Merge branch 'develop' into webauthn
This commit is contained in:
Roland Gruber
commit
0ed0d17676
|
|
@ -36,12 +36,15 @@ files=`ls -a *.jpg`
|
|||
for file in $files; do
|
||||
cp $file /var/lib/ldap-account-manager/config/templates/pdf/logos/$file
|
||||
done
|
||||
if [ ! -h /usr/share/ldap-account-manager/config ]; then\
|
||||
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config; fi
|
||||
if [ ! -h /usr/share/ldap-account-manager/sess ]; then\
|
||||
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess; fi
|
||||
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then\
|
||||
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp; fi
|
||||
if [ ! -h /usr/share/ldap-account-manager/config ]; then
|
||||
ln -s /var/lib/ldap-account-manager/config /usr/share/ldap-account-manager/config
|
||||
fi
|
||||
if [ ! -h /usr/share/ldap-account-manager/sess ]; then
|
||||
ln -s /var/lib/ldap-account-manager/sess /usr/share/ldap-account-manager/sess
|
||||
fi
|
||||
if [ ! -h /usr/share/ldap-account-manager/tmp ]; then
|
||||
ln -s /var/lib/ldap-account-manager/tmp /usr/share/ldap-account-manager/tmp
|
||||
fi
|
||||
chown www-data /etc/ldap-account-manager/config.cfg
|
||||
chmod 600 /etc/ldap-account-manager/config.cfg
|
||||
chown www-data /var/lib/ldap-account-manager/sess
|
||||
|
|
@ -51,9 +54,14 @@ chown www-data /var/lib/ldap-account-manager/tmp/internal
|
|||
chmod 700 /var/lib/ldap-account-manager/tmp
|
||||
chown -R www-data /var/lib/ldap-account-manager/config
|
||||
chmod 700 /var/lib/ldap-account-manager/config
|
||||
if [ ! -f /var/lib/ldap-account-manager/config/lam.conf ]; \
|
||||
then cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf; \
|
||||
chown www-data /var/lib/ldap-account-manager/config/lam.conf; fi
|
||||
set +e
|
||||
ls -l /var/lib/ldap-account-manager/config/*.conf &> /dev/null
|
||||
cfgFilesExist=$?
|
||||
set -e
|
||||
if [ $cfgFilesExist -ne 0 ]; then
|
||||
cp /var/lib/ldap-account-manager/config/unix.conf.sample /var/lib/ldap-account-manager/config/lam.conf
|
||||
chown www-data /var/lib/ldap-account-manager/config/lam.conf
|
||||
fi
|
||||
chmod 600 /var/lib/ldap-account-manager/config/*.conf
|
||||
if [ "$1" = "configure" ]; then
|
||||
db_get "ldap-account-manager/alias"
|
||||
|
|
|
|||
|
|
@ -14,3 +14,4 @@ for phpThirdPartyLib in $phpThirdPartyLibs; do
|
|||
fi
|
||||
done
|
||||
|
||||
#DEBHELPER#
|
||||
|
|
|
|||
|
|
@ -1,3 +1,9 @@
|
|||
#
|
||||
# LAM setup
|
||||
#
|
||||
# skip LAM preconfiguration (lam.conf + config.cfg), values: (true/false)
|
||||
# If set to false the other variables below have no effect.
|
||||
LAM_SKIP_PRECONFIGURE=false
|
||||
# domain of LDAP database root entry, will be converted to dc=...,dc=...
|
||||
LDAP_DOMAIN=my-domain.com
|
||||
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
|
||||
|
|
@ -6,13 +12,17 @@ LDAP_BASE_DN=dc=my-domain,dc=com
|
|||
LDAP_SERVER=ldap://ldap:389
|
||||
# LDAP admin user (set as login user for LAM)
|
||||
LDAP_USER=cn=admin,dc=my-domain,dc=com
|
||||
# LDAP admin password
|
||||
LDAP_ADMIN_PASSWORD=adminpw
|
||||
|
||||
# default language, e.g. en_US, de_DE, fr_FR, ...
|
||||
LAM_LANG=en_US
|
||||
# LAM configuration master password and password for server profile "lam"
|
||||
LAM_PASSWORD=lam
|
||||
|
||||
# docker-compose only, LDAP organisation name for OpenLDAP
|
||||
#
|
||||
# docker-compose only, LDAP server setup
|
||||
#
|
||||
# LDAP organisation name for OpenLDAP
|
||||
LDAP_ORGANISATION="LDAP Account Manager Demo"
|
||||
# docker-compose only, password for LDAP read-only user
|
||||
# LDAP admin password
|
||||
LDAP_ADMIN_PASSWORD=adminpw
|
||||
# password for LDAP read-only user
|
||||
LDAP_READONLY_USER_PASSWORD=readonlypw
|
||||
|
|
|
|||
|
|
@ -23,28 +23,33 @@
|
|||
set -eu # unset variables are errors & non-zero return values exit the whole script
|
||||
[ "$DEBUG" ] && set -x
|
||||
|
||||
LAM_LANG="${LAM_LANG:-en_US}"
|
||||
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
|
||||
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
|
||||
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
|
||||
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
|
||||
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
|
||||
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
|
||||
LAM_SKIP_PRECONFIGURE="${LAM_SKIP_PRECONFIGURE:-false}"
|
||||
if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
|
||||
|
||||
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
|
||||
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
|
||||
EOF
|
||||
unset LAM_PASSWORD
|
||||
LAM_LANG="${LAM_LANG:-en_US}"
|
||||
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
|
||||
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
|
||||
LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
|
||||
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
|
||||
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
|
||||
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
|
||||
|
||||
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
|
||||
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
|
||||
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
|
||||
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
|
||||
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
|
||||
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
|
||||
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
|
||||
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
|
||||
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
|
||||
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
|
||||
EOF
|
||||
unset LAM_PASSWORD
|
||||
|
||||
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
|
||||
s|^ServerURL:.*|ServerURL: ${LDAP_SERVER}|;
|
||||
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
|
||||
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
|
||||
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
|
||||
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
|
||||
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
|
||||
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
echo "Starting Apache"
|
||||
rm -f /run/apache2/apache2.pid
|
||||
|
|
|
|||
|
|
@ -66,7 +66,9 @@ class windowsHost extends baseModule {
|
|||
// managed object classes
|
||||
$return['objectClasses'] = array('computer', 'securityPrincipal');
|
||||
// managed attributes
|
||||
$return['attributes'] = array('cn', 'description', 'location', 'sAMAccountName', 'managedBy', 'operatingSystem', 'operatingSystemVersion', 'dNSHostName');
|
||||
$return['attributes'] = array('cn', 'description', 'location', 'sAMAccountName', 'managedBy',
|
||||
'operatingSystem', 'operatingSystemVersion', 'dNSHostName', 'pwdLastSet', 'lastLogonTimestamp',
|
||||
'logonCount');
|
||||
// help Entries
|
||||
$return['help'] = array(
|
||||
'cn' => array(
|
||||
|
|
@ -85,6 +87,18 @@ class windowsHost extends baseModule {
|
|||
"Headline" => _('Managed by'), 'attr' => 'managedBy',
|
||||
"Text" => _('The host is managed by this contact person.')
|
||||
),
|
||||
'pwdLastSet' => array(
|
||||
"Headline" => _('Last password change'), 'attr' => 'pwdLastSet',
|
||||
"Text" => _('Time of user\'s last password change.')
|
||||
),
|
||||
'lastLogonTimestamp' => array(
|
||||
"Headline" => _('Last login'), 'attr' => 'lastLogonTimestamp',
|
||||
"Text" => _('Time of user\'s last login.')
|
||||
),
|
||||
'logonCount' => array(
|
||||
"Headline" => _('Logon count'), 'attr' => 'logonCount',
|
||||
"Text" => _('This is the number of logins using this account.')
|
||||
),
|
||||
);
|
||||
// upload fields
|
||||
$return['upload_columns'] = array(
|
||||
|
|
@ -141,6 +155,33 @@ class windowsHost extends baseModule {
|
|||
$this->addSimpleInputTextField($container, 'cn', _('Host name'), true);
|
||||
$this->addSimpleInputTextField($container, 'description', _('Description'), false);
|
||||
$this->addSimpleInputTextField($container, 'location', _('Location'), false);
|
||||
// last password change
|
||||
if (!empty($this->attributes['pwdLastSet'])) {
|
||||
$container->addLabel(new htmlOutputText(_('Last password change')));
|
||||
$pwdLastSetGroup = new htmlGroup();
|
||||
$pwdLastSetGroup->addElement(new htmlOutputText($this->formatFileTime($this->attributes['pwdLastSet'][0])));
|
||||
$pwdLastSetGroup->addElement(new htmlSpacer('0.5rem', null));
|
||||
$pwdLastSetGroup->addElement(new htmlHelpLink('pwdLastSet'));
|
||||
$container->addField($pwdLastSetGroup);
|
||||
}
|
||||
// last login
|
||||
if (!empty($this->attributes['lastLogonTimestamp'])) {
|
||||
$container->addLabel(new htmlOutputText(_('Last login')));
|
||||
$lastLogonTimestampGroup = new htmlGroup();
|
||||
$lastLogonTimestampGroup->addElement(new htmlOutputText($this->formatFileTime($this->attributes['lastLogonTimestamp'][0])));
|
||||
$lastLogonTimestampGroup->addElement(new htmlSpacer('0.5rem', null));
|
||||
$lastLogonTimestampGroup->addElement(new htmlHelpLink('lastLogonTimestamp'));
|
||||
$container->addField($lastLogonTimestampGroup);
|
||||
}
|
||||
// logon count
|
||||
if (!empty($this->attributes['logonCount'])) {
|
||||
$container->addLabel(new htmlOutputText(_('Logon count')));
|
||||
$logonCountGroup = new htmlGroup();
|
||||
$logonCountGroup->addElement(new htmlOutputText($this->attributes['logonCount'][0]));
|
||||
$logonCountGroup->addElement(new htmlSpacer('0.5rem', null));
|
||||
$logonCountGroup->addElement(new htmlHelpLink('logonCount'));
|
||||
$container->addField($logonCountGroup);
|
||||
}
|
||||
// managed by
|
||||
$container->addLabel(new htmlOutputText(_('Managed by')));
|
||||
$managedBy = '-';
|
||||
|
|
@ -296,6 +337,23 @@ class windowsHost extends baseModule {
|
|||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Formats a value in file time (100 ns since 1601-01-01).
|
||||
*
|
||||
* @param integer $value time value
|
||||
* @return String formatted value
|
||||
*/
|
||||
private function formatFileTime($value) {
|
||||
if (empty($value) || ($value == '-1')) {
|
||||
return '';
|
||||
}
|
||||
$seconds = substr($value, 0, -7);
|
||||
$time = new DateTime('1601-01-01', new DateTimeZone('UTC'));
|
||||
$time->add(new DateInterval('PT' . $seconds . 'S'));
|
||||
$time->setTimezone(getTimeZone());
|
||||
return $time->format('Y-m-d H:i:s');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Binary file not shown.
File diff suppressed because it is too large
Load Diff
Binary file not shown.
File diff suppressed because it is too large
Load Diff
Binary file not shown.
File diff suppressed because it is too large
Load Diff
|
|
@ -45,6 +45,10 @@ printHeaderContents(_("Configuration overview"), '../..');
|
|||
?>
|
||||
</head>
|
||||
<body class="admin">
|
||||
<?php
|
||||
// include all JavaScript files
|
||||
printJsIncludes('../..');
|
||||
?>
|
||||
<table class="lamTop ui-corner-all">
|
||||
<tr>
|
||||
<td align="left">
|
||||
|
|
|
|||
Loading…
Reference in New Issue