Rev 2459 | Rev 2461 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log
Rev | Author | Line No. | Line |
---|---|---|---|
318 | richard | 1 | <?php |
2449 | tom.houday | 2 | # $Id: ldap.php 2460 2017-12-13 17:53:06Z tom.houdayer $ |
3 | |||
2453 | tom.houday | 4 | /* written by steweb57, Rexy & Tom HOUDAYER */ |
318 | richard | 5 | /**************************************************************** |
2449 | tom.houday | 6 | * GLOBAL FILE PATHS * |
318 | richard | 7 | *****************************************************************/ |
2449 | tom.houday | 8 | define('CONF_FILE', '/usr/local/etc/alcasar.conf'); |
318 | richard | 9 | |
2449 | tom.houday | 10 | /**************************************************************** |
11 | * FILE reading test * |
||
12 | *****************************************************************/ |
||
13 | $conf_files = array(CONF_FILE); |
||
14 | foreach ($conf_files as $file) { |
||
15 | if (!file_exists($file)) { |
||
16 | exit("Fichier $file non présent"); |
||
17 | } |
||
18 | if (!is_readable($file)) { |
||
19 | exit("Vous n'avez pas les droits de lecture sur le fichier $file"); |
||
20 | } |
||
21 | } |
||
318 | richard | 22 | |
1160 | stephane | 23 | /**************************************************************** |
2449 | tom.houday | 24 | * Read CONF_FILE * |
25 | *****************************************************************/ |
||
26 | $file_conf = fopen(CONF_FILE, 'r'); |
||
27 | if (!$file_conf) { |
||
28 | exit('Error opening the file '.CONF_FILE); |
||
29 | } |
||
30 | while (!feof($file_conf)) { |
||
31 | $buffer = fgets($file_conf, 4096); |
||
32 | if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
||
33 | $tmp = explode('=', $buffer, 2); |
||
34 | $conf[trim($tmp[0])] = trim($tmp[1]); |
||
35 | } |
||
36 | } |
||
37 | fclose($file_conf); |
||
38 | |||
39 | /**************************************************************** |
||
1672 | richard | 40 | * Choice of language * |
1160 | stephane | 41 | *****************************************************************/ |
42 | $Language = 'en'; |
||
2449 | tom.houday | 43 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
44 | $Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); |
||
45 | $Language = strtolower(substr(chop($Langue[0]), 0, 2)); |
||
46 | } |
||
47 | if ($Language === 'fr') { // French |
||
2459 | richard | 48 | $l_ldap_update = "Mise à jour des paramètres LDAP effectuée"; |
1672 | richard | 49 | $l_ldap_title = "Authentification externe : LDAP"; |
50 | $l_ldap_legend = "Authentification LDAP"; |
||
2459 | richard | 51 | $l_ldap_auth_enable_label = "Éditer la configuration LDAP:"; |
1672 | richard | 52 | $l_ldap_YES = "OUI"; |
53 | $l_ldap_NO = "NON"; |
||
1677 | richard | 54 | $l_ldap_server_label = "Serveur LDAP:"; |
2459 | richard | 55 | $l_ldap_server_text = "Adresse IP du serveur"; |
56 | $l_ldap_base_dn_label = "DN de la base:"; |
||
57 | $l_ldap_base_dn_text = "Le DN (Distinguished Name) définit où se situent les informations des utilisateurs dans l'annuaire.<br> - Exemple LDAP: 'o=mycompany, c=FR'.<br> - Exemple AD 'cn=Users,dc=server_name,dc=localdomain'"; |
||
58 | $l_ldap_uid_label = "Identifiant d'utilisateur (UID):"; |
||
59 | $l_ldap_uid_text = "Clé utilisée pour rechercher un identifiant de connexion.<br> - Exemple LDAP: 'uid', 'sn', etc.<br> - Pour A.D. mettre 'sAMAccountName'."; |
||
60 | $l_ldap_base_filter_label = "Filtre de recherche des utilisateurs (optionnel):"; |
||
61 | $l_ldap_base_filter_text = "Vous pouvez limiter les objets recherchés avec des filtres additionnels.<br> Exemple 'objectClass=posixGroup' ajouterait le filtre '(&(uid=username)(objectClass=posixGroup))'"; |
||
62 | $l_ldap_user_label = "CN de l'utilisateur exploité par ALCASAR:"; |
||
63 | $l_ldap_user_text = "CN=Common Name. Laissez vide pour utiliser un accès invité (ou anonyme). Obligatoire sur un AD.<br> - Exemple LDAP : 'uid=username,ou=my_lan,o=mycompany,c=FR'.<br> - Exemple AD : 'username' ou 'cn=username,cn=Users,dc=server_name,dc=localdomain'"; |
||
64 | $l_ldap_password_label = "Mot de passe:"; |
||
1673 | richard | 65 | $l_ldap_password_text = "Laissez vide pour un accès invité (ou anonyme). Obligatoire sur un AD."; |
2459 | richard | 66 | $l_ldap_submit = "Enregistrer et vérifier"; |
67 | $l_ldap_test_service_failed = "Service LDAP injoignable sur ce serveur (vérifiez l'@IP)."; |
||
68 | $l_ldap_test_service_ok = "Un port 389 est actif sur ce serveur"; |
||
69 | $l_ldap_test_connection_failed = "Connexion LDAP impossible (vérifiez le service LDAP sur ce serveur)"; |
||
70 | $l_ldap_test_connection_ok = "Une connexion LDAP a été établie"; |
||
71 | $l_ldap_test_bind_failed = "Echec d'authentification (vérifiez l'utilisateur et le mot de passe)"; |
||
72 | $l_ldap_test_bind_ok = "L'authentification a réussie"; |
||
73 | $l_ldap_test_dn_failed = "Le DN de la base semble incorrect (vérifiez le)"; |
||
74 | $l_ldap_test_dn_ok = "Le DN de la base semble correct"; |
||
2449 | tom.houday | 75 | $l_ldap_error = "erreur LDAP"; |
2459 | richard | 76 | $l_ldap_entries = "entrées dans la base"; |
77 | $l_ldap_push_config = "Activer cette configuration"; |
||
2449 | tom.houday | 78 | } else { // English |
2459 | richard | 79 | $l_ldap_update = "LDAP settings updated"; |
1672 | richard | 80 | $l_ldap_title = "External authentication : LDAP"; |
81 | $l_ldap_legend = "LDAP authentication"; |
||
2459 | richard | 82 | $l_ldap_auth_enable_label = "Edit the LDAP configuration :"; |
1672 | richard | 83 | $l_ldap_YES = "YES"; |
84 | $l_ldap_NO = "NO"; |
||
1677 | richard | 85 | $l_ldap_server_label = "LDAP server :"; |
2459 | richard | 86 | $l_ldap_server_text = "IP address of the LDAP server."; |
87 | $l_ldap_base_dn_label = "DN of the base:"; |
||
88 | $l_ldap_base_dn_text = "The DN (Distinguished Name) is used to locate the users information in the directory.<br> e.g. LDAP : 'o=MyCompany,c=US'.<br> e.g. AD : 'cn=Users,dc=server_name,dc=localdomain'"; |
||
89 | $l_ldap_uid_label = "User IDentifier (UID):"; |
||
90 | $l_ldap_uid_text = "Key used to search for a given login identity.<br>e.g. 'uid', 'sn', etc.. For AD use 'sAMAccountName'."; |
||
91 | $l_ldap_base_filter_label = "User search filter (optional):"; |
||
92 | $l_ldap_base_filter_text = "You can further limit the searched objects with additional filters.<br> For example 'objectClass=posixGroup' would result in the use of '(&(uid=username)(objectClass=posixGroup))'"; |
||
93 | $l_ldap_user_label = "CN of the user operated by ALCASAR:"; |
||
94 | $l_ldap_user_text = "CN=Common Name. Leave blank to use anonymous binding. Mandatory for AD.<br> e.g. LDAP :'uid=Username,ou=my_lan,o=mycompany,c=US'.<br> e.g. AD : 'username' or 'cn=username,cn=Users,dc=server_name,dc=localdomain'"; |
||
95 | $l_ldap_password_label = "Password:"; |
||
96 | $l_ldap_password_text = "Leave blank to use anonymous binding. Mandatory for AD."; |
||
97 | $l_ldap_submit = "Save & Check"; |
||
98 | $l_ldap_test_service_failed = "LDAP service is not reachable on that server (check IP)"; |
||
99 | $l_ldap_test_service_ok = "A port 389 is open on this server"; |
||
100 | $l_ldap_test_connection_failed = "LDAP connexion failed (check the LDAP service on this server)"; |
||
101 | $l_ldap_test_connection_ok = "A LDAP connexion is established"; |
||
102 | $l_ldap_test_bind_failed = "LDAP authentication failed (check the LDAP user and password)"; |
||
103 | $l_ldap_test_bind_ok = "Successful authentication"; |
||
104 | $l_ldap_test_dn_failed = "DN of the base seems to be wrong (check it)"; |
||
105 | $l_ldap_test_dn_ok = "DN of the base seems to be ok"; |
||
2449 | tom.houday | 106 | $l_ldap_error = "LDAP error"; |
2459 | richard | 107 | $l_ldap_entries = "entries in the base"; |
108 | $l_ldap_push_config = "Activate this configuration"; |
||
1160 | stephane | 109 | } |
318 | richard | 110 | |
111 | |||
2459 | richard | 112 | function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_uid, $f_ldap_port = 389) { |
113 | // Socket to the LDAP port of the server |
||
620 | stephane | 114 | if (!$sock = @fsockopen($f_ldap_server, $f_ldap_port, $num, $error, 2)) { |
658 | stephane | 115 | // no network connection |
2459 | richard | 116 | return -2; |
2449 | tom.houday | 117 | } |
118 | fclose($sock); |
||
1395 | richard | 119 | |
2459 | richard | 120 | // if ok, Test LDAP connection |
2449 | tom.houday | 121 | $ldapconn = ldap_connect($f_ldap_server, $f_ldap_port); |
122 | ldap_set_option($ldapconn, LDAP_OPT_TIMELIMIT, 2); |
||
123 | if (!$ldapconn) { |
||
124 | // LDAP connection failed |
||
2459 | richard | 125 | return -1; |
620 | stephane | 126 | } |
127 | |||
2459 | richard | 128 | // if ok, test a ldap-bind with the user used by ALCASAR |
2449 | tom.houday | 129 | $ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password); |
130 | if (!$ldapbind) { |
||
131 | // Test LDAP Version 3 |
||
132 | ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); |
||
133 | $ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password); |
||
134 | if (!$ldapbind) { |
||
135 | // LDAP Bind failed |
||
136 | return 0; |
||
318 | richard | 137 | } |
2449 | tom.houday | 138 | } |
139 | |||
2459 | richard | 140 | // if ok, try to query the directory of users |
141 | $query = $f_ldap_uid."=*"; |
||
142 | $ldap_result = ldap_search($ldapconn, $f_ldap_basedn, $query); |
||
2449 | tom.houday | 143 | if (ldap_search($ldapconn, $f_ldap_basedn, $query)) { |
2460 | tom.houday | 144 | $ldap_users_count = ldap_count_entries($ldapconn, $ldap_result); |
145 | return ($ldap_users_count + 2); |
||
318 | richard | 146 | } else { |
2449 | tom.houday | 147 | return 1; |
318 | richard | 148 | } |
2459 | richard | 149 | ldap_unbind($ldapconn); |
318 | richard | 150 | } |
2449 | tom.houday | 151 | |
2451 | tom.houday | 152 | $messages = ''; |
153 | |||
154 | if (isset($_POST['auth_enable'])) { |
||
155 | if ($_POST['auth_enable'] === '1') { |
||
156 | $varErrors = []; |
||
157 | if (isset($_POST['ldap_server'])) $ldap_server = $_POST['ldap_server']; else array_push($varErrors, 'Variable error "ldap_server"'); |
||
158 | if (isset($_POST['ldap_base_dn'])) $ldap_base_dn = $_POST['ldap_base_dn']; else array_push($varErrors, 'Variable error "ldap_base_dn"'); |
||
2460 | tom.houday | 159 | if (isset($_POST['ldap_uid'])) $ldap_uid = $_POST['ldap_uid']; else array_push($varErrors, 'Variable error "ldap_uid"'); |
2451 | tom.houday | 160 | if (isset($_POST['ldap_base_filter'])) $ldap_base_filter = $_POST['ldap_base_filter']; else array_push($varErrors, 'Variable error "ldap_base_filter"'); |
161 | if (isset($_POST['ldap_user'])) $ldap_user = $_POST['ldap_user']; else array_push($varErrors, 'Variable error "ldap_user"'); |
||
162 | if (isset($_POST['ldap_password'])) $ldap_password = $_POST['ldap_password']; else array_push($varErrors, 'Variable error "ldap_password"'); |
||
163 | |||
164 | // Validation |
||
165 | if (isset($ldap_server)) { |
||
166 | if ((!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) && (preg_match('/^[a-zA-Z0-9-_.]+$/', $ldap_server))) { |
||
167 | $ldap_server = gethostbyname($ldap_server); |
||
168 | } |
||
169 | if (!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) { |
||
170 | array_push($varErrors, 'Invalid LDAP server IP'); |
||
171 | } |
||
172 | } |
||
173 | |||
174 | if (!empty($varErrors)) { |
||
175 | foreach ($varErrors as $error) { |
||
176 | $messages .= '<span style="font-weight: bold; color: red;">'.$error.'</span><br>'; |
||
177 | } |
||
178 | } else { |
||
179 | exec('sed -i \'s/^LDAP=.*/LDAP=on/g\' '.CONF_FILE); |
||
180 | exec('sed -i '.escapeshellarg("s/^LDAP_SERVER=.*/LDAP_SERVER=$ldap_server/g").' '.CONF_FILE); |
||
181 | exec('sed -i '.escapeshellarg("s/^LDAP_BASE=.*/LDAP_BASE=$ldap_base_dn/g").' '.CONF_FILE); |
||
2459 | richard | 182 | exec('sed -i '.escapeshellarg("s/^LDAP_UID=.*/LDAP_UID=$ldap_uid/g").' '.CONF_FILE); |
2452 | tom.houday | 183 | exec('sed -i '.escapeshellarg("s/^LDAP_FILTER=.*/LDAP_FILTER=$ldap_base_filter/g").' '.CONF_FILE); |
2451 | tom.houday | 184 | exec('sed -i '.escapeshellarg("s/^LDAP_USER=.*/LDAP_USER=$ldap_user/g").' '.CONF_FILE); |
185 | exec('sed -i '.escapeshellarg("s/^LDAP_PASSWORD=.*/LDAP_PASSWORD=$ldap_password/g").' '.CONF_FILE); |
||
186 | exec('sudo /usr/local/bin/alcasar-ldap.sh --on'); |
||
187 | |||
2459 | richard | 188 | $messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>'; |
2451 | tom.houday | 189 | } |
190 | } else { |
||
191 | exec('sed -i "s/^LDAP=.*/LDAP=off/g" '.CONF_FILE); |
||
192 | exec('sudo /usr/local/bin/alcasar-ldap.sh --off'); |
||
193 | |||
2459 | richard | 194 | $messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>'; |
2451 | tom.houday | 195 | } |
196 | |||
197 | // Reload configuration |
||
198 | $file_conf = fopen(CONF_FILE, 'r'); |
||
199 | if (!$file_conf) { |
||
200 | exit('Error opening the file '.CONF_FILE); |
||
201 | } |
||
202 | while (!feof($file_conf)) { |
||
203 | $buffer = fgets($file_conf, 4096); |
||
204 | if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
||
205 | $tmp = explode('=', $buffer, 2); |
||
206 | $conf[trim($tmp[0])] = trim($tmp[1]); |
||
207 | } |
||
208 | } |
||
209 | fclose($file_conf); |
||
210 | } |
||
211 | |||
212 | // LDAP configuration params |
||
213 | $ldap_status = ($conf['LDAP'] === 'on'); |
||
214 | $ldap_server = $conf['LDAP_SERVER']; |
||
2453 | tom.houday | 215 | $ldap_user = $conf['LDAP_USER']; |
2451 | tom.houday | 216 | $ldap_password = $conf['LDAP_PASSWORD']; |
2452 | tom.houday | 217 | $ldap_base_dn = $conf['LDAP_BASE']; |
2459 | richard | 218 | $ldap_uid = $conf['LDAP_UID']; |
2451 | tom.houday | 219 | $ldap_base_filter = $conf['LDAP_FILTER']; |
220 | |||
2449 | tom.houday | 221 | // TODO : check LDAP PHP extension loaded? |
222 | // if (!extension_loaded('ldap')) { |
||
223 | // exit(); |
||
224 | // } |
||
225 | |||
226 | $pos = strpos($ldap_server, '//'); |
||
227 | if ($pos !== false) { |
||
228 | // TODO : useless? |
||
229 | $new_ldap_server = explode('//', $ldap_server); // pour discriminer le host et le protocole dans la notation "ldap://192.168.182.10" ou "ldaps://monldap.monentreperise.com" |
||
658 | stephane | 230 | } else { |
659 | richard | 231 | $new_ldap_server = $ldap_server; |
658 | stephane | 232 | } |
1395 | richard | 233 | |
2453 | tom.houday | 234 | // AJAX LDAP configuration checker |
235 | if (isset($_GET['conf_check'])) { |
||
236 | $response = [ |
||
237 | 'enable' => $ldap_status |
||
238 | ]; |
||
239 | if ($ldap_status || ($_SERVER['REQUEST_METHOD'] === 'POST')) { |
||
240 | $varErrors = []; |
||
241 | if ($_SERVER['REQUEST_METHOD'] === 'POST') { |
||
2460 | tom.houday | 242 | if (isset($_POST['ldap_server'])) $ldap_server = $_POST['ldap_server']; else array_push($varErrors, 'Variable error "ldap_server"'); // TODO: need to translate |
243 | if (isset($_POST['ldap_base_dn'])) $ldap_base_dn = $_POST['ldap_base_dn']; else array_push($varErrors, 'Variable error "ldap_base_dn"'); // TODO: need to translate |
||
244 | if (isset($_POST['ldap_uid'])) $ldap_uid = $_POST['ldap_uid']; else array_push($varErrors, 'Variable error "ldap_uid"'); // TODO: need to translate |
||
245 | if (isset($_POST['ldap_base_filter'])) $ldap_base_filter = $_POST['ldap_base_filter']; else array_push($varErrors, 'Variable error "ldap_base_filter"'); // TODO: need to translate |
||
246 | if (isset($_POST['ldap_user'])) $ldap_user = $_POST['ldap_user']; else array_push($varErrors, 'Variable error "ldap_user"'); // TODO: need to translate |
||
247 | if (isset($_POST['ldap_password'])) $ldap_password = $_POST['ldap_password']; else array_push($varErrors, 'Variable error "ldap_password"'); // TODO: need to translate |
||
2453 | tom.houday | 248 | } |
249 | |||
250 | // Validation |
||
251 | if (isset($ldap_server)) { |
||
252 | if ((!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) && (preg_match('/^[a-zA-Z0-9-_.]+$/', $ldap_server))) { |
||
253 | $ldap_server = gethostbyname($ldap_server); |
||
254 | } |
||
255 | if (!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) { |
||
2460 | tom.houday | 256 | array_push($varErrors, 'Invalid LDAP server IP'); // TODO: need to translate |
2453 | tom.houday | 257 | } |
258 | } |
||
259 | |||
260 | if (!empty($varErrors)) { |
||
261 | $response['errors'] = $varErrors; |
||
2460 | tom.houday | 262 | } else { |
263 | $response['result'] = ldap_checkServerConfig($ldap_server, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_uid); |
||
2453 | tom.houday | 264 | } |
265 | } |
||
266 | |||
267 | header('Content-Type: application/json'); |
||
268 | echo json_encode($response); |
||
269 | exit(); |
||
270 | } |
||
271 | |||
620 | stephane | 272 | ?> |
2449 | tom.houday | 273 | <!DOCTYPE html> |
274 | <html> |
||
275 | <head> |
||
276 | <meta charset="UTF-8"> |
||
277 | <title><?= $l_ldap_title ?></title> |
||
278 | <link type="text/css" href="/css/style.css" rel="stylesheet"> |
||
279 | <link type="text/css" href="/css/acc.css" rel="stylesheet"> |
||
280 | <link type="text/css" href="/css/ldap.css" rel="stylesheet"> |
||
281 | <script> |
||
2460 | tom.houday | 282 | function onPageLoad() { |
283 | onLdapStatusChange(); |
||
284 | if (document.getElementById('auth_enable').value === '1') { |
||
285 | checkConfig(); |
||
286 | } |
||
287 | } |
||
288 | |||
2449 | tom.houday | 289 | function onLdapStatusChange() { |
2459 | richard | 290 | var listToDisables = ['ldap_server', 'ldap_dn', 'ldap_uid', 'ldap_base_filter', 'ldap_user', 'ldap_password']; |
2460 | tom.houday | 291 | var formSubmit = document.querySelector('form input[type="submit"]'); |
292 | var btn_checkConf = document.getElementById('btn-checkconf'); |
||
293 | var isChecked = false; |
||
318 | richard | 294 | |
2453 | tom.houday | 295 | if (document.getElementById('auth_enable').value === '1') { |
2449 | tom.houday | 296 | for (var i=0; i<listToDisables.length; i++) { |
297 | document.getElementById(listToDisables[i]).style.backgroundColor = '#ffffff'; |
||
298 | document.getElementById(listToDisables[i]).disabled = false; |
||
299 | } |
||
2460 | tom.houday | 300 | formSubmit.style.display = 'none'; |
301 | btn_checkConf.style.display = null; |
||
2449 | tom.houday | 302 | } else { |
303 | for (var i=0; i<listToDisables.length; i++) { |
||
304 | document.getElementById(listToDisables[i]).style.backgroundColor = '#c0c0c0'; |
||
305 | document.getElementById(listToDisables[i]).disabled = true; |
||
306 | } |
||
2460 | tom.houday | 307 | formSubmit.style.display = null; |
308 | btn_checkConf.style.display = 'none'; |
||
2449 | tom.houday | 309 | } |
310 | } |
||
2453 | tom.houday | 311 | |
312 | function checkConfig() { |
||
2460 | tom.houday | 313 | var messagesElem = document.querySelector('fieldset > legend > div:last-child'); |
314 | var formSubmit = document.querySelector('form input[type="submit"]'); |
||
315 | var btn_checkConf = document.getElementById('btn-checkconf'); |
||
316 | |||
2453 | tom.houday | 317 | var ldap_config = { |
318 | ldap_status: (document.getElementById('auth_enable').value === '1'), |
||
319 | ldap_server: document.getElementById('ldap_server').value, |
||
320 | ldap_user: document.getElementById('ldap_user').value, |
||
321 | ldap_password: document.getElementById('ldap_password').value, |
||
322 | ldap_base_dn: document.getElementById('ldap_dn').value, |
||
2460 | tom.houday | 323 | ldap_uid: document.getElementById('ldap_uid').value, |
2453 | tom.houday | 324 | ldap_base_filter: document.getElementById('ldap_base_filter').value |
325 | }; |
||
326 | |||
327 | var params = Object.keys(ldap_config).map( function (k) { return encodeURIComponent(k) + '=' + encodeURIComponent(ldap_config[k]) } ).join('&'); |
||
328 | |||
2460 | tom.houday | 329 | messagesElem.innerHTML = '<?= 'Checking configuration...' /* TODO: need to translate */ ?>'; |
330 | |||
2453 | tom.houday | 331 | var xhr = new XMLHttpRequest(); |
332 | xhr.onreadystatechange = function() { |
||
333 | if (this.readyState == 4) { |
||
334 | if (this.status == 200) { |
||
335 | var data = JSON.parse(this.responseText); |
||
336 | |||
2460 | tom.houday | 337 | var messages = ''; |
338 | |||
339 | if (typeof data.result !== 'undefined') { |
||
340 | if (data.result === -2) { |
||
341 | messages += "<span style=\"color: red\"><?= $l_ldap_test_service_failed ?></span>"; |
||
342 | } else { |
||
343 | messages += "<span style=\"color: green\"><?= $l_ldap_test_service_ok ?></span>"; |
||
344 | if (data.result === -1) { |
||
345 | messages += "<br><span style=\"color: red\"><?= $l_ldap_test_connection_failed ?></span>"; |
||
346 | } else { |
||
347 | messages += "<br><span style=\"color: green\"><?= $l_ldap_test_connection_ok ?></span>"; |
||
348 | if (data.result === 0) { |
||
349 | messages += "<br><span style=\"color: red\"><?= $l_ldap_test_bind_failed ?></span>"; |
||
350 | } else { |
||
351 | messages += "<br><span style=\"color: green\"><?= $l_ldap_test_bind_ok ?></span>"; |
||
352 | if (data.result === 1) { |
||
353 | messages += "<br><span style=\"color: red\"><?= $l_ldap_test_dn_failed ?></span>"; |
||
354 | } else { |
||
355 | messages += "<br><span style=\"color: green\"><?= $l_ldap_test_dn_ok ?> (" + (data.result - 2) + " <?= $l_ldap_entries?>)</span>"; |
||
356 | } |
||
357 | } |
||
358 | } |
||
359 | } |
||
360 | } |
||
361 | |||
362 | if (data.result > 1) { |
||
363 | formSubmit.style.display = null; |
||
364 | btn_checkConf.style.display = 'none'; |
||
2453 | tom.houday | 365 | } else { |
2460 | tom.houday | 366 | formSubmit.style.display = 'none'; |
367 | btn_checkConf.style.display = null; |
||
2453 | tom.houday | 368 | } |
369 | |||
370 | if (typeof data.errors !== 'undefined') { |
||
2460 | tom.houday | 371 | messages = '<span style=\"color: red\">' + data.errors.join('</span><br><span style=\"color: red\">') + '</span><br>'; |
2453 | tom.houday | 372 | } |
373 | |||
2460 | tom.houday | 374 | messagesElem.innerHTML = messages; |
2453 | tom.houday | 375 | } else { |
2460 | tom.houday | 376 | messagesElem.innerHTML = 'server error'; |
2453 | tom.houday | 377 | } |
378 | } |
||
379 | }; |
||
380 | xhr.open('POST', 'ldap.php?conf_check', true); |
||
381 | xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); |
||
382 | xhr.send(params); |
||
383 | } |
||
2449 | tom.houday | 384 | </script> |
385 | </head> |
||
2460 | tom.houday | 386 | <body onLoad="onPageLoad();"> |
2449 | tom.houday | 387 | <div class="panel"> |
388 | <div class="panel-header"><?= $l_ldap_legend ?></div> |
||
389 | <div class="panel-body"> |
||
2451 | tom.houday | 390 | <form name="config_ldap" method="POST" action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>"> |
2449 | tom.houday | 391 | <fieldset> |
392 | <legend> |
||
2460 | tom.houday | 393 | <br> |
394 | <div style="text-align: center"> |
||
395 | <?php if ($messages): ?> |
||
396 | <?= $messages ?> |
||
397 | <?php endif; ?> |
||
398 | </div> |
||
399 | <div style="text-align: center"></div> |
||
2449 | tom.houday | 400 | </legend> |
401 | <dl> |
||
402 | <dt> |
||
403 | <label for="auth_enable"><?= $l_ldap_auth_enable_label ?></label> |
||
404 | </dt> |
||
405 | <dd> |
||
406 | <select id="auth_enable" name="auth_enable" onchange="onLdapStatusChange();"> |
||
407 | <option value="1"<?= ($ldap_status) ? ' selected="selected"' : '' ?>><?= $l_ldap_YES ?></option> |
||
408 | <option value="0"<?= (!$ldap_status) ? ' selected="selected"' : '' ?>><?= $l_ldap_NO ?></option> |
||
409 | </select> |
||
410 | </dd> |
||
411 | </dl> |
||
412 | <dl> |
||
413 | <dt> |
||
414 | <label for="ldap_server"><?= $l_ldap_server_label ?></label><br> |
||
415 | <?= $l_ldap_server_text ?> |
||
416 | </dt> |
||
417 | <dd> |
||
2460 | tom.houday | 418 | <input id="ldap_server" size="40" name="ldap_server" value="<?= htmlspecialchars($ldap_server) ?>" oninput="onLdapStatusChange();"> |
2449 | tom.houday | 419 | </dd> |
420 | </dl> |
||
421 | <dl> |
||
422 | <dt> |
||
423 | <label for="ldap_dn"><?= $l_ldap_base_dn_label ?></label><br> |
||
424 | <?= $l_ldap_base_dn_text ?> |
||
425 | </dt> |
||
426 | <dd> |
||
2460 | tom.houday | 427 | <input id="ldap_dn" size="40" name="ldap_base_dn" value="<?= htmlspecialchars($ldap_base_dn) ?>" oninput="onLdapStatusChange();"> |
2449 | tom.houday | 428 | </dd> |
429 | </dl> |
||
430 | <dl> |
||
431 | <dt> |
||
2459 | richard | 432 | <label for="ldap_uid"><?= $l_ldap_uid_label ?></label><br> |
433 | <?= $l_ldap_uid_text ?> |
||
2449 | tom.houday | 434 | </dt> |
435 | <dd> |
||
2460 | tom.houday | 436 | <input id="ldap_uid" size="40" name="ldap_uid" value="<?= htmlspecialchars($ldap_uid) ?>" oninput="onLdapStatusChange();"> |
2449 | tom.houday | 437 | </dd> |
438 | </dl> |
||
439 | <dl> |
||
440 | <dt> |
||
441 | <label for="ldap_base_filter"><?= $l_ldap_base_filter_label ?></label><br> |
||
442 | <?= $l_ldap_base_filter_text ?> |
||
443 | </dt> |
||
444 | <dd> |
||
2460 | tom.houday | 445 | <input id="ldap_base_filter" size="40" name="ldap_base_filter" value="<?= htmlspecialchars($ldap_base_filter) ?>" oninput="onLdapStatusChange();"> |
2449 | tom.houday | 446 | </dd> |
447 | </dl> |
||
448 | <dl> |
||
449 | <dt> |
||
450 | <label for="ldap_user"><?= $l_ldap_user_label ?></label><br> |
||
451 | <?= $l_ldap_user_text ?> |
||
452 | </dt> |
||
453 | <dd> |
||
2460 | tom.houday | 454 | <input id="ldap_user" size="40" name="ldap_user" value="<?= htmlspecialchars($ldap_user) ?>" oninput="onLdapStatusChange();"> |
2449 | tom.houday | 455 | </dd> |
456 | </dl> |
||
457 | <dl> |
||
458 | <dt> |
||
459 | <label for="ldap_password"><?= $l_ldap_password_label ?></label><br> |
||
460 | <?= $l_ldap_password_text ?> |
||
461 | </dt> |
||
462 | <dd> |
||
2460 | tom.houday | 463 | <input id="ldap_password" type="password" size="40" name="ldap_password" value="<?= htmlspecialchars($ldap_password) ?>" oninput="onLdapStatusChange();"> |
2449 | tom.houday | 464 | </dd> |
465 | </dl> |
||
466 | <p> |
||
2460 | tom.houday | 467 | <button id="btn-checkconf" onclick="checkConfig(); return false;"><?= 'Check' /* TODO: need to translate */ ?></button> |
468 | <input id="submit" type="submit" value="<?= $l_ldap_submit ?>" name="submit" title="<?= 'You need to check before submit' /* TODO: need to translate */ ?>"> |
||
2449 | tom.houday | 469 | </p> |
470 | </fieldset> |
||
471 | </form> |
||
472 | </div> |
||
473 | </div> |
||
318 | richard | 474 | </body> |
475 | </html> |