WebSVN – ALCASAR – Diff – //web/acc/admin/ldap.php

 <?php
+# $Id: ldap.php 2449 2017-12-05 21:42:08Z tom.houdayer $
 /* written by steweb57 & Rexy */
 /****************************************************************
-*	CONSTANTES AVEC CHEMINS DES FICHIERS DE CONFIGURATION	*
+*			GLOBAL FILE PATHS			*
 *****************************************************************/
+define('CONF_FILE', '/usr/local/etc/alcasar.conf');
+/****************************************************************
+*			FILE reading test			*
-define ("ALCASAR_RADIUS_SITE", "/etc/raddb/sites-enabled/alcasar");
+*****************************************************************/
+$conf_files = array(CONF_FILE);
+foreach ($conf_files as $file) {
+	if (!file_exists($file)) {
+		exit("Fichier $file non présent");
+	}
+	if (!is_readable($file)) {
-define ("ALCASAR_RADIUS_MODULE_LDAP", "/etc/raddb/mods-available/ldap");
+		exit("Vous n'avez pas les droits de lecture sur le fichier $file");
+	}
+}
 /****************************************************************
-*			Choice of language			*
+*			Read CONF_FILE				*
 *****************************************************************/
+$file_conf = fopen(CONF_FILE, 'r');
+if (!$file_conf) {
+	exit('Error opening the file '.CONF_FILE);
+}
+while (!feof($file_conf)) {
+	$buffer = fgets($file_conf, 4096);
+	if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) {
+		$tmp = explode('=', $buffer, 2);
+		$conf[trim($tmp[0])] = trim($tmp[1]);
+	}
+}
+fclose($file_conf);
+/****************************************************************
+*			Choice of language			*
+*****************************************************************/
 $Language = 'en';
-if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
+if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
-	$Langue	= explode(",",$_SERVER['HTTP_ACCEPT_LANGUAGE']);
+	$Langue	  = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
-	$Language	= strtolower(substr(chop($Langue[0]),0,2)); }
+	$Language = strtolower(substr(chop($Langue[0]), 0, 2));
+}
-if($Language == 'fr'){
+if ($Language === 'fr') {		// French
-	$l_file				= "Fichier ";
-	$l_not_found			= " non présent";
-	$l_no_writing_right_on_file	= "Vous n'avez pas les droits d'écriture sur le fichier ";
 	$l_ldap_update_sucess		= "Mise à jour des paramètres LDAP réalisée avec succès";
 	$l_ldap_title			= "Authentification externe : LDAP";
 	$l_ldap_legend			= "Authentification LDAP";
 	$l_ldap_auth_enable_label	= "Activer l'authentification LDAP:";
 	$l_ldap_YES			= "OUI";
 	$l_ldap_test_connection_failed	= "Impossible de se connecter au serveur LDAP.";
 	$l_ldap_test_bind_ok		= "Connexion LDAP réussie...";
 	$l_ldap_test_bind_failed	= "Echec d'authentification sur le serveur LDAP... Vérifiez votre configuration";
 	$l_ldap_test_dn_ok		= "DN semble bon";
 	$l_ldap_test_dn_failed		= "DN semble mauvais";
-} else {
-	$l_file				= "File ";
+	$l_ldap_error			= "erreur LDAP";
-	$l_not_found			= " not found";
+} else {				// English
-	$l_no_writing_right_on_file	= "You have no writting permission on the file ";
 	$l_ldap_update_sucess		= "Successfull LDAP settings update";
 	$l_ldap_title			= "External authentication : LDAP";
 	$l_ldap_legend			= "LDAP authentication";
 	$l_ldap_auth_enable_label	= "Use LDAP authentication :";
 	$l_ldap_YES			= "YES";
 	$l_ldap_test_connection_failed	= "LDAP connexion failed...";
 	$l_ldap_test_bind_ok		= "LDAP connexion success...";
 	$l_ldap_test_bind_failed	= "LDAP authentication failed...Check your ldap setup...";
 	$l_ldap_test_dn_ok              = "DN seems to be right";
 	$l_ldap_test_dn_failed          = "DN seems to be wrong";
-}
-/********************************************************
-*		TEST DES FICHIERS DE CONFIGURATION	*
-*********************************************************/
-//Test de présence et des droits en lecture des fichiers de configuration.
-if (!file_exists(ALCASAR_RADIUS_SITE)){
-	exit($l_file.ALCASAR_RADIUS_SITE.$l_not_found);
-}
-if (!file_exists(ALCASAR_RADIUS_MODULE_LDAP)){
-	exit($l_file.ALCASAR_RADIUS_MODULE_LDAP.$l_not_found);
-}
-if (!is_readable(ALCASAR_RADIUS_SITE)){
+	$l_ldap_error			= "LDAP error";
-	exit($l_no_writing_right_on_file.ALCASAR_RADIUS_SITE);
-}
-if (!is_readable(ALCASAR_RADIUS_MODULE_LDAP)){
-	exit($l_no_writing_right_on_file.ALCASAR_RADIUS_MODULE_LDAP);
+}
-/********************************************************
-*		VARIABLES DE FORMULAIRE			*
-*********************************************************/
-if (isset($_GET['erreur'])&&(!($_GET['erreur']==""))) $erreur = $_GET['erreur']; else $erreur = false;//valeur de $erreur non controlée car ne sert qu'un afficher un msg.
-if (isset($_GET['update'])&&($_GET['update']=="ok")) $update = true; else $update = false;
-$message = "";
+$message = '';
-if ((bool)$erreur){
+if ((isset($_GET['erreur'])) && (!empty($_GET['erreur']))) {
-	$message = "<div align=\"center\"><br>";
+	$message  = '<div style="text-align: center"><br>';
-	$message.="<strong><font color=\"red\">".$erreur."</font></strong><br>";
+	$message .= '<span style="font-weight: bold; color: red;">'.htmlspecialchars($erreur).'</span><br>';
-	$message.="<br></div>";
+	$message .= '<br></div>';
-}else{
-	if ($update){
+} else if (isset($_GET['update']) && ($_GET['update'] === 'ok')) {
-		$message = "<div align=\"center\"><br>";
+	$message  = '<div style="text-align: center"><br>';
-		$message.="<strong><font color=\"green\">$l_ldap_update_sucess</font><br></strong>";
+	$message .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update_sucess.'</span><br>';
-		$message.="<br></div>";
+	$message .= '<br></div>';
-	}
+}
-/****************************************************************
-*			VARIABLES RESULTATS			*
+// LDAP configuration params
-*****************************************************************/
-//Création des variables nécessaires
+$ldap_status      = ($conf['LDAP'] === 'on');
-//variables ldap
-$ldap_on		= "";
-$ldap_server	= ""; 	//IP ou nom DNS du seveur LDAP (ou AD)
+$ldap_server      = $conf['LDAP_SERVER'];
-						//par défaut : server = "ldap.your.domain"
-$ldap_identity	= "";	//nom d'utilisateur qui intérroge le ldap (vide = anonyme)
-						//par défaut : # identity = "cn=admin,o=My Org,c=UA"
+$ldap_identity    = $conf['LDAP_USER'];
-$ldap_password	= "";	//mot de passe de l'utilisateur intérrogeant le ldap
+$ldap_password    = $conf['LDAP_PASSWORD'];
-						//par défaut : # password = mypass
+$ldap_basedn      = $conf['LDAP_BASE'];
-$ldap_basedn	= "";	//DN de base ou l'on recherchera les utilisateurs
-						//par défaut : basedn = "o=My Org,c=UA"
+$ldap_filter      = $conf['LDAP_UID'];
-$ldap_filter	= "";	//permet entre autre de déterminer l'attribut utilisé pour la recherche d'un utilisateur dans LDAP
-						//attribut uid pour un ldap standard, samaccountname pour AD
-						//par défaut : filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
-$ldap_base_filter = "";	//
+$ldap_base_filter = $conf['LDAP_FILTER'];
-						//par défaut : # base_filter = "(objectclass=radiusprofile)"
-/********************************************************
-*Lecture Fichier de conf	*
-*********************************************************/
-//Lecture du fichier /usr/local/etc/alcasar.conf
-//$ldap_server		= $ldap->host;		// others options only in alcasar 3.x ($ldap->server)
-//$ldap_identity		= $ldap->identity;
-//$ldap_password		= $ldap->password;
-//$ldap_basedn		= $ldap->basedn;
-//$ldap_filter		= $ldap->uid;		// others options only in alcasar 3.x ($ldap->filter)
-//$ldap_base_filter	= $ldap->base_filter;
-function ldap_test($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_filter, $f_ldap_port = "389"){
+function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_filter, $f_ldap_port = 389) {
-	// Test du serveur
+	// Test connect to the LDAP server
 	if (!$sock = @fsockopen($f_ldap_server, $f_ldap_port, $num, $error, 2)) {
 		// no network connection
 		return -1;
-	} else {
+	}
-		fclose($sock);
+	fclose($sock);
-		// Connexion au serveur LDAP
-		$ldapconn = ldap_connect($f_ldap_server, $f_ldap_port);
-		ldap_set_option($ldapconn, LDAP_OPT_TIMELIMIT, 2);
-		if ($ldapconn) {
-			$ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password);
-			if ($ldapbind) {
-				// LDAP Bind success
-				//try search
-				$query = $f_ldap_filter."=*";
-				if($search = ldap_search($ldapconn, $f_ldap_basedn, $query)){
-				 	ldap_unbind($ldapconn);
-					return 2;
-				} else {
-					ldap_unbind($ldapconn);
-					return 1;
-				}
-			} else {
-				// Test LDAP Version 3
-				ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
-				$ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password);
-				if ($ldapbind) {
-					// LDAP Bind success
-					//try search
-					$query = $f_ldap_filter."=*";
-					if($search = ldap_search($ldapconn, $f_ldap_basedn, $query)){
-						ldap_unbind($ldapconn);
-						return 2;
-					} else {
-				ldap_unbind($ldapconn);
-				return 1;
-					}
-				} else {
-					// LDAP Bind failed
-					return 0;
-				}
-			}
-		} else {
-			// LDAP connection failed
-			return -2;
-		}
+	// Test connect to the LDAP server
+	$ldapconn = ldap_connect($f_ldap_server, $f_ldap_port);
+	ldap_set_option($ldapconn, LDAP_OPT_TIMELIMIT, 2);
+	if (!$ldapconn) {
+		// LDAP connection failed
+		return -2;
+	}
-}
-/********************************
-*		TO DO		*
-*********************************/
-//internationnalisation à mettre en haut du fichier pour internationnaliser les erreurs de script!
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html><!-- written by steweb57 -->
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<title><?php echo $l_ldap_title; ?></title>
-<link rel="stylesheet" href="/css/style.css" type="text/css">
-<link rel="stylesheet" href="/css/ldap.css" type="text/css">
+	$ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password);
-<script language="javascript">
+	if (!$ldapbind) {
-function testLdapActif(){
+		// Test LDAP Version 3
-	//List des ID des éléments à désactiver
+		ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
-	var listToDisables = new Array("ldap_server","ldap_dn","ldap_filter","ldap_base_filter","ldap_user","ldap_password");
+		$ldapbind = ldap_bind($ldapconn, $f_ldap_identity, $f_ldap_password);
-	if (document.getElementById("auth_enable").value == "1"){
+		if (!$ldapbind) {
-		for (var i=0;i<listToDisables.length;i++){
+			// LDAP Bind failed
-			document.getElementById(listToDisables[i]).style.backgroundColor ="#ffffff";
-			document.getElementById(listToDisables[i]).disabled = false;
+			return 0;
+		}
+	}
+	ldap_unbind($ldapconn);
+	// try search
+	$query = $f_ldap_filter.'=*';
+	if (ldap_search($ldapconn, $f_ldap_basedn, $query)) {
+		return 2;
 	} else {
-		for (var i=0;i<listToDisables.length;i++){
-			document.getElementById(listToDisables[i]).style.backgroundColor ="#c0c0c0";
-			document.getElementById(listToDisables[i]).disabled = true;
-		}
+		return 1;
+	}
+}
-</script>
-</head>
-<body onLoad="testLdapActif();">
-<table width="100%" border=0 cellspacing=0 cellpadding=0>
-<tr><th><?php echo $l_ldap_legend; ?></th></tr>
+// TODO : check LDAP PHP extension loaded?
-<tr bgcolor="#FFCC66"><td><img src="/images/pix.gif" width=1 height=2></td></tr>
-</table>
-<table width="100%" border=1 cellspacing=0 cellpadding=1>
-<tr><td valign="middle" align="left">
+// if (!extension_loaded('ldap')) {
-<form name="config_ldap" method="post" action="update_ldap.php">
-<fieldset>
+// 	exit();
-<legend>
+// }
-<?php
-echo $message;
-$pos = strpos($ldap_server, "//");
+$pos = strpos($ldap_server, '//');
-if ($pos!==false){
+if ($pos !== false) {
+	// TODO : useless?
-	$new_ldap_server = explode("//",$ldap_server); //pour discriminer le host et le protocole dans la notation "ldap://192.168.182.10" ou "ldaps://monldap.monentreperise.com"
+	$new_ldap_server = explode('//', $ldap_server); // pour discriminer le host et le protocole dans la notation "ldap://192.168.182.10" ou "ldaps://monldap.monentreperise.com"
 } else {
 	$new_ldap_server = $ldap_server;
+}
-if (($ldap_on == "ldap") && (function_exists('ldap_connect'))){
-	echo "<div align='center'><br>";
+if ($ldap_status) {
-	switch(ldap_test($new_ldap_server, $ldap_identity, $ldap_password, $ldap_basedn, $ldap_filter)){
+	$serverCheckResult = ldap_checkServerConfig($new_ldap_server, $ldap_identity, $ldap_password, $ldap_basedn, $ldap_filter);
-		case -2:
-			echo "<font color='red'>".$l_ldap_test_connection_failed."</font>";
-			break;
-		case -1:
-			echo "<font color='red'>".$l_ldap_test_network_failed."</font>";
-			break;
-		case 0:
-			echo "<font color='red'>".$l_ldap_test_bind_failed."</font>";
-			break;
-		case 1:
-			echo "<font color='green'>".$l_ldap_test_bind_ok."</font>";
-			echo "<br>";
-			echo "<font color='red'>".$l_ldap_test_dn_failed."</font>";
-			break;
-		case 2:
-			echo "<font color='green'>".$l_ldap_test_bind_ok."</font>";
-			echo "<br>";
-			echo "<font color='green'>".$l_ldap_test_dn_ok."</font>";
-		break;
-		default:
-			echo "LDAP error";
-	}
-	echo "<br><br></div>";
+}
 ?>
-</legend>
+<!DOCTYPE html>
-<dl>
+<html>
-  <dt>
+<head>
-    <label for="auth_enable"><?php echo $l_ldap_auth_enable_label; ?></label>
+	<meta charset="UTF-8">
-  </dt>
+	<title><?= $l_ldap_title ?></title>
-  <dd>
+	<link type="text/css" href="/css/style.css" rel="stylesheet">
-    <select id="auth_enable" name="auth_enable" onchange="testLdapActif();">
+	<link type="text/css" href="/css/acc.css" rel="stylesheet">
-	<?php if ($ldap_on == "ldap") {
+	<link type="text/css" href="/css/ldap.css" rel="stylesheet">
-      echo "<option value=\"1\" selected=\"selected\">$l_ldap_YES</option>";
+	<script>
-      echo "<option value=\"0\">$l_ldap_NO</option>";
+	function onLdapStatusChange() {
-	}else{
+		var listToDisables = ['ldap_server', 'ldap_dn', 'ldap_filter', 'ldap_base_filter', 'ldap_user', 'ldap_password'];
-      echo "<option value=\"1\">$l_ldap_YES</option>";
-      echo "<option value=\"0\" selected=\"selected\">$l_ldap_NO</option>";
+		if (document.getElementById("auth_enable").value === '1') {
-	}?>
+			for (var i=0; i<listToDisables.length; i++) {
-    </select>
+				document.getElementById(listToDisables[i]).style.backgroundColor = '#ffffff';
-  </dd>
+				document.getElementById(listToDisables[i]).disabled = false;
-</dl>
+			}
-<dl>
+		} else {
-  <dt>
+			for (var i=0; i<listToDisables.length; i++) {
-    <label for="ldap_server"><?php echo $l_ldap_server_label; ?></label>
+				document.getElementById(listToDisables[i]).style.backgroundColor = '#c0c0c0';
-    <br>
+				document.getElementById(listToDisables[i]).disabled = true;
-    <?php echo $l_ldap_server_text; ?></dt>
+			}
-  <dd>
+		}
-    <input id="ldap_server" size="40" name="ldap_server" value="<?php echo htmlspecialchars($ldap_server); ?>">
+	}
-  </dd>
+	</script>
-</dl>
+</head>
-<dl>
+<body onLoad="onLdapStatusChange();">
-  <dt>
+	<div class="panel">
-    <label for="ldap_dn"><?php echo $l_ldap_base_dn_label; ?></label>
+		<div class="panel-header"><?= $l_ldap_legend ?></div>
-    <br>
+		<div class="panel-body">
-    <?php echo $l_ldap_base_dn_text; ?></dt>
+			<form name="config_ldap" method="post" action="update_ldap.php">
-  <dd>
+				<fieldset>
-    <input id="ldap_dn" size="40" name="ldap_base_dn" value="<?php echo htmlspecialchars($ldap_basedn); ?>">
+					<legend>
-  </dd>
+						<?= $message ?>
-</dl>
+						<?php if ($ldap_status): ?>
-<dl>
+							<div style="text-align: center"><br>
-  <dt>
+								<?php if ($serverCheckResult === -2): ?>
-    <label for="ldap_filter"><?php echo $l_ldap_filter_label; ?></label>
+									<span style="color: red"><?= $l_ldap_test_connection_failed ?></span>
-    <br>
+								<?php elseif ($serverCheckResult === -1): ?>
-    <?php echo $l_ldap_filter_text; ?></dt>
+									<span style="color: red"><?= $l_ldap_test_network_failed ?></span>
-  <dd>
+								<?php elseif ($serverCheckResult === 0): ?>
-    <input id="ldap_filter" size="40" name="ldap_filter" value="<?php echo htmlspecialchars($ldap_filter); ?>">
+									<span style="color: red"><?= $l_ldap_test_bind_failed ?></span>
-  </dd>
+								<?php elseif ($serverCheckResult === 1): ?>
-</dl>
+										<span style="color: green"><?= $l_ldap_test_bind_ok ?></span>
-<dl>
+										<br>";
-  <dt>
+										<span style="color: red"><?= $l_ldap_test_dn_failed ?></span>
-    <label for="ldap_base_filter"><?php echo $l_ldap_base_filter_label; ?></label>
+								<?php elseif ($serverCheckResult === 2): ?>
-    <br>
+										<span style="color: green"><?= $l_ldap_test_bind_ok ?></span>
-    <?php echo $l_ldap_base_filter_text; ?></dt>
+										<br>";
-  <dd>
+										<span style="color: green"><?= $l_ldap_test_dn_ok ?></span>
-    <input id="ldap_base_filter" size="40" name="ldap_base_filter" value="<?php echo htmlspecialchars($ldap_base_filter); ?>">
+								<?php else: ?>
-  </dd>
+									<span><?= $l_ldap_error ?></span>
-</dl>
+								<?php endif ?>
-<dl>
+								<br><br>
-  <dt>
+							</div>
-    <label for="ldap_user"><?php echo $l_ldap_user_label; ?></label>
+						<?php endif ?>
-    <br>
+					</legend>
-    <?php echo $l_ldap_user_text; ?></dt>
+					<dl>
-  <dd>
+						<dt>
-    <input id="ldap_user" size="40" name="ldap_user" value="<?php echo htmlspecialchars($ldap_identity); ?>">
+							<label for="auth_enable"><?= $l_ldap_auth_enable_label ?></label>
-  </dd>
+						</dt>
-</dl>
+						<dd>
-<dl>
+							<select id="auth_enable" name="auth_enable" onchange="onLdapStatusChange();">
-  <dt>
+								<option value="1"<?= ($ldap_status)  ? ' selected="selected"' : '' ?>><?= $l_ldap_YES ?></option>
-    <label for="ldap_password"><?php echo $l_ldap_password_label; ?></label>
+								<option value="0"<?= (!$ldap_status) ? ' selected="selected"' : '' ?>><?= $l_ldap_NO ?></option>
-    <br>
+							</select>
-    <?php echo $l_ldap_password_text; ?></dt>
+						</dd>
-  <dd>
+					</dl>
-    <input id="ldap_password" type="password" size="40" name="ldap_password" value="<?php echo htmlspecialchars($ldap_password);?>">
+					<dl>
-  </dd>
+						<dt>
-</dl>
+							<label for="ldap_server"><?= $l_ldap_server_label ?></label><br>
-<p>
+							<?= $l_ldap_server_text ?>
-  <input id="submit" type="submit" value="<?php echo $l_ldap_submit; ?>" name="submit">
+						</dt>
+						<dd>
-  <input id="reset" type="reset" value="<?php echo $l_ldap_reset; ?>" name="reset">
+							<input id="ldap_server" size="40" name="ldap_server" value="<?= htmlspecialchars($ldap_server) ?>">
-</p>
+						</dd>
+					</dl>
-</fieldset>
+					<dl>
-</form>
+						<dt>
-<br>
+							<label for="ldap_dn"><?= $l_ldap_base_dn_label ?></label><br>
-</td></tr>
+							<?= $l_ldap_base_dn_text ?>
-</table>
+						</dt>
+						<dd>
+							<input id="ldap_dn" size="40" name="ldap_base_dn" value="<?= htmlspecialchars($ldap_basedn) ?>">
+						</dd>
+					</dl>
+					<dl>
+						<dt>
+							<label for="ldap_filter"><?= $l_ldap_filter_label ?></label><br>
+							<?= $l_ldap_filter_text ?>
+						</dt>
+						<dd>
+							<input id="ldap_filter" size="40" name="ldap_filter" value="<?= htmlspecialchars($ldap_filter) ?>">
+						</dd>
+					</dl>
+					<dl>
+						<dt>
+							<label for="ldap_base_filter"><?= $l_ldap_base_filter_label ?></label><br>
+							<?= $l_ldap_base_filter_text ?>
+						</dt>
+						<dd>
+							<input id="ldap_base_filter" size="40" name="ldap_base_filter" value="<?= htmlspecialchars($ldap_base_filter) ?>">
+						</dd>
+					</dl>
+					<dl>
+						<dt>
+							<label for="ldap_user"><?= $l_ldap_user_label ?></label><br>
+							<?= $l_ldap_user_text ?>
+						</dt>
+						<dd>
+							<input id="ldap_user" size="40" name="ldap_user" value="<?= htmlspecialchars($ldap_identity) ?>">
+						</dd>
+					</dl>
+					<dl>
+						<dt>
+							<label for="ldap_password"><?= $l_ldap_password_label ?></label><br>
+							<?= $l_ldap_password_text ?>
+						</dt>
+						<dd>
+							<input id="ldap_password" type="password" size="40" name="ldap_password" value="<?= htmlspecialchars($ldap_password) ?>">
+						</dd>
+					</dl>
+					<p>
+						<input id="submit" type="submit" value="<?= $l_ldap_submit ?>" name="submit">
+						<input id="reset" type="reset" value="<?= $l_ldap_reset ?>" name="reset">
+					</p>
+				</fieldset>
+			</form>
+		</div>
+	</div>
 </body>
 </html>

Subversion Repositories ALCASAR

(root)//web/acc/admin/ldap.php – Rev 2446 → 2449