query and this filter: {$LDAP['group_membership_attribute']}",0); }
|
||||
|
||||
if ($actual_result_count > 0) {
|
||||
if ($sort == "asc") { sort($records); } else { rsort($records); }
|
||||
@ -521,17 +522,17 @@ function ldap_is_group_member($ldap_connection,$group_name,$username) {
|
||||
|
||||
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
|
||||
|
||||
$ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
|
||||
$ldap_search_query = "({$LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['group_dn']}", $ldap_search_query);
|
||||
|
||||
if ($ldap_search) {
|
||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
||||
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
|
||||
$username = "{$LDAP['account_attribute']}=$username,{$LDAP['user_dn']}";
|
||||
}
|
||||
|
||||
if (preg_grep ("/^${username}$/i", $result[0][$LDAP['group_membership_attribute']])) {
|
||||
if (preg_grep ("/^{$username}$/i", $result[0][$LDAP['group_membership_attribute']])) {
|
||||
return TRUE;
|
||||
}
|
||||
else {
|
||||
@ -554,11 +555,11 @@ function ldap_user_group_membership($ldap_connection,$username) {
|
||||
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
|
||||
|
||||
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
||||
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
|
||||
$username = "{$LDAP['account_attribute']}=$username,{$LDAP['user_dn']}";
|
||||
}
|
||||
|
||||
$ldap_search_query = "(&(objectClass=posixGroup)(${LDAP['group_membership_attribute']}=${username}))";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_attribute']));
|
||||
$ldap_search_query = "(&(objectClass=posixGroup)({$LDAP['group_membership_attribute']}={$username}))";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_attribute']));
|
||||
$result = ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
$groups = array();
|
||||
@ -587,13 +588,13 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="",$extra_a
|
||||
$initial_member = ldap_escape($initial_member, "", LDAP_ESCAPE_FILTER);
|
||||
$update_gid_store=FALSE;
|
||||
|
||||
$ldap_search_query = "(${LDAP['group_attribute']}=$new_group,${LDAP['group_dn']})";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
|
||||
$ldap_search_query = "({$LDAP['group_attribute']}=$new_group,{$LDAP['group_dn']})";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['group_dn']}", $ldap_search_query);
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
if ($result['count'] == 0) {
|
||||
|
||||
if ($LDAP['group_membership_uses_uid'] == FALSE and $initial_member != "") { $initial_member = "${LDAP['account_attribute']}=$initial_member,${LDAP['user_dn']}"; }
|
||||
if ($LDAP['group_membership_uses_uid'] == FALSE and $initial_member != "") { $initial_member = "{$LDAP['account_attribute']}=$initial_member,{$LDAP['user_dn']}"; }
|
||||
|
||||
$new_group_array=array( 'objectClass' => $LDAP['group_objectclasses'],
|
||||
'cn' => $new_group,
|
||||
@ -609,12 +610,12 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="",$extra_a
|
||||
$update_gid_store=TRUE;
|
||||
}
|
||||
|
||||
$group_dn="cn=$new_group,${LDAP['group_dn']}";
|
||||
$group_dn="cn=$new_group,{$LDAP['group_dn']}";
|
||||
|
||||
$add_group = @ ldap_add($ldap_connection, $group_dn, $new_group_array);
|
||||
|
||||
if (! $add_group ) {
|
||||
$this_error="$log_prefix LDAP: unable to add new group (${group_dn}): " . ldap_error($ldap_connection);
|
||||
$this_error="$log_prefix LDAP: unable to add new group ({$group_dn}): " . ldap_error($ldap_connection);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG add_group array: ". strip_tags(print_r($new_group_array,true)),0); }
|
||||
error_log($this_error,0);
|
||||
}
|
||||
@ -624,7 +625,7 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="",$extra_a
|
||||
if ($update_gid_store == TRUE) {
|
||||
$this_gid = fetch_id_stored_in_ldap($ldap_connection,"gid");
|
||||
if ($this_gid != FALSE) {
|
||||
$update_gid = @ ldap_mod_replace($ldap_connection, "cn=lastGID,${LDAP['base_dn']}", array( 'serialNumber' => $new_gid ));
|
||||
$update_gid = @ ldap_mod_replace($ldap_connection, "cn=lastGID,{$LDAP['base_dn']}", array( 'serialNumber' => $new_gid ));
|
||||
if ($update_gid) {
|
||||
error_log("$log_prefix Updated cn=lastGID with $new_gid",0);
|
||||
}
|
||||
@ -659,12 +660,12 @@ function ldap_update_group_attributes($ldap_connection,$group_name,$extra_attrib
|
||||
if (isset($group_name) and (count($extra_attributes) > 0)) {
|
||||
|
||||
$group_name = ldap_escape($group_name, "", LDAP_ESCAPE_FILTER);
|
||||
$group_dn = "${LDAP['group_attribute']}=$group_name,${LDAP['group_dn']}";
|
||||
$group_dn = "{$LDAP['group_attribute']}=$group_name,{$LDAP['group_dn']}";
|
||||
|
||||
$update_group = @ ldap_mod_replace($ldap_connection, $group_dn, $extra_attributes);
|
||||
|
||||
if (!$update_group ) {
|
||||
$this_error="$log_prefix LDAP: unable to update group attributes for group (${group_dn}): " . ldap_error($ldap_connection);
|
||||
$this_error="$log_prefix LDAP: unable to update group attributes for group ({$group_dn}): " . ldap_error($ldap_connection);
|
||||
if ($LDAP_DEBUG == TRUE) { error_log("$log_prefix DEBUG update group attributes array: ". print_r($extra_attributes,true),0); }
|
||||
error_log($this_error,0);
|
||||
return FALSE;
|
||||
@ -689,7 +690,7 @@ function ldap_delete_group($ldap_connection,$group_name) {
|
||||
|
||||
if (isset($group_name)) {
|
||||
|
||||
$delete_query = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
|
||||
$delete_query = "{$LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",{$LDAP['group_dn']}";
|
||||
$delete = @ ldap_delete($ldap_connection, $delete_query);
|
||||
|
||||
if ($delete) {
|
||||
@ -714,8 +715,8 @@ function ldap_get_gid_of_group($ldap_connection,$group_name) {
|
||||
|
||||
if (isset($group_name)) {
|
||||
|
||||
$ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("gidNumber"));
|
||||
$ldap_search_query = "({$LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['group_dn']}", $ldap_search_query , array("gidNumber"));
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
if (isset($result[0]['gidnumber'][0]) and is_numeric($result[0]['gidnumber'][0])) {
|
||||
@ -738,7 +739,7 @@ function ldap_get_group_name_from_gid($ldap_connection,$gid) {
|
||||
if (isset($gid)) {
|
||||
|
||||
$ldap_search_query = "(gidnumber=" . ldap_escape($gid, "", LDAP_ESCAPE_FILTER) . ")";
|
||||
$ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("cn"));
|
||||
$ldap_search = @ ldap_search($ldap_connection, "{$LDAP['group_dn']}", $ldap_search_query , array("cn"));
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
if (isset($result[0]['cn'][0])) {
|
||||
@ -823,7 +824,7 @@ function ldap_new_account($ldap_connection,$account_r) {
|
||||
|
||||
$account_identifier = $account_r[$LDAP['account_attribute']][0];
|
||||
$user_dn=$LDAP['user_dn'];
|
||||
$ldap_search_query = "(${LDAP['account_attribute']}=" . ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ",$user_dn)";
|
||||
$ldap_search_query = "({$LDAP['account_attribute']}=" . ldap_escape($account_identifier, "", LDAP_ESCAPE_FILTER) . ",$user_dn)";
|
||||
$ldap_search = @ ldap_search($ldap_connection, $user_dn, $ldap_search_query);
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
|
||||
@ -865,7 +866,7 @@ function ldap_new_account($ldap_connection,$account_r) {
|
||||
if (empty($account_attributes['homedirectory'])) { $account_attributes['homedirectory'] = "/home/" . $account_r['uid'][0]; }
|
||||
|
||||
$add_account = @ ldap_add($ldap_connection,
|
||||
"${LDAP['account_attribute']}=$account_identifier,${LDAP['user_dn']}",
|
||||
"{$LDAP['account_attribute']}=$account_identifier,{$LDAP['user_dn']}",
|
||||
$account_attributes
|
||||
);
|
||||
|
||||
@ -877,7 +878,7 @@ function ldap_new_account($ldap_connection,$account_r) {
|
||||
$new_uid = $account_attributes['uidnumber'][0];
|
||||
|
||||
if ($this_uid != FALSE) {
|
||||
$update_uid = @ ldap_mod_replace($ldap_connection, "cn=lastUID,${LDAP['base_dn']}", array( 'serialNumber' => $new_uid ));
|
||||
$update_uid = @ ldap_mod_replace($ldap_connection, "cn=lastUID,{$LDAP['base_dn']}", array( 'serialNumber' => $new_uid ));
|
||||
if ($update_uid) {
|
||||
error_log("$log_prefix Create account; Updated cn=lastUID with $new_uid",0);
|
||||
}
|
||||
@ -889,13 +890,13 @@ function ldap_new_account($ldap_connection,$account_r) {
|
||||
}
|
||||
else {
|
||||
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
|
||||
error_log("$log_prefix Create account; couldn't create the account for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
error_log("$log_prefix Create account; couldn't create the account for {$account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
else {
|
||||
error_log("$log_prefix Create account; Account for ${account_identifier} already exists",0);
|
||||
error_log("$log_prefix Create account; Account for {$account_identifier} already exists",0);
|
||||
}
|
||||
|
||||
}
|
||||
@ -916,7 +917,7 @@ function ldap_delete_account($ldap_connection,$username) {
|
||||
|
||||
if (isset($username)) {
|
||||
|
||||
$delete_query = "${LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER) . ",${LDAP['user_dn']}";
|
||||
$delete_query = "{$LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER) . ",{$LDAP['user_dn']}";
|
||||
$delete = @ ldap_delete($ldap_connection, $delete_query);
|
||||
|
||||
if ($delete) {
|
||||
@ -924,7 +925,7 @@ function ldap_delete_account($ldap_connection,$username) {
|
||||
return TRUE;
|
||||
}
|
||||
else {
|
||||
error_log("$log_prefix Couldn't delete account for ${username}: " . ldap_error($ldap_connection),0);
|
||||
error_log("$log_prefix Couldn't delete account for {$username}: " . ldap_error($ldap_connection),0);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@ -941,10 +942,10 @@ function ldap_add_member_to_group($ldap_connection,$group_name,$username) {
|
||||
|
||||
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
|
||||
|
||||
$group_dn = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
|
||||
$group_dn = "{$LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",{$LDAP['group_dn']}";
|
||||
|
||||
if ($LDAP['group_membership_uses_uid'] == FALSE) {
|
||||
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
|
||||
$username = "{$LDAP['account_attribute']}=$username,{$LDAP['user_dn']}";
|
||||
}
|
||||
|
||||
$group_update = array($LDAP['group_membership_attribute'] => $username);
|
||||
@ -956,7 +957,7 @@ function ldap_add_member_to_group($ldap_connection,$group_name,$username) {
|
||||
}
|
||||
else {
|
||||
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
|
||||
error_log("$log_prefix Couldn't add $username to group '${group_name}': " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
error_log("$log_prefix Couldn't add $username to group '{$group_name}': " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@ -970,16 +971,16 @@ function ldap_delete_member_from_group($ldap_connection,$group_name,$username) {
|
||||
global $log_prefix, $LDAP, $LDAP_DEBUG, $USER_ID;
|
||||
|
||||
if ($group_name == $LDAP['admins_group'] and $username == $USER_ID) {
|
||||
error_log("$log_prefix Won't remove ${username} from ${group_name} because you're logged in as ${username} and ${group_name} is the admin group.",0);
|
||||
error_log("$log_prefix Won't remove {$username} from {$group_name} because you're logged in as {$username} and {$group_name} is the admin group.",0);
|
||||
return FALSE;
|
||||
}
|
||||
else {
|
||||
$rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection);
|
||||
|
||||
$group_dn = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
|
||||
$group_dn = "{$LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",{$LDAP['group_dn']}";
|
||||
|
||||
if ($LDAP['group_membership_uses_uid'] == FALSE and $username != "") {
|
||||
$username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
|
||||
$username = "{$LDAP['account_attribute']}=$username,{$LDAP['user_dn']}";
|
||||
}
|
||||
|
||||
$group_update = array($LDAP['group_membership_attribute'] => $username);
|
||||
@ -990,7 +991,7 @@ function ldap_delete_member_from_group($ldap_connection,$group_name,$username) {
|
||||
return TRUE;
|
||||
}
|
||||
else {
|
||||
error_log("$log_prefix Couldn't remove '$username' from ${group_name}: " . ldap_error($ldap_connection),0);
|
||||
error_log("$log_prefix Couldn't remove '$username' from {$group_name}: " . ldap_error($ldap_connection),0);
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
@ -1005,7 +1006,7 @@ function ldap_change_password($ldap_connection,$username,$new_password) {
|
||||
|
||||
#Find DN of user
|
||||
|
||||
$ldap_search_query = "${LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER);
|
||||
$ldap_search_query = "{$LDAP['account_attribute']}=" . ldap_escape($username, "", LDAP_ESCAPE_FILTER);
|
||||
$ldap_search = @ ldap_search( $ldap_connection, $LDAP['user_dn'], $ldap_search_query);
|
||||
if ($ldap_search) {
|
||||
$result = @ ldap_get_entries($ldap_connection, $ldap_search);
|
||||
@ -1018,7 +1019,7 @@ function ldap_change_password($ldap_connection,$username,$new_password) {
|
||||
}
|
||||
}
|
||||
else {
|
||||
error_log("$log_prefix Couldn't perform an LDAP search for ${LDAP['account_attribute']}=${username}: " . ldap_error($ldap_connection),0);
|
||||
error_log("$log_prefix Couldn't perform an LDAP search for {$LDAP['account_attribute']}={$username}: " . ldap_error($ldap_connection),0);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@ -1030,7 +1031,7 @@ function ldap_change_password($ldap_connection,$username,$new_password) {
|
||||
return TRUE;
|
||||
}
|
||||
else {
|
||||
error_log("$log_prefix Couldn't update the password for ${username}: " . ldap_error($ldap_connection),0);
|
||||
error_log("$log_prefix Couldn't update the password for {$username}: " . ldap_error($ldap_connection),0);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@ -1059,7 +1060,7 @@ function ldap_detect_rfc2307bis($ldap_connection) {
|
||||
$schema_base_query = @ ldap_read($ldap_connection,"","subschemaSubentry=*",array('subschemaSubentry'));
|
||||
|
||||
if (!$schema_base_query) {
|
||||
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
|
||||
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under {$schema_base_dn}:" . ldap_error($ldap_connection),0);
|
||||
error_log("$log_prefix LDAP RFC2307BIS detection - we'll assume that the RFC2307BIS schema isn't available. Set FORCE_RFC2307BIS to TRUE if you DO use RFC2307BIS.",0);
|
||||
}
|
||||
else {
|
||||
@ -1072,7 +1073,7 @@ function ldap_detect_rfc2307bis($ldap_connection) {
|
||||
|
||||
$objclass_query = @ ldap_read($ldap_connection,$schema_base_dn,"(objectClasses=*)",array('objectClasses'));
|
||||
if (!$objclass_query) {
|
||||
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under ${schema_base_dn}:" . ldap_error($ldap_connection),0);
|
||||
error_log("$log_prefix LDAP RFC2307BIS detection - unable to query LDAP for objectClasses under {$schema_base_dn}:" . ldap_error($ldap_connection),0);
|
||||
}
|
||||
else {
|
||||
$objclass_results = @ ldap_get_entries($ldap_connection, $objclass_query);
|
||||
|
||||
@ -34,8 +34,8 @@ function parse_mail_text($template,$password,$login,$first_name,$last_name) {
|
||||
$template = str_replace("{last_name}", $last_name, $template);
|
||||
|
||||
$template = str_replace("{organisation}", $ORGANISATION_NAME, $template);
|
||||
$template = str_replace("{site_url}", "${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}", $template);
|
||||
$template = str_replace("{change_password_url}", "${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}change_password", $template);
|
||||
$template = str_replace("{site_url}", "{$SITE_PROTOCOL}{$SERVER_HOSTNAME}{$SERVER_PATH}", $template);
|
||||
$template = str_replace("{change_password_url}", "{$SITE_PROTOCOL}{$SERVER_HOSTNAME}{$SERVER_PATH}change_password", $template);
|
||||
|
||||
return $template;
|
||||
|
||||
@ -55,6 +55,10 @@ function send_email($recipient_email,$recipient_name,$subject,$body) {
|
||||
$mail->Host = $SMTP['host'];
|
||||
$mail->Port = $SMTP['port'];
|
||||
|
||||
if (isset($SMTP['helo'])) {
|
||||
$mail->Helo = $SMTP['helo'];
|
||||
}
|
||||
|
||||
if (isset($SMTP['user'])) {
|
||||
$mail->SMTPAuth = true;
|
||||
$mail->Username = $SMTP['user'];
|
||||
|
||||
@ -33,7 +33,7 @@ include ("config.inc.php"); # get local settings
|
||||
include ("modules.inc.php"); # module definitions
|
||||
|
||||
if (substr($SERVER_PATH, -1) != "/") { $SERVER_PATH .= "/"; }
|
||||
$THIS_MODULE_PATH="${SERVER_PATH}${THIS_MODULE}";
|
||||
$THIS_MODULE_PATH="{$SERVER_PATH}{$THIS_MODULE}";
|
||||
|
||||
$DEFAULT_COOKIE_OPTIONS = array( 'expires' => time()+(60 * $SESSION_TIMEOUT),
|
||||
'path' => $SERVER_PATH,
|
||||
@ -84,7 +84,7 @@ function set_passkey_cookie($user_id,$is_admin) {
|
||||
$sessto_cookie_opts = $DEFAULT_COOKIE_OPTIONS;
|
||||
$sessto_cookie_opts['expires'] = $this_time+7200;
|
||||
setcookie('sessto_cookie', $this_time+(60 * $SESSION_TIMEOUT), $sessto_cookie_opts);
|
||||
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: user $user_id validated (IS_ADMIN=${IS_ADMIN}), sent orf_cookie to the browser.",0); }
|
||||
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: user $user_id validated (IS_ADMIN={$IS_ADMIN}), sent orf_cookie to the browser.",0); }
|
||||
$VALIDATED = TRUE;
|
||||
|
||||
}
|
||||
@ -129,7 +129,7 @@ function validate_passkey_cookie() {
|
||||
if ($f_is_admin == 1) { $IS_ADMIN = TRUE; }
|
||||
$VALIDATED = TRUE;
|
||||
$USER_ID=$user_id;
|
||||
if ($SESSION_DEBUG == TRUE) { error_log("$log_prefix Setup session: Cookie and session file values match for user ${user_id} - VALIDATED (ADMIN = ${IS_ADMIN})",0); }
|
||||
if ($SESSION_DEBUG == TRUE) { error_log("$log_prefix Setup session: Cookie and session file values match for user {$user_id} - VALIDATED (ADMIN = {$IS_ADMIN})",0); }
|
||||
set_passkey_cookie($USER_ID,$IS_ADMIN);
|
||||
}
|
||||
else {
|
||||
@ -137,7 +137,7 @@ function validate_passkey_cookie() {
|
||||
$this_error="$log_prefix Session: orf_cookie was sent by the client and the session file was found at /tmp/$filename, but";
|
||||
if (empty($c_passkey)) { $this_error .= " the cookie passkey wasn't set;"; }
|
||||
if ($c_passkey != $f_passkey) { $this_error .= " the session file passkey didn't match the cookie passkey;"; }
|
||||
$this_error.=" Cookie: ${_COOKIE['orf_cookie']} - Session file contents: $session_file";
|
||||
$this_error.=" Cookie: {$_COOKIE['orf_cookie']} - Session file contents: $session_file";
|
||||
error_log($this_error,0);
|
||||
}
|
||||
}
|
||||
@ -205,7 +205,7 @@ function validate_setup_cookie() {
|
||||
$this_error="$log_prefix Setup session: setup_cookie was sent by the client and the session file was found at /tmp/ldap_setup, but";
|
||||
if (empty($c_passkey)) { $this_error .= " the cookie passkey wasn't set;"; }
|
||||
if ($c_passkey != $f_passkey) { $this_error .= " the session file passkey didn't match the cookie passkey;"; }
|
||||
$this_error += " Cookie: ${_COOKIE['setup_cookie']} - Session file contents: $session_file";
|
||||
$this_error += " Cookie: {$_COOKIE['setup_cookie']} - Session file contents: $session_file";
|
||||
error_log($this_error,0);
|
||||
}
|
||||
}
|
||||
@ -238,7 +238,7 @@ function log_out($method='normal') {
|
||||
@ unlink("/tmp/$filename");
|
||||
|
||||
if ($method == 'auto') { $options = "?logged_out"; } else { $options = ""; }
|
||||
header("Location: //${_SERVER["HTTP_HOST"]}${SERVER_PATH}index.php$options\n\n");
|
||||
header("Location: //{$_SERVER["HTTP_HOST"]}{$SERVER_PATH}index.php$options\n\n");
|
||||
|
||||
}
|
||||
|
||||
@ -247,7 +247,7 @@ function log_out($method='normal') {
|
||||
|
||||
function render_header($title="",$menu=TRUE) {
|
||||
|
||||
global $SITE_NAME, $IS_ADMIN, $SENT_HEADERS, $SERVER_PATH;
|
||||
global $SITE_NAME, $IS_ADMIN, $SENT_HEADERS, $SERVER_PATH, $CUSTOM_STYLES;
|
||||
|
||||
if (empty($title)) { $title = $SITE_NAME; }
|
||||
|
||||
@ -260,6 +260,7 @@ function render_header($title="",$menu=TRUE) {
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<link rel="stylesheet" href="<?php print $SERVER_PATH; ?>bootstrap/css/bootstrap.min.css">
|
||||
<?php if ($CUSTOM_STYLES) echo '<link rel="stylesheet" href="'.$CUSTOM_STYLES.'">' ?>
|
||||
<script src="<?php print $SERVER_PATH; ?>js/jquery-3.6.0.min.js"></script>
|
||||
<script src="<?php print $SERVER_PATH; ?>bootstrap/js/bootstrap.min.js"></script>
|
||||
</HEAD>
|
||||
@ -295,14 +296,15 @@ function render_menu() {
|
||||
#Render the navigation menu.
|
||||
#The menu is dynamically rendered the $MODULES hash
|
||||
|
||||
global $SITE_NAME, $MODULES, $THIS_MODULE, $VALIDATED, $IS_ADMIN, $USER_ID, $SERVER_PATH;
|
||||
global $SITE_NAME, $MODULES, $THIS_MODULE, $VALIDATED, $IS_ADMIN, $USER_ID, $SERVER_PATH, $CUSTOM_LOGO;
|
||||
|
||||
?>
|
||||
<nav class="navbar navbar-default">
|
||||
<div class="container-fluid">
|
||||
<div class="navbar-header">
|
||||
<a class="navbar-brand" href="#"><?php print $SITE_NAME ?></a>
|
||||
</div>
|
||||
<div class="navbar-header"><?php
|
||||
if ($CUSTOM_LOGO) echo '<span class="navbar-brand"><img src="'.$CUSTOM_LOGO.'" class="logo" alt="logo"></span>'
|
||||
?><a class="navbar-brand" href="./"><?php print $SITE_NAME ?></a>
|
||||
</div>
|
||||
<ul class="nav navbar-nav">
|
||||
<?php
|
||||
foreach ($MODULES as $module => $access) {
|
||||
@ -325,14 +327,14 @@ function render_menu() {
|
||||
else {
|
||||
print '<li>';
|
||||
}
|
||||
print "<a href='${SERVER_PATH}{$module}/'>$this_module_name</a></li>\n";
|
||||
print "<a href='{$SERVER_PATH}{$module}/'>$this_module_name</a></li>\n";
|
||||
}
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
<div style="text-align: right;">
|
||||
<?php if(isset($USER_ID)) { print $USER_ID; } ?>
|
||||
</div>
|
||||
<ul class="nav navbar-nav navbar-right">
|
||||
<li><a style="color:#333"><?php if(isset($USER_ID)) { print $USER_ID; } ?></a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</nav>
|
||||
<?php
|
||||
@ -369,7 +371,7 @@ function set_page_access($level) {
|
||||
return;
|
||||
}
|
||||
else {
|
||||
header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}setup/index.php?unauthorised\n\n");
|
||||
header("Location: //" . $_SERVER["HTTP_HOST"] . "{$SERVER_PATH}setup/index.php?unauthorised\n\n");
|
||||
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: UNAUTHORISED: page security level is 'setup' but IS_SETUP_ADMIN isn't TRUE",0); }
|
||||
exit(0);
|
||||
}
|
||||
@ -382,8 +384,8 @@ function set_page_access($level) {
|
||||
return;
|
||||
}
|
||||
else {
|
||||
header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
|
||||
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: no access to page ($reason): page security level is 'admin' but IS_ADMIN = '${IS_ADMIN}' and VALIDATED = '${VALIDATED}' (user) ",0); }
|
||||
header("Location: //" . $_SERVER["HTTP_HOST"] . "{$SERVER_PATH}log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
|
||||
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: no access to page ($reason): page security level is 'admin' but IS_ADMIN = '{$IS_ADMIN}' and VALIDATED = '{$VALIDATED}' (user) ",0); }
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
@ -393,8 +395,8 @@ function set_page_access($level) {
|
||||
return;
|
||||
}
|
||||
else {
|
||||
header("Location: //" . $_SERVER["HTTP_HOST"] . "${SERVER_PATH}log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
|
||||
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: no access to page ($reason): page security level is 'user' but VALIDATED = '${VALIDATED}'",0); }
|
||||
header("Location: //" . $_SERVER["HTTP_HOST"] . "{$SERVER_PATH}log_in/index.php?$reason&redirect_to=" . base64_encode($_SERVER['REQUEST_URI']) . "\n\n");
|
||||
if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: no access to page ($reason): page security level is 'user' but VALIDATED = '{$VALIDATED}'",0); }
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
@ -679,7 +681,7 @@ function render_attribute_fields($attribute,$label,$values_r,$resource_identifie
|
||||
$description="Download $mimetype file (" . human_readable_filesize(strlen($values_r[0])) . ")";
|
||||
$button_text="Replace file";
|
||||
if ($resource_identifier != "") {
|
||||
$this_url="//${_SERVER['HTTP_HOST']}${THIS_MODULE_PATH}/download.php?resource_identifier=${resource_identifier}&attribute=${attribute}";
|
||||
$this_url="//{$_SERVER['HTTP_HOST']}{$THIS_MODULE_PATH}/download.php?resource_identifier={$resource_identifier}&attribute={$attribute}";
|
||||
$file_button_action="onclick=\"window.open('$this_url','_blank');\"";
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,25 +22,24 @@ if (isset($_GET['logged_out'])) {
|
||||
if (isset($_POST["user_id"]) and isset($_POST["password"])) {
|
||||
|
||||
$ldap_connection = open_ldap_connection();
|
||||
$user_auth = ldap_auth_username($ldap_connection,$_POST["user_id"],$_POST["password"]);
|
||||
$is_admin = ldap_is_group_member($ldap_connection,$LDAP['admins_group'],$_POST["user_id"]);
|
||||
$account_id = ldap_auth_username($ldap_connection,$_POST["user_id"],$_POST["password"]);
|
||||
$is_admin = ldap_is_group_member($ldap_connection,$LDAP['admins_group'],$account_id);
|
||||
|
||||
ldap_close($ldap_connection);
|
||||
|
||||
if ($user_auth != FALSE) {
|
||||
if ($account_id != FALSE) {
|
||||
|
||||
set_passkey_cookie($user_auth,$is_admin);
|
||||
set_passkey_cookie($account_id,$is_admin);
|
||||
if (isset($_POST["redirect_to"])) {
|
||||
header("Location: //${_SERVER['HTTP_HOST']}" . base64_decode($_POST['redirect_to']) . "\n\n");
|
||||
header("Location: //{$_SERVER['HTTP_HOST']}" . base64_decode($_POST['redirect_to']) . "\n\n");
|
||||
}
|
||||
else {
|
||||
|
||||
if ($IS_ADMIN) { $default_module = "account_manager"; } else { $default_module = "change_password"; }
|
||||
header("Location: //${_SERVER['HTTP_HOST']}${SERVER_PATH}$default_module?logged_in\n\n");
|
||||
header("Location: //{$_SERVER['HTTP_HOST']}{$SERVER_PATH}$default_module?logged_in\n\n");
|
||||
}
|
||||
}
|
||||
else {
|
||||
header("Location: //${_SERVER['HTTP_HOST']}${THIS_MODULE_PATH}/index.php?invalid\n\n");
|
||||
header("Location: //{$_SERVER['HTTP_HOST']}{$THIS_MODULE_PATH}/index.php?invalid\n\n");
|
||||
}
|
||||
|
||||
}
|
||||
@ -78,7 +77,7 @@ else {
|
||||
<?php if (isset($redirect_to) and ($redirect_to != "")) { ?><input type="hidden" name="redirect_to" value="<?php print htmlspecialchars($redirect_to); ?>"><?php } ?>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="username" class="col-sm-4 control-label">Username</label>
|
||||
<label for="username" class="col-sm-4 control-label"><?php print $SITE_LOGIN_FIELD_LABEL; ?></label>
|
||||
<div class="col-sm-6">
|
||||
<input type="text" class="form-control" id="user_id" name="user_id">
|
||||
</div>
|
||||
|
||||
@ -65,7 +65,7 @@ if($_POST) {
|
||||
|
||||
$mail_subject = "$firstname $lastname has requested an account for $ORGANISATION_NAME.";
|
||||
|
||||
$link_url="${SITE_PROTOCOL}${SERVER_HOSTNAME}${SERVER_PATH}account_manager/new_user.php?account_request&first_name=$firstname&last_name=$lastname&email=$email";
|
||||
$link_url="{$SITE_PROTOCOL}{$SERVER_HOSTNAME}{$SERVER_PATH}account_manager/new_user.php?account_request&first_name=$firstname&last_name=$lastname&email=$email";
|
||||
|
||||
if (!isset($email)) { $email = "n/a"; }
|
||||
if (!isset($notes)) { $notes = "n/a"; }
|
||||
|
||||
@ -13,10 +13,10 @@ if (isset($_POST["admin_password"])) {
|
||||
|
||||
if ($user_auth != FALSE) {
|
||||
set_setup_cookie($user_auth);
|
||||
header("Location: //${_SERVER["HTTP_HOST"]}${THIS_MODULE_PATH}/run_checks.php\n\n");
|
||||
header("Location: //{$_SERVER["HTTP_HOST"]}{$THIS_MODULE_PATH}/run_checks.php\n\n");
|
||||
}
|
||||
else {
|
||||
header("Location: //${_SERVER["HTTP_HOST"]}${THIS_MODULE_PATH}/index.php?invalid\n\n");
|
||||
header("Location: //{$_SERVER["HTTP_HOST"]}{$THIS_MODULE_PATH}/index.php?invalid\n\n");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -35,14 +35,14 @@ $ldap_connection = open_ldap_connection();
|
||||
<?php
|
||||
|
||||
#Can we connect? The open_ldap_connection() function will call die() if we can't.
|
||||
print "$li_good Connected to ${LDAP['uri']}</li>\n";
|
||||
print "$li_good Connected to {$LDAP['uri']}</li>\n";
|
||||
|
||||
#TLS?
|
||||
if ($LDAP['connection_type'] != "plain") {
|
||||
print "$li_good Encrypted connection to ${LDAP['uri']} via ${LDAP['connection_type']}</li>\n";
|
||||
print "$li_good Encrypted connection to {$LDAP['uri']} via {$LDAP['connection_type']}</li>\n";
|
||||
}
|
||||
else {
|
||||
print "$li_warn Unable to connect to ${LDAP['uri']} via StartTLS. ";
|
||||
print "$li_warn Unable to connect to {$LDAP['uri']} via StartTLS. ";
|
||||
print "<a href='#' data-toggle='popover' title='StartTLS' data-content='";
|
||||
print "The connection to the LDAP server works, but encrypted communication can't be enabled.";
|
||||
print "'>What's this?</a></li>\n";
|
||||
@ -98,14 +98,14 @@ else {
|
||||
<ul class="list-group">
|
||||
<?php
|
||||
|
||||
$group_filter = "(&(objectclass=organizationalUnit)(ou=${LDAP['group_ou']}))";
|
||||
$ldap_group_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $group_filter);
|
||||
$group_filter = "(&(objectclass=organizationalUnit)(ou={$LDAP['group_ou']}))";
|
||||
$ldap_group_search = ldap_search($ldap_connection, "{$LDAP['base_dn']}", $group_filter);
|
||||
$group_result = ldap_get_entries($ldap_connection, $ldap_group_search);
|
||||
|
||||
if ($group_result['count'] != 1) {
|
||||
|
||||
print "$li_fail The group OU (<strong>${LDAP['group_dn']}</strong>) doesn't exist. ";
|
||||
print "<a href='#' data-toggle='popover' title='${LDAP['group_dn']}' data-content='";
|
||||
print "$li_fail The group OU (<strong>{$LDAP['group_dn']}</strong>) doesn't exist. ";
|
||||
print "<a href='#' data-toggle='popover' title='{$LDAP['group_dn']}' data-content='";
|
||||
print "This is the Organizational Unit (OU) that the groups are stored under.";
|
||||
print "'>What's this?</a>";
|
||||
print "<label class='pull-right'><input type='checkbox' name='setup_group_ou' class='pull-right' checked>Create? </label>";
|
||||
@ -114,17 +114,17 @@ if ($group_result['count'] != 1) {
|
||||
|
||||
}
|
||||
else {
|
||||
print "$li_good The group OU (<strong>${LDAP['group_dn']}</strong>) is present.</li>";
|
||||
print "$li_good The group OU (<strong>{$LDAP['group_dn']}</strong>) is present.</li>";
|
||||
}
|
||||
|
||||
$user_filter = "(&(objectclass=organizationalUnit)(ou=${LDAP['user_ou']}))";
|
||||
$ldap_user_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $user_filter);
|
||||
$user_filter = "(&(objectclass=organizationalUnit)(ou={$LDAP['user_ou']}))";
|
||||
$ldap_user_search = ldap_search($ldap_connection, "{$LDAP['base_dn']}", $user_filter);
|
||||
$user_result = ldap_get_entries($ldap_connection, $ldap_user_search);
|
||||
|
||||
if ($user_result['count'] != 1) {
|
||||
|
||||
print "$li_fail The user OU (<strong>${LDAP['user_dn']}</strong>) doesn't exist. ";
|
||||
print "<a href='#' data-toggle='popover' title='${LDAP['user_dn']}' data-content='";
|
||||
print "$li_fail The user OU (<strong>{$LDAP['user_dn']}</strong>) doesn't exist. ";
|
||||
print "<a href='#' data-toggle='popover' title='{$LDAP['user_dn']}' data-content='";
|
||||
print "This is the Organisational Unit (OU) that the user accounts are stored under.";
|
||||
print "'>What's this?</a>";
|
||||
print "<label class='pull-right'><input type='checkbox' name='setup_user_ou' class='pull-right' checked>Create? </label>";
|
||||
@ -133,7 +133,7 @@ if ($user_result['count'] != 1) {
|
||||
|
||||
}
|
||||
else {
|
||||
print "$li_good The user OU (<strong>${LDAP['user_dn']}</strong>) is present.</li>";
|
||||
print "$li_good The user OU (<strong>{$LDAP['user_dn']}</strong>) is present.</li>";
|
||||
}
|
||||
|
||||
?>
|
||||
@ -148,13 +148,13 @@ else {
|
||||
<?php
|
||||
|
||||
$gid_filter = "(&(objectclass=device)(cn=lastGID))";
|
||||
$ldap_gid_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $gid_filter);
|
||||
$ldap_gid_search = ldap_search($ldap_connection, "{$LDAP['base_dn']}", $gid_filter);
|
||||
$gid_result = ldap_get_entries($ldap_connection, $ldap_gid_search);
|
||||
|
||||
if ($gid_result['count'] != 1) {
|
||||
|
||||
print "$li_warn The <strong>lastGID</strong> entry doesn't exist. ";
|
||||
print "<a href='#' data-toggle='popover' title='cn=lastGID,${LDAP['base_dn']}' data-content='";
|
||||
print "<a href='#' data-toggle='popover' title='cn=lastGID,{$LDAP['base_dn']}' data-content='";
|
||||
print "This is used to store the last group ID used when creating a POSIX group. Without this the highest current group ID is found and incremented, but this might re-use the GID from a deleted group.";
|
||||
print "'>What's this?</a>";
|
||||
print "<label class='pull-right'><input type='checkbox' name='setup_last_gid' class='pull-right' checked>Create? </label>";
|
||||
@ -168,13 +168,13 @@ else {
|
||||
|
||||
|
||||
$uid_filter = "(&(objectclass=device)(cn=lastUID))";
|
||||
$ldap_uid_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $uid_filter);
|
||||
$ldap_uid_search = ldap_search($ldap_connection, "{$LDAP['base_dn']}", $uid_filter);
|
||||
$uid_result = ldap_get_entries($ldap_connection, $ldap_uid_search);
|
||||
|
||||
if ($uid_result['count'] != 1) {
|
||||
|
||||
print "$li_warn The <strong>lastUID</strong> entry doesn't exist. ";
|
||||
print "<a href='#' data-toggle='popover' title='cn=lastUID,${LDAP['base_dn']}' data-content='";
|
||||
print "<a href='#' data-toggle='popover' title='cn=lastUID,{$LDAP['base_dn']}' data-content='";
|
||||
print "This is used to store the last user ID used when creating a POSIX account. Without this the highest current user ID is found and incremented, but this might re-use the UID from a deleted account.";
|
||||
print "'>What's this?</a>";
|
||||
print "<label class='pull-right'><input type='checkbox' name='setup_last_uid' class='pull-right' checked>Create? </label>";
|
||||
@ -187,8 +187,8 @@ else {
|
||||
}
|
||||
|
||||
|
||||
$defgroup_filter = "(&(objectclass=posixGroup)(${LDAP['group_attribute']}=${DEFAULT_USER_GROUP}))";
|
||||
$ldap_defgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $defgroup_filter);
|
||||
$defgroup_filter = "(&(objectclass=posixGroup)({$LDAP['group_attribute']}={$DEFAULT_USER_GROUP}))";
|
||||
$ldap_defgroup_search = ldap_search($ldap_connection, "{$LDAP['base_dn']}", $defgroup_filter);
|
||||
$defgroup_result = ldap_get_entries($ldap_connection, $ldap_defgroup_search);
|
||||
|
||||
if ($defgroup_result['count'] != 1) {
|
||||
@ -207,15 +207,15 @@ else {
|
||||
}
|
||||
|
||||
|
||||
$adminsgroup_filter = "(&(objectclass=posixGroup)(${LDAP['group_attribute']}=${LDAP['admins_group']}))";
|
||||
$ldap_adminsgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $adminsgroup_filter);
|
||||
$adminsgroup_filter = "(&(objectclass=posixGroup)({$LDAP['group_attribute']}={$LDAP['admins_group']}))";
|
||||
$ldap_adminsgroup_search = ldap_search($ldap_connection, "{$LDAP['base_dn']}", $adminsgroup_filter);
|
||||
$adminsgroup_result = ldap_get_entries($ldap_connection, $ldap_adminsgroup_search);
|
||||
|
||||
if ($adminsgroup_result['count'] != 1) {
|
||||
|
||||
print "$li_fail The group defining LDAP account administrators (<strong>${LDAP['admins_group']}</strong>) doesn't exist. ";
|
||||
print "$li_fail The group defining LDAP account administrators (<strong>{$LDAP['admins_group']}</strong>) doesn't exist. ";
|
||||
print "<a href='#' data-toggle='popover' title='LDAP account administrators group' data-content='";
|
||||
print "Only members of this group (${LDAP['admins_group']}) will be able to access the account managment section, so it's definitely something you'll want to create.";
|
||||
print "Only members of this group ({$LDAP['admins_group']}) will be able to access the account managment section, so it's definitely something you'll want to create.";
|
||||
print "'>What's this?</a>";
|
||||
print "<label class='pull-right'><input type='checkbox' name='setup_admins_group' class='pull-right' checked>Create? </label>";
|
||||
print "</li>\n";
|
||||
@ -223,7 +223,7 @@ if ($adminsgroup_result['count'] != 1) {
|
||||
|
||||
}
|
||||
else {
|
||||
print "$li_good The LDAP account administrators group (<strong>${LDAP['admins_group']}</strong>) is present.</li>";
|
||||
print "$li_good The LDAP account administrators group (<strong>{$LDAP['admins_group']}</strong>) is present.</li>";
|
||||
|
||||
$admins = ldap_get_group_members($ldap_connection,$LDAP['admins_group']);
|
||||
|
||||
@ -249,7 +249,7 @@ if ($show_finish_button == TRUE) {
|
||||
?>
|
||||
</form>
|
||||
<div class='well'>
|
||||
<form action="<?php print "${SERVER_PATH}log_in"; ?>">
|
||||
<form action="<?php print "{$SERVER_PATH}log_in"; ?>">
|
||||
<input type='submit' class="btn btn-success center-block" value='Done'>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
@ -37,11 +37,11 @@ if (isset($_POST['fix_problems'])) {
|
||||
if (isset($_POST['setup_group_ou'])) {
|
||||
$ou_add = @ ldap_add($ldap_connection, $LDAP['group_dn'], array( 'objectClass' => 'organizationalUnit', 'ou' => $LDAP['group_ou'] ));
|
||||
if ($ou_add == TRUE) {
|
||||
print "$li_good Created OU <strong>${LDAP['group_dn']}</strong></li>\n";
|
||||
print "$li_good Created OU <strong>{$LDAP['group_dn']}</strong></li>\n";
|
||||
}
|
||||
else {
|
||||
$error = ldap_error($ldap_connection);
|
||||
print "$li_fail Couldn't create ${LDAP['group_dn']}: <pre>$error</pre></li>\n";
|
||||
print "$li_fail Couldn't create {$LDAP['group_dn']}: <pre>$error</pre></li>\n";
|
||||
$no_errors = FALSE;
|
||||
}
|
||||
}
|
||||
@ -50,11 +50,11 @@ if (isset($_POST['fix_problems'])) {
|
||||
if (isset($_POST['setup_user_ou'])) {
|
||||
$ou_add = @ ldap_add($ldap_connection, $LDAP['user_dn'], array( 'objectClass' => 'organizationalUnit', 'ou' => $LDAP['user_ou'] ));
|
||||
if ($ou_add == TRUE) {
|
||||
print "$li_good Created OU <strong>${LDAP['user_dn']}</strong></li>\n";
|
||||
print "$li_good Created OU <strong>{$LDAP['user_dn']}</strong></li>\n";
|
||||
}
|
||||
else {
|
||||
$error = ldap_error($ldap_connection);
|
||||
print "$li_fail Couldn't create ${LDAP['user_dn']}: <pre>$error</pre></li>\n";
|
||||
print "$li_fail Couldn't create {$LDAP['user_dn']}: <pre>$error</pre></li>\n";
|
||||
$no_errors = FALSE;
|
||||
}
|
||||
}
|
||||
@ -69,14 +69,14 @@ if (isset($_POST['fix_problems'])) {
|
||||
'serialnumber' => $highest_gid,
|
||||
'description' => $description );
|
||||
|
||||
$gid_add = @ ldap_add($ldap_connection, "cn=lastGID,${LDAP['base_dn']}", $add_lastgid_r);
|
||||
$gid_add = @ ldap_add($ldap_connection, "cn=lastGID,{$LDAP['base_dn']}", $add_lastgid_r);
|
||||
|
||||
if ($gid_add == TRUE) {
|
||||
print "$li_good Created <strong>cn=lastGID,${LDAP['base_dn']}</strong></li>\n";
|
||||
print "$li_good Created <strong>cn=lastGID,{$LDAP['base_dn']}</strong></li>\n";
|
||||
}
|
||||
else {
|
||||
$error = ldap_error($ldap_connection);
|
||||
print "$li_fail Couldn't create cn=lastGID,${LDAP['base_dn']}: <pre>$error</pre></li>\n";
|
||||
print "$li_fail Couldn't create cn=lastGID,{$LDAP['base_dn']}: <pre>$error</pre></li>\n";
|
||||
$no_errors = FALSE;
|
||||
}
|
||||
}
|
||||
@ -91,14 +91,14 @@ if (isset($_POST['fix_problems'])) {
|
||||
'serialnumber' => $highest_uid,
|
||||
'description' => $description );
|
||||
|
||||
$uid_add = @ ldap_add($ldap_connection, "cn=lastUID,${LDAP['base_dn']}", $add_lastuid_r);
|
||||
$uid_add = @ ldap_add($ldap_connection, "cn=lastUID,{$LDAP['base_dn']}", $add_lastuid_r);
|
||||
|
||||
if ($uid_add == TRUE) {
|
||||
print "$li_good Created <strong>cn=lastUID,${LDAP['base_dn']}</strong></li>\n";
|
||||
print "$li_good Created <strong>cn=lastUID,{$LDAP['base_dn']}</strong></li>\n";
|
||||
}
|
||||
else {
|
||||
$error = ldap_error($ldap_connection);
|
||||
print "$li_fail Couldn't create cn=lastUID,${LDAP['base_dn']}: <pre>$error</pre></li>\n";
|
||||
print "$li_fail Couldn't create cn=lastUID,{$LDAP['base_dn']}: <pre>$error</pre></li>\n";
|
||||
$no_errors = FALSE;
|
||||
}
|
||||
}
|
||||
@ -123,7 +123,7 @@ if (isset($_POST['fix_problems'])) {
|
||||
$group_add = ldap_new_group($ldap_connection,$LDAP['admins_group']);
|
||||
|
||||
if ($group_add == TRUE) {
|
||||
print "$li_good Created LDAP administrators group: <strong>${LDAP['admins_group']}</strong></li>\n";
|
||||
print "$li_good Created LDAP administrators group: <strong>{$LDAP['admins_group']}</strong></li>\n";
|
||||
}
|
||||
else {
|
||||
$error = ldap_error($ldap_connection);
|
||||
@ -138,19 +138,19 @@ if (isset($_POST['fix_problems'])) {
|
||||
|
||||
?>
|
||||
<div class="form-group">
|
||||
<form action="<?php print "${SERVER_PATH}account_manager/new_user.php"; ?>" method="post">
|
||||
<form action="<?php print "{$SERVER_PATH}account_manager/new_user.php"; ?>" method="post">
|
||||
<input type="hidden" name="setup_admin_account">
|
||||
<?php
|
||||
print "$li_fail The LDAP administration group is empty. ";
|
||||
print "<a href='#' data-toggle='popover' title='LDAP account administrators' data-content='";
|
||||
print "Only members of this group (${LDAP['admins_group']}) will be able to access the account managment section, so we need to add people to it.";
|
||||
print "Only members of this group ({$LDAP['admins_group']}) will be able to access the account managment section, so we need to add people to it.";
|
||||
print "'>What's this?</a>";
|
||||
print "<label class='pull-right'><input type='checkbox' name='setup_admin_account' class='pull-right' checked>Create a new account and add it to the admin group? </label>";
|
||||
print "</li>\n";
|
||||
$show_create_admin_button = TRUE;
|
||||
}
|
||||
else {
|
||||
print "$li_good The LDAP account administrators group (<strong>${LDAP['admins_group']}</strong>) isn't empty.</li>";
|
||||
print "$li_good The LDAP account administrators group (<strong>{$LDAP['admins_group']}</strong>) isn't empty.</li>";
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user