. /** * Admin settings and defaults. * * @package auth_ldap * @copyright 2017 Stephen Bourget * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later */ defined('MOODLE_INTERNAL') || die; if ($ADMIN->fulltree) { if (!function_exists('ldap_connect')) { $settings->add(new admin_setting_heading('auth_ldap_noextension', '', get_string('auth_ldap_noextension', 'auth_ldap'))); } else { // We use a couple of custom admin settings since we need to massage the data before it is inserted into the DB. require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_lowercase_configtext.php'); require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_contexts_configtext.php'); require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_ntlm_configtext.php'); // We need to use some of the Moodle LDAP constants / functions to create the list of options. require_once($CFG->dirroot.'/auth/ldap/auth.php'); // Introductory explanation. $settings->add(new admin_setting_heading('auth_ldap/pluginname', '', new lang_string('auth_ldapdescription', 'auth_ldap'))); // LDAP server settings. $settings->add(new admin_setting_heading('auth_ldap/ldapserversettings', new lang_string('auth_ldap_server_settings', 'auth_ldap'), '')); // Host. $settings->add(new admin_setting_configtext('auth_ldap/host_url', get_string('auth_ldap_host_url_key', 'auth_ldap'), get_string('auth_ldap_host_url', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); // Version. $versions = array(); $versions[2] = '2'; $versions[3] = '3'; $settings->add(new admin_setting_configselect('auth_ldap/ldap_version', new lang_string('auth_ldap_version_key', 'auth_ldap'), new lang_string('auth_ldap_version', 'auth_ldap'), 3, $versions)); // Start TLS. $yesno = array( new lang_string('no'), new lang_string('yes'), ); $settings->add(new admin_setting_configselect('auth_ldap/start_tls', new lang_string('start_tls_key', 'auth_ldap'), new lang_string('start_tls', 'auth_ldap'), 0 , $yesno)); // Encoding. $settings->add(new admin_setting_configtext('auth_ldap/ldapencoding', get_string('auth_ldap_ldap_encoding_key', 'auth_ldap'), get_string('auth_ldap_ldap_encoding', 'auth_ldap'), 'utf-8', PARAM_RAW_TRIMMED)); // Page Size. (Hide if not available). $settings->add(new admin_setting_configtext('auth_ldap/pagesize', get_string('pagesize_key', 'auth_ldap'), get_string('pagesize', 'auth_ldap'), '250', PARAM_INT)); // Bind settings. $settings->add(new admin_setting_heading('auth_ldap/ldapbindsettings', new lang_string('auth_ldap_bind_settings', 'auth_ldap'), '')); // Store Password in DB. $settings->add(new admin_setting_configselect('auth_ldap/preventpassindb', new lang_string('auth_ldap_preventpassindb_key', 'auth_ldap'), new lang_string('auth_ldap_preventpassindb', 'auth_ldap'), 0 , $yesno)); // User ID. $settings->add(new admin_setting_configtext('auth_ldap/bind_dn', get_string('auth_ldap_bind_dn_key', 'auth_ldap'), get_string('auth_ldap_bind_dn', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); // Password. $settings->add(new admin_setting_configpasswordunmask('auth_ldap/bind_pw', get_string('auth_ldap_bind_pw_key', 'auth_ldap'), get_string('auth_ldap_bind_pw', 'auth_ldap'), '')); // User Lookup settings. $settings->add(new admin_setting_heading('auth_ldap/ldapuserlookup', new lang_string('auth_ldap_user_settings', 'auth_ldap'), '')); // User Type. $settings->add(new admin_setting_configselect('auth_ldap/user_type', new lang_string('auth_ldap_user_type_key', 'auth_ldap'), new lang_string('auth_ldap_user_type', 'auth_ldap'), 'default', ldap_supported_usertypes())); // Contexts. $settings->add(new auth_ldap_admin_setting_special_contexts_configtext('auth_ldap/contexts', get_string('auth_ldap_contexts_key', 'auth_ldap'), get_string('auth_ldap_contexts', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); // Search subcontexts. $settings->add(new admin_setting_configselect('auth_ldap/search_sub', new lang_string('auth_ldap_search_sub_key', 'auth_ldap'), new lang_string('auth_ldap_search_sub', 'auth_ldap'), 0 , $yesno)); // Dereference aliases. $optderef = array(); $optderef[LDAP_DEREF_NEVER] = get_string('no'); $optderef[LDAP_DEREF_ALWAYS] = get_string('yes'); $settings->add(new admin_setting_configselect('auth_ldap/opt_deref', new lang_string('auth_ldap_opt_deref_key', 'auth_ldap'), new lang_string('auth_ldap_opt_deref', 'auth_ldap'), LDAP_DEREF_NEVER , $optderef)); // User attribute. $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/user_attribute', get_string('auth_ldap_user_attribute_key', 'auth_ldap'), get_string('auth_ldap_user_attribute', 'auth_ldap'), '', PARAM_RAW)); // Suspended attribute. $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/suspended_attribute', get_string('auth_ldap_suspended_attribute_key', 'auth_ldap'), get_string('auth_ldap_suspended_attribute', 'auth_ldap'), '', PARAM_RAW)); // Member attribute. $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/memberattribute', get_string('auth_ldap_memberattribute_key', 'auth_ldap'), get_string('auth_ldap_memberattribute', 'auth_ldap'), '', PARAM_RAW)); // Member attribute uses dn. $settings->add(new admin_setting_configtext('auth_ldap/memberattribute_isdn', get_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap'), get_string('auth_ldap_memberattribute_isdn', 'auth_ldap'), '', PARAM_RAW)); // Object class. $settings->add(new admin_setting_configtext('auth_ldap/objectclass', get_string('auth_ldap_objectclass_key', 'auth_ldap'), get_string('auth_ldap_objectclass', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); // Force Password change Header. $settings->add(new admin_setting_heading('auth_ldap/ldapforcepasswordchange', new lang_string('forcechangepassword', 'auth'), '')); // Force Password change. $settings->add(new admin_setting_configselect('auth_ldap/forcechangepassword', new lang_string('forcechangepassword', 'auth'), new lang_string('forcechangepasswordfirst_help', 'auth'), 0 , $yesno)); // Standard Password Change. $settings->add(new admin_setting_configselect('auth_ldap/stdchangepassword', new lang_string('stdchangepassword', 'auth'), new lang_string('stdchangepassword_expl', 'auth') .' '. get_string('stdchangepassword_explldap', 'auth'), 0 , $yesno)); // Password Type. $passtype = array(); $passtype['plaintext'] = get_string('plaintext', 'auth'); $passtype['md5'] = get_string('md5', 'auth'); $passtype['sha1'] = get_string('sha1', 'auth'); $settings->add(new admin_setting_configselect('auth_ldap/passtype', new lang_string('auth_ldap_passtype_key', 'auth_ldap'), new lang_string('auth_ldap_passtype', 'auth_ldap'), 'plaintext', $passtype)); // Password change URL. $settings->add(new admin_setting_configtext('auth_ldap/changepasswordurl', get_string('auth_ldap_changepasswordurl_key', 'auth_ldap'), get_string('changepasswordhelp', 'auth'), '', PARAM_URL)); // Password Expiration Header. $settings->add(new admin_setting_heading('auth_ldap/passwordexpire', new lang_string('auth_ldap_passwdexpire_settings', 'auth_ldap'), '')); // Password Expiration. $expiration = array(); $expiration['0'] = 'no'; $expiration['1'] = 'LDAP'; $settings->add(new admin_setting_configselect('auth_ldap/expiration', new lang_string('auth_ldap_expiration_key', 'auth_ldap'), new lang_string('auth_ldap_expiration_desc', 'auth_ldap'), 0 , $expiration)); // Password Expiration warning. $settings->add(new admin_setting_configtext('auth_ldap/expiration_warning', get_string('auth_ldap_expiration_warning_key', 'auth_ldap'), get_string('auth_ldap_expiration_warning_desc', 'auth_ldap'), '', PARAM_RAW)); // Password Expiration attribute. $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/expireattr', get_string('auth_ldap_expireattr_key', 'auth_ldap'), get_string('auth_ldap_expireattr_desc', 'auth_ldap'), '', PARAM_RAW)); // Grace Logins. $settings->add(new admin_setting_configselect('auth_ldap/gracelogins', new lang_string('auth_ldap_gracelogins_key', 'auth_ldap'), new lang_string('auth_ldap_gracelogins_desc', 'auth_ldap'), 0 , $yesno)); // Grace logins attribute. $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/graceattr', get_string('auth_ldap_gracelogin_key', 'auth_ldap'), get_string('auth_ldap_graceattr_desc', 'auth_ldap'), '', PARAM_RAW)); // User Creation. $settings->add(new admin_setting_heading('auth_ldap/usercreation', new lang_string('auth_user_create', 'auth'), '')); // Create users externally. $settings->add(new admin_setting_configselect('auth_ldap/auth_user_create', new lang_string('auth_ldap_auth_user_create_key', 'auth_ldap'), new lang_string('auth_user_creation', 'auth'), 0 , $yesno)); // Context for new users. $settings->add(new admin_setting_configtext('auth_ldap/create_context', get_string('auth_ldap_create_context_key', 'auth_ldap'), get_string('auth_ldap_create_context', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); // Course Creators Header. $settings->add(new admin_setting_heading('auth_ldap/coursecreators', new lang_string('coursecreators'), '')); // Course creators field mapping. $settings->add(new admin_setting_configtext('auth_ldap/creators', get_string('auth_ldap_creators_key', 'auth_ldap'), get_string('auth_ldap_creators', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); // User Account Sync. $settings->add(new admin_setting_heading('auth_ldap/syncusers', new lang_string('auth_sync_script', 'auth'), '')); // Remove external user. $deleteopt = array(); $deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth'); $deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth'); $deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth'); $settings->add(new admin_setting_configselect('auth_ldap/removeuser', new lang_string('auth_remove_user_key', 'auth'), new lang_string('auth_remove_user', 'auth'), AUTH_REMOVEUSER_KEEP, $deleteopt)); // Sync Suspension. $settings->add(new admin_setting_configselect('auth_ldap/sync_suspended', new lang_string('auth_sync_suspended_key', 'auth'), new lang_string('auth_sync_suspended', 'auth'), 0 , $yesno)); // NTLM SSO Header. $settings->add(new admin_setting_heading('auth_ldap/ntlm', new lang_string('auth_ntlmsso', 'auth_ldap'), '')); // Enable NTLM. $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_enabled', new lang_string('auth_ntlmsso_enabled_key', 'auth_ldap'), new lang_string('auth_ntlmsso_enabled', 'auth_ldap'), 0 , $yesno)); // Subnet. $settings->add(new admin_setting_configtext('auth_ldap/ntlmsso_subnet', get_string('auth_ntlmsso_subnet_key', 'auth_ldap'), get_string('auth_ntlmsso_subnet', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); // NTLM Fast Path. $fastpathoptions = array(); $fastpathoptions[AUTH_NTLM_FASTPATH_YESFORM] = get_string('auth_ntlmsso_ie_fastpath_yesform', 'auth_ldap'); $fastpathoptions[AUTH_NTLM_FASTPATH_YESATTEMPT] = get_string('auth_ntlmsso_ie_fastpath_yesattempt', 'auth_ldap'); $fastpathoptions[AUTH_NTLM_FASTPATH_ATTEMPT] = get_string('auth_ntlmsso_ie_fastpath_attempt', 'auth_ldap'); $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_ie_fastpath', new lang_string('auth_ntlmsso_ie_fastpath_key', 'auth_ldap'), new lang_string('auth_ntlmsso_ie_fastpath', 'auth_ldap'), AUTH_NTLM_FASTPATH_ATTEMPT, $fastpathoptions)); // Authentication type. $types = array(); $types['ntlm'] = 'NTLM'; $types['kerberos'] = 'Kerberos'; $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_type', new lang_string('auth_ntlmsso_type_key', 'auth_ldap'), new lang_string('auth_ntlmsso_type', 'auth_ldap'), 'ntlm', $types)); // Remote Username format. $settings->add(new auth_ldap_admin_setting_special_ntlm_configtext('auth_ldap/ntlmsso_remoteuserformat', get_string('auth_ntlmsso_remoteuserformat_key', 'auth_ldap'), get_string('auth_ntlmsso_remoteuserformat', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); } // Display locking / mapping of profile fields. $authplugin = get_auth_plugin('ldap'); $help = get_string('auth_ldapextrafields', 'auth_ldap'); $help .= get_string('auth_updatelocal_expl', 'auth'); $help .= get_string('auth_fieldlock_expl', 'auth'); $help .= get_string('auth_updateremote_expl', 'auth'); $help .= '
'; $help .= get_string('auth_updateremote_ldap', 'auth'); display_auth_lock_options($settings, $authplugin->authtype, $authplugin->userfields, $help, true, true, $authplugin->get_custom_user_profile_fields()); }