* Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2005 Regis Houssin * Copyright (C) 2006-2011 Laurent Destailleur * Copyright (C) 2011-2013 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ /** * \file htdocs/admin/ldap_users.php * \ingroup ldap * \brief Page d'administration/configuration du module Ldap */ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/usergroup.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php'; $langs->load("admin"); $langs->load("errors"); if (!$user->admin) accessforbidden(); $action = GETPOST("action"); /* * Actions */ if ($action == 'setvalue' && $user->admin) { $error=0; $db->begin(); if (! dolibarr_set_const($db, 'LDAP_USER_DN',GETPOST("user"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_USER_OBJECT_CLASS',GETPOST("objectclass"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FILTER_CONNECTION',GETPOST("filterconnection"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_FULLNAME',GETPOST("fieldfullname"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_LOGIN',GETPOST("fieldlogin"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_LOGIN_SAMBA',GETPOST("fieldloginsamba"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_PASSWORD',GETPOST("fieldpassword"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_PASSWORD_CRYPTED',GETPOST("fieldpasswordcrypted"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_NAME',GETPOST("fieldname"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_FIRSTNAME',GETPOST("fieldfirstname"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_MAIL',GETPOST("fieldmail"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_PHONE',GETPOST("fieldphone"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_MOBILE',GETPOST("fieldmobile"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_SKYPE',GETPOST("fieldskype"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_FAX',GETPOST("fieldfax"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_DESCRIPTION',GETPOST("fielddescription"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_SID',GETPOST("fieldsid"),'chaine',0,'',$conf->entity)) $error++; if (! dolibarr_set_const($db, 'LDAP_FIELD_TITLE',GETPOST("fieldtitle"),'chaine',0,'',$conf->entity)) $error++; // This one must be after the others $valkey=''; $key=GETPOST("key"); if ($key) $valkey=$conf->global->$key; if (! dolibarr_set_const($db, 'LDAP_KEY_USERS',$valkey,'chaine',0,'',$conf->entity)) $error++; if (! $error) { $db->commit(); setEventMessage($langs->trans("SetupSaved")); } else { $db->rollback(); dol_print_error($db); } } /* * Visu */ llxHeader('',$langs->trans("LDAPSetup"),'EN:Module_LDAP_En|FR:Module_LDAP|ES:Módulo_LDAP'); $linkback=''.$langs->trans("BackToModuleList").''; print_fiche_titre($langs->trans("LDAPSetup"),$linkback,'title_setup'); $head = ldap_prepare_head(); // Test si fonction LDAP actives if (! function_exists("ldap_connect")) { setEventMessage($langs->trans("LDAPFunctionsNotAvailableOnPHP"),'errors'); } dol_fiche_head($head, 'users', $langs->trans("LDAPSetup")); print $langs->trans("LDAPDescUsers").'
'; print '
'; print '

'; print ''; $form=new Form($db); print ''; $var=true; print ''; print ''; print "\n"; // DN Pour les utilisateurs $var=!$var; print ''; print ''; print ''; // List of object class used to define attributes in structure $var=!$var; print ''; print ''; print ''; // Filtre //Utilise pour filtrer la recherche $var=!$var; print ''; print ''; print ''; print '

'.$langs->trans("LDAPSynchronizeUsers").'
'.$langs->trans("LDAPUserDn").'	'; print ''; print '	'.$langs->trans("LDAPUserDnExample").'
'.$langs->trans("LDAPUserObjectClassList").'	'; print ''; print '	'.$langs->trans("LDAPUserObjectClassListExample").'
'.$langs->trans("LDAPFilterConnection").'	'; print ''; print '	'.$langs->trans("LDAPFilterConnectionExample").'

'; print '
'; print ''; $var=true; print ''; print ''; print ''; print ''; print "\n"; // Common name $var=!$var; print ''; print '"; print ''; // Name $var=!$var; print ''; print '"; print ''; // Firstname $var=!$var; print ''; print '"; print ''; // Login unix $var=!$var; print ''; print '"; print ''; // Login samba $var=!$var; print ''; print '"; print ''; // Password not crypted $var=!$var; print ''; print '"; print ''; // Password crypted $var=!$var; print ''; print '"; print ''; // Mail $var=!$var; print ''; print '"; print ''; // Phone $var=!$var; print ''; print '"; print ''; // Mobile $var=!$var; print ''; print '"; print ''; // Skype $var=!$var; print ''; print '"; print ''; // Fax $var=!$var; print ''; print '"; print ''; // Title $var=!$var; print ''; print '"; print ''; // Note $var=!$var; print ''; print '"; print ''; // Sid $var=!$var; print ''; print '"; print ''; $var=!$var; print ''; print '

'.$langs->trans("LDAPDolibarrMapping").'	'.$langs->trans("LDAPLdapMapping").'		'.$langs->trans("LDAPNamingAttribute").'
'.$langs->trans("LDAPFieldFullname").'	'; print ''; print '	'.$langs->trans("LDAPFieldFullnameExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FULLNAME)?' checked':'').">
'.$langs->trans("LDAPFieldName").'	'; print ''; print '	'.$langs->trans("LDAPFieldNameExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_NAME)?' checked':'').">
'.$langs->trans("LDAPFieldFirstName").'	'; print ''; print '	'.$langs->trans("LDAPFieldFirstNameExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FIRSTNAME)?' checked':'').">
'.$langs->trans("LDAPFieldLoginUnix").'	'; print ''; print '	'.$langs->trans("LDAPFieldLoginExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_LOGIN)?' checked':'').">
'.$langs->trans("LDAPFieldLoginSamba").'	'; print ''; print '	'.$langs->trans("LDAPFieldLoginSambaExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_LOGIN_SAMBA)?' checked':'').">
'.$langs->trans("LDAPFieldPasswordNotCrypted").'	'; print ''; print '	'.$langs->trans("LDAPFieldPasswordExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD)?' checked':'').">
'.$langs->trans("LDAPFieldPasswordCrypted").'	'; print ''; print '	'.$langs->trans("LDAPFieldPasswordExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PASSWORD_CRYPTED)?' checked':'').">
'.$langs->trans("LDAPFieldMail").'	'; print ''; print '	'.$langs->trans("LDAPFieldMailExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MAIL)?' checked':'').">
'.$langs->trans("LDAPFieldPhone").'	'; print ''; print '	'.$langs->trans("LDAPFieldPhoneExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_PHONE)?' checked':'').">
'.$langs->trans("LDAPFieldMobile").'	'; print ''; print '	'.$langs->trans("LDAPFieldMobileExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_MOBILE)?' checked':'').">
'.$langs->trans("LDAPFieldSkype").'	'; print ''; print '	'.$langs->trans("LDAPFieldSkypeExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_SKYPE)?' checked':'').">
'.$langs->trans("LDAPFieldFax").'	'; print ''; print '	'.$langs->trans("LDAPFieldFaxExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_FAX)?' checked':'').">
'.$langs->trans("LDAPFieldTitle").'	'; print ''; print '	'.$langs->trans("LDAPFieldTitleExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_TITLE)?' checked':'').">
'.$langs->trans("Note").'	'; print ''; print '	'.$langs->trans("LDAPFieldDescriptionExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_DESCRIPTION)?' checked':'').">
'.$langs->trans("LDAPFieldSid").'	'; print ''; print '	'.$langs->trans("LDAPFieldSidExample").'	global->LDAP_KEY_USERS && $conf->global->LDAP_KEY_USERS==$conf->global->LDAP_FIELD_SID)?' checked':'').">

'; print '

'; print ''; print info_admin($langs->trans("LDAPDescValues")); /* * Test de la connexion */ if ($conf->global->LDAP_SYNCHRO_ACTIVE == 'dolibarr2ldap') { $butlabel=$langs->trans("LDAPTestSynchroUser"); $testlabel='testuser'; $key=$conf->global->LDAP_KEY_USERS; $dn=$conf->global->LDAP_USER_DN; $objectclass=$conf->global->LDAP_USER_OBJECT_CLASS; show_ldap_test_button($butlabel,$testlabel,$key,$dn,$objectclass); } elseif ($conf->global->LDAP_SYNCHRO_ACTIVE == 'ldap2dolibarr') { $butlabel=$langs->trans("LDAPTestSearch"); $testlabel='testsearchuser'; $key=$conf->global->LDAP_KEY_USERS; $dn=$conf->global->LDAP_USER_DN; $objectclass=$conf->global->LDAP_USER_OBJECT_CLASS; show_ldap_test_button($butlabel,$testlabel,$key,$dn,$objectclass); } if (function_exists("ldap_connect")) { if ($action == 'testuser') { // Creation objet $object=new User($db); $object->initAsSpecimen(); // TODO Mutualize code following with other ldap_xxxx.php pages // Test synchro $ldap=new Ldap(); $result=$ldap->connect_bind(); if ($result > 0) { $info=$object->_load_ldap_info(); $dn=$object->_load_ldap_dn($info); $result1=$ldap->delete($dn); // To be sure to delete existing records $result2=$ldap->add($dn,$info,$user); // Now the test $result3=$ldap->delete($dn); // Clean what we did if ($result2 > 0) { print img_picto('','info').' '; print ''.$langs->trans("LDAPSynchroOK").'
'; } else { print img_picto('','error').' '; print ''.$langs->trans("LDAPSynchroKOMayBePermissions"); print ': '.$ldap->error; print '
'; print $langs->trans("ErrorLDAPMakeManualTest",$conf->ldap->dir_temp).'
'; } print "
\n"; print "LDAP input file used for test:

\n"; print nl2br($ldap->dump_content($dn,$info)); print "\n
"; } else { print img_picto('','error').' '; print ''.$langs->trans("LDAPSynchroKO"); print ': '.$ldap->error; print '
'; print $langs->trans("ErrorLDAPMakeManualTest",$conf->ldap->dir_temp).'
'; } } if ($action == 'testsearchuser') { // Creation objet $object=new User($db); $object->initAsSpecimen(); // TODO Mutualize code following with other ldap_xxxx.php pages // Test synchro $ldap=new Ldap(); $result=$ldap->connect_bind(); if ($result > 0) { $required_fields = array( $conf->global->LDAP_KEY_USERS, $conf->global->LDAP_FIELD_FULLNAME, $conf->global->LDAP_FIELD_NAME, $conf->global->LDAP_FIELD_FIRSTNAME, $conf->global->LDAP_FIELD_LOGIN, $conf->global->LDAP_FIELD_LOGIN_SAMBA, $conf->global->LDAP_FIELD_PASSWORD, $conf->global->LDAP_FIELD_PASSWORD_CRYPTED, $conf->global->LDAP_FIELD_PHONE, $conf->global->LDAP_FIELD_FAX, $conf->global->LDAP_FIELD_SKYPE, $conf->global->LDAP_FIELD_MOBILE, $conf->global->LDAP_FIELD_MAIL, $conf->global->LDAP_FIELD_TITLE, $conf->global->LDAP_FIELD_DESCRIPTION, $conf->global->LDAP_FIELD_SID ); // Remove from required_fields all entries not configured in LDAP (empty) and duplicated $required_fields=array_unique(array_values(array_filter($required_fields, "dol_validElement"))); // Get from LDAP database an array of results $ldapusers = $ldap->getRecords('*', $conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, $required_fields, 1); //$ldapusers = $ldap->getRecords('*', $conf->global->LDAP_USER_DN, $conf->global->LDAP_KEY_USERS, '', 1); if (is_array($ldapusers)) { $liste=array(); foreach ($ldapusers as $key => $ldapuser) { // Define the label string for this user $label=''; foreach ($required_fields as $value) { if ($value) { $label.=$value."=".$ldapuser[$value]." "; } } $liste[$key] = $label; } } else { setEventMessage($ldap->error, 'errors'); } print "
\n"; print "LDAP search for user:
\n"; print "search: *
\n"; print "userDN: ".$conf->global->LDAP_USER_DN."
\n"; print "useridentifier: ".$conf->global->LDAP_KEY_USERS."
\n"; print "required_fields: ".join(',',$required_fields)."
\n"; print "=> ".count($liste)." records
\n"; print "\n
"; } else { print img_picto('','error').' '; print ''.$langs->trans("LDAPSynchroKO"); print ': '.$ldap->error; print '
'; print $langs->trans("ErrorLDAPMakeManualTest",$conf->ldap->dir_temp).'
'; } } } $db->close(); llxFooter();