moodle/auth/cas/config.html
Iñaki Arenaza e47863e840 MDL-50625 auth_ldap: Better check for paged results support
There is at least one LDAP server (Sun Directory Server) that doesn't
support Paged Results extension, even if it supports LDAP version 3. So
checking just for LDAP version is not enough.

If possible, we check the supportedControl attribute of the LDAP rootDSE
and see if the paged results control is available. This needs an LDAP
connection, which might not be possible to establish before we configure
some essential LDAP settings (server, bind user, password, etc.). Thus
we try to establish the connection and check the supportedControl
attribute. But if we fail, we perform only basic checks that are less
accurate and err on the side of cautiousness.
2017-01-19 10:55:26 +01:00

554 lines
21 KiB
HTML

<?php
include($CFG->dirroot.'/auth/cas/languages.php');
// set to defaults if undefined (CAS)
if (!isset ($config->hostname)) {
$config->hostname = '';
}
if (!isset ($config->port)) {
$config->port = '';
}
if (!isset ($config->casversion)) {
$config->casversion = CAS_VERSION_2_0;
}
if (!isset ($config->baseuri)) {
$config->baseuri = '';
}
if (!isset ($config->language)) {
$config->language = '';
}
if (!isset ($config->proxycas)) {
$config->proxycas = '';
}
if (!isset ($config->logoutcas)) {
$config->logoutcas = '';
}
if (!isset ($config->multiauth)) {
$config->multiauth = '';
}
if (!isset ($config->certificate_check)) {
$config->certificate_check = '';
}
if (!isset ($config->certificate_path)) {
$config->certificate_path = '';
}
if (!isset($config->curl_ssl_version)) {
$config->curl_ssl_version = '';
}
if (!isset($config->logout_return_url)) {
$config->logout_return_url = '';
}
// set to defaults if undefined (LDAP)
if (!isset($config->host_url)) {
$config->host_url = '';
}
if (!isset($config->start_tls)) {
$config->start_tls = false;
}
if (empty($config->ldapencoding)) {
$config->ldapencoding = 'utf-8';
}
if (!isset($config->pagesize)) {
$config->pagesize = LDAP_DEFAULT_PAGESIZE;
}
if (!isset($config->contexts)) {
$config->contexts = '';
}
if (!isset($config->user_type)) {
$config->user_type = 'default';
}
if (!isset($config->user_attribute)) {
$config->user_attribute = '';
}
if (!isset($config->search_sub)) {
$config->search_sub = '';
}
if (!isset($config->opt_deref)) {
$config->opt_deref = LDAP_DEREF_NEVER;
}
if (!isset($config->bind_dn)) {
$config->bind_dn = '';
}
if (!isset($config->bind_pw)) {
$config->bind_pw = '';
}
if (!isset($config->ldap_version)) {
$config->ldap_version = '3';
}
if (!isset($config->objectclass)) {
$config->objectclass = '';
}
if (!isset($config->memberattribute)) {
$config->memberattribute = '';
}
if (!isset($config->memberattribute_isdn)) {
$config->memberattribute_isdn = '';
}
if (!isset($config->groupecreators)) {
$config->groupecreators = '';
}
if (!isset($config->attrcreators)) {
$config->attrcreators = '';
}
if (!isset($config->removeuser)) {
$config->removeuser = AUTH_REMOVEUSER_KEEP;
}
$yesno = array( get_string('no'), get_string('yes') );
$disabled = '';
$pagedresultssupported = false;
if ($config->host_url !== '') {
/**
* We try to connect each and every time we open the config, because we want to set the Page
* Size setting as enabled or disabled depending on the configured LDAP server supporting
* pagination or not, and to notify the user about it. If the user changed the LDAP server (or
* the LDAP protocol version) last time, it might happen that paged results are no longer
* available and we want to show that to the user the next time she goes to the settings page.
*/
try {
$ldapconn = $this->ldap_connect();
$pagedresultssupported = ldap_paged_results_supported($config->ldap_version, $ldapconn);
} catch (Exception $e) {
// If we couldn't connect and get the supported options, we can only assume we don't support paged results.
$pagedresultssupported = false;
}
}
/* Make sure we only disable the paged result size setting and show the notification about it if
* there is a configured server that we tried to contact. Othersiwe, if someone's LDAP server does
* support paged results, they won't be able to turn it on the first time they set it up (because
* the field will be disabled).
*/
if (($config->host_url !== '') && (!$pagedresultssupported)) {
$disabled = ' disabled="disabled"';
echo $OUTPUT->notification(get_string('pagedresultsnotsupp', 'auth_ldap'), \core\output\notification::NOTIFY_INFO);
}
?>
<table cellspacing="0" cellpadding="5" border="0">
<tr>
<td colspan="2">
<h4><?php print_string('auth_cas_server_settings', 'auth_cas') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="hostname"><?php print_string('auth_cas_hostname_key', 'auth_cas') ?>: </label></td>
<td>
<input name="hostname" id="hostname" type="text" size="30" value="<?php echo $config->hostname ?>" />
<?php if (isset($err['hostname'])) { echo $OUTPUT->error_text($err['hostname']); } ?>
</td>
<td>
<?php print_string('auth_cas_hostname', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="baseuri"><?php print_string('auth_cas_baseuri_key', 'auth_cas') ?>: </label>
</td>
<td>
<input name="baseuri" id="baseuri" type="text" size="30" value="<?php echo $config->baseuri ?>" />
<?php if (isset($err['baseuri'])) { echo $OUTPUT->error_text($err['baseuri']); } ?>
</td>
<td>
<?php print_string('auth_cas_baseuri', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="port"><?php print_string('auth_cas_port_key', 'auth_cas') ?>: </label>
</td>
<td>
<input name="port" id="port" type="text" size="30" value="<?php echo $config->port ?>" />
<?php if (isset($err['port'])) { echo $OUTPUT->error_text($err['port']); } ?>
</td>
<td>
<?php print_string('auth_cas_port', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<?php echo html_writer::label(get_string('auth_cas_casversion', 'auth_cas'), 'menucasversion'); ?>:
</td>
<td>
<?php
$casversions = array();
$casversions[CAS_VERSION_1_0] = 'CAS 1.0';
$casversions[CAS_VERSION_2_0] = 'CAS 2.0';
echo html_writer::select($casversions, 'casversion', $config->casversion, false);
if (isset($err['casversion'])) { echo $OUTPUT->error_text($err['casversion']); }
?>
</td>
<td>
<?php print_string('auth_cas_version', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php echo html_writer::label(get_string('auth_cas_language_key', 'auth_cas'), 'menulanguage'); ?>:</td>
<td>
<?php echo html_writer::select($CASLANGUAGES, 'language', $config->language, false); ?>
</td>
<td>
<?php print_string('auth_cas_language', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<?php echo html_writer::label(get_string('auth_cas_proxycas_key', 'auth_cas'), 'menuproxycas'); ?>:
</td>
<td>
<?php echo html_writer::select($yesno, 'proxycas', $config->proxycas, false); ?>
</td>
<td>
<?php print_string('auth_cas_proxycas', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php echo html_writer::label(get_string('auth_cas_logoutcas_key', 'auth_cas'), 'menulogoutcas'); ?>:</td>
<td>
<?php echo html_writer::select($yesno, 'logoutcas', $config->logoutcas, false); ?>
</td>
<td>
<?php print_string('auth_cas_logoutcas', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php echo html_writer::label(get_string('auth_cas_multiauth_key', 'auth_cas'), 'menumultiauth'); ?>:</td>
<td>
<?php echo html_writer::select($yesno, 'multiauth', $config->multiauth, false); ?>
</td>
<td>
<?php print_string('auth_cas_multiauth', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php echo html_writer::label(get_string('auth_cas_certificate_check_key', 'auth_cas'), 'menucertificate_check'); ?>:</td>
<td>
<?php echo html_writer::select($yesno, 'certificate_check', $config->certificate_check, false); ?>
</td>
<td>
<?php print_string('auth_cas_certificate_check', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="certificate_path"><?php print_string('auth_cas_certificate_path_key', 'auth_cas') ?>: </label></td>
<td>
<input name="certificate_path" id="certificate_path" type="text" size="30" value="<?php echo $config->certificate_path ?>" />
<?php if (isset($err['certificate_path'])) echo $OUTPUT->error_text($err['certificate_path']); ?>
</td>
<td>
<?php print_string('auth_cas_certificate_path', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="curl_ ssl_version"><?php print_string('auth_cas_curl_ssl_version_key', 'auth_cas') ?>: </label></td>
<td>
<?php
$sslversions = array();
$sslversions[''] = get_string('auth_cas_curl_ssl_version_default', 'auth_cas');
if (defined('CURL_SSLVERSION_TLSv1')) {
$sslversions[CURL_SSLVERSION_TLSv1] = get_string('auth_cas_curl_ssl_version_TLSv1x', 'auth_cas');
}
if (defined('CURL_SSLVERSION_TLSv1_0')) {
$sslversions[CURL_SSLVERSION_TLSv1_0] = get_string('auth_cas_curl_ssl_version_TLSv10', 'auth_cas');
}
if (defined('CURL_SSLVERSION_TLSv1_1')) {
$sslversions[CURL_SSLVERSION_TLSv1_1] = get_string('auth_cas_curl_ssl_version_TLSv11', 'auth_cas');
}
if (defined('CURL_SSLVERSION_TLSv1_2')) {
$sslversions[CURL_SSLVERSION_TLSv1_2] = get_string('auth_cas_curl_ssl_version_TLSv12', 'auth_cas');
}
if (defined('CURL_SSLVERSION_SSLv2')) {
$sslversions[CURL_SSLVERSION_SSLv2] = get_string('auth_cas_curl_ssl_version_SSLv2', 'auth_cas');
}
if (defined('CURL_SSLVERSION_SSLv3')) {
$sslversions[CURL_SSLVERSION_SSLv3] = get_string('auth_cas_curl_ssl_version_SSLv3', 'auth_cas');
}
echo html_writer::select($sslversions, 'curl_ssl_version', $config->curl_ssl_version, false);
if (isset($err['curl_ssl_version'])) echo $OUTPUT->error_text($err['curl_ssl_version']);
?>
</td>
<td>
<?php print_string('auth_cas_curl_ssl_version', 'auth_cas') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_cas_logout_return_url_key', 'auth_cas') ?>:</td>
<td>
<input name="logout_return_url" type="text" size="30" value="<?php echo $config->logout_return_url ?>" />
<?php if (isset($err['logout_return_url'])) { echo $OUTPUT->error_text($err['logout_return_url']); } ?>
</td>
<td>
<?php print_string('auth_cas_logout_return_url', 'auth_cas') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_server_settings', 'auth_ldap') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="host_url"><?php print_string('auth_ldap_host_url_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="host_url" id="host_url" type="text" size="30" value="<?php echo $config->host_url?>" />
<?php if (isset($err['host_url'])) { echo $OUTPUT->error_text($err['host_url']); } ?>
</td>
<td>
<?php print_string('auth_ldap_host_url', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="ldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label></td>
<td>
<?php
$versions = array();
$versions[2] = '2';
$versions[3] = '3';
echo html_writer::select($versions, 'ldap_version', $config->ldap_version, false);
if (isset($err['ldap_version'])) { echo $OUTPUT->error_text($err['ldap_version']); }
?>
</td>
<td>
<?php print_string('auth_ldap_version', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top">
<td align="right">
<label for="start_tls"><?php print_string('start_tls_key', 'auth_ldap') ?></label>
</td>
<td>
<?php echo html_writer::select($yesno, 'start_tls', $config->start_tls, false); ?>
</td>
<td>
<?php print_string('start_tls', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="ldapencoding"><?php print_string('auth_ldap_ldap_encoding_key', 'auth_ldap') ?></label>
</td>
<td>
<input id="ldapencoding" name="ldapencoding" type="text" value="<?php echo $config->ldapencoding ?>" />
<?php if (isset($err['ldapencoding'])) { echo $OUTPUT->error_text($err['ldapencoding']); } ?>
</td>
<td>
<?php print_string('auth_ldap_ldap_encoding', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top">
<td align="right">
<label for="pagesize"><?php print_string('pagesize_key', 'auth_ldap') ?></label>
</td>
<td>
<input id="pagesize" name="pagesize" type="text" value="<?php echo $config->pagesize ?>" <?php echo $disabled ?>/>
<?php
if (isset($err['pagesize'])) { echo $OUTPUT->error_text($err['pagesize']); }
if ($disabled) {
// Don't loose the page size value (disabled fields are not submitted!)
?>
<input id="pagesize" name="pagesize" type="hidden" value="<?php echo $config->pagesize ?>" />
<?php } ?>
</td>
<td>
<?php print_string('pagesize', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_bind_settings', 'auth_ldap') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="bind_dn"><?php print_string('auth_ldap_bind_dn_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="bind_dn" id="bind_dn" type="text" size="30" value="<?php echo $config->bind_dn?>" />
<?php if (isset($err['bind_dn'])) { echo $OUTPUT->error_text($err['bind_dn']); } ?>
</td>
<td>
<?php print_string('auth_ldap_bind_dn', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="bind_pw"><?php print_string('auth_ldap_bind_pw_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="bind_pw" id="bind_pw" type="password" size="30" value="<?php echo $config->bind_pw?>" autocomplete="off"/>
<?php if (isset($err['bind_pw'])) { echo $OUTPUT->error_text($err['bind_pw']); } ?>
</td>
<td>
<?php print_string('auth_ldap_bind_pw', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_user_settings', 'auth_ldap') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="menuuser_type"><?php print_string('auth_ldap_user_type_key', 'auth_ldap') ?></label>
</td>
<td>
<?php
echo html_writer::select(ldap_supported_usertypes(), 'user_type', $config->user_type, false);
if (isset($err['user_type'])) { echo $OUTPUT->error_text($err['user_type']); }
?>
</td>
<td>
<?php print_string('auth_ldap_user_type', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="contexts"><?php print_string('auth_ldap_contexts_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="contexts" id="contexts" type="text" size="30" value="<?php echo $config->contexts?>" />
<?php if (isset($err['contexts'])) { echo $OUTPUT->error_text($err['contexts']); } ?>
</td>
<td>
<?php print_string('auth_ldap_contexts', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="menusearch_sub"><?php print_string('auth_ldap_search_sub_key', 'auth_ldap') ?></label></td>
<td>
<?php echo html_writer::select($yesno, 'search_sub', $config->search_sub, false); ?>
</td>
<td>
<?php print_string('auth_ldap_search_sub', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="menuopt_deref"><?php print_string('auth_ldap_opt_deref_key', 'auth_ldap') ?></label></td>
<td>
<?php
$opt_deref = array();
$opt_deref[LDAP_DEREF_NEVER] = get_string('no');
$opt_deref[LDAP_DEREF_ALWAYS] = get_string('yes');
echo html_writer::select($opt_deref, 'opt_deref', $config->opt_deref, false);
if (isset($err['opt_deref'])) { echo $OUTPUT->error_text($err['opt_deref']); }
?>
</td>
<td>
<?php print_string('auth_ldap_opt_deref', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="user_attribute"><?php print_string('auth_ldap_user_attribute_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="user_attribute" id="user_attribute" type="text" size="30" value="<?php echo $config->user_attribute?>" />
<?php if (isset($err['user_attribute'])) { echo $OUTPUT->error_text($err['user_attribute']); } ?>
</td>
<td>
<?php print_string('auth_ldap_user_attribute', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="memberattribute"><?php print_string('auth_ldap_memberattribute_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="memberattribute" id="memberattribute" type="text" size="30" value="<?php echo $config->memberattribute?>" />
<?php if (isset($err['memberattribute'])) { echo $OUTPUT->error_text($err['memberattribute']); } ?>
</td>
<td>
<?php print_string('auth_ldap_memberattribute', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="memberattribute_isdn"><?php print_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="memberattribute_isdn" id="memberattribute_isdn" type="text" size="30" value="<?php echo $config->memberattribute_isdn?>" />
<?php if (isset($err['memberattribute_isdn'])) { echo $OUTPUT->error_text($err['memberattribute_isdn']); } ?>
</td>
<td>
<?php print_string('auth_ldap_memberattribute_isdn', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="objectclass"><?php print_string('auth_ldap_objectclass_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="objectclass" id="objectclass" type="text" size="30" value="<?php echo $config->objectclass?>" />
<?php if (isset($err['objectclass'])) { echo $OUTPUT->error_text($err['objectclass']); } ?>
</td>
<td>
<?php print_string('auth_ldap_objectclass', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('coursecreators') ?></h4>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="attrcreators"><?php print_string('auth_ldap_attrcreators_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="attrcreators" id="attrcreators" type="text" size="30" value="<?php echo $config->attrcreators?>" />
<?php if (isset($err['attrcreators'])) { echo $OUTPUT->error_text($err['attrcreators']); } ?>
</td>
<td>
<?php print_string('auth_ldap_attrcreators', 'auth_ldap') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right">
<label for="groupecreators"><?php print_string('auth_ldap_groupecreators_key', 'auth_ldap') ?></label>
</td>
<td>
<input name="groupecreators" id="groupecreators" type="text" size="30" value="<?php echo $config->groupecreators?>" />
<?php if (isset($err['groupecreators'])) { echo $OUTPUT->error_text($err['groupecreators']); } ?>
</td>
<td>
<?php print_string('auth_ldap_groupecreators', 'auth_ldap') ?>
</td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_sync_script', 'auth') ?></h4>
</td>
</tr>
<tr valign="top">
<td align="right">
<label for="menuremoveuser"><?php print_string('auth_remove_user_key', 'auth') ?></label>
</td>
<td>
<?php
$deleteopt = array();
$deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth');
$deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth');
$deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth');
echo html_writer::select($deleteopt, 'removeuser', $config->removeuser, false);
?>
</td>
<td>
<?php print_string('auth_remove_user', 'auth') ?>
</td>
</tr>
<?php
$help = get_string('auth_ldapextrafields', 'auth_ldap');
$help .= get_string('auth_updatelocal_expl', 'auth');
$help .= get_string('auth_fieldlock_expl', 'auth');
$help .= get_string('auth_updateremote_expl', 'auth');
$help .= '<hr />';
$help .= get_string('auth_updateremote_ldap', 'auth');
print_auth_lock_options($this->authtype, $user_fields, $help, true, true, $this->get_custom_user_profile_fields());
?>
</table>