1,24 → 1,50 |
<?php |
# $Id$ |
|
/* written by steweb57 & Rexy */ |
/**************************************************************** |
* CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION * |
* GLOBAL FILE PATHS * |
*****************************************************************/ |
define('CONF_FILE', '/usr/local/etc/alcasar.conf'); |
|
define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-enabled/alcasar"); |
define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/mods-available/ldap"); |
/**************************************************************** |
* FILE reading test * |
*****************************************************************/ |
$conf_files = array(CONF_FILE); |
foreach ($conf_files as $file) { |
if (!file_exists($file)) { |
exit("Fichier $file non présent"); |
} |
if (!is_readable($file)) { |
exit("Vous n'avez pas les droits de lecture sur le fichier $file"); |
} |
} |
|
/**************************************************************** |
* Read CONF_FILE * |
*****************************************************************/ |
$file_conf = fopen(CONF_FILE, 'r'); |
if (!$file_conf) { |
exit('Error opening the file '.CONF_FILE); |
} |
while (!feof($file_conf)) { |
$buffer = fgets($file_conf, 4096); |
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
$tmp = explode('=', $buffer, 2); |
$conf[trim($tmp[0])] = trim($tmp[1]); |
} |
} |
fclose($file_conf); |
|
/**************************************************************** |
* Choice of language * |
*****************************************************************/ |
|
$Language = 'en'; |
if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){ |
$Langue = explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]),0,2)); } |
if($Language == 'fr'){ |
$l_file = "Fichier "; |
$l_not_found = " non présent"; |
$l_no_writing_right_on_file = "Vous n'avez pas les droits d'écriture sur le fichier "; |
$Langue = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); |
$Language = strtolower(substr(chop($Langue[0]), 0, 2)); |
} |
if ($Language === 'fr') { // French |
$l_ldap_update_sucess = "Mise à jour des paramètres LDAP réalisée avec succès"; |
$l_ldap_title = "Authentification externe : LDAP"; |
$l_ldap_legend = "Authentification LDAP"; |
45,10 → 71,8 |
$l_ldap_test_bind_failed = "Echec d'authentification sur le serveur LDAP... Vérifiez votre configuration"; |
$l_ldap_test_dn_ok = "DN semble bon"; |
$l_ldap_test_dn_failed = "DN semble mauvais"; |
} else { |
$l_file = "File "; |
$l_not_found = " not found"; |
$l_no_writing_right_on_file = "You have no writting permission on the file "; |
$l_ldap_error = "erreur LDAP"; |
} else { // English |
$l_ldap_update_sucess = "Successfull LDAP settings update"; |
$l_ldap_title = "External authentication : LDAP"; |
$l_ldap_legend = "LDAP authentication"; |
75,152 → 99,106 |
$l_ldap_test_bind_failed = "LDAP authentication failed...Check your ldap setup..."; |
$l_ldap_test_dn_ok = "DN seems to be right"; |
$l_ldap_test_dn_failed = "DN seems to be wrong"; |
$l_ldap_error = "LDAP error"; |
} |
/******************************************************** |
* TEST DES FICHIERS DE CONFIGURATION * |
*********************************************************/ |
|
//Test de présence et des droits en lecture des fichiers de configuration. |
if (!file_exists(ALCASAR_RADIUS_SITE)){ |
exit($l_file.ALCASAR_RADIUS_SITE.$l_not_found); |
} |
if (!file_exists(ALCASAR_RADIUS_MODULE_LDAP)){ |
exit($l_file.ALCASAR_RADIUS_MODULE_LDAP.$l_not_found); |
} |
if (!is_readable(ALCASAR_RADIUS_SITE)){ |
exit($l_no_writing_right_on_file.ALCASAR_RADIUS_SITE); |
} |
if (!is_readable(ALCASAR_RADIUS_MODULE_LDAP)){ |
exit($l_no_writing_right_on_file.ALCASAR_RADIUS_MODULE_LDAP); |
} |
|
/******************************************************** |
* VARIABLES DE FORMULAIRE * |
*********************************************************/ |
|
if (isset($_GET['erreur'])&&(!($_GET['erreur']==""))) $erreur = $_GET['erreur']; else $erreur = false;//valeur de $erreur non controlée car ne sert qu'un afficher un msg. |
if (isset($_GET['update'])&&($_GET['update']=="ok")) $update = true; else $update = false; |
|
$message = ""; |
if ((bool)$erreur){ |
$message = "<div align=\"center\"><br>"; |
$message.="<strong><font color=\"red\">".$erreur."</font></strong><br>"; |
$message.="<br></div>"; |
}else{ |
if ($update){ |
$message = "<div align=\"center\"><br>"; |
$message.="<strong><font color=\"green\">$l_ldap_update_sucess</font><br></strong>"; |
$message.="<br></div>"; |
$message = ''; |
if ((isset($_GET['erreur'])) && (!empty($_GET['erreur']))) { |
$message = '<div style="text-align: center"><br>'; |
$message .= '<span style="font-weight: bold; color: red;">'.htmlspecialchars($erreur).'</span><br>'; |
$message .= '<br></div>'; |
} else if (isset($_GET['update']) && ($_GET['update'] === 'ok')) { |
$message = '<div style="text-align: center"><br>'; |
$message .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update_sucess.'</span><br>'; |
$message .= '<br></div>'; |
} |
} |
|
/**************************************************************** |
* VARIABLES RESULTATS * |
*****************************************************************/ |
//Création des variables nécessaires |
//variables ldap |
$ldap_on = ""; |
$ldap_server = ""; //IP ou nom DNS du seveur LDAP (ou AD) |
//par défaut : server = "ldap.your.domain" |
$ldap_identity = ""; //nom d'utilisateur qui intérroge le ldap (vide = anonyme) |
//par défaut : # identity = "cn=admin,o=My Org,c=UA" |
$ldap_password = ""; //mot de passe de l'utilisateur intérrogeant le ldap |
//par défaut : # password = mypass |
$ldap_basedn = ""; //DN de base ou l'on recherchera les utilisateurs |
//par défaut : basedn = "o=My Org,c=UA" |
$ldap_filter = ""; //permet entre autre de déterminer l'attribut utilisé pour la recherche d'un utilisateur dans LDAP |
//attribut uid pour un ldap standard, samaccountname pour AD |
//par défaut : filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" |
$ldap_base_filter = ""; // |
//par défaut : # base_filter = "(objectclass=radiusprofile)" |
// LDAP configuration params |
$ldap_status = ($conf['LDAP'] === 'on'); |
$ldap_server = $conf['LDAP_SERVER']; |
$ldap_identity = $conf['LDAP_USER']; |
$ldap_password = $conf['LDAP_PASSWORD']; |
$ldap_basedn = $conf['LDAP_BASE']; |
$ldap_filter = $conf['LDAP_UID']; |
$ldap_base_filter = $conf['LDAP_FILTER']; |
|
/******************************************************** |
*Lecture Fichier de conf * |
*********************************************************/ |
//Lecture du fichier /usr/local/etc/alcasar.conf |
//$ldap_server = $ldap->host; // others options only in alcasar 3.x ($ldap->server) |
//$ldap_identity = $ldap->identity; |
//$ldap_password = $ldap->password; |
//$ldap_basedn = $ldap->basedn; |
//$ldap_filter = $ldap->uid; // others options only in alcasar 3.x ($ldap->filter) |
//$ldap_base_filter = $ldap->base_filter; |
|
function ldap_test($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_filter, $f_ldap_port = "389"){ |
// Test du serveur |
function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_filter, $f_ldap_port = 389) { |
// Test connect to the LDAP server |
if (!$sock = @fsockopen($f_ldap_server, $f_ldap_port, $num, $error, 2)) { |
// no network connection |
return -1; |
} else { |
} |
fclose($sock); |
// Connexion au serveur LDAP |
|
// Test connect to the LDAP server |
$ldapconn = ldap_connect($f_ldap_server, $f_ldap_port); |
ldap_set_option($ldapconn, LDAP_OPT_TIMELIMIT, 2); |
if ($ldapconn) { |
if (!$ldapconn) { |
// LDAP connection failed |
return -2; |
} |
|
$ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password); |
if ($ldapbind) { |
// LDAP Bind success |
//try search |
$query = $f_ldap_filter."=*"; |
if($search = ldap_search($ldapconn, $f_ldap_basedn, $query)){ |
ldap_unbind($ldapconn); |
return 2; |
} else { |
ldap_unbind($ldapconn); |
return 1; |
} |
} else { |
if (!$ldapbind) { |
// Test LDAP Version 3 |
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); |
$ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password); |
if ($ldapbind) { |
// LDAP Bind success |
|
if (!$ldapbind) { |
// LDAP Bind failed |
return 0; |
} |
} |
ldap_unbind($ldapconn); |
|
//try search |
$query = $f_ldap_filter."=*"; |
if($search = ldap_search($ldapconn, $f_ldap_basedn, $query)){ |
ldap_unbind($ldapconn); |
$query = $f_ldap_filter.'=*'; |
if (ldap_search($ldapconn, $f_ldap_basedn, $query)) { |
return 2; |
} else { |
ldap_unbind($ldapconn); |
return 1; |
} |
} else { |
// LDAP Bind failed |
return 0; |
} |
} |
|
// TODO : check LDAP PHP extension loaded? |
// if (!extension_loaded('ldap')) { |
// exit(); |
// } |
|
$pos = strpos($ldap_server, '//'); |
if ($pos !== false) { |
// TODO : useless? |
$new_ldap_server = explode('//', $ldap_server); // pour discriminer le host et le protocole dans la notation "ldap://192.168.182.10" ou "ldaps://monldap.monentreperise.com" |
} else { |
// LDAP connection failed |
return -2; |
$new_ldap_server = $ldap_server; |
} |
|
if ($ldap_status) { |
$serverCheckResult = ldap_checkServerConfig($new_ldap_server, $ldap_identity, $ldap_password, $ldap_basedn, $ldap_filter); |
} |
} |
|
/******************************** |
* TO DO * |
*********************************/ |
//internationnalisation à mettre en haut du fichier pour internationnaliser les erreurs de script! |
?> |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
<html><!-- written by steweb57 --> |
<!DOCTYPE html> |
<html> |
<head> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
<title><?php echo $l_ldap_title; ?></title> |
<link rel="stylesheet" href="/css/style.css" type="text/css"> |
<link rel="stylesheet" href="/css/ldap.css" type="text/css"> |
<script language="javascript"> |
function testLdapActif(){ |
//List des ID des éléments à désactiver |
var listToDisables = new Array("ldap_server","ldap_dn","ldap_filter","ldap_base_filter","ldap_user","ldap_password"); |
<meta charset="UTF-8"> |
<title><?= $l_ldap_title ?></title> |
<link type="text/css" href="/css/style.css" rel="stylesheet"> |
<link type="text/css" href="/css/acc.css" rel="stylesheet"> |
<link type="text/css" href="/css/ldap.css" rel="stylesheet"> |
<script> |
function onLdapStatusChange() { |
var listToDisables = ['ldap_server', 'ldap_dn', 'ldap_filter', 'ldap_base_filter', 'ldap_user', 'ldap_password']; |
|
if (document.getElementById("auth_enable").value == "1"){ |
if (document.getElementById("auth_enable").value === '1') { |
for (var i=0;i<listToDisables.length;i++){ |
document.getElementById(listToDisables[i]).style.backgroundColor ="#ffffff"; |
document.getElementById(listToDisables[i]).style.backgroundColor = '#ffffff'; |
document.getElementById(listToDisables[i]).disabled = false; |
} |
} else { |
for (var i=0;i<listToDisables.length;i++){ |
document.getElementById(listToDisables[i]).style.backgroundColor ="#c0c0c0"; |
document.getElementById(listToDisables[i]).style.backgroundColor = '#c0c0c0'; |
document.getElementById(listToDisables[i]).disabled = true; |
} |
} |
227,134 → 205,109 |
} |
</script> |
</head> |
<body onLoad="testLdapActif();"> |
<table width="100%" border=0 cellspacing=0 cellpadding=0> |
<tr><th><?php echo $l_ldap_legend; ?></th></tr> |
<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr> |
</table> |
<table width="100%" border=1 cellspacing=0 cellpadding=1> |
<tr><td valign="middle" align="left"> |
<body onLoad="onLdapStatusChange();"> |
<div class="panel"> |
<div class="panel-header"><?= $l_ldap_legend ?></div> |
<div class="panel-body"> |
<form name="config_ldap" method="post" action="update_ldap.php"> |
<fieldset> |
<legend> |
<?php |
echo $message; |
$pos = strpos($ldap_server, "//"); |
if ($pos!==false){ |
$new_ldap_server = explode("//",$ldap_server); //pour discriminer le host et le protocole dans la notation "ldap://192.168.182.10" ou "ldaps://monldap.monentreperise.com" |
} else { |
$new_ldap_server = $ldap_server; |
} |
if (($ldap_on == "ldap") && (function_exists('ldap_connect'))){ |
echo "<div align='center'><br>"; |
|
switch(ldap_test($new_ldap_server, $ldap_identity, $ldap_password, $ldap_basedn, $ldap_filter)){ |
case -2: |
echo "<font color='red'>".$l_ldap_test_connection_failed."</font>"; |
break; |
case -1: |
echo "<font color='red'>".$l_ldap_test_network_failed."</font>"; |
break; |
case 0: |
echo "<font color='red'>".$l_ldap_test_bind_failed."</font>"; |
break; |
case 1: |
echo "<font color='green'>".$l_ldap_test_bind_ok."</font>"; |
echo "<br>"; |
echo "<font color='red'>".$l_ldap_test_dn_failed."</font>"; |
break; |
case 2: |
echo "<font color='green'>".$l_ldap_test_bind_ok."</font>"; |
echo "<br>"; |
echo "<font color='green'>".$l_ldap_test_dn_ok."</font>"; |
break; |
default: |
echo "LDAP error"; |
} |
echo "<br><br></div>"; |
} |
?> |
<?= $message ?> |
<?php if ($ldap_status): ?> |
<div style="text-align: center"><br> |
<?php if ($serverCheckResult === -2): ?> |
<span style="color: red"><?= $l_ldap_test_connection_failed ?></span> |
<?php elseif ($serverCheckResult === -1): ?> |
<span style="color: red"><?= $l_ldap_test_network_failed ?></span> |
<?php elseif ($serverCheckResult === 0): ?> |
<span style="color: red"><?= $l_ldap_test_bind_failed ?></span> |
<?php elseif ($serverCheckResult === 1): ?> |
<span style="color: green"><?= $l_ldap_test_bind_ok ?></span> |
<br>"; |
<span style="color: red"><?= $l_ldap_test_dn_failed ?></span> |
<?php elseif ($serverCheckResult === 2): ?> |
<span style="color: green"><?= $l_ldap_test_bind_ok ?></span> |
<br>"; |
<span style="color: green"><?= $l_ldap_test_dn_ok ?></span> |
<?php else: ?> |
<span><?= $l_ldap_error ?></span> |
<?php endif ?> |
<br><br> |
</div> |
<?php endif ?> |
</legend> |
<dl> |
<dt> |
<label for="auth_enable"><?php echo $l_ldap_auth_enable_label; ?></label> |
<label for="auth_enable"><?= $l_ldap_auth_enable_label ?></label> |
</dt> |
<dd> |
<select id="auth_enable" name="auth_enable" onchange="testLdapActif();"> |
<?php if ($ldap_on == "ldap") { |
echo "<option value=\"1\" selected=\"selected\">$l_ldap_YES</option>"; |
echo "<option value=\"0\">$l_ldap_NO</option>"; |
}else{ |
echo "<option value=\"1\">$l_ldap_YES</option>"; |
echo "<option value=\"0\" selected=\"selected\">$l_ldap_NO</option>"; |
}?> |
<select id="auth_enable" name="auth_enable" onchange="onLdapStatusChange();"> |
<option value="1"<?= ($ldap_status) ? ' selected="selected"' : '' ?>><?= $l_ldap_YES ?></option> |
<option value="0"<?= (!$ldap_status) ? ' selected="selected"' : '' ?>><?= $l_ldap_NO ?></option> |
</select> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_server"><?php echo $l_ldap_server_label; ?></label> |
<br> |
<?php echo $l_ldap_server_text; ?></dt> |
<label for="ldap_server"><?= $l_ldap_server_label ?></label><br> |
<?= $l_ldap_server_text ?> |
</dt> |
<dd> |
<input id="ldap_server" size="40" name="ldap_server" value="<?php echo htmlspecialchars($ldap_server); ?>"> |
<input id="ldap_server" size="40" name="ldap_server" value="<?= htmlspecialchars($ldap_server) ?>"> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_dn"><?php echo $l_ldap_base_dn_label; ?></label> |
<br> |
<?php echo $l_ldap_base_dn_text; ?></dt> |
<label for="ldap_dn"><?= $l_ldap_base_dn_label ?></label><br> |
<?= $l_ldap_base_dn_text ?> |
</dt> |
<dd> |
<input id="ldap_dn" size="40" name="ldap_base_dn" value="<?php echo htmlspecialchars($ldap_basedn); ?>"> |
<input id="ldap_dn" size="40" name="ldap_base_dn" value="<?= htmlspecialchars($ldap_basedn) ?>"> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_filter"><?php echo $l_ldap_filter_label; ?></label> |
<br> |
<?php echo $l_ldap_filter_text; ?></dt> |
<label for="ldap_filter"><?= $l_ldap_filter_label ?></label><br> |
<?= $l_ldap_filter_text ?> |
</dt> |
<dd> |
<input id="ldap_filter" size="40" name="ldap_filter" value="<?php echo htmlspecialchars($ldap_filter); ?>"> |
<input id="ldap_filter" size="40" name="ldap_filter" value="<?= htmlspecialchars($ldap_filter) ?>"> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_base_filter"><?php echo $l_ldap_base_filter_label; ?></label> |
<br> |
<?php echo $l_ldap_base_filter_text; ?></dt> |
<label for="ldap_base_filter"><?= $l_ldap_base_filter_label ?></label><br> |
<?= $l_ldap_base_filter_text ?> |
</dt> |
<dd> |
<input id="ldap_base_filter" size="40" name="ldap_base_filter" value="<?php echo htmlspecialchars($ldap_base_filter); ?>"> |
<input id="ldap_base_filter" size="40" name="ldap_base_filter" value="<?= htmlspecialchars($ldap_base_filter) ?>"> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_user"><?php echo $l_ldap_user_label; ?></label> |
<br> |
<?php echo $l_ldap_user_text; ?></dt> |
<label for="ldap_user"><?= $l_ldap_user_label ?></label><br> |
<?= $l_ldap_user_text ?> |
</dt> |
<dd> |
<input id="ldap_user" size="40" name="ldap_user" value="<?php echo htmlspecialchars($ldap_identity); ?>"> |
<input id="ldap_user" size="40" name="ldap_user" value="<?= htmlspecialchars($ldap_identity) ?>"> |
</dd> |
</dl> |
<dl> |
<dt> |
<label for="ldap_password"><?php echo $l_ldap_password_label; ?></label> |
<br> |
<?php echo $l_ldap_password_text; ?></dt> |
<label for="ldap_password"><?= $l_ldap_password_label ?></label><br> |
<?= $l_ldap_password_text ?> |
</dt> |
<dd> |
<input id="ldap_password" type="password" size="40" name="ldap_password" value="<?php echo htmlspecialchars($ldap_password);?>"> |
<input id="ldap_password" type="password" size="40" name="ldap_password" value="<?= htmlspecialchars($ldap_password) ?>"> |
</dd> |
</dl> |
<p> |
<input id="submit" type="submit" value="<?php echo $l_ldap_submit; ?>" name="submit"> |
|
<input id="reset" type="reset" value="<?php echo $l_ldap_reset; ?>" name="reset"> |
<input id="submit" type="submit" value="<?= $l_ldap_submit ?>" name="submit"> |
<input id="reset" type="reset" value="<?= $l_ldap_reset ?>" name="reset"> |
</p> |
|
</fieldset> |
</form> |
<br> |
</td></tr> |
</table> |
</div> |
</div> |
</body> |
</html> |
Property changes: |
Added: svn:keywords |
+Id |
\ No newline at end of property |