allow to get login user DN from LDAP

This commit is contained in:
Roland Gruber 2009-03-07 16:22:30 +00:00
parent 19935a2cc0
commit e107104da7
4 changed files with 188 additions and 22 deletions

View File

@ -52,9 +52,9 @@ $helpArray = array (
// configuration wizard
// configuration login
// config profile management
"200" => array ("Headline" => _("Configuration wizard") . " - " . _("Login"),
"200" => array ("Headline" => _("Login"),
"Text" => _("Please enter the configuration password. This is NOT your LDAP password. It is stored in your .conf-file. If this is the first time you log in, enter \"lam\".")),
"201" => array ("Headline" => _("Configuration wizard") . " - " . _("Server address"),
"201" => array ("Headline" => _("Server address"),
"Text" => _("This is the server address of your LDAP server. Use ldap:// for standard LDAP connections and ldaps:// for encrypted (require server certificates) connections. The port value is optional.") .
"<br><br><b> " .
_("Examples") .
@ -66,51 +66,55 @@ $helpArray = array (
_("Note") .
":</b><br><br>" .
_("When using ldaps:// be sure to use exactly the same IP/domain name as in your certificate!")),
"202" => array ("Headline" => _("Configuration wizard") . " - " . _("LDAP suffix"),
"202" => array ("Headline" => _("LDAP suffix"),
"Text" => _("This is the suffix of the LDAP tree from where to search for LDAP entries. Only entries in this subtree will be displayed in the account list. When creating a new accont this will be the DN where it is saved.") .
"<br><br><b>".
_("Example").
":</b><br><br>".
_("ou=People,dc=yourcompany,dc=com will read and store all accounts in this subtree.")),
"203" => array ("Headline" => _("Configuration wizard") . " - " . _("Tree suffix"),
"203" => array ("Headline" => _("Tree suffix"),
"Text" => _("This is the suffix for the LDAP tree viewer.") .
"<br><br><b>".
_("Example").
":</b><br><br>".
_("dc=yourcompany,dc=com")),
"206" => array ("Headline" => _("Configuration wizard") . " - " . _("List attributes"),
"206" => array ("Headline" => _("List attributes"),
"Text" => _("This is the list of attributes to show in the account list. The entries can either be predefined values, \"#attribute\", or individual ones, \"attribute:description\". Several entries are separated by semicolons.") .
"<br><br><br><big><b>" .
_("Example") . ": </b></big>#homeDirectory;#uid;#uidNumber;#gidNumber;mail:Mail address<br><br>" .
"<br><big><b>" . _("Predefined values") . ":</b></big><br><br><br>" . $entry206Example),
"207" => array ("Headline" => _("Configuration wizard") . " - " . _("Valid users"),
"207" => array ("Headline" => _("Valid users"),
"Text" => _("This is a list of valid DN entries of all users that are allowed to login to LDAP Account Manager. Please enter one DN per line.") .
"<br><br><b>" .
_("Example") .
": </b>cn=admin,dc=yourdomain,dc=org;cn=manager,dc=yourdomain,dc=org"),
"208" => array ("Headline" => _("Maximum list entries"),
"Text" => _("This is the number of rows to show in the account list. If more entries are found the list will be split into several pages.")),
"209" => array ("Headline" => _("Configuration wizard") . " - " . _("Default language"),
"209" => array ("Headline" => _("Default language"),
"Text" => _("This defines the language of the login window and sets this language as the default language. Users can change the language at login.")),
"210" => array ("Headline" => _("Configuration wizard") . " - " . _("Script path"),
"210" => array ("Headline" => _("Script path"),
"Text" => _("This is the absolute path to an external script for setting quotas and creating home directories.")),
"212" => array ("Headline" => _("Configuration wizard") . " - " . _("Change password"),
"212" => array ("Headline" => _("Change password"),
"Text" => _("If you want to change the current preferences password, please enter it here.")),
"214" => array ("Headline" => _("Configuration wizard") . " - " . _("Cache timeout"),
"214" => array ("Headline" => _("Cache timeout"),
"Text" => _("This is the time in minutes which LAM caches its LDAP searches. Shorter times will stress LDAP more but decrease the possibility that changes are not identified.")),
"215" => array ("Headline" => _("Configuration wizard") . " - " . _("Access level"),
"215" => array ("Headline" => _("Access level"),
"Text" => _("You can specify if LAM allows full write access, password changes or only read access.")),
"216" => array ("Headline" => _("Configuration wizard") . " - " . _("Text for user PDF"),
"216" => array ("Headline" => _("Text for user PDF"),
"Text" => _("This text will appear on top of every user PDF file.")),
"217" => array ("Headline" => _("Configuration wizard") . " - " . _("Account types and modules"),
"217" => array ("Headline" => _("Account types and modules"),
"Text" => _("Here you can select which plugins you want to use for account management.") . "<br><br>"
. _("Account types define which sorts of LDAP entries (e.g. users and groups) should be managed. The account modules define which properties (e.g. Unix and Samba) can be edited.")),
"218" => array ("Headline" => _("Configuration wizard") . " - " . _("Script servers"),
"218" => array ("Headline" => _("Script servers"),
"Text" => _("This is a list of the servers where the lamdaemon scripts are stored. LDAP Account Manager will make a SSH connection to the servers with the user name and password provided at login. Multiple servers are separated by semicolons. You can append a descriptive name after a colon.") . "<br>"
. _("If your server runs on another port then add a comma and the port number after the server.") . "<br><br>"
. _("Example") . ": <b>127.0.0.1:LOCAL;192.168.0.2,12345:Servername;192.168.0.5</b>"),
"219" => array ("Headline" => _("Configuration wizard") . " - " . _("Rights for the home directory"),
"219" => array ("Headline" => _("Rights for the home directory"),
"Text" => _("This defines the rights for the home directories which are created by lamdaemon.")),
"220" => array ("Headline" => _("Login method"),
"Text" => _("The number of users who may login to LAM is restricted. This can be either a fixed list of DNs or LAM can search LDAP to find a DN which matches the given user name.")),
"221" => array ("Headline" => _("LDAP search"),
"Text" => _("Please enter the LDAP suffix where LAM should start to search for users. The LDAP filter needs to match the given user name to exactly one DN. The value \"%USER%\" will be replaced by the user name from the login page.")),
"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),
@ -125,7 +129,7 @@ $helpArray = array (
"Text" => _("If you want to change your master configuration password, please enter it here.")),
"236" => array ("Headline" => _("Master password"),
"Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
"237" => array ("Headline" => _("Configuration wizard") . " - " . _("Base module"),
"237" => array ("Headline" => _("Base module"),
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
"238" => array ("Headline" => _("Session timeout"),
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2003 - 2007 Roland Gruber
Copyright (C) 2003 - 2009 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -163,9 +163,14 @@ function metaRefresh($page) {
*/
class LAMConfig {
/* access levels */
const ACCESS_ALL = 100;
const ACCESS_PASSWORD_CHANGE = 20;
const ACCESS_READ_ONLY = 0;
/* login method: predefined list or LDAP search */
const LOGIN_LIST = 'list';
const LOGIN_SEARCH = 'search';
/** Server address (e.g. ldap://127.0.0.1:389) */
private $ServerURL;
@ -218,12 +223,23 @@ class LAMConfig {
/** Name of configuration file */
private $file;
private $accessLevel = 100;
/** access level */
private $accessLevel = LAMconfig::ACCESS_ALL;
/** login method */
private $loginMethod = LAMconfig::LOGIN_LIST;
/** search suffix for login */
private $loginSearchSuffix = 'dc=yourdomain,dc=org';
/** search filter for login */
private $loginSearchFilter = 'uid=%USER%';
/** List of all settings in config file */
private $settings = array("ServerURL", "Passwd", "Admins", "treesuffix",
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
"modules", "activeTypes", "types", "accessLevel");
"modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix',
'loginSearchFilter');
/**
@ -367,6 +383,9 @@ class LAMConfig {
if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n");
if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n");
if (!in_array("accessLevel", $saved)) array_push($file_array, "\n\n# Access level for this profile.\n" . "accessLevel: " . $this->accessLevel . "\n");
if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n");
if (!in_array("loginSearchSuffix", $saved)) array_push($file_array, "\n\n# Search suffix for LAM login.\n" . "loginSearchSuffix: " . $this->loginSearchSuffix . "\n");
if (!in_array("loginSearchFilter", $saved)) array_push($file_array, "\n\n# Search filter for LAM login.\n" . "loginSearchFilter: " . $this->loginSearchFilter . "\n");
// check if all module settings were added
$m_settings = array_keys($this->moduleSettings);
for ($i = 0; $i < sizeof($m_settings); $i++) {
@ -870,6 +889,62 @@ class LAMConfig {
public function setAccessLevel($level) {
$this->accessLevel = $level;
}
/**
* Returns the login method.
*
* @return String login method
* @see LAMconfig::LOGIN_LIST
* @see LAMconfig::LOGIN_SEARCH
*/
public function getLoginMethod() {
return $this->loginMethod;
}
/**
* Sets the login method.
*
* @param String $loginMethod
*/
public function setLoginMethod($loginMethod) {
$this->loginMethod = $loginMethod;
}
/**
* Returns the login search filter.
*
* @return String search filter
*/
public function getLoginSearchFilter() {
return $this->loginSearchFilter;
}
/**
* Sets the login search filter.
*
* @param String $loginSearchFilter search filter
*/
public function setLoginSearchFilter($loginSearchFilter) {
$this->loginSearchFilter = $loginSearchFilter;
}
/**
* Returns the login search suffix.
*
* @return String suffix
*/
public function getLoginSearchSuffix() {
return $this->loginSearchSuffix;
}
/**
* Sets the login search suffix.
*
* @param String $loginSearchSuffix suffix
*/
public function setLoginSearchSuffix($loginSearchSuffix) {
$this->loginSearchSuffix = $loginSearchSuffix;
}
}

View File

@ -0,0 +1,43 @@
/**
$Id$
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
Copyright (C) 2009 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* The following functions are used for the LAM configuration wizard.
*/
/**
* Hides/unhides input fields for the login method.
*/
function configLoginMethodChanged() {
selectLoginMethod = document.getElementsByName('loginMethod')[0];
if ( selectLoginMethod.options[selectLoginMethod.selectedIndex].value == 'list' ) {
document.getElementById('trAdminList').style.display = '';
document.getElementById('trLoginSearchSuffix').style.display = 'none';
document.getElementById('trLoginSearchFilter').style.display = 'none';
}
else {
document.getElementById('trAdminList').style.display = 'none';
document.getElementById('trLoginSearchSuffix').style.display = '';
document.getElementById('trLoginSearchFilter').style.display = '';
}
}

View File

@ -121,8 +121,9 @@ echo ("<title>" . _("LDAP Account Manager Configuration") . "</title>\n");
echo ("<link rel=\"stylesheet\" type=\"text/css\" href=\"../../style/layout.css\">\n");
echo "<link rel=\"shortcut icon\" type=\"image/x-icon\" href=\"../../graphics/favicon.ico\">\n";
echo ("</head>\n");
echo ("<body>\n");
echo ("<body onload=\"configLoginMethodChanged()\">\n");
echo "<script type=\"text/javascript\" src=\"../wz_tooltip.js\"></script>\n";
echo "<script type=\"text/javascript\" src=\"config.js\"></script>\n";
echo ("<p align=\"center\"><a href=\"http://lam.sourceforge.net\" target=\"new_window\">".
"<img src=\"../../graphics/banner.jpg\" border=1 alt=\"LDAP Account Manager\"></a></p>\n<hr>\n<p>&nbsp;</p>\n");
@ -394,15 +395,55 @@ echo ("<br>\n");
// security setings
echo ("<fieldset><legend><b>" . _("Security settings") . "</b></legend><br>\n");
echo ("<table border=0>\n");
// login method
echo ("<tr><td align=\"right\"><b>".
_("Login method") . ": </b></td>".
"<td><select tabindex=\"$tabindex\" name=\"loginMethod\" onchange=\"configLoginMethodChanged()\">\n");
if ($conf->getLoginMethod() == LAMConfig::LOGIN_LIST) {
echo("<option selected value=" . LAMConfig::LOGIN_LIST . ">" . _('Fixed list') . "</option>\n");
}
else {
echo("<option value=" . LAMConfig::LOGIN_LIST . ">" . _('Fixed list') . "</option>\n");
}
if ($conf->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
echo("<option selected value=" . LAMConfig::LOGIN_SEARCH . ">" . _('LDAP search') . "</option>\n");
}
else {
echo("<option value=" . LAMConfig::LOGIN_SEARCH . ">" . _('LDAP search') . "</option>\n");
}
echo ("</select></td>\n");
$tabindex++;
echo "<td>";
printHelpLink(getHelp('', '220'), '220');
echo "</td></tr>\n";
// admin list
$adminText = implode("\n", explode(";", $conf->get_Adminstring()));
echo ("<tr><td align=\"right\"><b>".
echo "<tr id=\"trAdminList\"><td align=\"right\">\n";
echo "<b>".
_("List of valid users") . " *: </b></td>".
"<td><textarea tabindex=\"$tabindex\" name=\"admins\" cols=75 rows=5>" . $adminText . "</textarea></td>\n");
"<td><textarea tabindex=\"$tabindex\" name=\"admins\" cols=75 rows=3>" . $adminText . "</textarea></td>\n";
echo "<td>";
printHelpLink(getHelp('', '207'), '207');
echo "</td></tr>\n";
$tabindex++;
// login search suffix
echo "<tr id=\"trLoginSearchSuffix\"><td align=\"right\">\n";
echo "<b>".
_("LDAP suffix") . " *: </b></td>".
"<td><input type=\"text\" tabindex=\"$tabindex\" name=\"loginSearchSuffix\" value=\"" . $conf->getLoginSearchSuffix() . "\" size=50></td>\n";
echo "<td>";
printHelpLink(getHelp('', '221'), '221');
echo "</td></tr>\n";
$tabindex++;
// login search filter
echo "<tr id=\"trLoginSearchFilter\"><td align=\"right\">\n";
echo "<b>".
_("LDAP filter") . " *: </b></td>".
"<td><input type=\"text\" tabindex=\"$tabindex\" name=\"loginSearchFilter\" value=\"" . $conf->getLoginSearchFilter() . "\" size=50></td>\n";
echo "<td>";
printHelpLink(getHelp('', '221'), '221');
echo "</td></tr>\n";
$tabindex++;
echo ("<tr><td colspan=3>&nbsp;</td></tr>\n");
@ -481,6 +522,9 @@ function saveSettings() {
if (trim($adminText[$i]) == "") continue;
$adminTextNew[] = trim($adminText[$i]);
}
$conf->setLoginMethod($_POST['loginMethod']);
$conf->setLoginSearchFilter($_POST['loginSearchFilter']);
$conf->setLoginSearchSuffix($_POST['loginSearchSuffix']);
if (!$conf->set_Adminstring(implode(";", $adminTextNew))) {
$errors[] = array("ERROR", _("List of admin users is empty or invalid!"));
}