diff --git a/lam/help/help.inc b/lam/help/help.inc
index 1b598482..88dc4218 100644
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@@ -52,9 +52,9 @@ $helpArray = array (
// configuration wizard
// configuration login
// config profile management
- "200" => array ("Headline" => _("Configuration wizard") . " - " . _("Login"),
+ "200" => array ("Headline" => _("Login"),
"Text" => _("Please enter the configuration password. This is NOT your LDAP password. It is stored in your .conf-file. If this is the first time you log in, enter \"lam\".")),
- "201" => array ("Headline" => _("Configuration wizard") . " - " . _("Server address"),
+ "201" => array ("Headline" => _("Server address"),
"Text" => _("This is the server address of your LDAP server. Use ldap:// for standard LDAP connections and ldaps:// for encrypted (require server certificates) connections. The port value is optional.") .
"
" .
_("Examples") .
@@ -66,51 +66,55 @@ $helpArray = array (
_("Note") .
":
" .
_("When using ldaps:// be sure to use exactly the same IP/domain name as in your certificate!")),
- "202" => array ("Headline" => _("Configuration wizard") . " - " . _("LDAP suffix"),
+ "202" => array ("Headline" => _("LDAP suffix"),
"Text" => _("This is the suffix of the LDAP tree from where to search for LDAP entries. Only entries in this subtree will be displayed in the account list. When creating a new accont this will be the DN where it is saved.") .
"
".
_("Example").
":
".
_("ou=People,dc=yourcompany,dc=com will read and store all accounts in this subtree.")),
- "203" => array ("Headline" => _("Configuration wizard") . " - " . _("Tree suffix"),
+ "203" => array ("Headline" => _("Tree suffix"),
"Text" => _("This is the suffix for the LDAP tree viewer.") .
"
".
_("Example").
":
".
_("dc=yourcompany,dc=com")),
- "206" => array ("Headline" => _("Configuration wizard") . " - " . _("List attributes"),
+ "206" => array ("Headline" => _("List attributes"),
"Text" => _("This is the list of attributes to show in the account list. The entries can either be predefined values, \"#attribute\", or individual ones, \"attribute:description\". Several entries are separated by semicolons.") .
"
" .
_("Example") . ": #homeDirectory;#uid;#uidNumber;#gidNumber;mail:Mail address
" .
"
" . _("Predefined values") . ":
" . $entry206Example),
- "207" => array ("Headline" => _("Configuration wizard") . " - " . _("Valid users"),
+ "207" => array ("Headline" => _("Valid users"),
"Text" => _("This is a list of valid DN entries of all users that are allowed to login to LDAP Account Manager. Please enter one DN per line.") .
"
" .
_("Example") .
": cn=admin,dc=yourdomain,dc=org;cn=manager,dc=yourdomain,dc=org"),
"208" => array ("Headline" => _("Maximum list entries"),
"Text" => _("This is the number of rows to show in the account list. If more entries are found the list will be split into several pages.")),
- "209" => array ("Headline" => _("Configuration wizard") . " - " . _("Default language"),
+ "209" => array ("Headline" => _("Default language"),
"Text" => _("This defines the language of the login window and sets this language as the default language. Users can change the language at login.")),
- "210" => array ("Headline" => _("Configuration wizard") . " - " . _("Script path"),
+ "210" => array ("Headline" => _("Script path"),
"Text" => _("This is the absolute path to an external script for setting quotas and creating home directories.")),
- "212" => array ("Headline" => _("Configuration wizard") . " - " . _("Change password"),
+ "212" => array ("Headline" => _("Change password"),
"Text" => _("If you want to change the current preferences password, please enter it here.")),
- "214" => array ("Headline" => _("Configuration wizard") . " - " . _("Cache timeout"),
+ "214" => array ("Headline" => _("Cache timeout"),
"Text" => _("This is the time in minutes which LAM caches its LDAP searches. Shorter times will stress LDAP more but decrease the possibility that changes are not identified.")),
- "215" => array ("Headline" => _("Configuration wizard") . " - " . _("Access level"),
+ "215" => array ("Headline" => _("Access level"),
"Text" => _("You can specify if LAM allows full write access, password changes or only read access.")),
- "216" => array ("Headline" => _("Configuration wizard") . " - " . _("Text for user PDF"),
+ "216" => array ("Headline" => _("Text for user PDF"),
"Text" => _("This text will appear on top of every user PDF file.")),
- "217" => array ("Headline" => _("Configuration wizard") . " - " . _("Account types and modules"),
+ "217" => array ("Headline" => _("Account types and modules"),
"Text" => _("Here you can select which plugins you want to use for account management.") . "
"
. _("Account types define which sorts of LDAP entries (e.g. users and groups) should be managed. The account modules define which properties (e.g. Unix and Samba) can be edited.")),
- "218" => array ("Headline" => _("Configuration wizard") . " - " . _("Script servers"),
+ "218" => array ("Headline" => _("Script servers"),
"Text" => _("This is a list of the servers where the lamdaemon scripts are stored. LDAP Account Manager will make a SSH connection to the servers with the user name and password provided at login. Multiple servers are separated by semicolons. You can append a descriptive name after a colon.") . "
"
. _("If your server runs on another port then add a comma and the port number after the server.") . "
"
. _("Example") . ": 127.0.0.1:LOCAL;192.168.0.2,12345:Servername;192.168.0.5"),
- "219" => array ("Headline" => _("Configuration wizard") . " - " . _("Rights for the home directory"),
+ "219" => array ("Headline" => _("Rights for the home directory"),
"Text" => _("This defines the rights for the home directories which are created by lamdaemon.")),
+ "220" => array ("Headline" => _("Login method"),
+ "Text" => _("The number of users who may login to LAM is restricted. This can be either a fixed list of DNs or LAM can search LDAP to find a DN which matches the given user name.")),
+ "221" => array ("Headline" => _("LDAP search"),
+ "Text" => _("Please enter the LDAP suffix where LAM should start to search for users. The LDAP filter needs to match the given user name to exactly one DN. The value \"%USER%\" will be replaced by the user name from the login page.")),
"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),
@@ -125,7 +129,7 @@ $helpArray = array (
"Text" => _("If you want to change your master configuration password, please enter it here.")),
"236" => array ("Headline" => _("Master password"),
"Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
- "237" => array ("Headline" => _("Configuration wizard") . " - " . _("Base module"),
+ "237" => array ("Headline" => _("Base module"),
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
"238" => array ("Headline" => _("Session timeout"),
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
diff --git a/lam/lib/config.inc b/lam/lib/config.inc
index 0bab5666..091dceba 100644
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
- Copyright (C) 2003 - 2007 Roland Gruber
+ Copyright (C) 2003 - 2009 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -163,9 +163,14 @@ function metaRefresh($page) {
*/
class LAMConfig {
+ /* access levels */
const ACCESS_ALL = 100;
const ACCESS_PASSWORD_CHANGE = 20;
const ACCESS_READ_ONLY = 0;
+
+ /* login method: predefined list or LDAP search */
+ const LOGIN_LIST = 'list';
+ const LOGIN_SEARCH = 'search';
/** Server address (e.g. ldap://127.0.0.1:389) */
private $ServerURL;
@@ -218,12 +223,23 @@ class LAMConfig {
/** Name of configuration file */
private $file;
- private $accessLevel = 100;
+ /** access level */
+ private $accessLevel = LAMconfig::ACCESS_ALL;
+
+ /** login method */
+ private $loginMethod = LAMconfig::LOGIN_LIST;
+
+ /** search suffix for login */
+ private $loginSearchSuffix = 'dc=yourdomain,dc=org';
+
+ /** search filter for login */
+ private $loginSearchFilter = 'uid=%USER%';
/** List of all settings in config file */
private $settings = array("ServerURL", "Passwd", "Admins", "treesuffix",
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
- "modules", "activeTypes", "types", "accessLevel");
+ "modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix',
+ 'loginSearchFilter');
/**
@@ -367,6 +383,9 @@ class LAMConfig {
if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n");
if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n");
if (!in_array("accessLevel", $saved)) array_push($file_array, "\n\n# Access level for this profile.\n" . "accessLevel: " . $this->accessLevel . "\n");
+ if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n");
+ if (!in_array("loginSearchSuffix", $saved)) array_push($file_array, "\n\n# Search suffix for LAM login.\n" . "loginSearchSuffix: " . $this->loginSearchSuffix . "\n");
+ if (!in_array("loginSearchFilter", $saved)) array_push($file_array, "\n\n# Search filter for LAM login.\n" . "loginSearchFilter: " . $this->loginSearchFilter . "\n");
// check if all module settings were added
$m_settings = array_keys($this->moduleSettings);
for ($i = 0; $i < sizeof($m_settings); $i++) {
@@ -870,6 +889,62 @@ class LAMConfig {
public function setAccessLevel($level) {
$this->accessLevel = $level;
}
+
+ /**
+ * Returns the login method.
+ *
+ * @return String login method
+ * @see LAMconfig::LOGIN_LIST
+ * @see LAMconfig::LOGIN_SEARCH
+ */
+ public function getLoginMethod() {
+ return $this->loginMethod;
+ }
+
+ /**
+ * Sets the login method.
+ *
+ * @param String $loginMethod
+ */
+ public function setLoginMethod($loginMethod) {
+ $this->loginMethod = $loginMethod;
+ }
+
+ /**
+ * Returns the login search filter.
+ *
+ * @return String search filter
+ */
+ public function getLoginSearchFilter() {
+ return $this->loginSearchFilter;
+ }
+
+ /**
+ * Sets the login search filter.
+ *
+ * @param String $loginSearchFilter search filter
+ */
+ public function setLoginSearchFilter($loginSearchFilter) {
+ $this->loginSearchFilter = $loginSearchFilter;
+ }
+
+ /**
+ * Returns the login search suffix.
+ *
+ * @return String suffix
+ */
+ public function getLoginSearchSuffix() {
+ return $this->loginSearchSuffix;
+ }
+
+ /**
+ * Sets the login search suffix.
+ *
+ * @param String $loginSearchSuffix suffix
+ */
+ public function setLoginSearchSuffix($loginSearchSuffix) {
+ $this->loginSearchSuffix = $loginSearchSuffix;
+ }
}
diff --git a/lam/templates/config/config.js b/lam/templates/config/config.js
new file mode 100644
index 00000000..d8381361
--- /dev/null
+++ b/lam/templates/config/config.js
@@ -0,0 +1,43 @@
+/**
+
+$Id$
+
+ This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
+ Copyright (C) 2009 Roland Gruber
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+*/
+
+/**
+ * The following functions are used for the LAM configuration wizard.
+ */
+
+/**
+ * Hides/unhides input fields for the login method.
+ */
+function configLoginMethodChanged() {
+ selectLoginMethod = document.getElementsByName('loginMethod')[0];
+ if ( selectLoginMethod.options[selectLoginMethod.selectedIndex].value == 'list' ) {
+ document.getElementById('trAdminList').style.display = '';
+ document.getElementById('trLoginSearchSuffix').style.display = 'none';
+ document.getElementById('trLoginSearchFilter').style.display = 'none';
+ }
+ else {
+ document.getElementById('trAdminList').style.display = 'none';
+ document.getElementById('trLoginSearchSuffix').style.display = '';
+ document.getElementById('trLoginSearchFilter').style.display = '';
+ }
+}
diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php
index a08a55a4..564951da 100644
--- a/lam/templates/config/confmain.php
+++ b/lam/templates/config/confmain.php
@@ -121,8 +121,9 @@ echo ("
\n"); @@ -394,15 +395,55 @@ echo ("