WebSVN – ALCASAR – Diff – //web/acc/admin/ldap.php



<?php
# $Id: ldap.php 2461 2017-12-14 23:01:41Z richard $
 
/* written by steweb57, Rexy & Tom HOUDAYER */
/****************************************************************
*			GLOBAL FILE PATHS			*
*****************************************************************/

	$l_ldap_base_filter_text	= "Vous pouvez limiter les objets recherchés avec des filtres additionnels.<br> Exemple 'objectClass=posixGroup' ajouterait le filtre '(&amp;(uid=username)(objectClass=posixGroup))'";
	$l_ldap_user_label		= "CN de l'utilisateur exploité par ALCASAR:";
	$l_ldap_user_text		= "CN=Common Name. Laissez vide pour utiliser un accès invité (ou anonyme). Obligatoire sur un AD.<br> - Exemple LDAP : 'uid=username,ou=my_lan,o=mycompany,c=FR'.<br> - Exemple AD : 'username' ou 'cn=username,cn=Users,dc=server_name,dc=localdomain'";
	$l_ldap_password_label		= "Mot de passe:";
	$l_ldap_password_text		= "Laissez vide pour un accès invité (ou anonyme). Obligatoire sur un AD.";
	$l_ldap_submit			= "Enregistrer";
	$l_ldap_test_service_failed	= "Service LDAP injoignable sur ce serveur (vérifiez l'@IP).";
	$l_ldap_test_service_ok		= "Un port 389 est actif sur ce serveur";
	$l_ldap_test_connection_failed	= "Connexion LDAP impossible (vérifiez le service LDAP sur ce serveur)";
	$l_ldap_test_connection_ok	= "Une connexion LDAP a été établie";
	$l_ldap_test_bind_failed	= "Echec d'authentification (vérifiez l'utilisateur et le mot de passe)";
	$l_ldap_test_bind_ok		= "L'authentification a réussie";
	$l_ldap_test_dn_failed		= "Le DN de la base semble incorrect (vérifiez le)";
	$l_ldap_test_dn_ok		= "Le DN de la base semble correct";
	$l_ldap_error			= "erreur LDAP";
	$l_ldap_entries			= "entrées dans la base";
	$l_check				= "Vérifier cette configuration";
} else {				// English
	$l_ldap_update			= "LDAP settings updated";
	$l_ldap_title			= "External authentication : LDAP";
	$l_ldap_legend			= "LDAP authentication";
	$l_ldap_auth_enable_label	= "Edit the LDAP configuration :";

	$l_ldap_base_filter_text	= "You can further limit the searched objects with additional filters.<br> For example 'objectClass=posixGroup' would result in the use of '(&amp;(uid=username)(objectClass=posixGroup))'";
	$l_ldap_user_label		= "CN of the user operated by ALCASAR:";
	$l_ldap_user_text		= "CN=Common Name. Leave blank to use anonymous binding. Mandatory for AD.<br> e.g. LDAP :'uid=Username,ou=my_lan,o=mycompany,c=US'.<br> e.g. AD : 'username' or 'cn=username,cn=Users,dc=server_name,dc=localdomain'";
	$l_ldap_password_label		= "Password:";
	$l_ldap_password_text		= "Leave blank to use anonymous binding. Mandatory for AD.";
	$l_ldap_submit			= "Save";
	$l_ldap_test_service_failed	= "LDAP service is not reachable on that server (check IP)";
	$l_ldap_test_service_ok		= "A port 389 is open on this server";
	$l_ldap_test_connection_failed	= "LDAP connexion failed (check the LDAP service on this server)";
	$l_ldap_test_connection_ok	= "A LDAP connexion is established";
	$l_ldap_test_bind_failed	= "LDAP authentication failed (check the LDAP user and password)";
	$l_ldap_test_bind_ok		= "Successful authentication";
	$l_ldap_test_dn_failed          = "DN of the base seems to be wrong (check it)";
	$l_ldap_test_dn_ok              = "DN of the base seems to be ok";
	$l_ldap_error			= "LDAP error";
	$l_ldap_entries			= "entries in the base";
	$l_check				= "Check this config";
}
 
 
function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_uid, $f_ldap_port = 389) {
	// Socket to the LDAP port of the server

			exec('sed -i '.escapeshellarg("s/^LDAP_UID=.*/LDAP_UID=$ldap_uid/g").' '.CONF_FILE);
			exec('sed -i '.escapeshellarg("s/^LDAP_FILTER=.*/LDAP_FILTER=$ldap_base_filter/g").' '.CONF_FILE);
			exec('sed -i '.escapeshellarg("s/^LDAP_USER=.*/LDAP_USER=$ldap_user/g").' '.CONF_FILE);
			exec('sed -i '.escapeshellarg("s/^LDAP_PASSWORD=.*/LDAP_PASSWORD=$ldap_password/g").' '.CONF_FILE);
			exec('sudo /usr/local/bin/alcasar-ldap.sh --on');
 
			$messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>';
		}
	} else {
		exec('sed -i "s/^LDAP=.*/LDAP=off/g" '.CONF_FILE);
		exec('sudo /usr/local/bin/alcasar-ldap.sh --off');
 
		$messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>';
	}
 
	// Reload configuration
	$file_conf = fopen(CONF_FILE, 'r');

						<dd>
							<input id="ldap_password" type="password" size="40" name="ldap_password" value="<?= htmlspecialchars($ldap_password) ?>" oninput="onLdapStatusChange();">
						</dd>
					</dl>
					<p>
						<button id="btn-checkconf" onclick="checkConfig(); return false;"><?= $l_check ?></button>
						<input id="submit" type="submit" value="<?= $l_ldap_submit ?>" name="submit" title="<?= 'You need to check before submit'  /* TODO: need to translate */ ?>">
					</p>
				</fieldset>
			</form>
		</div>

Subversion Repositories ALCASAR

(root)//web/acc/admin/ldap.php – Rev 2460 → 2461

Rev 2460		Rev 2461
Line 1...		Line 1...
1	`<?php`	1	`<?php`
2	`# $Id: ldap.php 2460 2017-12-13 17:53:06Z tom.houdayer $`	2	`# $Id: ldap.php 2461 2017-12-14 23:01:41Z richard $`
3		3
4	`/* written by steweb57, Rexy & Tom HOUDAYER */`	4	`/* written by steweb57, Rexy & Tom HOUDAYER */`
5	`/****************************************************************`	5	`/****************************************************************`
6	`* GLOBAL FILE PATHS *`	6	`* GLOBAL FILE PATHS *`
7	`*****************************************************************/`	7	`*****************************************************************/`
Line 61...		Line 61...
61	`$l_ldap_base_filter_text = "Vous pouvez limiter les objets recherchés avec des filtres additionnels.<br> Exemple 'objectClass=posixGroup' ajouterait le filtre '(&(uid=username)(objectClass=posixGroup))'";`	61	`$l_ldap_base_filter_text = "Vous pouvez limiter les objets recherchés avec des filtres additionnels.<br> Exemple 'objectClass=posixGroup' ajouterait le filtre '(&(uid=username)(objectClass=posixGroup))'";`
62	`$l_ldap_user_label = "CN de l'utilisateur exploité par ALCASAR:";`	62	`$l_ldap_user_label = "CN de l'utilisateur exploité par ALCASAR:";`
63	`$l_ldap_user_text = "CN=Common Name. Laissez vide pour utiliser un accès invité (ou anonyme). Obligatoire sur un AD.<br> - Exemple LDAP : 'uid=username,ou=my_lan,o=mycompany,c=FR'.<br> - Exemple AD : 'username' ou 'cn=username,cn=Users,dc=server_name,dc=localdomain'";`	63	`$l_ldap_user_text = "CN=Common Name. Laissez vide pour utiliser un accès invité (ou anonyme). Obligatoire sur un AD.<br> - Exemple LDAP : 'uid=username,ou=my_lan,o=mycompany,c=FR'.<br> - Exemple AD : 'username' ou 'cn=username,cn=Users,dc=server_name,dc=localdomain'";`
64	`$l_ldap_password_label = "Mot de passe:";`	64	`$l_ldap_password_label = "Mot de passe:";`
65	`$l_ldap_password_text = "Laissez vide pour un accès invité (ou anonyme). Obligatoire sur un AD.";`	65	`$l_ldap_password_text = "Laissez vide pour un accès invité (ou anonyme). Obligatoire sur un AD.";`
66	`$l_ldap_submit = "Enregistrer et vérifier";`	66	`$l_ldap_submit = "Enregistrer";`
67	`$l_ldap_test_service_failed = "Service LDAP injoignable sur ce serveur (vérifiez l'@IP).";`	67	`$l_ldap_test_service_failed = "Service LDAP injoignable sur ce serveur (vérifiez l'@IP).";`
68	`$l_ldap_test_service_ok = "Un port 389 est actif sur ce serveur";`	68	`$l_ldap_test_service_ok = "Un port 389 est actif sur ce serveur";`
69	`$l_ldap_test_connection_failed = "Connexion LDAP impossible (vérifiez le service LDAP sur ce serveur)";`	69	`$l_ldap_test_connection_failed = "Connexion LDAP impossible (vérifiez le service LDAP sur ce serveur)";`
70	`$l_ldap_test_connection_ok = "Une connexion LDAP a été établie";`	70	`$l_ldap_test_connection_ok = "Une connexion LDAP a été établie";`
71	`$l_ldap_test_bind_failed = "Echec d'authentification (vérifiez l'utilisateur et le mot de passe)";`	71	`$l_ldap_test_bind_failed = "Echec d'authentification (vérifiez l'utilisateur et le mot de passe)";`
72	`$l_ldap_test_bind_ok = "L'authentification a réussie";`	72	`$l_ldap_test_bind_ok = "L'authentification a réussie";`
73	`$l_ldap_test_dn_failed = "Le DN de la base semble incorrect (vérifiez le)";`	73	`$l_ldap_test_dn_failed = "Le DN de la base semble incorrect (vérifiez le)";`
74	`$l_ldap_test_dn_ok = "Le DN de la base semble correct";`	74	`$l_ldap_test_dn_ok = "Le DN de la base semble correct";`
75	`$l_ldap_error = "erreur LDAP";`	75	`$l_ldap_error = "erreur LDAP";`
76	`$l_ldap_entries = "entrées dans la base";`	76	`$l_ldap_entries = "entrées dans la base";`
77	`$l_ldap_push_config = "Activer cette configuration";`	77	`$l_check = "Vérifier cette configuration";`
78	`} else { // English`	78	`} else { // English`
79	`$l_ldap_update = "LDAP settings updated";`	79	`$l_ldap_update = "LDAP settings updated";`
80	`$l_ldap_title = "External authentication : LDAP";`	80	`$l_ldap_title = "External authentication : LDAP";`
81	`$l_ldap_legend = "LDAP authentication";`	81	`$l_ldap_legend = "LDAP authentication";`
82	`$l_ldap_auth_enable_label = "Edit the LDAP configuration :";`	82	`$l_ldap_auth_enable_label = "Edit the LDAP configuration :";`
Line 92...		Line 92...
92	`$l_ldap_base_filter_text = "You can further limit the searched objects with additional filters.<br> For example 'objectClass=posixGroup' would result in the use of '(&(uid=username)(objectClass=posixGroup))'";`	92	`$l_ldap_base_filter_text = "You can further limit the searched objects with additional filters.<br> For example 'objectClass=posixGroup' would result in the use of '(&(uid=username)(objectClass=posixGroup))'";`
93	`$l_ldap_user_label = "CN of the user operated by ALCASAR:";`	93	`$l_ldap_user_label = "CN of the user operated by ALCASAR:";`
94	`$l_ldap_user_text = "CN=Common Name. Leave blank to use anonymous binding. Mandatory for AD.<br> e.g. LDAP :'uid=Username,ou=my_lan,o=mycompany,c=US'.<br> e.g. AD : 'username' or 'cn=username,cn=Users,dc=server_name,dc=localdomain'";`	94	`$l_ldap_user_text = "CN=Common Name. Leave blank to use anonymous binding. Mandatory for AD.<br> e.g. LDAP :'uid=Username,ou=my_lan,o=mycompany,c=US'.<br> e.g. AD : 'username' or 'cn=username,cn=Users,dc=server_name,dc=localdomain'";`
95	`$l_ldap_password_label = "Password:";`	95	`$l_ldap_password_label = "Password:";`
96	`$l_ldap_password_text = "Leave blank to use anonymous binding. Mandatory for AD.";`	96	`$l_ldap_password_text = "Leave blank to use anonymous binding. Mandatory for AD.";`
97	`$l_ldap_submit = "Save & Check";`	97	`$l_ldap_submit = "Save";`
98	`$l_ldap_test_service_failed = "LDAP service is not reachable on that server (check IP)";`	98	`$l_ldap_test_service_failed = "LDAP service is not reachable on that server (check IP)";`
99	`$l_ldap_test_service_ok = "A port 389 is open on this server";`	99	`$l_ldap_test_service_ok = "A port 389 is open on this server";`
100	`$l_ldap_test_connection_failed = "LDAP connexion failed (check the LDAP service on this server)";`	100	`$l_ldap_test_connection_failed = "LDAP connexion failed (check the LDAP service on this server)";`
101	`$l_ldap_test_connection_ok = "A LDAP connexion is established";`	101	`$l_ldap_test_connection_ok = "A LDAP connexion is established";`
102	`$l_ldap_test_bind_failed = "LDAP authentication failed (check the LDAP user and password)";`	102	`$l_ldap_test_bind_failed = "LDAP authentication failed (check the LDAP user and password)";`
103	`$l_ldap_test_bind_ok = "Successful authentication";`	103	`$l_ldap_test_bind_ok = "Successful authentication";`
104	`$l_ldap_test_dn_failed = "DN of the base seems to be wrong (check it)";`	104	`$l_ldap_test_dn_failed = "DN of the base seems to be wrong (check it)";`
105	`$l_ldap_test_dn_ok = "DN of the base seems to be ok";`	105	`$l_ldap_test_dn_ok = "DN of the base seems to be ok";`
106	`$l_ldap_error = "LDAP error";`	106	`$l_ldap_error = "LDAP error";`
107	`$l_ldap_entries = "entries in the base";`	107	`$l_ldap_entries = "entries in the base";`
108	`$l_ldap_push_config = "Activate this configuration";`	108	`$l_check = "Check this config";`
109	`}`	109	`}`
110		110
111		111
112	`function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_uid, $f_ldap_port = 389) {`	112	`function ldap_checkServerConfig($f_ldap_server, $f_ldap_identity, $f_ldap_password, $f_ldap_basedn, $f_ldap_uid, $f_ldap_port = 389) {`
113	`// Socket to the LDAP port of the server`	113	`// Socket to the LDAP port of the server`
Line 182...		Line 182...
182	`exec('sed -i '.escapeshellarg("s/^LDAP_UID=.*/LDAP_UID=$ldap_uid/g").' '.CONF_FILE);`	182	`exec('sed -i '.escapeshellarg("s/^LDAP_UID=.*/LDAP_UID=$ldap_uid/g").' '.CONF_FILE);`
183	`exec('sed -i '.escapeshellarg("s/^LDAP_FILTER=.*/LDAP_FILTER=$ldap_base_filter/g").' '.CONF_FILE);`	183	`exec('sed -i '.escapeshellarg("s/^LDAP_FILTER=.*/LDAP_FILTER=$ldap_base_filter/g").' '.CONF_FILE);`
184	`exec('sed -i '.escapeshellarg("s/^LDAP_USER=.*/LDAP_USER=$ldap_user/g").' '.CONF_FILE);`	184	`exec('sed -i '.escapeshellarg("s/^LDAP_USER=.*/LDAP_USER=$ldap_user/g").' '.CONF_FILE);`
185	`exec('sed -i '.escapeshellarg("s/^LDAP_PASSWORD=.*/LDAP_PASSWORD=$ldap_password/g").' '.CONF_FILE);`	185	`exec('sed -i '.escapeshellarg("s/^LDAP_PASSWORD=.*/LDAP_PASSWORD=$ldap_password/g").' '.CONF_FILE);`
186	`exec('sudo /usr/local/bin/alcasar-ldap.sh --on');`	186	`exec('sudo /usr/local/bin/alcasar-ldap.sh --on');`
187		-
188	`$messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>';`	187	`$messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>';`
189	`}`	188	`}`
190	`} else {`	189	`} else {`
191	`exec('sed -i "s/^LDAP=.*/LDAP=off/g" '.CONF_FILE);`	190	`exec('sed -i "s/^LDAP=.*/LDAP=off/g" '.CONF_FILE);`
192	`exec('sudo /usr/local/bin/alcasar-ldap.sh --off');`	191	`exec('sudo /usr/local/bin/alcasar-ldap.sh --off');`
193		-
194	`$messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>';`	192	`$messages .= '<span style="font-weight: bold; color: green;">'.$l_ldap_update.'</span><br>';`
195	`}`	193	`}`
196		194
197	`// Reload configuration`	195	`// Reload configuration`
198	`$file_conf = fopen(CONF_FILE, 'r');`	196	`$file_conf = fopen(CONF_FILE, 'r');`
Line 462...		Line 460...
462	`<dd>`	460	`<dd>`
463	`<input id="ldap_password" type="password" size="40" name="ldap_password" value="<?= htmlspecialchars($ldap_password) ?>" oninput="onLdapStatusChange();">`	461	`<input id="ldap_password" type="password" size="40" name="ldap_password" value="<?= htmlspecialchars($ldap_password) ?>" oninput="onLdapStatusChange();">`
464	`</dd>`	462	`</dd>`
465	`</dl>`	463	`</dl>`
466	`<p>`	464	`<p>`
467	`<button id="btn-checkconf" onclick="checkConfig(); return false;"><?= 'Check' /* TODO: need to translate */ ?></button>`	465	`<button id="btn-checkconf" onclick="checkConfig(); return false;"><?= $l_check ?></button>`
468	`<input id="submit" type="submit" value="<?= $l_ldap_submit ?>" name="submit" title="<?= 'You need to check before submit' /* TODO: need to translate */ ?>">`	466	`<input id="submit" type="submit" value="<?= $l_ldap_submit ?>" name="submit" title="<?= 'You need to check before submit' /* TODO: need to translate */ ?>">`
469	`</p>`	467	`</p>`
470	`</fieldset>`	468	`</fieldset>`
471	`</form>`	469	`</form>`
472	`</div>`	470	`</div>`