ldap.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332
  1. <?php
  2. /* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  3. * Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
  4. * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
  5. * Copyright (C) 2005-2021 Regis Houssin <regis.houssin@inodbox.com>
  6. * Copyright (C) 2006-2020 Laurent Destailleur <eldy@users.sourceforge.net>
  7. * Copyright (C) 2011-2013 Juanjo Menent <jmenent@2byte.es>
  8. *
  9. * This program is free software; you can redistribute it and/or modify
  10. * it under the terms of the GNU General Public License as published by
  11. * the Free Software Foundation; either version 3 of the License, or
  12. * (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU General Public License
  20. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  21. */
  22. /**
  23. * \file htdocs/admin/ldap.php
  24. * \ingroup ldap
  25. * \brief Page to setup module LDAP
  26. */
  27. // Load Dolibarr environment
  28. require '../main.inc.php';
  29. require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
  30. require_once DOL_DOCUMENT_ROOT.'/core/class/ldap.class.php';
  31. require_once DOL_DOCUMENT_ROOT.'/core/class/html.formldap.class.php';
  32. require_once DOL_DOCUMENT_ROOT.'/core/lib/ldap.lib.php';
  33. // Load translation files required by the page
  34. $langs->loadLangs(array("admin", "ldap"));
  35. if (!$user->admin) {
  36. accessforbidden();
  37. }
  38. $action = GETPOST('action', 'aZ09');
  39. // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
  40. $hookmanager->initHooks(array('adminldap', 'globaladmin'));
  41. /*
  42. * Actions
  43. */
  44. $parameters = array();
  45. $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
  46. if ($reshook < 0) {
  47. setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
  48. }
  49. if (empty($reshook)) {
  50. if ($action == 'setvalue' && $user->admin) {
  51. $error = 0;
  52. $db->begin();
  53. if (!dolibarr_set_const($db, 'LDAP_SERVER_TYPE', GETPOST("type", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
  54. $error++;
  55. }
  56. if (!dolibarr_set_const($db, 'LDAP_USERACCOUNTCONTROL', GETPOST("userAccountControl", 'int'), 'chaine', 0, '', $conf->entity)) {
  57. $error++;
  58. }
  59. if (!dolibarr_set_const($db, 'LDAP_SERVER_PROTOCOLVERSION', GETPOST("LDAP_SERVER_PROTOCOLVERSION", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
  60. $error++;
  61. }
  62. if (!dolibarr_set_const($db, 'LDAP_SERVER_HOST', GETPOST("host", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
  63. $error++;
  64. }
  65. if (!dolibarr_set_const($db, 'LDAP_SERVER_HOST_SLAVE', GETPOST("slave", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
  66. $error++;
  67. }
  68. if (!dolibarr_set_const($db, 'LDAP_SERVER_PORT', GETPOST("port", 'int'), 'chaine', 0, '', $conf->entity)) {
  69. $error++;
  70. }
  71. if (!dolibarr_set_const($db, 'LDAP_SERVER_DN', GETPOST("dn", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
  72. $error++;
  73. }
  74. if (!dolibarr_set_const($db, 'LDAP_ADMIN_DN', GETPOST("admin", 'alphanohtml'), 'chaine', 0, '', $conf->entity)) {
  75. $error++;
  76. }
  77. if (!dolibarr_set_const($db, 'LDAP_ADMIN_PASS', GETPOST("pass", 'none'), 'chaine', 0, '', $conf->entity)) {
  78. $error++;
  79. }
  80. if (!dolibarr_set_const($db, 'LDAP_SERVER_USE_TLS', GETPOST("usetls", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
  81. $error++;
  82. }
  83. if (!dolibarr_set_const($db, 'LDAP_SYNCHRO_ACTIVE', GETPOST("activesynchro", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
  84. $error++;
  85. }
  86. if (!dolibarr_set_const($db, 'LDAP_CONTACT_ACTIVE', GETPOST("activecontact", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
  87. $error++;
  88. }
  89. if (!dolibarr_set_const($db, 'LDAP_MEMBER_ACTIVE', GETPOST("activemembers", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
  90. $error++;
  91. }
  92. if (!dolibarr_set_const($db, 'LDAP_MEMBER_TYPE_ACTIVE', GETPOST("activememberstypes", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
  93. $error++;
  94. }
  95. if (!dolibarr_set_const($db, 'LDAP_PASSWORD_HASH_TYPE', GETPOST("LDAP_PASSWORD_HASH_TYPE", 'aZ09'), 'chaine', 0, '', $conf->entity)) {
  96. $error++;
  97. }
  98. if (!$error) {
  99. $db->commit();
  100. setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
  101. } else {
  102. $db->rollback();
  103. dol_print_error($db);
  104. }
  105. }
  106. }
  107. /*
  108. * View
  109. */
  110. llxHeader('', $langs->trans("LDAPSetup"), 'EN:Module_LDAP_En|FR:Module_LDAP|ES:M&oacute;dulo_LDAP');
  111. $linkback = '<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
  112. print load_fiche_titre($langs->trans("LDAPSetup"), $linkback, 'title_setup');
  113. $head = ldap_prepare_head();
  114. // Test si fonction LDAP actives
  115. if (!function_exists("ldap_connect")) {
  116. setEventMessages($langs->trans("LDAPFunctionsNotAvailableOnPHP"), null, 'errors');
  117. }
  118. $form = new Form($db);
  119. $formldap = new FormLdap($db);
  120. print '<form method="post" action="'.$_SERVER["PHP_SELF"].'?action=setvalue&token='.newToken().'">';
  121. print '<input type="hidden" name="token" value="'.newToken().'">';
  122. print dol_get_fiche_head($head, 'ldap', '', -1);
  123. print '<table class="noborder centpercent">';
  124. // Liste de synchro actives
  125. print '<tr class="liste_titre">';
  126. print '<td colspan="3">'.$langs->trans("LDAPSynchronization").'</td>';
  127. print "</tr>\n";
  128. // Synchro utilisateurs/groupes active
  129. print '<tr class="oddeven"><td>'.$langs->trans("LDAPDnSynchroActive").'</td><td>';
  130. print $formldap->selectLdapDnSynchroActive(getDolGlobalInt('LDAP_SYNCHRO_ACTIVE'), 'activesynchro');
  131. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPDnSynchroActiveExample").'</span>';
  132. if (getDolGlobalString('LDAP_SYNCHRO_ACTIVE') && !getDolGlobalString('LDAP_USER_DN')) {
  133. print '<br><span class="error">'.$langs->trans("LDAPSetupNotComplete").'</span>';
  134. }
  135. print '</td></tr>';
  136. // Synchro contact active
  137. if (isModEnabled('societe')) {
  138. print '<tr class="oddeven"><td>'.$langs->trans("LDAPDnContactActive").'</td><td>';
  139. print $formldap->selectLdapDnSynchroActive(getDolGlobalInt('LDAP_CONTACT_ACTIVE'), 'activecontact', array(Ldap::SYNCHRO_LDAP_TO_DOLIBARR));
  140. print '</td><td><span class="opacitymedium">' . $langs->trans("LDAPDnContactActiveExample") . '</span></td></tr>';
  141. }
  142. // Synchro member active
  143. if (isModEnabled('adherent')) {
  144. print '<tr class="oddeven"><td>' . $langs->trans("LDAPDnMemberActive") . '</td><td>';
  145. print $formldap->selectLdapDnSynchroActive(getDolGlobalInt('LDAP_MEMBER_ACTIVE'), 'activemembers', array(), 2);
  146. print '</td><td><span class="opacitymedium">' . $langs->trans("LDAPDnMemberActiveExample") . '</span></td></tr>';
  147. }
  148. // Synchro member type active
  149. if (isModEnabled('adherent')) {
  150. print '<tr class="oddeven"><td>' . $langs->trans("LDAPDnMemberTypeActive") . '</td><td>';
  151. print $formldap->selectLdapDnSynchroActive(getDolGlobalInt('LDAP_MEMBER_TYPE_ACTIVE'), 'activememberstypes', array(), 2);
  152. print '</td><td><span class="opacitymedium">' . $langs->trans("LDAPDnMemberTypeActiveExample") . '</span></td></tr>';
  153. }
  154. // Fields from hook
  155. $parameters = array();
  156. $reshook = $hookmanager->executeHooks('addAdminLdapOptions', $parameters); // Note that $action and $object may have been modified by hook
  157. print $hookmanager->resPrint;
  158. print '<tr class="liste_titre">';
  159. print '<td>'.$langs->trans("Parameter").'</td>';
  160. print '<td>'.$langs->trans("Value").'</td>';
  161. print '<td>'.$langs->trans("Example").'</td>';
  162. print "</tr>\n";
  163. // Type
  164. print '<tr class="oddeven"><td>'.$langs->trans("Type").'</td><td>';
  165. print $formldap->selectLdapServerType(getDolGlobalString('LDAP_SERVER_TYPE'), 'type');
  166. print '</td><td>&nbsp;</td></tr>';
  167. // userAccountControl
  168. print '<tr class="oddeven"><td>'.$langs->trans("LDAPUserAccountControl").'</td><td>';
  169. print '<input class="width75" type="text" name="userAccountControl" value="'.getDolGlobalString('LDAP_USERACCOUNTCONTROL', '512').'">';
  170. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPUserAccountControlExample").'</span></td></tr>';
  171. // Version
  172. print '<tr class="oddeven"><td>'.$langs->trans("Version").'</td><td>';
  173. print $formldap->selectLdapServerProtocolVersion(getDolGlobalString('LDAP_SERVER_PROTOCOLVERSION'), 'LDAP_SERVER_PROTOCOLVERSION');
  174. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerProtocolVersion").'</span></td></tr>';
  175. // Serveur primaire
  176. print '<tr class="oddeven"><td>';
  177. print $langs->trans("LDAPPrimaryServer").'</td><td>';
  178. print '<input class="minwidth200" type="text" name="host" value="'.getDolGlobalString('LDAP_SERVER_HOST').'">';
  179. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerExample").'</span></td></tr>';
  180. // Serveur secondaire
  181. print '<tr class="oddeven"><td>';
  182. print $langs->trans("LDAPSecondaryServer").'</td><td>';
  183. print '<input class="minwidth200" type="text" name="slave" value="'.getDolGlobalString('LDAP_SERVER_HOST_SLAVE').'">';
  184. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerExample").'</span></td></tr>';
  185. // Port
  186. print '<tr class="oddeven"><td>'.$langs->trans("LDAPServerPort").'</td><td>';
  187. print '<input class="width75" type="text" name="port" value="'.getDolGlobalString('LDAP_SERVER_PORT', '389').'">';
  188. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerPortExample").'</span></td></tr>';
  189. // DNserver
  190. print '<tr class="oddeven"><td>'.$langs->trans("LDAPServerDn").'</td><td>';
  191. print '<input class="minwidth300" type="text" name="dn" value="'.getDolGlobalString('LDAP_SERVER_DN').'">';
  192. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerDnExample").'</span></td></tr>';
  193. // Utiliser TLS
  194. print '<tr class="oddeven"><td>'.$langs->trans("LDAPServerUseTLS").'</td><td>';
  195. print $form->selectyesno('usetls', getDolGlobalInt('LDAP_SERVER_USE_TLS'), 1);
  196. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPServerUseTLSExample").'</span></td></tr>';
  197. // Password hash type
  198. print '<tr class="oddeven"><td>'.$langs->trans("LDAPPasswordHashType").'</td><td>';
  199. print $formldap->selectLdapPasswordHashType(getDolGlobalString('LDAP_PASSWORD_HASH_TYPE'), 'LDAP_PASSWORD_HASH_TYPE');
  200. print '</td><td><span class="opacitymedium">'.$langs->trans("LDAPPasswordHashTypeExample").'</span></td></tr>';
  201. print '<tr class="liste_titre">';
  202. print '<td colspan="3">'.$langs->trans("ForANonAnonymousAccess").'</td>';
  203. print "</tr>\n";
  204. // DNAdmin
  205. print '<!-- LDAP_ADMIN_DN -->';
  206. print '<tr class="oddeven"><td>'.$langs->trans("LDAPAdminDn").'</td><td>';
  207. print '<input class="minwidth300" type="text" name="admin" value="'.getDolGlobalString('LDAP_ADMIN_DN').'">';
  208. print '</td><td class="maxwidthhalf"><span class="opacitymedium">'.$langs->trans("LDAPAdminDnExample").'</span></td></tr>';
  209. // Pass
  210. print '<!-- LDAP_ADMIN_PASS -->';
  211. print '<tr class="oddeven"><td>'.$langs->trans("LDAPPassword").'</td><td>';
  212. print '<input class="minwidth150" type="password" name="pass" value="'.dol_escape_htmltag(getDolGlobalString('LDAP_ADMIN_PASS')).'">';
  213. print showValueWithClipboardCPButton(getDolGlobalString('LDAP_ADMIN_PASS'), 0, '&nbsp;');
  214. print '</td><td><span class="opacitymedium">'.$langs->trans('Password').' (ex: secret)</span></td></tr>';
  215. print '</table>';
  216. print dol_get_fiche_end();
  217. print $form->buttonsSaveCancel("Modify", '');
  218. print '</form>';
  219. print '<br>';
  220. /*
  221. * Test de la connexion
  222. */
  223. if (function_exists("ldap_connect")) {
  224. if (getDolGlobalString('LDAP_SERVER_HOST')) {
  225. print '<a class="butAction reposition" href="'.$_SERVER["PHP_SELF"].'?action=test">'.$langs->trans("LDAPTestConnect").'</a><br><br>';
  226. }
  227. if ($action == 'test') {
  228. $ldap = new Ldap(); // Les parametres sont passes et recuperes via $conf
  229. $result = $ldap->connect_bind();
  230. if ($result > 0) {
  231. // Test ldap connect and bind
  232. print img_picto('', 'info').' ';
  233. print '<span class="ok">'.$langs->trans("LDAPTCPConnectOK", $ldap->connectedServer, getDolGlobalString('LDAP_SERVER_PORT')).'</span>';
  234. print '<br>';
  235. if (getDolGlobalString('LDAP_ADMIN_DN') && getDolGlobalString('LDAP_ADMIN_PASS')) {
  236. if ($result == 2) {
  237. print img_picto('', 'info').' ';
  238. print '<span class="ok">'.$langs->trans("LDAPBindOK", $ldap->connectedServer, getDolGlobalString('LDAP_SERVER_PORT'), $conf->global->LDAP_ADMIN_DN, preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)).'</span>';
  239. print '<br>';
  240. } else {
  241. print img_picto('', 'error').' ';
  242. print '<span class="error">'.$langs->trans("LDAPBindKO", $ldap->connectedServer, getDolGlobalString('LDAP_SERVER_PORT'), $conf->global->LDAP_ADMIN_DN, preg_replace('/./i', '*', $conf->global->LDAP_ADMIN_PASS)).'</span>';
  243. print '<br>';
  244. print $langs->trans("Error").' '.$ldap->error;
  245. print '<br>';
  246. }
  247. } else {
  248. print img_picto('', 'warning').' ';
  249. print '<span class="warning">'.$langs->trans("LDAPNoUserOrPasswordProvidedAccessIsReadOnly").'</span>';
  250. print '<br>';
  251. }
  252. // Test ldap_getversion
  253. if (($ldap->getVersion() == 3)) {
  254. print img_picto('', 'info').' ';
  255. print '<span class="ok">'.$langs->trans("LDAPSetupForVersion3").'</span>';
  256. print '<br>';
  257. } else {
  258. print img_picto('', 'info').' ';
  259. print '<span class="ok">'.$langs->trans("LDAPSetupForVersion2").'</span>';
  260. print '<br>';
  261. }
  262. $ldap->unbind();
  263. } else {
  264. print img_picto('', 'error').' ';
  265. print '<span class="error">'.$langs->trans("LDAPTCPConnectKO", $ldap->connectedServer, getDolGlobalString('LDAP_SERVER_PORT')).'</span>';
  266. print '<br>';
  267. print $langs->trans("Error").' '.$ldap->error;
  268. print '<br>';
  269. }
  270. }
  271. }
  272. // End of page
  273. llxFooter();
  274. $db->close();