mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-21 08:22:07 +02:00
Code Issues Projects Releases Wiki Activity

auth/ldap cas/ldap MDL-23371 auth/ldap and auth/cas refactor

Browse Source 
They now share most of the code again, this time via subclassing, and they
share some code with enrol/ldap. They have also gained some features and a few
fixes.
This commit is contained in:
Inaki 2010-07-25 22:36:15 +00:00
parent a07dedff4f
commit fcf46da1c5
17 changed files with 1682 additions and 2986 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1234
auth/cas/auth.php
View File

File diff suppressed because it is too large Load Diff

17
auth/cas/cas_form.html
View File

@ -1,24 +1,11 @@
<div class="loginbox clearfix">
<div class="loginpanel">
<div>
<a href="<?php echo $CFG->wwwroot.'/login/index.php?authCAS=CAS';?>"><?php print_string("accesCAS","auth_cas");?></a>
<a href="<?php echo $CFG->wwwroot.'/login/index.php?authCAS=CAS';?>"><?php print_string('accesCAS', 'auth_cas');?></a>
</div>
<br/>
<div>
<a href="<?php echo $CFG->wwwroot.'/login/index.php?authCAS=NOCAS';?>"><?php print_string("accesNOCAS","auth_cas");?></a>
<a href="<?php echo $CFG->wwwroot.'/login/index.php?authCAS=NOCAS';?>"><?php print_string('accesNOCAS', 'auth_cas');?></a>
</div>
</div>
</div>

19
auth/cas/cas_ldap_sync_users.php
View File

@ -1,13 +1,13 @@
<?php
/** auth_ldap_sync_users.php
/** cas_ldap_sync_users.php
* Modified for cas Module
*
* This script is meant to be called from a cronjob to sync moodle with the LDAP
* backend in those setups where the LDAP backend acts as 'master'.
* This script is meant to be called from a cronjob to sync moodle with the CAS
* backend in those setups where the CAS backend acts as 'master'.
*
* Recommended cron entry:
* # 5 minutes past 4am
* 5 4 * * * /usr/bin/php -c /etc/php4/cli/php.ini /var/www/moodle/auth/ldap/auth_ldap_sync_users.php
* 5 4 * * * /usr/bin/php -c /etc/php4/cli/php.ini /var/www/moodle/auth/cas/cas_ldap_sync_users.php
*
* Notes:
* - If you have a large number of users, you may want to raise the memory limits
@ -21,20 +21,21 @@
*
*/
if (isset($_SERVER['REMOTE_ADDR'])) {
error_log("should not be called from web server!");
error_log('auth/cas/cas_ldap_sync_users.php can not be called from web server!');
echo 'auth/cas/cas_ldap_sync_users.php can not be called from web server!';
exit;
}
define('NO_MOODLE_COOKIES', true);
require_once(dirname(dirname(dirname(__FILE__))).'/config.php'); // global moodle config file.
require_once($CFG->dirroot.'/course/lib.php');
// Ensure errors are well explained
$CFG->debug = DEBUG_NORMAL;
if (!is_enabled_auth('cas')) {
echo "Plugin not enabled!";
error_log('[AUTH CAS] '.get_string('pluginnotenabled', 'auth_ldap'));
die;
}

1024
auth/cas/config.html
View File

File diff suppressed because it is too large Load Diff

13
auth/cas/db/install.php
View File

@ -8,4 +8,17 @@ function xmldb_auth_cas_install() {
// remove cached passwords, we do not need them for this plugin
$DB->set_field('user', 'password', 'not cached', array('auth'=>'cas'));
// We kept the LDAP version used to connect to the server in
// $config->version. In 2.0, $config->version is overwritten with
// the plugin version number, so we need to change the setting
// name. Let's call it 'ldap_version' and remove the old setting.
//
// This works by pure luck, as the plugin version number is stored in
// config_plugins table before we get called. The good news is the new
// version number is stored for 'auth_cas' plugin name, while the old ldap
// version setting is stored for 'auth/cas' plugin name. Yay!
if ($ldap_version = get_config('auth/cas', 'version')) {
set_config('ldap_version', $ldap_version, 'auth/cas');
unset_config('version', 'auth/cas');
}
}

2
auth/cas/lang/en/auth_cas.php
View File

@ -42,7 +42,7 @@ $string['auth_cas_invalidcaslogin'] = 'Sorry, your login has failed - you could
$string['auth_cas_language'] = 'Selected language';
$string['auth_cas_language_key'] = 'Language';
$string['auth_cas_logincas'] = 'Secure connection access';
$string['auth_cas_logoutcas'] = 'Turn this to \'yes\' if tou want to logout from CAS when you deconnect from Moodle';
$string['auth_cas_logoutcas'] = 'Turn this to \'yes\' if you want to logout from CAS when you disconnect from Moodle';
$string['auth_cas_logoutcas_key'] = 'Logout CAS';
$string['auth_cas_multiauth'] = 'Turn this to \'yes\' if you want to have multi-authentication (CAS + other authentication)';
$string['auth_cas_multiauth_key'] = 'Multi-authentication';

24
auth/cas/languages.php
View File

@ -1,13 +1,15 @@
<?PHP
<?php
// List of CAS langages.
$caslangprefix = 'PHPCAS_LANG_';
$CASLANGUAGES = array ();
// You can add langages in /CAS/langage.
// Please send them to http://esup-phpcas.sourceforge.net
$CASLANGUAGES = array (
"english" => "English",
"french" => "French");
$consts = get_defined_constants(true);
foreach ($consts['user'] as $key => $value) {
if (substr($key, 0, strlen($caslangprefix)) == $caslangprefix) {
$CASLANGUAGES[$value] = $value;
}
}
if (empty($CASLANGUAGES)) {
$CASLANGUAGES = array ('english' => 'english',
'french' => 'french');
}

2
auth/cas/version.php
View File

@ -1,3 +1,3 @@
<?php
$plugin->version = 2009112400;
$plugin->version = 2010072600;

1481
auth/ldap/auth.php
View File

File diff suppressed because it is too large Load Diff

14
auth/ldap/auth_ldap_sync_users.php
View File

@ -6,7 +6,7 @@
*
* Recommended cron entry:
* # 5 minutes past 4am
* 5 4 * * * /usr/bin/php -c /etc/php4/cli/php.ini /var/www/moodle/auth/ldap/auth_ldap_sync_users.php
* 5 4 * * * /usr/bin/php5 -c /etc/php5/cli/php.ini /var/www/moodle/auth/ldap/auth_ldap_sync_users.php
*
* Notes:
* - If you have a large number of users, you may want to raise the memory limits
@ -20,24 +20,24 @@
*
*/
if (isset($_SERVER['REMOTE_ADDR'])) {
error_log("should not be called from web server!");
error_log('auth/ldap/auth_ldap_sync_users.php can not be called from web server!');
echo 'auth/ldap/auth_ldap_sync_users.php can not be called from web server!';
exit;
}
define('NO_MOODLE_COOKIES', true);
require_once(dirname(dirname(dirname(__FILE__))).'/config.php'); // global moodle config file.
require_once($CFG->dirroot.'/course/lib.php');
// Ensure errors are well explained
$CFG->debug = DEBUG_NORMAL;
if (!is_enabled_auth('ldap')) {
echo "Plugin not enabled!";
error_log('[AUTH LDAP] '.get_string('pluginnotenabled', 'auth_ldap'));
die;
}
$ldapauth = get_auth_plugin('ldap');
$ldapauth->sync_users(true);

728
auth/ldap/config.html
View File

@ -1,265 +1,306 @@
<?php
// set to defaults if undefined
if (!isset($config->host_url))
{ $config->host_url = ''; }
if (empty($config->ldapencoding))
{ $config->ldapencoding = 'utf-8'; }
if (!isset($config->contexts))
{ $config->contexts = ''; }
if (!isset($config->user_type))
{ $config->user_type = 'default'; }
if (!isset($config->user_attribute))
{ $config->user_attribute = ''; }
if (!isset($config->search_sub))
{ $config->search_sub = ''; }
if (!isset($config->opt_deref))
{ $config->opt_deref = LDAP_DEREF_NEVER; }
if (!isset($config->preventpassindb))
{ $config->preventpassindb = 1; }
if (!isset($config->bind_dn))
{$config->bind_dn = ''; }
if (!isset($config->bind_pw))
{$config->bind_pw = ''; }
if (!isset($config->ldap_version))
{$config->ldap_version = '2'; }
if (!isset($config->objectclass))
{$config->objectclass = ''; }
if (!isset($config->memberattribute))
{$config->memberattribute = ''; }
if (!isset($config->memberattribute_isdn))
{$config->memberattribute_isdn = ''; }
if (!isset($config->creators))
{$config->creators = ''; }
if (!isset($config->create_context))
{$config->create_context = ''; }
if (!isset($config->expiration))
{$config->expiration = ''; }
if (!isset($config->expiration_warning))
{$config->expiration_warning = '10'; }
if (!isset($config->expireattr))
{$config->expireattr = ''; }
if (!isset($config->gracelogins))
{$config->gracelogins = ''; }
if (!isset($config->graceattr))
{$config->graceattr = ''; }
if (!isset($config->auth_user_create))
{$config->auth_user_create = ''; }
if (!isset($config->forcechangepassword))
{$config->forcechangepassword = 0; }
if (!isset($config->stdchangepassword))
{$config->stdchangepassword = 0; }
if (!isset($config->passtype))
{$config->passtype = 'plaintext';}
if (!isset($config->changepasswordurl))
{$config->changepasswordurl = ''; }
if (!isset($config->removeuser))
{$config->removeuser = AUTH_REMOVEUSER_KEEP; }
if (!isset($config->ntlmsso_enabled))
{$config->ntlmsso_enabled = 0; }
if (!isset($config->ntlmsso_subnet))
{$config->ntlmsso_subnet = ''; }
if (!isset($config->ntlmsso_ie_fastpath))
{$config->ntlmsso_ie_fastpath = 0; }
$yesno = array( get_string('no'), get_string('yes') );
if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
echo $OUTPUT->notification(get_string('auth_ldap_noextension','auth_ldap'));
// Set to defaults if undefined
if (!isset($config->host_url)) {
$config->host_url = '';
}
if (empty($config->ldapencoding)) {
$config->ldapencoding = 'utf-8';
}
if (!isset($config->contexts)) {
$config->contexts = '';
}
if (!isset($config->user_type)) {
$config->user_type = 'default';
}
if (!isset($config->user_attribute)) {
$config->user_attribute = '';
}
if (!isset($config->search_sub)) {
$config->search_sub = '';
}
if (!isset($config->opt_deref)) {
$config->opt_deref = LDAP_DEREF_NEVER;
}
if (!isset($config->preventpassindb)) {
$config->preventpassindb = 0;
}
if (!isset($config->bind_dn)) {
$config->bind_dn = '';
}
if (!isset($config->bind_pw)) {
$config->bind_pw = '';
}
if (!isset($config->ldap_version)) {
$config->ldap_version = '3';
}
if (!isset($config->objectclass)) {
$config->objectclass = '';
}
if (!isset($config->memberattribute)) {
$config->memberattribute = '';
}
if (!isset($config->memberattribute_isdn)) {
$config->memberattribute_isdn = '';
}
if (!isset($config->creators)) {
$config->creators = '';
}
if (!isset($config->create_context)) {
$config->create_context = '';
}
if (!isset($config->expiration)) {
$config->expiration = '';
}
if (!isset($config->expiration_warning)) {
$config->expiration_warning = '10';
}
if (!isset($config->expireattr)) {
$config->expireattr = '';
}
if (!isset($config->gracelogins)) {
$config->gracelogins = '';
}
if (!isset($config->graceattr)) {
$config->graceattr = '';
}
if (!isset($config->auth_user_create)) {
$config->auth_user_create = '';
}
if (!isset($config->forcechangepassword)) {
$config->forcechangepassword = 0;
}
if (!isset($config->stdchangepassword)) {
$config->stdchangepassword = 0;
}
if (!isset($config->passtype)) {
$config->passtype = 'plaintext';
}
if (!isset($config->changepasswordurl)) {
$config->changepasswordurl = '';
}
if (!isset($config->removeuser)) {
$config->removeuser = AUTH_REMOVEUSER_KEEP;
}
if (!isset($config->ntlmsso_enabled)) {
$config->ntlmsso_enabled = 0;
}
if (!isset($config->ntlmsso_subnet)) {
$config->ntlmsso_subnet = '';
}
if (!isset($config->ntlmsso_ie_fastpath)) {
$config->ntlmsso_ie_fastpath = 0;
}
if (!isset($config->ntlmsso_type)) {
$config->ntlmsso_type = 'ntlm';
}
$yesno = array(get_string('no'), get_string('yes'));
?>
<table cellspacing="0" cellpadding="5" border="0">
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_server_settings', 'auth_ldap') ?> </h4>
<h4><?php print_string('auth_ldap_server_settings', 'auth_ldap') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="host_url"><?php print_string('auth_ldap_host_url_key','auth_ldap') ?></label></td>
<td align="right">
<label for="host_url"><?php print_string('auth_ldap_host_url_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="host_url" id="host_url" type="text" size="30" value="<?php echo $config->host_url?>" />
<?php if (isset($err['host_url'])) echo $OUTPUT->error_text($err['host_url']); ?>
<?php if (isset($err['host_url'])) { echo $OUTPUT->error_text($err['host_url']); } ?>
</td>
<td>
<?php print_string('auth_ldap_host_url','auth_ldap') ?>
<?php print_string('auth_ldap_host_url', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menuversion"><?php print_string('auth_ldap_version_key','auth_ldap') ?></label></td>
<td>
<?php
$versions = array();
$versions[2] = '2';
$versions[3] = '3';
echo html_writer::select($versions, 'ldap_version', $config->ldap_version, false);
if (isset($err['ldap_version'])) echo $OUTPUT->error_text($err['ldap_version']);
?>
<td align="right">
<label for="menuversion"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_version','auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="ldapencoding"><?php print_string("auth_ldap_ldap_encoding_key", "auth_ldap") ?></label></td>
<td>
<input id="ldapencoding" name="ldapencoding" type="text" value="<?php echo $config->ldapencoding ?>" />
<?php
if (isset($err['ldapencoding'])) {
echo $OUTPUT->error_text($err['ldapencoding']);
}
$versions = array();
$versions[2] = '2';
$versions[3] = '3';
echo html_writer::select($versions, 'ldap_version', $config->ldap_version, false);
if (isset($err['ldap_version'])) { echo $OUTPUT->error_text($err['ldap_version']); }
?>
</td>
<td><?php print_string('auth_ldap_ldap_encoding', 'auth_ldap') ?></td>
<td>
<?php print_string('auth_ldap_version', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_bind_settings', 'auth_ldap') ?> </h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menupreventpassindb"><?php print_string('auth_ldap_preventpassindb_key','auth_ldap') ?></label></td>
<td align="right">
<label for="ldapencoding"><?php print_string('auth_ldap_ldap_encoding_key', 'auth_ldap') ?></label>
</td>
<td>
<input id="ldapencoding" name="ldapencoding" type="text" value="<?php echo $config->ldapencoding ?>" />
<?php if (isset($err['ldapencoding'])) { echo $OUTPUT->error_text($err['ldapencoding']); } ?>
</td>
<td>
<?php print_string('auth_ldap_ldap_encoding', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_bind_settings', 'auth_ldap') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="menupreventpassindb"><?php print_string('auth_ldap_preventpassindb_key', 'auth_ldap') ?></label>
</td>
<td>
<?php echo html_writer::select($yesno, 'preventpassindb', $config->preventpassindb, false); ?>
</td><td>
<?php print_string('auth_ldap_preventpassindb','auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="bind_dn"><?php print_string('auth_ldap_bind_dn_key','auth_ldap') ?></label></td>
<td>
<input name="bind_dn" id="bind_dn" type="text" size="30" value="<?php echo $config->bind_dn?>" />
<?php if (isset($err['bind_dn'])) echo $OUTPUT->error_text($err['bind_dn']); ?>
</td><td>
<?php print_string('auth_ldap_bind_dn','auth_ldap') ?>
<?php print_string('auth_ldap_preventpassindb', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="bind_pw"><?php print_string('auth_ldap_bind_pw_key','auth_ldap') ?></label></td>
<td align="right">
<label for="bind_dn"><?php print_string('auth_ldap_bind_dn_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="bind_pw" id="bind_pw" type="password" size="30" value="<?php echo $config->bind_pw?>" />
<?php if (isset($err['bind_pw'])) echo $OUTPUT->error_text($err['bind_pw']); ?>
</td><td>
<?php print_string('auth_ldap_bind_pw','auth_ldap') ?>
<input name="bind_dn" id="bind_dn" type="text" size="30" value="<?php echo $config->bind_dn?>" />
<?php if (isset($err['bind_dn'])) { echo $OUTPUT->error_text($err['bind_dn']); } ?>
</td>
<td>
<?php print_string('auth_ldap_bind_dn', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="bind_pw"><?php print_string('auth_ldap_bind_pw_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="bind_pw" id="bind_pw" type="password" size="30" value="<?php echo $config->bind_pw?>" />
<?php if (isset($err['bind_pw'])) { echo $OUTPUT->error_text($err['bind_pw']); } ?>
</td>
<td>
<?php print_string('auth_ldap_bind_pw', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_user_settings', 'auth_ldap') ?> </h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menuuser_type"><?php print_string('auth_ldap_user_type_key','auth_ldap') ?></label></td>
<td>
<?php echo html_writer::select($this->ldap_suppported_usertypes(), 'user_type', $config->user_type, false); ?>
<?php if (isset($err['user_type'])) echo $OUTPUT->error_text($err['user_type']); ?>
</td>
<td>
<?php print_string('auth_ldap_user_type', 'auth_ldap') ?>
<td colspan="2">
<h4><?php print_string('auth_ldap_user_settings', 'auth_ldap') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="contexts"><?php print_string('auth_ldap_contexts_key','auth_ldap') ?></label></td>
<td>
<input name="contexts" id="contexts" type="text" size="30" value="<?php echo $config->contexts?>" />
<?php if (isset($err['contexts'])) echo $OUTPUT->error_text($err['contexts']); ?>
<td align="right">
<label for="menuuser_type"><?php print_string('auth_ldap_user_type_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_contexts', 'auth_ldap') ?>
<?php
echo html_writer::select(ldap_supported_usertypes(), 'user_type', $config->user_type, false);
if (isset($err['user_type'])) { echo $OUTPUT->error_text($err['user_type']); }
?>
</td>
<td>
<?php print_string('auth_ldap_user_type', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menusearch_sub"><?php print_string('auth_ldap_search_sub_key','auth_ldap') ?></label></td>
<td align="right">
<label for="contexts"><?php print_string('auth_ldap_contexts_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="contexts" id="contexts" type="text" size="30" value="<?php echo $config->contexts?>" />
<?php if (isset($err['contexts'])) { echo $OUTPUT->error_text($err['contexts']); } ?>
</td>
<td>
<?php print_string('auth_ldap_contexts', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="menusearch_sub"><?php print_string('auth_ldap_search_sub_key', 'auth_ldap') ?></label>
</td>
<td>
<?php echo html_writer::select($yesno, 'search_sub', $config->search_sub, false); ?>
</td>
<td>
<?php print_string('auth_ldap_search_sub','auth_ldap') ?>
<?php print_string('auth_ldap_search_sub', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menuopt_deref"><?php print_string('auth_ldap_opt_deref_key','auth_ldap') ?></label></td>
<td>
<?php
$opt_deref = array();
$opt_deref[LDAP_DEREF_NEVER] = get_string('no');
$opt_deref[LDAP_DEREF_ALWAYS] = get_string('yes');
echo html_writer::select($opt_deref, 'opt_deref', $config->opt_deref, false);
if (isset($err['opt_deref'])) echo $OUTPUT->error_text($err['opt_deref']);
?>
<td align="right">
<label for="menuopt_deref"><?php print_string('auth_ldap_opt_deref_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_opt_deref','auth_ldap') ?>
<?php
$opt_deref = array();
$opt_deref[LDAP_DEREF_NEVER] = get_string('no');
$opt_deref[LDAP_DEREF_ALWAYS] = get_string('yes');
echo html_writer::select($opt_deref, 'opt_deref', $config->opt_deref, false);
if (isset($err['opt_deref'])) { echo $OUTPUT->error_text($err['opt_deref']); }
?>
</td>
<td>
<?php print_string('auth_ldap_opt_deref', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="user_attribute"><?php print_string('auth_ldap_user_attribute_key','auth_ldap') ?></label></td>
<td>
<input name="user_attribute" id="user_attribute" type="text" size="30" value="<?php echo $config->user_attribute?>" />
<?php if (isset($err['user_attribute'])) echo $OUTPUT->error_text($err['user_attribute']); ?>
<td align="right">
<label for="user_attribute"><?php print_string('auth_ldap_user_attribute_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_user_attribute','auth_ldap') ?>
<input name="user_attribute" id="user_attribute" type="text" size="30" value="<?php echo $config->user_attribute?>" />
<?php if (isset($err['user_attribute'])) { echo $OUTPUT->error_text($err['user_attribute']); } ?>
</td>
<td>
<?php print_string('auth_ldap_user_attribute', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="memberattribute"><?php print_string('auth_ldap_memberattribute_key','auth_ldap') ?></label></td>
<td>
<input name="memberattribute" id="memberattribute" type="text" size="30" value="<?php echo $config->memberattribute?>" />
<?php if (isset($err['memberattribute'])) echo $OUTPUT->error_text($err['memberattribute']); ?>
</td><td>
<?php print_string('auth_ldap_memberattribute','auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="memberattribute_isdn"><?php print_string('auth_ldap_memberattribute_isdn_key','auth_ldap') ?></label></td>
<td>
<input name="memberattribute_isdn" id="memberattribute_isdn" type="text" size="30" value="<?php echo $config->memberattribute_isdn?>" />
<?php if (isset($err['memberattribute_isdn'])) echo $OUTPUT->error_text($err['memberattribute_isdn']); ?>
</td><td>
<?php print_string('auth_ldap_memberattribute_isdn','auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="objectclass"><?php print_string('auth_ldap_objectclass_key','auth_ldap') ?></label></td>
<td>
<input name="objectclass" id="objectclass" type="text" size="30" value="<?php echo $config->objectclass?>" />
<?php if (isset($err['objectclass'])) echo $OUTPUT->error_text($err['objectclass']); ?>
<td align="right">
<label for="memberattribute"><?php print_string('auth_ldap_memberattribute_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_objectclass','auth_ldap') ?>
<input name="memberattribute" id="memberattribute" type="text" size="30" value="<?php echo $config->memberattribute?>" />
<?php if (isset($err['memberattribute'])) { echo $OUTPUT->error_text($err['memberattribute']); } ?>
</td>
<td>
<?php print_string('auth_ldap_memberattribute', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="memberattribute_isdn"><?php print_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="memberattribute_isdn" id="memberattribute_isdn" type="text" size="30" value="<?php echo $config->memberattribute_isdn?>" />
<?php if (isset($err['memberattribute_isdn'])) { echo $OUTPUT->error_text($err['memberattribute_isdn']); } ?>
</td>
<td>
<?php print_string('auth_ldap_memberattribute_isdn', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="objectclass"><?php print_string('auth_ldap_objectclass_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="objectclass" id="objectclass" type="text" size="30" value="<?php echo $config->objectclass?>" />
<?php if (isset($err['objectclass'])) { echo $OUTPUT->error_text($err['objectclass']); } ?>
</td>
<td>
<?php print_string('auth_ldap_objectclass', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('forcechangepassword', 'auth') ?> </h4>
</td>
<td colspan="2">
<h4><?php print_string('forcechangepassword', 'auth') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right" valign="top"><label for="menuforcechangepassword"><?php print_string('forcechangepassword', 'auth') ?></label></td>
<td align="right" valign="top">
<label for="menuforcechangepassword"><?php print_string('forcechangepassword', 'auth') ?></label>
</td>
<td>
<?php echo html_writer::select($yesno, 'forcechangepassword', $config->forcechangepassword, false); ?>
</td>
@ -267,9 +308,10 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
<p><?php print_string('forcechangepasswordfirst_help', 'auth') ?></p>
</td>
</tr>
<tr valign="top" class="required">
<td align="right" valign="top"><label for="menustdchangepassword"><?php print_string('stdchangepassword', 'auth') ?></label></td>
<tr valign="top" class="required">
<td align="right" valign="top">
<label for="menustdchangepassword"><?php print_string('stdchangepassword', 'auth') ?></label>
</td>
<td>
<?php echo html_writer::select($yesno, 'stdchangepassword', $config->stdchangepassword, false); ?>
</td>
@ -278,221 +320,233 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
<p><?php print_string('stdchangepassword_explldap', 'auth') ?></p>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menupasstype"><?php print_string('auth_ldap_passtype_key', 'auth_ldap') ?></label></td>
<td align="right">
<label for="menupasstype"><?php print_string('auth_ldap_passtype_key', 'auth_ldap') ?></label>
</td>
<td>
<?php
$passtype = array();
$passtype['plaintext'] = get_string('plaintext', 'auth');
$passtype['md5'] = get_string('md5', 'auth');
$passtype['sha1'] = get_string('sha1', 'auth');
echo html_writer::select($passtype, 'passtype', $config->passtype, false);
$passtype = array();
$passtype['plaintext'] = get_string('plaintext', 'auth');
$passtype['md5'] = get_string('md5', 'auth');
$passtype['sha1'] = get_string('sha1', 'auth');
echo html_writer::select($passtype, 'passtype', $config->passtype, false);
?>
</td>
<td><?php print_string('auth_ldap_passtype', 'auth_ldap') ?></td>
<td>
<?php print_string('auth_ldap_passtype', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="changepasswordurl"><?php print_string('auth_ldap_changepasswordurl_key','auth_ldap') ?></label></td>
<td align="right">
<label for="changepasswordurl"><?php print_string('auth_ldap_changepasswordurl_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="changepasswordurl" id="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
<?php if (isset($err['changepasswordurl'])) { echo $OUTPUT->error_text($err['changepasswordurl']); } ?>
</td>
<td>
<?php print_string('changepasswordhelp', 'auth') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_passwdexpire_settings', 'auth_ldap') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="menuexpiration"><?php print_string('auth_ldap_expiration_key', 'auth_ldap') ?></label>
</td>
<td>
<?php
if (isset($err['changepasswordurl'])) {
echo $OUTPUT->error_text($err['changepasswordurl']);
}
$expiration = array();
$expiration['0'] = 'no';
$expiration['1'] = 'LDAP';
echo html_writer::select($expiration, 'expiration', $config->expiration, false);
if (isset($err['expiration'])) { echo $OUTPUT->error_text($err['expiration']); }
?>
</td>
<td><?php print_string('changepasswordhelp', 'auth') ?></td>
<td>
<?php print_string('auth_ldap_expiration_desc', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_passwdexpire_settings', 'auth_ldap') ?> </h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menuexpiration"><?php print_string('auth_ldap_expiration_key','auth_ldap') ?></label></td>
<td>
<?php
$expiration = array();
$expiration['0'] = 'no';
$expiration['1'] = 'LDAP';
echo html_writer::select($expiration, 'expiration', $config->expiration, false);
if (isset($err['expiration'])) echo $OUTPUT->error_text($err['expiration']);
?>
<td align="right">
<label for="expiration_warning"><?php print_string('auth_ldap_expiration_warning_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_expiration_desc','auth_ldap') ?>
<input name="expiration_warning" id="expiration_warning" type="text" size="2" value="<?php echo $config->expiration_warning?>" />
<?php if (isset($err['expiration_warning'])) { echo $OUTPUT->error_text($err['expiration_warning']); } ?>
</td>
<td>
<?php print_string('auth_ldap_expiration_warning_desc', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="expiration_warning"><?php print_string('auth_ldap_expiration_warning_key','auth_ldap') ?></label></td>
<td>
<input name="expiration_warning" id="expiration_warning" type="text" size="2" value="<?php echo $config->expiration_warning?>" />
<?php if (isset($err['expiration_warning'])) echo $OUTPUT->error_text($err['expiration_warning']);
?>
<td align="right">
<label for="expireattr"><?php print_string('auth_ldap_expireattr_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_expiration_warning_desc','auth_ldap') ?>
<input name="expireattr" id="expireattr" type="text" size="30" value="<?php echo $config->expireattr?>" />
<?php if (isset($err['expireattr'])) { echo $OUTPUT->error_text($err['expireattr']); } ?>
</td>
<td>
<?php print_string('auth_ldap_expireattr_desc', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="expireattr"><?php print_string('auth_ldap_expireattr_key','auth_ldap') ?></label></td>
<td>
<input name="expireattr" id="expireattr" type="text" size="30" value="<?php echo $config->expireattr?>" />
<?php if (isset($err['expireattr'])) echo $OUTPUT->error_text($err['expireattr']);
?>
<td align="right">
<label for="menugracelogins"><?php print_string('auth_ldap_gracelogins_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_expireattr_desc','auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menugracelogins"><?php print_string('auth_ldap_gracelogins_key','auth_ldap') ?></label></td>
<td>
<?php echo html_writer::select($yesno, 'gracelogins', $config->gracelogins, false); ?>
</td>
<td>
<?php print_string('auth_ldap_gracelogins_desc','auth_ldap') ?>
<?php print_string('auth_ldap_gracelogins_desc', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="graceattr"><?php print_string('auth_ldap_gracelogin_key','auth_ldap') ?></label></td>
<td>
<input name="graceattr" id="graceattr" type="text" size="30" value="<?php echo $config->graceattr?>" />
<?php if (isset($err['graceattr'])) echo $OUTPUT->error_text($err['graceattr']);
?>
<td align="right">
<label for="graceattr"><?php print_string('auth_ldap_gracelogin_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ldap_graceattr_desc','auth_ldap') ?>
<input name="graceattr" id="graceattr" type="text" size="30" value="<?php echo $config->graceattr?>" />
<?php if (isset($err['graceattr'])) { echo $OUTPUT->error_text($err['graceattr']); } ?>
</td>
<td>
<?php print_string('auth_ldap_graceattr_desc', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_user_create', 'auth') ?> </h4>
</td>
<td colspan="2">
<h4><?php print_string('auth_user_create', 'auth') ?></h4>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="menuauth_user_create"><?php print_string('auth_ldap_auth_user_create_key','auth_ldap') ?></label></td>
<td>
<?php echo html_writer::select($yesno, 'auth_user_create', $config->auth_user_create, false); ?>
<td align="right">
<label for="menuauth_user_create"><?php print_string('auth_ldap_auth_user_create_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string("auth_user_creation","auth"); ?>
<?php echo html_writer::select($yesno, 'auth_user_create', $config->auth_user_create, false); ?>
</td>
<td>
<?php print_string('auth_user_creation', 'auth'); ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="create_context"><?php print_string('auth_ldap_create_context_key','auth_ldap') ?></label></td>
<td align="right">
<label for="create_context"><?php print_string('auth_ldap_create_context_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="create_context" id="create_context" type="text" size="30" value="<?php echo $config->create_context?>" />
<?php if (isset($err['create_context'])) echo $OUTPUT->error_text($err['create_context']); ?>
</td><td>
<?php print_string('auth_ldap_create_context','auth_ldap') ?>
<input name="create_context" id="create_context" type="text" size="30" value="<?php echo $config->create_context?>" />
<?php if (isset($err['create_context'])) { echo $OUTPUT->error_text($err['create_context']); } ?>
</td>
<td>
<?php print_string('auth_ldap_create_context', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('coursecreators') ?> </h4>
</td>
<td colspan="2">
<h4><?php print_string('coursecreators') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="creators"><?php print_string('auth_ldap_creators_key','auth_ldap') ?></label></td>
<td>
<input name="creators" id="creators" type="text" size="30" value="<?php echo $config->creators?>" />
<?php if (isset($err['creators'])) echo $OUTPUT->error_text($err['creators']); ?>
</td><td>
<?php print_string('auth_ldap_creators','auth_ldap') ?>
<td align="right">
<label for="creators"><?php print_string('auth_ldap_creators_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="creators" id="creators" type="text" size="30" value="<?php echo $config->creators?>" />
<?php if (isset($err['creators'])) { echo $OUTPUT->error_text($err['creators']); } ?>
</td>
<td>
<?php print_string('auth_ldap_creators', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_sync_script', 'auth') ?> </h4>
</td>
<td colspan="2">
<h4><?php print_string('auth_sync_script', 'auth') ?></h4>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="menuremoveuser"><?php print_string('auth_remove_user_key','auth') ?></label></td>
<td>
<?php
$deleteopt = array();
$deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep','auth');
$deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend','auth');
$deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete','auth');
echo html_writer::select($deleteopt, 'removeuser', $config->removeuser, false);
?>
<td align="right">
<label for="menuremoveuser"><?php print_string('auth_remove_user_key', 'auth') ?></label>
</td>
<td>
<?php print_string('auth_remove_user','auth') ?>
<?php
$deleteopt = array();
$deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth');
$deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth');
$deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth');
echo html_writer::select($deleteopt, 'removeuser', $config->removeuser, false);
?>
</td>
<td>
<?php print_string('auth_remove_user', 'auth') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ntlmsso', 'auth_ldap') ?> </h4>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="menuntlmsso_enabled"><?php print_string('auth_ntlmsso_enabled_key','auth_ldap') ?></label></td>
<td>
<?php
echo html_writer::select($yesno, 'ntlmsso_enabled', $config->ntlmsso_enabled);
?>
</td>
<td>
<?php print_string('auth_ntlmsso_enabled','auth_ldap') ?>
<td colspan="2">
<h4><?php print_string('auth_ntlmsso', 'auth_ldap') ?></h4>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="ntlmsso_subnet"><?php print_string('auth_ntlmsso_subnet_key','auth_ldap') ?></label></td>
<td><input name="ntlmsso_subnet" id="ntlmsso_subnet" type="text" size="30" value="<?php p($config->ntlmsso_subnet) ?>" />
<td align="right">
<label for="menuntlmsso_enabled"><?php print_string('auth_ntlmsso_enabled_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ntlmsso_subnet','auth_ldap') ?>
<?php echo html_writer::select($yesno, 'ntlmsso_enabled', $config->ntlmsso_enabled, false); ?>
</td>
<td>
<?php print_string('auth_ntlmsso_enabled', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="menuntlmsso_ie_fastpath"><?php print_string('auth_ntlmsso_ie_fastpath_key','auth_ldap') ?></label></td>
<td>
<?php
echo html_writer::select($yesno, 'ntlmsso_ie_fastpath', $config->ntlmsso_ie_fastpath);
?>
<td align="right">
<label for="ntlmsso_subnet"><?php print_string('auth_ntlmsso_subnet_key', 'auth_ldap') ?></label>
</td>
<td>
<?php print_string('auth_ntlmsso_ie_fastpath','auth_ldap') ?>
<input name="ntlmsso_subnet" id="ntlmsso_subnet" type="text" size="30" value="<?php p($config->ntlmsso_subnet) ?>" />
</td>
<td>
<?php print_string('auth_ntlmsso_subnet', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top">
<td align="right">
<label for="menuntlmsso_ie_fastpath"><?php print_string('auth_ntlmsso_ie_fastpath_key', 'auth_ldap') ?></label>
</td>
<td>
<?php echo html_writer::select($yesno, 'ntlmsso_ie_fastpath', $config->ntlmsso_ie_fastpath, false); ?>
</td>
<td>
<?php print_string('auth_ntlmsso_ie_fastpath', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top">
<td align="right">
<label for="menuntlmsso_type"><?php print_string('auth_ntlmsso_type_key', 'auth_ldap')?></label>
</td>
<td>
<?php
$types = array();
$types['ntlm'] = 'NTLM';
$types['kerberos'] = 'Kerberos';
echo html_writer::select($types, 'ntlmsso_type', $config->ntlmsso_type, false);
?>
</td>
<td>
<?php print_string('auth_ntlmsso_type','auth_ldap') ?>
</td>
</tr>
<?php
$help = get_string('auth_ldapextrafields','auth_ldap');
$help .= get_string('auth_updatelocal_expl','auth');
$help .= get_string('auth_fieldlock_expl','auth');
$help .= get_string('auth_updateremote_expl','auth');
$help = get_string('auth_ldapextrafields', 'auth_ldap');
$help .= get_string('auth_updatelocal_expl', 'auth');
$help .= get_string('auth_fieldlock_expl', 'auth');
$help .= get_string('auth_updateremote_expl', 'auth');
$help .= '<hr />';
$help .= get_string('auth_updateremote_ldap','auth');
$help .= get_string('auth_updateremote_ldap', 'auth');
print_auth_lock_options('ldap', $user_fields, $help, true, true);
?>
</table>

18
auth/ldap/db/install.php
View File

@ -1,14 +1,12 @@
<?php
function xmldb_auth_ldap_install() {
function xmldb_auth_cas_install() {
global $CFG, $DB;
// upgrade from 1.9.x, introducing version.php
// remove cached passwords, we do not need them for this plugin, but only if internal
if (get_config('auth/ldap', 'preventpassindb')) {
$DB->set_field('user', 'password', 'not cached', array('auth'=>'ldap'));
}
// remove cached passwords, we do not need them for this plugin
$DB->set_field('user', 'password', 'not cached', array('auth'=>'cas'));
// We kept the LDAP version used to connect to the server in
// $config->version. In 2.0, $config->version is overwritten with
@ -17,10 +15,10 @@ function xmldb_auth_ldap_install() {
//
// This works by pure luck, as the plugin version number is stored in
// config_plugins table before we get called. The good news is the new
// version number is stored for 'auth_ldap' plugin name, while the old ldap
// version setting is stored for 'auth/ldap' plugin name. Yay!
if ($ldap_version = get_config('auth/ldap', 'version')) {
set_config('ldap_version', $ldap_version, 'auth/ldap');
unset_config('version', 'auth/ldap');
// version number is stored for 'auth_cas' plugin name, while the old ldap
// version setting is stored for 'auth/cas' plugin name. Yay!
if ($ldap_version = get_config('auth/cas', 'version')) {
set_config('ldap_version', $ldap_version, 'auth/cas');
unset_config('version', 'auth/cas');
}
}

42
auth/ldap/lang/en/auth_ldap.php
View File

@ -40,13 +40,9 @@ $string['auth_ldap_create_error'] = 'Error creating user in LDAP.';
$string['auth_ldap_creators'] = 'List of groups or contexts whose members are allowed to create new courses. Separate multiple groups with \';\'. Usually something like \'cn=teachers,ou=staff,o=myorg\'';
$string['auth_ldap_creators_key'] = 'Creators';
$string['auth_ldapdescription'] = 'This method provides authentication against an external LDAP server.
If the given username and password are valid, Moodle creates a new user
entry in its database. This module can read user attributes from LDAP and prefill
wanted fields in Moodle. For following logins only the username and
password are checked.';
$string['auth_ldap_expiration_desc'] = 'Select No to disable expired password checking or LDAP to read passwordexpiration time directly from LDAP';
$string['auth_ldap_expiration_key'] = 'Expiration';
@ -73,7 +69,7 @@ $string['auth_ldap_memberattribute_isdn_key'] = 'Member attribute uses dn';
$string['auth_ldap_memberattribute_key'] = 'Member attribute';
$string['auth_ldap_noconnect'] = 'LDAP-module cannot connect to server: {$a}';
$string['auth_ldap_noconnect_all'] = 'LDAP-module cannot connect to any servers: {$a}';
$string['auth_ldap_noextension'] = 'Warning: The PHP LDAP module does not seem to be present. Please ensure it is installed and enabled.';
$string['auth_ldap_noextension'] = '<em>The PHP LDAP module does not seem to be present. Please ensure it is installed and enabled if you want to use this authentication plugin.</em>';
$string['auth_ldap_no_mbstring'] = 'You need the mbstring extension to create users in Active Directory.';
$string['auth_ldapnotinstalled'] = 'Cannot use LDAP authentication. The PHP LDAP module is not installed.';
$string['auth_ldap_objectclass'] = 'Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this.';
@ -88,7 +84,7 @@ $string['auth_ldap_preventpassindb_key'] = 'Hide passwords';
$string['auth_ldap_search_sub'] = 'Search users from subcontexts.';
$string['auth_ldap_search_sub_key'] = 'Search subcontexts';
$string['auth_ldap_server_settings'] = 'LDAP server settings';
$string['auth_ldap_unsupportedusertype'] = 'auth: ldap user_create() does not support selected usertype: {$a} (..yet)';
$string['auth_ldap_unsupportedusertype'] = 'auth: ldap user_create() does not support selected usertype: {$a}';
$string['auth_ldap_update_userinfo'] = 'Update user information (firstname, lastname, address..) from LDAP to Moodle. Specify "Data mapping" settings as you need.';
$string['auth_ldap_user_attribute'] = 'Optional: Overrides the attribute used to name/search users. Usually \'cn\'.';
$string['auth_ldap_user_attribute_key'] = 'User attribute';
@ -107,7 +103,41 @@ $string['auth_ntlmsso_ie_fastpath'] = 'Set to yes to enable the NTLM SSO fast pa
$string['auth_ntlmsso_ie_fastpath_key'] = 'MS IE fast path?';
$string['auth_ntlmsso_subnet'] = 'If set, it will only attempt SSO with clients in this subnet. Format: xxx.xxx.xxx.xxx/bitmask';
$string['auth_ntlmsso_subnet_key'] = 'Subnet';
$string['auth_ntlmsso_type_key'] = 'Authentication Type';
$string['auth_ntlmsso_type'] = 'The authentication method configured in the web server to authenticate the users (if in doubt, choose NTLM)';
$string['connectingldap'] = "Conecting to ldap server...\n";
$string['creatingtemptable'] = "Creating temporary table {\$a}\n";
$string['didntfindexpiretime'] = 'password_expire() didn\'t find expiration time.';
$string['didntgetusersfromldap'] = "Did not get any users from LDAP -- error? -- exiting\n";
$string['gotcountrecordsfromldap'] = "Got {\$a} records from LDAP\n";
$string['morethanoneuser'] = 'Strange! More than one user record found in ldap. Only using the first one.';
$string['needbcmath'] = 'You need the BCMath extension to use grace logins with Active Directory';
$string['needmbstring'] = 'You need the mbstring extension to change passwords in Active Directory';
$string['nodnforusername'] = 'Error in user_update_password(). No DN for: {$a->username}';
$string['notcalledfromserver'] = 'Should not be called from the web server!';
$string['noupdatestobedone'] = "No updates to be done\n";
$string['nouserentriestoremove'] = "No user entries to be removed\n";
$string['nouserentriestorevive'] = "No user entries to be revived\n";
$string['nouserstobeadded'] = "No users to be added\n";
$string['ntlmsso_attempting'] = 'Attempting Single Sign On via NTLM...';
$string['ntlmsso_failed'] = 'Auto-login failed, try the normal login page...';
$string['ntlmsso_isdisabled'] = 'NTLM SSO is disabled.';
$string['ntlmsso_unknowntype'] = 'Unknown ntlmsso type!';
$string['pluginname'] = 'LDAP server';
$string['pluginnotenabled'] = 'Plugin not enabled!';
$string['renamingnotallowed'] = 'User renaming not allowed in LDAP';
$string['rootdseerror'] = 'Error querying rootDSE for Active Directory';
$string['updateremfail'] = 'Error updating LDAP record. Error code: {$a->errno}; Error string: {$a->errstring}<br/>Key ({$a->key}) - old moodle value: \'{$a->ouvalue}\' new value: \'{$a->nuvalue}\'';
$string['updateremfailamb'] = 'Failed to update LDAP with ambiguous field {$a->key}; old moodle value: \'{$a->ouvalue}\', new value: \'{$a->nuvalue}\'';
$string['updatepasserror'] = 'Error in user_update_password(). Error code: {$a->errno}; Error string: {$a->errstring}';
$string['updatepasserrorexpire'] = 'Error in user_update_password() when reading password expiration time. Error code: {$a->errno}; Error string: {$a->errstring}';
$string['updatepasserrorexpiregrace'] = 'Error in user_update_password() when modifying expirationtime and/or gracelogins. Error code: {$a->errno}; Error string: {$a->errstring}';
$string['updateusernotfound'] = 'Could not find user while updating externally. Details follow: search base: \'{$a->userdn}\'; search filter: \'(objectClass=*)\'; search attributes: {$a->attribs}';
$string['user_activatenotsupportusertype'] = 'auth: ldap user_activate() does not support selected usertype: {$a}';
$string['user_disablenotsupportusertype'] = 'auth: ldap user_disable() does not support selected usertype: {$a}';
$string['userentriestoadd'] = "User entries to be added: {\$a}\n";
$string['userentriestoremove'] = "User entries to be removed: {\$a}\n";
$string['userentriestorevive'] = "User entries to be revived: {\$a}\n";
$string['userentriestoupdate'] = "User entries to be updated: {\$a}\n";
$string['usernotfound'] = 'User not found in LDAP';
$string['useracctctrlerror'] = 'Error getting userAccountControl for {$a}';

14
auth/ldap/ntlmsso_attempt.php
View File

@ -1,23 +1,23 @@
<?php
require_once(dirname(dirname(dirname(__FILE__)))."/config.php");
require_once(dirname(dirname(dirname(__FILE__))).'/config.php');
//HTTPS is potentially required in this page
// HTTPS is potentially required in this page
httpsrequired();
$PAGE->set_url('/auth/ldap/ntlmsso_attempt.php');
/// Define variables used in page
// Define variables used in page
$site = get_site();
$authsequence = get_enabled_auth_plugins(true); // auths, in sequence
if (!in_array('ldap',$authsequence,true)) {
print_error('ldap_isdisabled','auth');
if (!in_array('ldap', $authsequence, true)) {
print_error('ldap_isdisabled', 'auth');
}
$authplugin = get_auth_plugin('ldap');
if (empty($authplugin->config->ntlmsso_enabled)) {
print_error('ntlmsso_isdisabled','auth_ldap');
print_error('ntlmsso_isdisabled', 'auth_ldap');
}
$sesskey = sesskey();
@ -32,7 +32,7 @@ $PAGE->set_title("$site->fullname: $loginsite");
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();
$msg = '<p>'.get_string('ntlmsso_attempting','auth_ldap').'</p>'
$msg = '<p>'.get_string('ntlmsso_attempting', 'auth_ldap').'</p>'
. '<img width="1", height="1" '
. ' src="' . $CFG->wwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey='
. $sesskey . '" />';

12
auth/ldap/ntlmsso_finish.php
View File

@ -1,23 +1,23 @@
<?php
require_once(dirname(dirname(dirname(__FILE__)))."/config.php");
require_once(dirname(dirname(dirname(__FILE__))).'/config.php');
//HTTPS is potentially required in this page
// HTTPS is potentially required in this page
httpsrequired();
$PAGE->set_url('/auth/ldap/ntlmsso_finish.php');
/// Define variables used in page
// Define variables used in page
$site = get_site();
$authsequence = get_enabled_auth_plugins(true); // auths, in sequence
if (!in_array('ldap',$authsequence,true)) {
print_error('ldap_isdisabled','auth');
if (!in_array('ldap', $authsequence, true)) {
print_error('ldap_isdisabled', 'auth');
}
$authplugin = get_auth_plugin('ldap');
if (empty($authplugin->config->ntlmsso_enabled)) {
print_error('ntlmsso_isdisabled','auth_ldap');
print_error('ntlmsso_isdisabled', 'auth_ldap');
}
// If ntlmsso_finish() succeeds, then the code never returns,

22
auth/ldap/ntlmsso_magic.php
View File

@ -6,30 +6,28 @@
// of the webserver.
define('NO_MOODLE_COOKIES', true);
require_once(dirname(dirname(dirname(__FILE__)))."/config.php");
require_once(dirname(dirname(dirname(__FILE__))).'/config.php');
//HTTPS is potentially required in this page
// HTTPS is potentially required in this page
httpsrequired();
$authsequence = get_enabled_auth_plugins(true); // auths, in sequence
if (!in_array('ldap',$authsequence,true)) {
print_error('ldap_isdisabled','auth');
if (!in_array('ldap', $authsequence, true)) {
print_error('ldap_isdisabled', 'auth');
}
$authplugin = get_auth_plugin('ldap');
if (empty($authplugin->config->ntlmsso_enabled)) {
print_error('ntlmsso_isdisabled','auth_ldap');
print_error('ntlmsso_isdisabled', 'auth_ldap');
}
$sesskey = required_param('sesskey', PARAM_RAW);
$file = $CFG->dirroot . '/pix/spacer.gif';
if ($authplugin->ntlmsso_magic($sesskey)
&& file_exists($file)) {
$file = $CFG->dirroot.'/pix/spacer.gif';
if ($authplugin->ntlmsso_magic($sesskey) && file_exists($file)) {
if (!empty($authplugin->config->ntlmsso_ie_fastpath)) {
if (check_browser_version('MSIE')) {
redirect($CFG->wwwroot . '/auth/ldap/ntlmsso_finish.php');
redirect($CFG->wwwroot.'/auth/ldap/ntlmsso_finish.php');
}
}
@ -39,12 +37,12 @@ if ($authplugin->ntlmsso_magic($sesskey)
header('Content-Length: '.filesize($file));
// Output file
$handle=fopen($file,'r');
$handle = fopen($file, 'r');
fpassthru($handle);
fclose($handle);
exit;
} else {
print_error('ntlmsso_iwamagicnotenabled','auth_ldap');
print_error('ntlmsso_iwamagicnotenabled', 'auth_ldap');
}

2
auth/ldap/version.php
View File

@ -1,3 +1,3 @@
<?php
$plugin->version = 2009112400;
$plugin->version = 2010072600;