Rev 2459 | Rev 2461 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 318 | richard | 1 | <?php |
| 2449 | tom.houday | 2 | # $Id: ldap.php 2460 2017-12-13 17:53:06Z tom.houdayer $ |
| 3 | |||
| 2453 | tom.houday | 4 | /* written by steweb57, Rexy & Tom HOUDAYER */ |
| 318 | richard | 5 | /**************************************************************** |
| 2449 | tom.houday | 6 | * GLOBAL FILE PATHS * |
| 318 | richard | 7 | *****************************************************************/ |
| 2449 | tom.houday | 8 | define('CONF_FILE', '/usr/local/etc/alcasar.conf'); |
| 318 | richard | 9 | |
| 2449 | tom.houday | 10 | /**************************************************************** |
| 11 | * FILE reading test * |
||
| 12 | *****************************************************************/ |
||
| 13 | $conf_files = array(CONF_FILE); |
||
| 14 | foreach ($conf_files as $file) { |
||
| 15 | if (!file_exists($file)) { |
||
| 16 | exit("Fichier $file non présent"); |
||
| 17 | } |
||
| 18 | if (!is_readable($file)) { |
||
| 19 | exit("Vous n'avez pas les droits de lecture sur le fichier $file"); |
||
| 20 | } |
||
| 21 | } |
||
| 318 | richard | 22 | |
| 1160 | stephane | 23 | /**************************************************************** |
| 2449 | tom.houday | 24 | * Read CONF_FILE * |
| 25 | *****************************************************************/ |
||
| 26 | $file_conf = fopen(CONF_FILE, 'r'); |
||
| 27 | if (!$file_conf) { |
||
| 28 | exit('Error opening the file '.CONF_FILE); |
||
| 29 | } |
||
| 30 | while (!feof($file_conf)) { |
||
| 31 | $buffer = fgets($file_conf, 4096); |
||
| 32 | if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
||
| 33 | $tmp = explode('=', $buffer, 2); |
||
| 34 | $conf[trim($tmp[0])] = trim($tmp[1]); |
||
| 35 | } |
||
| 36 | } |
||
| 37 | fclose($file_conf); |
||
| 38 | |||
| 39 | /**************************************************************** |
||
| 1672 | richard | 40 | * Choice of language * |
| 1160 | stephane | 41 | *****************************************************************/ |
| 42 | $Language = 'en'; |
||
| 2449 | tom.houday | 43 | if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { |
| 44 | $Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); |
||
| 45 | $Language = strtolower(substr(chop($Langue[0]), 0, 2)); |
||
| 46 | } |
||
| 47 | if ($Language === 'fr') { // French |
||
| 2459 | richard | 48 | $l_ldap_update = "Mise à jour des paramètres LDAP effectuée"; |
| 1672 | richard | 49 | $l_ldap_title = "Authentification externe : LDAP"; |
| 50 | $l_ldap_legend = "Authentification LDAP"; |
||
| 2459 | richard | 51 | $l_ldap_auth_enable_label = "Éditer la configuration LDAP:"; |
| 1672 | richard | 52 | $l_ldap_YES = "OUI"; |
| 53 | $l_ldap_NO = "NON"; |
||
| 1677 | richard | 54 | $l_ldap_server_label = "Serveur LDAP:"; |
| 2459 | richard | 55 | $l_ldap_server_text = "Adresse IP du serveur"; |
| 56 | $l_ldap_base_dn_label = "DN de la base:"; |
||
| 57 | $l_ldap_base_dn_text = "Le DN (Distinguished Name) définit où se situent les informations des utilisateurs dans l'annuaire.<br> - Exemple LDAP: 'o=mycompany, c=FR'.<br> - Exemple AD 'cn=Users,dc=server_name,dc=localdomain'"; |
||
| 58 | $l_ldap_uid_label = "Identifiant d'utilisateur (UID):"; |
||
| 59 | $l_ldap_uid_text = "Clé utilisée pour rechercher un identifiant de connexion.<br> - Exemple LDAP: 'uid', 'sn', etc.<br> - Pour A.D. mettre 'sAMAccountName'."; |
||
| 60 | $l_ldap_base_filter_label = "Filtre de recherche des utilisateurs (optionnel):"; |
||
| 61 | $l_ldap_base_filter_text = "Vous pouvez limiter les objets recherchés avec des filtres additionnels.<br> Exemple 'objectClass=posixGroup' ajouterait le filtre '(&(uid=username)(objectClass=posixGroup))'"; |
||
| 62 | $l_ldap_user_label = "CN de l'utilisateur exploité par ALCASAR:"; |
||
| 63 | $l_ldap_user_text = "CN=Common Name. Laissez vide pour utiliser un accès invité (ou anonyme). Obligatoire sur un AD.<br> - Exemple LDAP : 'uid=username,ou=my_lan,o=mycompany,c=FR'.<br> - Exemple AD : 'username' ou 'cn=username,cn=Users,dc=server_name,dc=localdomain'"; |
||
| 64 | $l_ldap_password_label = "Mot de passe:"; |
||
| 1673 | richard | 65 | $l_ldap_password_text = "Laissez vide pour un accès invité (ou anonyme). Obligatoire sur un AD."; |
| 2459 | richard | 66 | $l_ldap_submit = "Enregistrer et vérifier"; |
| 67 | $l_ldap_test_service_failed = "Service LDAP injoignable sur ce serveur (vérifiez l'@IP)."; |
||
| 68 | $l_ldap_test_service_ok = "Un port 389 est actif sur ce serveur"; |
||
| 69 | $l_ldap_test_connection_failed = "Connexion LDAP impossible (vérifiez le service LDAP sur ce serveur)"; |
||
| 70 | $l_ldap_test_connection_ok = "Une connexion LDAP a été établie"; |
||
| 71 | $l_ldap_test_bind_failed = "Echec d'authentification (vérifiez l'utilisateur et le mot de passe)"; |
||
| 72 | $l_ldap_test_bind_ok = "L'authentification a réussie"; |
||
| 73 | $l_ldap_test_dn_failed = "Le DN de la base semble incorrect (vérifiez le)"; |
||
| 74 | $l_ldap_test_dn_ok = "Le DN de la base semble correct"; |
||
| 2449 | tom.houday | 75 | $l_ldap_error = "erreur LDAP"; |
| 2459 | richard | 76 | $l_ldap_entries = "entrées dans la base"; |
| 77 | $l_ldap_push_config = "Activer cette configuration"; |
||
| 2449 | tom.houday | 78 | } else { // English |
| 2459 | richard | 79 | $l_ldap_update = "LDAP settings updated"; |
| 1672 | richard | 80 | $l_ldap_title = "External authentication : LDAP"; |
| 81 | $l_ldap_legend = "LDAP authentication"; |
||
| 2459 | richard | 82 | $l_ldap_auth_enable_label = "Edit the LDAP configuration :"; |
| 1672 | richard | 83 | $l_ldap_YES = "YES"; |
| 84 | $l_ldap_NO = "NO"; |
||
| 1677 | richard | 85 | $l_ldap_server_label = "LDAP server :"; |
| 2459 | richard | 86 | $l_ldap_server_text = "IP address of the LDAP server."; |
| 87 | $l_ldap_base_dn_label = "DN of the base:"; |
||
| 88 | $l_ldap_base_dn_text = "The DN (Distinguished Name) is used to locate the users information in the directory.<br> e.g. LDAP : 'o=MyCompany,c=US'.<br> e.g. AD : 'cn=Users,dc=server_name,dc=localdomain'"; |
||
| 89 | $l_ldap_uid_label = "User IDentifier (UID):"; |
||
| 90 | $l_ldap_uid_text = "Key used to search for a given login identity.<br>e.g. 'uid', 'sn', etc.. For AD use 'sAMAccountName'."; |
||
| 91 | $l_ldap_base_filter_label = "User search filter (optional):"; |
||
| 92 | $l_ldap_base_filter_text = "You can further limit the searched objects with additional filters.<br> For example 'objectClass=posixGroup' would result in the use of '(&(uid=username)(objectClass=posixGroup))'"; |
||
| 93 | $l_ldap_user_label = "CN of the user operated by ALCASAR:"; |
||
| 94 | $l_ldap_user_text = "CN=Common Name. Leave blank to use anonymous binding. Mandatory for AD.<br> e.g. LDAP :'uid=Username,ou=my_lan,o=mycompany,c=US'.<br> e.g. AD : 'username' or 'cn=username,cn=Users,dc=server_name,dc=localdomain'"; |
||
| 95 | $l_ldap_password_label = "Password:"; |
||
| 96 | $l_ldap_password_text = "Leave blank to use anonymous binding. Mandatory for AD."; |
||
| 97 | $l_ldap_submit = "Save & Check"; |
||
| 98 | $l_ldap_test_service_failed = "LDAP service is not reachable on that server (check IP)"; |
||
| 99 | $l_ldap_test_service_ok = "A port 389 is open on this server"; |
||
| 100 | $l_ldap_test_connection_failed = "LDAP connexion failed (check the LDAP service on this server)"; |
||
| 101 | $l_ldap_test_connection_ok = "A LDAP connexion is established"; |
||
| 102 | $l_ldap_test_bind_failed = "LDAP authentication failed (check the LDAP user and password)"; |
||
| 103 | $l_ldap_test_bind_ok = "Successful authentication"; |
||
| 104 | $l_ldap_test_dn_failed = "DN of the base seems to be wrong (check it)"; |
||
| 105 | $l_ldap_test_dn_ok = "DN of the base seems to be ok"; |
||
| 2449 | tom.houday | 106 | $l_ldap_error = "LDAP error"; |
| 2459 | richard | 107 | $l_ldap_entries = "entries in the base"; |
| 108 | $l_ldap_push_config = "Activate this configuration"; |
||
| 1160 | stephane | 109 | } |
| 318 | richard | 110 | |
| 111 | |||
| 2459 | richard | 112 | function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_uid, $f_ldap_port = 389) { |
| 113 | // Socket to the LDAP port of the server |
||
| 620 | stephane | 114 | if (!$sock = @fsockopen($f_ldap_server, $f_ldap_port, $num, $error, 2)) { |
| 658 | stephane | 115 | // no network connection |
| 2459 | richard | 116 | return -2; |
| 2449 | tom.houday | 117 | } |
| 118 | fclose($sock); |
||
| 1395 | richard | 119 | |
| 2459 | richard | 120 | // if ok, Test LDAP connection |
| 2449 | tom.houday | 121 | $ldapconn = ldap_connect($f_ldap_server, $f_ldap_port); |
| 122 | ldap_set_option($ldapconn, LDAP_OPT_TIMELIMIT, 2); |
||
| 123 | if (!$ldapconn) { |
||
| 124 | // LDAP connection failed |
||
| 2459 | richard | 125 | return -1; |
| 620 | stephane | 126 | } |
| 127 | |||
| 2459 | richard | 128 | // if ok, test a ldap-bind with the user used by ALCASAR |
| 2449 | tom.houday | 129 | $ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password); |
| 130 | if (!$ldapbind) { |
||
| 131 | // Test LDAP Version 3 |
||
| 132 | ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); |
||
| 133 | $ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password); |
||
| 134 | if (!$ldapbind) { |
||
| 135 | // LDAP Bind failed |
||
| 136 | return 0; |
||
| 318 | richard | 137 | } |
| 2449 | tom.houday | 138 | } |
| 139 | |||
| 2459 | richard | 140 | // if ok, try to query the directory of users |
| 141 | $query = $f_ldap_uid."=*"; |
||
| 142 | $ldap_result = ldap_search($ldapconn, $f_ldap_basedn, $query); |
||
| 2449 | tom.houday | 143 | if (ldap_search($ldapconn, $f_ldap_basedn, $query)) { |
| 2460 | tom.houday | 144 | $ldap_users_count = ldap_count_entries($ldapconn, $ldap_result); |
| 145 | return ($ldap_users_count + 2); |
||
| 318 | richard | 146 | } else { |
| 2449 | tom.houday | 147 | return 1; |
| 318 | richard | 148 | } |
| 2459 | richard | 149 | ldap_unbind($ldapconn); |
| 318 | richard | 150 | } |
| 2449 | tom.houday | 151 | |
| 2451 | tom.houday | 152 | $messages = ''; |
| 153 | |||
| 154 | if (isset($_POST['auth_enable'])) { |
||
| 155 | if ($_POST['auth_enable'] === '1') { |
||
| 156 | $varErrors = []; |
||
| 157 | if (isset($_POST['ldap_server'])) $ldap_server = $_POST['ldap_server']; else array_push($varErrors, 'Variable error "ldap_server"'); |
||
| 158 | if (isset($_POST['ldap_base_dn'])) $ldap_base_dn = $_POST['ldap_base_dn']; else array_push($varErrors, 'Variable error "ldap_base_dn"'); |
||
| 2460 | tom.houday | 159 | if (isset($_POST['ldap_uid'])) $ldap_uid = $_POST['ldap_uid']; else array_push($varErrors, 'Variable error "ldap_uid"'); |
| 2451 | tom.houday | 160 | if (isset($_POST['ldap_base_filter'])) $ldap_base_filter = $_POST['ldap_base_filter']; else array_push($varErrors, 'Variable error "ldap_base_filter"'); |
| 161 | if (isset($_POST['ldap_user'])) $ldap_user = $_POST['ldap_user']; else array_push($varErrors, 'Variable error "ldap_user"'); |
||
| 162 | if (isset($_POST['ldap_password'])) $ldap_password = $_POST['ldap_password']; else array_push($varErrors, 'Variable error "ldap_password"'); |
||
| 163 | |||
| 164 | // Validation |
||
| 165 | if (isset($ldap_server)) { |
||
| 166 | if ((!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) && (preg_match('/^[a-zA-Z0-9-_.]+$/', $ldap_server))) { |
||
| 167 | $ldap_server = gethostbyname($ldap_server); |
||
| 168 | } |
||
| 169 | if (!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) { |
||
| 170 | array_push($varErrors, 'Invalid LDAP server IP'); |
||
| 171 | } |
||
| 172 | } |
||
| 173 | |||
| 174 | if (!empty($varErrors)) { |
||
| 175 | foreach ($varErrors as $error) { |
||
| 176 | $messages .= '<span style="font-weight: bold; color: red;">'.$error.'</span><br>'; |
||
| 177 | } |
||
| 178 | } else { |
||
| 179 | exec('sed -i \'s/^LDAP=.*/LDAP=on/g\' '.CONF_FILE); |
||
| 180 | exec('sed -i '.escapeshellarg("s/^LDAP_SERVER=.*/LDAP_SERVER=$ldap_server/g").' '.CONF_FILE); |
||
| 181 | exec('sed -i '.escapeshellarg("s/^LDAP_BASE=.*/LDAP_BASE=$ldap_base_dn/g").' '.CONF_FILE); |
||
| 2459 | richard | 182 | exec('sed -i '.escapeshellarg("s/^LDAP_UID=.*/LDAP_UID=$ldap_uid/g").' '.CONF_FILE); |
| 2452 | tom.houday | 183 | exec('sed -i '.escapeshellarg("s/^LDAP_FILTER=.*/LDAP_FILTER=$ldap_base_filter/g").' '.CONF_FILE); |
| 2451 | tom.houday | 184 | exec('sed -i '.escapeshellarg("s/^LDAP_USER=.*/LDAP_USER=$ldap_user/g").' '.CONF_FILE); |
| 185 | exec('sed -i '.escapeshellarg("s/^LDAP_PASSWORD=.*/LDAP_PASSWORD=$ldap_password/g").' '.CONF_FILE); |
||
| 186 | exec('sudo /usr/local/bin/alcasar-ldap.sh --on'); |
||
| 187 | |||
| 2459 | richard | 188 | $messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>'; |
| 2451 | tom.houday | 189 | } |
| 190 | } else { |
||
| 191 | exec('sed -i "s/^LDAP=.*/LDAP=off/g" '.CONF_FILE); |
||
| 192 | exec('sudo /usr/local/bin/alcasar-ldap.sh --off'); |
||
| 193 | |||
| 2459 | richard | 194 | $messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>'; |
| 2451 | tom.houday | 195 | } |
| 196 | |||
| 197 | // Reload configuration |
||
| 198 | $file_conf = fopen(CONF_FILE, 'r'); |
||
| 199 | if (!$file_conf) { |
||
| 200 | exit('Error opening the file '.CONF_FILE); |
||
| 201 | } |
||
| 202 | while (!feof($file_conf)) { |
||
| 203 | $buffer = fgets($file_conf, 4096); |
||
| 204 | if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
||
| 205 | $tmp = explode('=', $buffer, 2); |
||
| 206 | $conf[trim($tmp[0])] = trim($tmp[1]); |
||
| 207 | } |
||
| 208 | } |
||
| 209 | fclose($file_conf); |
||
| 210 | } |
||
| 211 | |||
| 212 | // LDAP configuration params |
||
| 213 | $ldap_status = ($conf['LDAP'] === 'on'); |
||
| 214 | $ldap_server = $conf['LDAP_SERVER']; |
||
| 2453 | tom.houday | 215 | $ldap_user = $conf['LDAP_USER']; |
| 2451 | tom.houday | 216 | $ldap_password = $conf['LDAP_PASSWORD']; |
| 2452 | tom.houday | 217 | $ldap_base_dn = $conf['LDAP_BASE']; |
| 2459 | richard | 218 | $ldap_uid = $conf['LDAP_UID']; |
| 2451 | tom.houday | 219 | $ldap_base_filter = $conf['LDAP_FILTER']; |
| 220 | |||
| 2449 | tom.houday | 221 | // TODO : check LDAP PHP extension loaded? |
| 222 | // if (!extension_loaded('ldap')) { |
||
| 223 | // exit(); |
||
| 224 | // } |
||
| 225 | |||
| 226 | $pos = strpos($ldap_server, '//'); |
||
| 227 | if ($pos !== false) { |
||
| 228 | // TODO : useless? |
||
| 229 | $new_ldap_server = explode('//', $ldap_server); // pour discriminer le host et le protocole dans la notation "ldap://192.168.182.10" ou "ldaps://monldap.monentreperise.com" |
||
| 658 | stephane | 230 | } else { |
| 659 | richard | 231 | $new_ldap_server = $ldap_server; |
| 658 | stephane | 232 | } |
| 1395 | richard | 233 | |
| 2453 | tom.houday | 234 | // AJAX LDAP configuration checker |
| 235 | if (isset($_GET['conf_check'])) { |
||
| 236 | $response = [ |
||
| 237 | 'enable' => $ldap_status |
||
| 238 | ]; |
||
| 239 | if ($ldap_status || ($_SERVER['REQUEST_METHOD'] === 'POST')) { |
||
| 240 | $varErrors = []; |
||
| 241 | if ($_SERVER['REQUEST_METHOD'] === 'POST') { |
||
| 2460 | tom.houday | 242 | if (isset($_POST['ldap_server'])) $ldap_server = $_POST['ldap_server']; else array_push($varErrors, 'Variable error "ldap_server"'); // TODO: need to translate |
| 243 | if (isset($_POST['ldap_base_dn'])) $ldap_base_dn = $_POST['ldap_base_dn']; else array_push($varErrors, 'Variable error "ldap_base_dn"'); // TODO: need to translate |
||
| 244 | if (isset($_POST['ldap_uid'])) $ldap_uid = $_POST['ldap_uid']; else array_push($varErrors, 'Variable error "ldap_uid"'); // TODO: need to translate |
||
| 245 | if (isset($_POST['ldap_base_filter'])) $ldap_base_filter = $_POST['ldap_base_filter']; else array_push($varErrors, 'Variable error "ldap_base_filter"'); // TODO: need to translate |
||
| 246 | if (isset($_POST['ldap_user'])) $ldap_user = $_POST['ldap_user']; else array_push($varErrors, 'Variable error "ldap_user"'); // TODO: need to translate |
||
| 247 | if (isset($_POST['ldap_password'])) $ldap_password = $_POST['ldap_password']; else array_push($varErrors, 'Variable error "ldap_password"'); // TODO: need to translate |
||
| 2453 | tom.houday | 248 | } |
| 249 | |||
| 250 | // Validation |
||
| 251 | if (isset($ldap_server)) { |
||
| 252 | if ((!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) && (preg_match('/^[a-zA-Z0-9-_.]+$/', $ldap_server))) { |
||
| 253 | $ldap_server = gethostbyname($ldap_server); |
||
| 254 | } |
||
| 255 | if (!preg_match('/^([0-9]{1,3}\.){3}([0-9]{1,3})$/', $ldap_server)) { |
||
| 2460 | tom.houday | 256 | array_push($varErrors, 'Invalid LDAP server IP'); // TODO: need to translate |
| 2453 | tom.houday | 257 | } |
| 258 | } |
||
| 259 | |||
| 260 | if (!empty($varErrors)) { |
||
| 261 | $response['errors'] = $varErrors; |
||
| 2460 | tom.houday | 262 | } else { |
| 263 | $response['result'] = ldap_checkServerConfig($ldap_server, $ldap_user, $ldap_password, $ldap_base_dn, $ldap_uid); |
||
| 2453 | tom.houday | 264 | } |
| 265 | } |
||
| 266 | |||
| 267 | header('Content-Type: application/json'); |
||
| 268 | echo json_encode($response); |
||
| 269 | exit(); |
||
| 270 | } |
||
| 271 | |||
| 620 | stephane | 272 | ?> |
| 2449 | tom.houday | 273 | <!DOCTYPE html> |
| 274 | <html> |
||
| 275 | <head> |
||
| 276 | <meta charset="UTF-8"> |
||
| 277 | <title><?= $l_ldap_title ?></title> |
||
| 278 | <link type="text/css" href="/css/style.css" rel="stylesheet"> |
||
| 279 | <link type="text/css" href="/css/acc.css" rel="stylesheet"> |
||
| 280 | <link type="text/css" href="/css/ldap.css" rel="stylesheet"> |
||
| 281 | <script> |
||
| 2460 | tom.houday | 282 | function onPageLoad() { |
| 283 | onLdapStatusChange(); |
||
| 284 | if (document.getElementById('auth_enable').value === '1') { |
||
| 285 | checkConfig(); |
||
| 286 | } |
||
| 287 | } |
||
| 288 | |||
| 2449 | tom.houday | 289 | function onLdapStatusChange() { |
| 2459 | richard | 290 | var listToDisables = ['ldap_server', 'ldap_dn', 'ldap_uid', 'ldap_base_filter', 'ldap_user', 'ldap_password']; |
| 2460 | tom.houday | 291 | var formSubmit = document.querySelector('form input[type="submit"]'); |
| 292 | var btn_checkConf = document.getElementById('btn-checkconf'); |
||
| 293 | var isChecked = false; |
||
| 318 | richard | 294 | |
| 2453 | tom.houday | 295 | if (document.getElementById('auth_enable').value === '1') { |
| 2449 | tom.houday | 296 | for (var i=0; i<listToDisables.length; i++) { |
| 297 | document.getElementById(listToDisables[i]).style.backgroundColor = '#ffffff'; |
||
| 298 | document.getElementById(listToDisables[i]).disabled = false; |
||
| 299 | } |
||
| 2460 | tom.houday | 300 | formSubmit.style.display = 'none'; |
| 301 | btn_checkConf.style.display = null; |
||
| 2449 | tom.houday | 302 | } else { |
| 303 | for (var i=0; i<listToDisables.length; i++) { |
||
| 304 | document.getElementById(listToDisables[i]).style.backgroundColor = '#c0c0c0'; |
||
| 305 | document.getElementById(listToDisables[i]).disabled = true; |
||
| 306 | } |
||
| 2460 | tom.houday | 307 | formSubmit.style.display = null; |
| 308 | btn_checkConf.style.display = 'none'; |
||
| 2449 | tom.houday | 309 | } |
| 310 | } |
||
| 2453 | tom.houday | 311 | |
| 312 | function checkConfig() { |
||
| 2460 | tom.houday | 313 | var messagesElem = document.querySelector('fieldset > legend > div:last-child'); |
| 314 | var formSubmit = document.querySelector('form input[type="submit"]'); |
||
| 315 | var btn_checkConf = document.getElementById('btn-checkconf'); |
||
| 316 | |||
| 2453 | tom.houday | 317 | var ldap_config = { |
| 318 | ldap_status: (document.getElementById('auth_enable').value === '1'), |
||
| 319 | ldap_server: document.getElementById('ldap_server').value, |
||
| 320 | ldap_user: document.getElementById('ldap_user').value, |
||
| 321 | ldap_password: document.getElementById('ldap_password').value, |
||
| 322 | ldap_base_dn: document.getElementById('ldap_dn').value, |
||
| 2460 | tom.houday | 323 | ldap_uid: document.getElementById('ldap_uid').value, |
| 2453 | tom.houday | 324 | ldap_base_filter: document.getElementById('ldap_base_filter').value |
| 325 | }; |
||
| 326 | |||
| 327 | var params = Object.keys(ldap_config).map( function (k) { return encodeURIComponent(k) + '=' + encodeURIComponent(ldap_config[k]) } ).join('&'); |
||
| 328 | |||
| 2460 | tom.houday | 329 | messagesElem.innerHTML = '<?= 'Checking configuration...' /* TODO: need to translate */ ?>'; |
| 330 | |||
| 2453 | tom.houday | 331 | var xhr = new XMLHttpRequest(); |
| 332 | xhr.onreadystatechange = function() { |
||
| 333 | if (this.readyState == 4) { |
||
| 334 | if (this.status == 200) { |
||
| 335 | var data = JSON.parse(this.responseText); |
||
| 336 | |||
| 2460 | tom.houday | 337 | var messages = ''; |
| 338 | |||
| 339 | if (typeof data.result !== 'undefined') { |
||
| 340 | if (data.result === -2) { |
||
| 341 | messages += "<span style=\"color: red\"><?= $l_ldap_test_service_failed ?></span>"; |
||
| 342 | } else { |
||
| 343 | messages += "<span style=\"color: green\"><?= $l_ldap_test_service_ok ?></span>"; |
||
| 344 | if (data.result === -1) { |
||
| 345 | messages += "<br><span style=\"color: red\"><?= $l_ldap_test_connection_failed ?></span>"; |
||
| 346 | } else { |
||
| 347 | messages += "<br><span style=\"color: green\"><?= $l_ldap_test_connection_ok ?></span>"; |
||
| 348 | if (data.result === 0) { |
||
| 349 | messages += "<br><span style=\"color: red\"><?= $l_ldap_test_bind_failed ?></span>"; |
||
| 350 | } else { |
||
| 351 | messages += "<br><span style=\"color: green\"><?= $l_ldap_test_bind_ok ?></span>"; |
||
| 352 | if (data.result === 1) { |
||
| 353 | messages += "<br><span style=\"color: red\"><?= $l_ldap_test_dn_failed ?></span>"; |
||
| 354 | } else { |
||
| 355 | messages += "<br><span style=\"color: green\"><?= $l_ldap_test_dn_ok ?> (" + (data.result - 2) + " <?= $l_ldap_entries?>)</span>"; |
||
| 356 | } |
||
| 357 | } |
||
| 358 | } |
||
| 359 | } |
||
| 360 | } |
||
| 361 | |||
| 362 | if (data.result > 1) { |
||
| 363 | formSubmit.style.display = null; |
||
| 364 | btn_checkConf.style.display = 'none'; |
||
| 2453 | tom.houday | 365 | } else { |
| 2460 | tom.houday | 366 | formSubmit.style.display = 'none'; |
| 367 | btn_checkConf.style.display = null; |
||
| 2453 | tom.houday | 368 | } |
| 369 | |||
| 370 | if (typeof data.errors !== 'undefined') { |
||
| 2460 | tom.houday | 371 | messages = '<span style=\"color: red\">' + data.errors.join('</span><br><span style=\"color: red\">') + '</span><br>'; |
| 2453 | tom.houday | 372 | } |
| 373 | |||
| 2460 | tom.houday | 374 | messagesElem.innerHTML = messages; |
| 2453 | tom.houday | 375 | } else { |
| 2460 | tom.houday | 376 | messagesElem.innerHTML = 'server error'; |
| 2453 | tom.houday | 377 | } |
| 378 | } |
||
| 379 | }; |
||
| 380 | xhr.open('POST', 'ldap.php?conf_check', true); |
||
| 381 | xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); |
||
| 382 | xhr.send(params); |
||
| 383 | } |
||
| 2449 | tom.houday | 384 | </script> |
| 385 | </head> |
||
| 2460 | tom.houday | 386 | <body onLoad="onPageLoad();"> |
| 2449 | tom.houday | 387 | <div class="panel"> |
| 388 | <div class="panel-header"><?= $l_ldap_legend ?></div> |
||
| 389 | <div class="panel-body"> |
||
| 2451 | tom.houday | 390 | <form name="config_ldap" method="POST" action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>"> |
| 2449 | tom.houday | 391 | <fieldset> |
| 392 | <legend> |
||
| 2460 | tom.houday | 393 | <br> |
| 394 | <div style="text-align: center"> |
||
| 395 | <?php if ($messages): ?> |
||
| 396 | <?= $messages ?> |
||
| 397 | <?php endif; ?> |
||
| 398 | </div> |
||
| 399 | <div style="text-align: center"></div> |
||
| 2449 | tom.houday | 400 | </legend> |
| 401 | <dl> |
||
| 402 | <dt> |
||
| 403 | <label for="auth_enable"><?= $l_ldap_auth_enable_label ?></label> |
||
| 404 | </dt> |
||
| 405 | <dd> |
||
| 406 | <select id="auth_enable" name="auth_enable" onchange="onLdapStatusChange();"> |
||
| 407 | <option value="1"<?= ($ldap_status) ? ' selected="selected"' : '' ?>><?= $l_ldap_YES ?></option> |
||
| 408 | <option value="0"<?= (!$ldap_status) ? ' selected="selected"' : '' ?>><?= $l_ldap_NO ?></option> |
||
| 409 | </select> |
||
| 410 | </dd> |
||
| 411 | </dl> |
||
| 412 | <dl> |
||
| 413 | <dt> |
||
| 414 | <label for="ldap_server"><?= $l_ldap_server_label ?></label><br> |
||
| 415 | <?= $l_ldap_server_text ?> |
||
| 416 | </dt> |
||
| 417 | <dd> |
||
| 2460 | tom.houday | 418 | <input id="ldap_server" size="40" name="ldap_server" value="<?= htmlspecialchars($ldap_server) ?>" oninput="onLdapStatusChange();"> |
| 2449 | tom.houday | 419 | </dd> |
| 420 | </dl> |
||
| 421 | <dl> |
||
| 422 | <dt> |
||
| 423 | <label for="ldap_dn"><?= $l_ldap_base_dn_label ?></label><br> |
||
| 424 | <?= $l_ldap_base_dn_text ?> |
||
| 425 | </dt> |
||
| 426 | <dd> |
||
| 2460 | tom.houday | 427 | <input id="ldap_dn" size="40" name="ldap_base_dn" value="<?= htmlspecialchars($ldap_base_dn) ?>" oninput="onLdapStatusChange();"> |
| 2449 | tom.houday | 428 | </dd> |
| 429 | </dl> |
||
| 430 | <dl> |
||
| 431 | <dt> |
||
| 2459 | richard | 432 | <label for="ldap_uid"><?= $l_ldap_uid_label ?></label><br> |
| 433 | <?= $l_ldap_uid_text ?> |
||
| 2449 | tom.houday | 434 | </dt> |
| 435 | <dd> |
||
| 2460 | tom.houday | 436 | <input id="ldap_uid" size="40" name="ldap_uid" value="<?= htmlspecialchars($ldap_uid) ?>" oninput="onLdapStatusChange();"> |
| 2449 | tom.houday | 437 | </dd> |
| 438 | </dl> |
||
| 439 | <dl> |
||
| 440 | <dt> |
||
| 441 | <label for="ldap_base_filter"><?= $l_ldap_base_filter_label ?></label><br> |
||
| 442 | <?= $l_ldap_base_filter_text ?> |
||
| 443 | </dt> |
||
| 444 | <dd> |
||
| 2460 | tom.houday | 445 | <input id="ldap_base_filter" size="40" name="ldap_base_filter" value="<?= htmlspecialchars($ldap_base_filter) ?>" oninput="onLdapStatusChange();"> |
| 2449 | tom.houday | 446 | </dd> |
| 447 | </dl> |
||
| 448 | <dl> |
||
| 449 | <dt> |
||
| 450 | <label for="ldap_user"><?= $l_ldap_user_label ?></label><br> |
||
| 451 | <?= $l_ldap_user_text ?> |
||
| 452 | </dt> |
||
| 453 | <dd> |
||
| 2460 | tom.houday | 454 | <input id="ldap_user" size="40" name="ldap_user" value="<?= htmlspecialchars($ldap_user) ?>" oninput="onLdapStatusChange();"> |
| 2449 | tom.houday | 455 | </dd> |
| 456 | </dl> |
||
| 457 | <dl> |
||
| 458 | <dt> |
||
| 459 | <label for="ldap_password"><?= $l_ldap_password_label ?></label><br> |
||
| 460 | <?= $l_ldap_password_text ?> |
||
| 461 | </dt> |
||
| 462 | <dd> |
||
| 2460 | tom.houday | 463 | <input id="ldap_password" type="password" size="40" name="ldap_password" value="<?= htmlspecialchars($ldap_password) ?>" oninput="onLdapStatusChange();"> |
| 2449 | tom.houday | 464 | </dd> |
| 465 | </dl> |
||
| 466 | <p> |
||
| 2460 | tom.houday | 467 | <button id="btn-checkconf" onclick="checkConfig(); return false;"><?= 'Check' /* TODO: need to translate */ ?></button> |
| 468 | <input id="submit" type="submit" value="<?= $l_ldap_submit ?>" name="submit" title="<?= 'You need to check before submit' /* TODO: need to translate */ ?>"> |
||
| 2449 | tom.houday | 469 | </p> |
| 470 | </fieldset> |
||
| 471 | </form> |
||
| 472 | </div> |
||
| 473 | </div> |
||
| 318 | richard | 474 | </body> |
| 475 | </html> |