mirror_php/humhub
1
0
Fork 0
mirror of https://github.com/humhub/humhub.git synced 2025-03-14 12:09:44 +01:00
Code Issues Projects Releases Wiki Activity

Move LDAP stuff into own submodule

Browse Source
This commit is contained in:
Lucas Bartholemy 2019-03-07 22:40:41 +01:00
parent 12d232ac30
commit 4581ac5fca
11 changed files with 361 additions and 252 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
protected/humhub/modules/admin/controllers/AuthenticationController.php
View File

@ -7,17 +7,11 @@
namespace humhub\modules\admin\controllers;
use Exception;
use humhub\modules\admin\components\Controller;
use humhub\modules\admin\models\forms\AuthenticationLdapSettingsForm;
use humhub\modules\admin\models\forms\AuthenticationSettingsForm;
use humhub\modules\admin\permissions\ManageSettings;
use humhub\modules\user\authclient\ZendLdapClient;
use humhub\modules\user\libs\LdapHelper;
use humhub\modules\user\models\Group;
use Yii;
use Zend\Ldap\Exception\LdapException;
use Zend\Ldap\Ldap;
/**
* ApprovalController handels new user approvals
@ -86,46 +80,4 @@ class AuthenticationController extends Controller
'groups' => $groups
]);
}
/**
* Configure Ldap authentication
* @return string
*/
public function actionAuthenticationLdap()
{
$form = new AuthenticationLdapSettingsForm;
if ($form->load(Yii::$app->request->post()) && $form->validate() && $form->save()) {
$this->view->saved();
return $this->redirect(['/admin/authentication/authentication-ldap']);
}
$enabled = false;
$userCount = 0;
$errorMessage = "";
if (Yii::$app->getModule('user')->settings->get('auth.ldap.enabled')) {
$enabled = true;
try {
$ldapAuthClient = new ZendLdapClient();
$ldap = $ldapAuthClient->getLdap();
$userCount = $ldap->count(
Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter'),
Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'),
Ldap::SEARCH_SCOPE_SUB
);
} catch (LdapException $ex) {
$errorMessage = $ex->getMessage();
} catch (Exception $ex) {
$errorMessage = $ex->getMessage();
}
}
return $this->render('authentication_ldap', [
'model' => $form,
'enabled' => $enabled,
'userCount' => $userCount,
'errorMessage' => $errorMessage
]);
}
}

148
protected/humhub/modules/admin/models/forms/AuthenticationLdapSettingsForm.php
View File

@ -1,148 +0,0 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2016 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\admin\models\forms;
use Yii;
/**
* AuthenticationLdapSettingsForm
* @since 0.5
*/
class AuthenticationLdapSettingsForm extends \yii\base\Model
{
public $enabled;
public $refreshUsers;
public $username;
public $password;
public $hostname;
public $port;
public $encryption;
public $baseDn;
public $loginFilter;
public $userFilter;
public $usernameAttribute;
public $emailAttribute;
public $idAttribute;
public $encryptionTypes = [
'' => 'None',
'tls' => 'TLS (aka SSLV2)',
'ssl' => 'SSL',
];
/**
* @inheritdoc
*/
public function init()
{
parent::init();
$settingsManager = Yii::$app->getModule('user')->settings;
// Load Defaults
$this->enabled = $settingsManager->get('auth.ldap.enabled');
$this->refreshUsers = $settingsManager->get('auth.ldap.refreshUsers');
$this->username = $settingsManager->get('auth.ldap.username');
$this->password = $settingsManager->get('auth.ldap.password');
$this->hostname = $settingsManager->get('auth.ldap.hostname');
$this->port = $settingsManager->get('auth.ldap.port');
$this->encryption = $settingsManager->get('auth.ldap.encryption');
$this->baseDn = $settingsManager->get('auth.ldap.baseDn');
$this->loginFilter = $settingsManager->get('auth.ldap.loginFilter');
$this->userFilter = $settingsManager->get('auth.ldap.userFilter');
$this->usernameAttribute = $settingsManager->get('auth.ldap.usernameAttribute');
$this->emailAttribute = $settingsManager->get('auth.ldap.emailAttribute');
$this->idAttribute = $settingsManager->get('auth.ldap.idAttribute');
if ($this->password != '')
$this->password = '---hidden---';
}
/**
* @inheritdoc
*/
public function rules()
{
return [
[['enabled', 'refreshUsers', 'usernameAttribute', 'emailAttribute', 'username', 'password', 'hostname', 'port', 'idAttribute'], 'string', 'max' => 255],
[['baseDn', 'loginFilter', 'userFilter'], 'string'],
[['usernameAttribute', 'username', 'password', 'hostname', 'port', 'baseDn', 'loginFilter', 'userFilter'], 'required'],
['encryption', 'in', 'range' => ['', 'ssl', 'tls']],
];
}
/**
* @inheritdoc
*/
public function attributeLabels()
{
return [
'enabled' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Enable LDAP Support'),
'refreshUsers' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Fetch/Update Users Automatically'),
'username' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Username'),
'password' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Password'),
'encryption' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Encryption'),
'hostname' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Hostname'),
'port' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Port'),
'baseDn' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Base DN'),
'loginFilter' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Login Filter'),
'userFilter' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'User Filer'),
'usernameAttribute' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Username Attribute'),
'emailAttribute' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'E-Mail Address Attribute'),
'idAttribute' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'ID Attribute'),
];
}
/**
* @inheritdoc
*/
public function attributeHints()
{
return [
'encryption' => Yii::t('AdminModule.views_setting_authentication_ldap', 'A TLS/SSL is strongly favored in production environments to prevent passwords from be transmitted in clear text.'),
'username' => Yii::t('AdminModule.views_setting_authentication_ldap', 'The default credentials username. Some servers require that this be in DN form. This must be given in DN form if the LDAP server requires a DN to bind and binding should be possible with simple usernames.'),
'password' => Yii::t('AdminModule.views_setting_authentication_ldap', 'The default credentials password (used only with username above).'),
'baseDn' => Yii::t('AdminModule.views_setting_authentication_ldap', 'The default base DN used for searching for accounts.'),
'loginFilter' => Yii::t('AdminModule.views_setting_authentication_ldap', 'Defines the filter to apply, when login is attempted. %s replaces the username in the login action. Example: &quot;(sAMAccountName=%s)&quot; or &quot;(uid=%s)&quot;'),
'usernameAttribute' => Yii::t('AdminModule.views_setting_authentication_ldap', 'LDAP Attribute for Username. Example: &quotuid&quot; or &quot;sAMAccountName&quot;'),
'emailAttribute' => Yii::t('AdminModule.views_setting_authentication_ldap', 'LDAP Attribute for E-Mail Address. Default: &quotmail&quot;'),
'idAttribute' => Yii::t('AdminModule.forms_AuthenticationLdapSettingsForm', 'Not changeable LDAP attribute to unambiguously identify the user in the directory. If empty the user will be determined automatically by e-mail address or username. Examples: objectguid (ActiveDirectory) or uidNumber (OpenLDAP)'),
'userFilter' => Yii::t('AdminModule.views_setting_authentication_ldap', 'Limit access to users meeting this criteria. Example: &quot(objectClass=posixAccount)&quot; or &quot;(&(objectClass=person)(memberOf=CN=Workers,CN=Users,DC=myDomain,DC=com))&quot;'),
];
}
/**
* Saves the form
*
* @return boolean
*/
public function save()
{
$settingsManager = Yii::$app->getModule('user')->settings;
$settingsManager->set('auth.ldap.enabled', $this->enabled);
$settingsManager->set('auth.ldap.refreshUsers', $this->refreshUsers);
$settingsManager->set('auth.ldap.hostname', $this->hostname);
$settingsManager->set('auth.ldap.port', $this->port);
$settingsManager->set('auth.ldap.encryption', $this->encryption);
$settingsManager->set('auth.ldap.username', $this->username);
if ($this->password != '---hidden---')
$settingsManager->set('auth.ldap.password', $this->password);
$settingsManager->set('auth.ldap.baseDn', $this->baseDn);
$settingsManager->set('auth.ldap.loginFilter', $this->loginFilter);
$settingsManager->set('auth.ldap.userFilter', $this->userFilter);
$settingsManager->set('auth.ldap.usernameAttribute', $this->usernameAttribute);
$settingsManager->set('auth.ldap.emailAttribute', $this->emailAttribute);
$settingsManager->set('auth.ldap.idAttribute', $this->idAttribute);
return true;
}
}

6
protected/humhub/modules/admin/widgets/AuthenticationMenu.php
View File

@ -33,12 +33,6 @@ class AuthenticationMenu extends \humhub\widgets\BaseMenu
'sortOrder' => 100,
'isActive' => (Yii::$app->controller->module && Yii::$app->controller->module->id == 'admin' && Yii::$app->controller->id == 'authentication' && Yii::$app->controller->action->id == 'index'),
]);
$this->addItem([
'label' => Yii::t('AdminModule.setting', "LDAP"),
'url' => Url::toRoute(['/admin/authentication/authentication-ldap']),
'sortOrder' => 200,
'isActive' => (Yii::$app->controller->module && Yii::$app->controller->module->id == 'admin' && Yii::$app->controller->id == 'authentication' && Yii::$app->controller->action->id == 'authentication-ldap'),
]);
parent::init();
}

33
protected/humhub/modules/ldap/Events.php Normal file
View File

@ -0,0 +1,33 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2019 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\ldap;
use Yii;
use yii\base\BaseObject;
use yii\helpers\Url;
/**
* Events provides callbacks for all defined module events.
*
* @author luke
*/
class Events extends BaseObject
{
/**
* @param $event
*/
public static function onAuthenticationMenu($event)
{
$event->sender->addItem([
'label' => Yii::t('LdapModule.base', 'LDAP'),
'url' => Url::to(['/ldap/admin']),
'sortOrder' => 200,
'isActive' => (Yii::$app->controller->module && Yii::$app->controller->module->id == 'ldap' && Yii::$app->controller->id == 'admin'),
]);
}
}

23
protected/humhub/modules/ldap/Module.php Normal file
View File

@ -0,0 +1,23 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2019 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\ldap;
/**
* Friedship Module
*/
class Module extends \humhub\components\Module
{
/**
* @inheritdoc
*/
public $controllerNamespace = 'humhub\modules\ldap\controllers';
}

34
protected/humhub/modules/user/authclient/ZendLdapClient.php → protected/humhub/modules/ldap/authclient/LdapAuth.php
View File

@ -2,16 +2,24 @@
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2018 HumHub GmbH & Co. KG
* @copyright Copyright (c) 2019 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\user\authclient;
use humhub\modules\user\libs\LdapHelper;
use DateTime;
use humhub\components\SettingsManager;
use humhub\libs\StringHelper;
use humhub\modules\ldap\helpers\LdapHelper;
use humhub\modules\user\authclient\interfaces\ApprovalBypass;
use humhub\modules\user\authclient\interfaces\AutoSyncUsers;
use humhub\modules\user\authclient\interfaces\PrimaryClient;
use humhub\modules\user\authclient\interfaces\SyncAttributes;
use humhub\modules\user\models\ProfileField;
use humhub\modules\user\models\User;
use Yii;
use yii\db\Expression;
use yii\helpers\ArrayHelper;
use Zend\Ldap\Exception\LdapException;
use Zend\Ldap\Ldap;
@ -23,11 +31,11 @@ use Zend\Ldap\Node;
* @todo create base ldap authentication, to bypass ApprovalByPass Interface
* @since 1.1
*/
class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, interfaces\SyncAttributes, interfaces\ApprovalBypass, interfaces\PrimaryClient
class LdapAuth extends BaseFormAuth implements AutoSyncUsers, SyncAttributes, ApprovalBypass, PrimaryClient
{
/**
* @var \Zend\Ldap\Ldap
* @var Ldap
*/
private $_ldap = null;
@ -83,6 +91,7 @@ class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, i
{
parent::init();
/** @var SettingsManager $settings */
$settings = Yii::$app->getModule('user')->settings;
if ($this->idAttribute === null) {
@ -111,15 +120,15 @@ class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, i
}
if ($this->userFilter === null) {
$this->userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter');
$this->userFilter = $settings->get('auth.ldap.userFilter');
}
if ($this->baseDn === null) {
$this->baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn');
$this->baseDn = $settings->get('auth.ldap.baseDn');
}
if ($this->autoRefreshUsers === null) {
$this->autoRefreshUsers = (boolean)Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers');
$this->autoRefreshUsers = (boolean) $settings->get('auth.ldap.refreshUsers');
}
}
@ -181,7 +190,7 @@ class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, i
* Try to find the user if authclient_id mapping is not set yet (legency)
* or idAttribute is not specified.
*
* @return type
* @return User
*/
protected function getUserAuto()
{
@ -192,7 +201,7 @@ class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, i
$query->where(['auth_mode' => $this->getId()]);
if ($this->idAttribute !== null) {
$query->andWhere(['IS', 'authclient_id', new \yii\db\Expression('NULL')]);
$query->andWhere(['IS', 'authclient_id', new Expression('NULL')]);
}
$conditions = ['OR'];
@ -259,14 +268,14 @@ class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, i
}
if (isset($normalized['objectguid'])) {
$normalized['objectguid'] = \humhub\libs\StringHelper::binaryToGuid($normalized['objectguid']);
$normalized['objectguid'] = StringHelper::binaryToGuid($normalized['objectguid']);
}
// Handle date fields (formats are specified in config)
foreach ($normalized as $name => $value) {
if (isset(Yii::$app->params['ldap']['dateFields'][$name]) && $value != '') {
$dateFormat = Yii::$app->params['ldap']['dateFields'][$name];
$date = \DateTime::createFromFormat($dateFormat, $value);
$date = DateTime::createFromFormat($dateFormat, $value);
if ($date !== false) {
$normalized[$name] = $date->format('Y-m-d 00:00:00');
@ -304,6 +313,7 @@ class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, i
* Returns Users LDAP Node
*
* @return Node the users ldap node
* @throws LdapException
*/
protected function getUserNode()
{
@ -365,7 +375,7 @@ class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, i
*
* @param \Zend\Ldap\Ldap $ldap
*/
public function setLdap(\Zend\Ldap\Ldap $ldap)
public function setLdap(Ldap $ldap)
{
$this->_ldap = $ldap;
}

20
protected/humhub/modules/ldap/config.php Normal file
View File

@ -0,0 +1,20 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2019 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
use humhub\modules\admin\widgets\AuthenticationMenu;
use humhub\modules\ldap\Events;
/** @noinspection MissedFieldInspection */
return [
'id' => 'ldap',
'class' => \humhub\modules\ldap\Module::class,
'isCoreModule' => true,
'events' => [
[AuthenticationMenu::class, AuthenticationMenu::EVENT_INIT, [Events::class, 'onAuthenticationMenu']],
]
];
?>

82
protected/humhub/modules/ldap/controllers/AdminController.php Normal file
View File

@ -0,0 +1,82 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2019 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\ldap\controllers;
use Exception;
use humhub\components\SettingsManager;
use humhub\modules\admin\components\Controller;
use humhub\modules\ldap\models\LdapSettings;
use humhub\modules\user\authclient\LdapAuth;
use Yii;
use Zend\Ldap\Exception\LdapException;
use Zend\Ldap\Ldap;
/**
* Class AdminController
* @package humhub\modules\ldap\controllers
*/
class AdminController extends Controller
{
/**
* @inheritdoc
*/
public function init()
{
$this->subLayout = '@admin/views/layouts/user';
parent::init();
}
/**
* Configure Ldap authentication
* @return string
*/
public function actionIndex()
{
/** @var SettingsManager $settings */
$settings = Yii::$app->getModule('user')->settings;
$form = new LdapSettings();
if ($form->load(Yii::$app->request->post()) && $form->validate() && $form->save()) {
$this->view->saved();
return $this->redirect(['/ldap/admin']);
}
$enabled = false;
$userCount = 0;
$errorMessage = "";
if ($settings->get('auth.ldap.enabled')) {
$enabled = true;
try {
$ldapAuthClient = new LdapAuth();
$ldap = $ldapAuthClient->getLdap();
$userCount = $ldap->count(
$settings->get('auth.ldap.userFilter'),
$settings->get('auth.ldap.baseDn'),
Ldap::SEARCH_SCOPE_SUB
);
} catch (LdapException $ex) {
$errorMessage = $ex->getMessage();
} catch (Exception $ex) {
$errorMessage = $ex->getMessage();
}
}
return $this->render('index', [
'model' => $form,
'enabled' => $enabled,
'userCount' => $userCount,
'errorMessage' => $errorMessage
]);
}
}

27
protected/humhub/modules/user/libs/LdapHelper.php → protected/humhub/modules/ldap/helpers/LdapHelper.php
View File

@ -2,13 +2,15 @@
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2017 HumHub GmbH & Co. KG
* @copyright Copyright (c) 2019 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\user\libs;
namespace humhub\modules\ldap\helpers;
use humhub\components\SettingsManager;
use Yii;
use Zend\Ldap\Ldap;
/**
* This class contains a lot of html helpers for the views
@ -20,19 +22,22 @@ class LdapHelper
public static function getLdapConnection()
{
/** @var SettingsManager $settings */
$settings = Yii::$app->getModule('user')->settings;
$options = [
'host' => Yii::$app->getModule('user')->settings->get('auth.ldap.hostname'),
'port' => Yii::$app->getModule('user')->settings->get('auth.ldap.port'),
'username' => Yii::$app->getModule('user')->settings->get('auth.ldap.username'),
'password' => Yii::$app->getModule('user')->settings->get('auth.ldap.password'),
'useStartTls' => (Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'tls'),
'useSsl' => (Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'ssl'),
'host' => $settings->get('auth.ldap.hostname'),
'port' => $settings->get('auth.ldap.port'),
'username' => $settings->get('auth.ldap.username'),
'password' => $settings->get('auth.ldap.password'),
'useStartTls' => ($settings->get('auth.ldap.encryption') == 'tls'),
'useSsl' => ($settings->get('auth.ldap.encryption') == 'ssl'),
'bindRequiresDn' => true,
'baseDn' => Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'),
'accountFilterFormat' => Yii::$app->getModule('user')->settings->get('auth.ldap.loginFilter'),
'baseDn' => $settings->get('auth.ldap.baseDn'),
'accountFilterFormat' => $settings->get('auth.ldap.loginFilter'),
];
$ldap = new \Zend\Ldap\Ldap($options);
$ldap = new Ldap($options);
$ldap->bind();
return $ldap;

150
protected/humhub/modules/ldap/models/LdapSettings.php Normal file
View File

@ -0,0 +1,150 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2019 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\ldap\models;
use Yii;
use yii\base\Model;
/**
* AuthenticationLdapSettingsForm
*
* @since 0.5
*/
class LdapSettings extends Model
{
public $enabled;
public $refreshUsers;
public $username;
public $password;
public $hostname;
public $port;
public $encryption;
public $baseDn;
public $loginFilter;
public $userFilter;
public $usernameAttribute;
public $emailAttribute;
public $idAttribute;
public $encryptionTypes = [
'' => 'None',
'tls' => 'TLS (aka SSLV2)',
'ssl' => 'SSL',
];
/**
* @inheritdoc
*/
public function init()
{
parent::init();
$settings = Yii::$app->getModule('user')->settings;
// Load Defaults
$this->enabled = $settings->get('auth.ldap.enabled');
$this->refreshUsers = $settings->get('auth.ldap.refreshUsers');
$this->username = $settings->get('auth.ldap.username');
$this->password = $settings->get('auth.ldap.password');
$this->hostname = $settings->get('auth.ldap.hostname');
$this->port = $settings->get('auth.ldap.port');
$this->encryption = $settings->get('auth.ldap.encryption');
$this->baseDn = $settings->get('auth.ldap.baseDn');
$this->loginFilter = $settings->get('auth.ldap.loginFilter');
$this->userFilter = $settings->get('auth.ldap.userFilter');
$this->usernameAttribute = $settings->get('auth.ldap.usernameAttribute');
$this->emailAttribute = $settings->get('auth.ldap.emailAttribute');
$this->idAttribute = $settings->get('auth.ldap.idAttribute');
if ($this->password != '')
$this->password = '---hidden---';
}
/**
* @inheritdoc
*/
public function rules()
{
return [
[['enabled', 'refreshUsers', 'usernameAttribute', 'emailAttribute', 'username', 'password', 'hostname', 'port', 'idAttribute'], 'string', 'max' => 255],
[['baseDn', 'loginFilter', 'userFilter'], 'string'],
[['usernameAttribute', 'username', 'password', 'hostname', 'port', 'baseDn', 'loginFilter', 'userFilter'], 'required'],
['encryption', 'in', 'range' => ['', 'ssl', 'tls']],
];
}
/**
* @inheritdoc
*/
public function attributeLabels()
{
return [
'enabled' => Yii::t('LdapModule.base', 'Enable LDAP Support'),
'refreshUsers' => Yii::t('LdapModule.base', 'Fetch/Update Users Automatically'),
'username' => Yii::t('LdapModule.base', 'Username'),
'password' => Yii::t('LdapModule.base', 'Password'),
'encryption' => Yii::t('LdapModule.base', 'Encryption'),
'hostname' => Yii::t('LdapModule.base', 'Hostname'),
'port' => Yii::t('LdapModule.base', 'Port'),
'baseDn' => Yii::t('LdapModule.base', 'Base DN'),
'loginFilter' => Yii::t('LdapModule.base', 'Login Filter'),
'userFilter' => Yii::t('LdapModule.base', 'User Filer'),
'usernameAttribute' => Yii::t('LdapModule.base', 'Username Attribute'),
'emailAttribute' => Yii::t('LdapModule.base', 'E-Mail Address Attribute'),
'idAttribute' => Yii::t('LdapModule.base', 'ID Attribute'),
];
}
/**
* @inheritdoc
*/
public function attributeHints()
{
return [
'encryption' => Yii::t('LdapModule.base', 'A TLS/SSL is strongly favored in production environments to prevent passwords from be transmitted in clear text.'),
'username' => Yii::t('LdapModule.base', 'The default credentials username. Some servers require that this be in DN form. This must be given in DN form if the LDAP server requires a DN to bind and binding should be possible with simple usernames.'),
'password' => Yii::t('LdapModule.base', 'The default credentials password (used only with username above).'),
'baseDn' => Yii::t('LdapModule.base', 'The default base DN used for searching for accounts.'),
'loginFilter' => Yii::t('LdapModule.base', 'Defines the filter to apply, when login is attempted. %s replaces the username in the login action. Example: &quot;(sAMAccountName=%s)&quot; or &quot;(uid=%s)&quot;'),
'usernameAttribute' => Yii::t('LdapModule.base', 'LDAP Attribute for Username. Example: &quotuid&quot; or &quot;sAMAccountName&quot;'),
'emailAttribute' => Yii::t('LdapModule.base', 'LDAP Attribute for E-Mail Address. Default: &quotmail&quot;'),
'idAttribute' => Yii::t('LdapModule.base', 'Not changeable LDAP attribute to unambiguously identify the user in the directory. If empty the user will be determined automatically by e-mail address or username. Examples: objectguid (ActiveDirectory) or uidNumber (OpenLDAP)'),
'userFilter' => Yii::t('LdapModule.base', 'Limit access to users meeting this criteria. Example: &quot(objectClass=posixAccount)&quot; or &quot;(&(objectClass=person)(memberOf=CN=Workers,CN=Users,DC=myDomain,DC=com))&quot;'),
];
}
/**
* Saves the form
*
* @return boolean
*/
public function save()
{
$settings = Yii::$app->getModule('user')->settings;
$settings->set('auth.ldap.enabled', $this->enabled);
$settings->set('auth.ldap.refreshUsers', $this->refreshUsers);
$settings->set('auth.ldap.hostname', $this->hostname);
$settings->set('auth.ldap.port', $this->port);
$settings->set('auth.ldap.encryption', $this->encryption);
$settings->set('auth.ldap.username', $this->username);
if ($this->password != '---hidden---')
$settings->set('auth.ldap.password', $this->password);
$settings->set('auth.ldap.baseDn', $this->baseDn);
$settings->set('auth.ldap.loginFilter', $this->loginFilter);
$settings->set('auth.ldap.userFilter', $this->userFilter);
$settings->set('auth.ldap.usernameAttribute', $this->usernameAttribute);
$settings->set('auth.ldap.emailAttribute', $this->emailAttribute);
$settings->set('auth.ldap.idAttribute', $this->idAttribute);
return true;
}
}

42
protected/humhub/modules/admin/views/authentication/authentication_ldap.php → protected/humhub/modules/ldap/views/admin/index.php
View File

@ -1,52 +1,43 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2019 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
/**
* @var $this \yii\web\View
* @var $enabled boolean
* @var $errorMessage string
* @var $model \humhub\modules\admin\models\forms\AuthenticationLdapSettingsForm
* @var $model \humhub\modules\ldap\models\LdapSettings
* @var $userCount string
*/
use humhub\models\Setting;
use humhub\widgets\DataSaved;
use yii\helpers\Html;
use yii\widgets\ActiveForm;
?>
<?php $this->beginContent('@admin/views/authentication/_authenticationLayout.php') ?>
<div class="panel-body">
<div class="help-block">
<?= Yii::t(
'AdminModule.views_setting_authentication_ldap',
'Specify your LDAP-backend used to fetch user accounts.'
) ?>
<?= Yii::t('LdapModule.base', 'Specify your LDAP-backend used to fetch user accounts.') ?>
</div>
<br>
<?php if ($enabled): ?>
<?php if (!empty($errorMessage)): ?>
<div class="alert alert-danger">
<?= Yii::t(
'AdminModule.views_setting_authentication_ldap',
'Status: Error! (Message: {message})',
['{message}' => $errorMessage]
) ?>
<?= Yii::t('LdapModule.base', 'Status: Error! (Message: {message})', ['{message}' => $errorMessage]) ?>
</div>
<?php elseif ($userCount == 0): ?>
<div class="alert alert-warning">
<?= Yii::t(
'AdminModule.views_setting_authentication_ldap',
'Status: Warning! (No users found using the ldap user filter!)'
) ?>
<?= Yii::t('LdapModule.base', 'Status: Warning! (No users found using the ldap user filter!)') ?>
</div>
<?php else: ?>
<div class="alert alert-success">
<?= Yii::t(
'AdminModule.views_setting_authentication_ldap',
'Status: OK! ({userCount} Users)',
['{userCount}' => $userCount]
) ?>
<?= Yii::t('LdapModule.base', 'Status: OK! ({userCount} Users)', ['{userCount}' => $userCount]) ?>
</div>
<?php endif; ?>
<?php endif; ?>
@ -80,12 +71,9 @@ use yii\widgets\ActiveForm;
<?= $form->field($model, 'refreshUsers')->checkbox() ?>
<hr>
<?= Html::submitButton(
Yii::t('AdminModule.views_setting_authentication_ldap', 'Save'),
['class' => 'btn btn-primary', 'data-ui-loader' => '']
) ?>
<?= Html::submitButton(Yii::t('base', 'Save'), ['class' => 'btn btn-primary', 'data-ui-loader' => '']) ?>
<?= DataSaved::widget() ?>
<?php ActiveForm::end() ?>
</div>
<?php $this->endContent() ?>
<?php $this->endContent() ?>