Project

General

Profile

Download (33.6 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / system_authservers.php @ a1b66bec

1
<?php
2
/*
3
    system_authservers.php
4

    
5
    Copyright (C) 2010 Ermal Luçi
6
    Copyright (C) 2008 Shrew Soft Inc.
7
    All rights reserved.
8

    
9
    Redistribution and use in source and binary forms, with or without
10
    modification, are permitted provided that the following conditions are met:
11

    
12
    1. Redistributions of source code must retain the above copyright notice,
13
       this list of conditions and the following disclaimer.
14

    
15
    2. Redistributions in binary form must reproduce the above copyright
16
       notice, this list of conditions and the following disclaimer in the
17
       documentation and/or other materials provided with the distribution.
18

    
19
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28
    POSSIBILITY OF SUCH DAMAGE.
29
*/
30
/*
31
	pfSense_MODULE:	auth
32
*/
33

    
34
##|+PRIV
35
##|*IDENT=page-system-authservers
36
##|*NAME=System: Authentication Servers
37
##|*DESCR=Allow access to the 'System: Authentication Servers' page.
38
##|*MATCH=system_authservers.php*
39
##|-PRIV
40

    
41
require("guiconfig.inc");
42
require_once("auth.inc");
43

    
44
$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
45
$shortcut_section = "authentication";
46

    
47
if (is_numericint($_GET['id']))
48
	$id = $_GET['id'];
49
if (isset($_POST['id']) && is_numericint($_POST['id']))
50
	$id = $_POST['id'];
51

    
52
if (!is_array($config['system']['authserver']))
53
	$config['system']['authserver'] = array();
54

    
55
$a_servers = auth_get_authserver_list();
56
foreach ($a_servers as $servers)
57
	$a_server[] = $servers;
58

    
59
if (!is_array($config['ca']))
60
        $config['ca'] = array();
61
$a_ca =& $config['ca'];
62

    
63
$act = $_GET['act'];
64
if ($_POST['act'])
65
	$act = $_POST['act'];
66

    
67
if ($act == "del") {
68

    
69
	if (!$a_server[$_GET['id']]) {
70
		pfSenseHeader("system_authservers.php");
71
		exit;
72
	}
73

    
74
	/* Remove server from main list. */
75
	$serverdeleted = $a_server[$_GET['id']]['name'];
76
	foreach ($config['system']['authserver'] as $k => $as) {
77
		if ($config['system']['authserver'][$k]['name'] == $serverdeleted)
78
			unset($config['system']['authserver'][$k]);
79
	}
80

    
81
	/* Remove server from temp list used later on this page. */
82
	unset($a_server[$_GET['id']]);
83

    
84
	$savemsg = gettext("Authentication Server")." {$serverdeleted} ".
85
				gettext("deleted")."<br />";
86
	write_config($savemsg);
87
}
88

    
89
if ($act == "edit") {
90
	if (isset($id) && $a_server[$id]) {
91

    
92
		$pconfig['type'] = $a_server[$id]['type'];
93
		$pconfig['name'] = $a_server[$id]['name'];
94

    
95
		if ($pconfig['type'] == "ldap") {
96
			$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
97
			$pconfig['ldap_host'] = $a_server[$id]['host'];
98
			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
99
			$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
100
			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
101
			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
102
			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
103
			$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
104
			$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
105
			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
106
			$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
107
			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
108
			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
109
			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
110
			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
111
			$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
112
			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
113

    
114
			if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw'])
115
				$pconfig['ldap_anon'] = true;
116
		}
117

    
118
		if ($pconfig['type'] == "radius") {
119
			$pconfig['radius_host'] = $a_server[$id]['host'];
120
			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
121
			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
122
			$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
123
			$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
124

    
125
			if ($pconfig['radius_auth_port'] &&
126
				$pconfig['radius_acct_port'] ) {
127
				$pconfig['radius_srvcs'] = "both";
128
			}
129

    
130
			if ( $pconfig['radius_auth_port'] &&
131
				!$pconfig['radius_acct_port'] ) {
132
				$pconfig['radius_srvcs'] = "auth";
133
				$pconfig['radius_acct_port'] = 1813;
134
			}
135

    
136
			if (!$pconfig['radius_auth_port'] &&
137
				 $pconfig['radius_acct_port'] ) {
138
				$pconfig['radius_srvcs'] = "acct";
139
				$pconfig['radius_auth_port'] = 1812;
140
			}
141

    
142
		}
143
	}
144
}
145

    
146
if ($act == "new") {
147
	$pconfig['ldap_protver'] = 3;
148
	$pconfig['ldap_anon'] = true;
149
	$pconfig['radius_srvcs'] = "both";
150
	$pconfig['radius_auth_port'] = "1812";
151
	$pconfig['radius_acct_port'] = "1813";
152
}
153

    
154
if ($_POST) {
155
	unset($input_errors);
156
	$pconfig = $_POST;
157

    
158
	/* input validation */
159

    
160
	if ($pconfig['type'] == "ldap") {
161
		$reqdfields = explode(" ", "name type ldap_host ldap_port ".
162
						"ldap_urltype ldap_protver ldap_scope ".
163
						"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
164
		$reqdfieldsn = array(
165
			gettext("Descriptive name"),
166
			gettext("Type"),
167
			gettext("Hostname or IP"),
168
			gettext("Port value"),
169
			gettext("Transport"),
170
			gettext("Protocol version"),
171
			gettext("Search level"),
172
			gettext("User naming Attribute"),
173
			gettext("Group naming Attribute"),
174
			gettext("Group member attribute"),
175
			gettext("Authentication container"));
176

    
177
		if (!$pconfig['ldap_anon']) {
178
			$reqdfields[] = "ldap_binddn";
179
			$reqdfields[] = "ldap_bindpw";
180
			$reqdfieldsn[] = gettext("Bind user DN");
181
			$reqdfieldsn[] = gettext("Bind Password");
182
		}
183
	}
184

    
185
	if ($pconfig['type'] == "radius") {
186
		$reqdfields = explode(" ", "name type radius_host radius_srvcs");
187
		$reqdfieldsn = array(
188
			gettext("Descriptive name"),
189
			gettext("Type"),
190
			gettext("Hostname or IP"),
191
			gettext("Services"));
192

    
193
		if ($pconfig['radisu_srvcs'] == "both" ||
194
			$pconfig['radisu_srvcs'] == "auth") {
195
			$reqdfields[] = "radius_auth_port";
196
			$reqdfieldsn[] = gettext("Authentication port value");
197
		}
198

    
199
		if ($pconfig['radisu_srvcs'] == "both" ||
200
			$pconfig['radisu_srvcs'] == "acct") {
201
			$reqdfields[] = "radius_acct_port";
202
			$reqdfieldsn[] = gettext("Accounting port value");
203
		}
204

    
205
		if (!isset($id)) {
206
			$reqdfields[] = "radius_secret";
207
			$reqdfieldsn[] = gettext("Shared Secret");
208
		}
209
	}
210

    
211
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
212

    
213
	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host']))
214
		$input_errors[] = gettext("The host name contains invalid characters.");
215

    
216
	if (auth_get_authserver($pconfig['name']) && !isset($id))
217
		$input_errors[] = gettext("An authentication server with the same name already exists.");
218

    
219
	if (($pconfig['type'] == "radius") && isset($_POST['radius_timeout']) && !empty($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) || (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0))))
220
		$input_errors[] = gettext("RADIUS Timeout value must be numeric and positive.");
221

    
222
	/* if this is an AJAX caller then handle via JSON */
223
	if (isAjax() && is_array($input_errors)) {
224
		input_errors2Ajax($input_errors);
225
		exit;
226
	}
227

    
228
	if (!$input_errors) {
229
		$server = array();
230
		$server['refid'] = uniqid();
231
		if (isset($id) && $a_server[$id])
232
			$server = $a_server[$id];
233

    
234
		$server['type'] = $pconfig['type'];
235
		$server['name'] = $pconfig['name'];
236

    
237
		if ($server['type'] == "ldap") {
238

    
239
			if (!empty($pconfig['ldap_caref']))
240
				$server['ldap_caref'] = $pconfig['ldap_caref'];
241
			$server['host'] = $pconfig['ldap_host'];
242
			$server['ldap_port'] = $pconfig['ldap_port'];
243
			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
244
			$server['ldap_protver'] = $pconfig['ldap_protver'];
245
			$server['ldap_scope'] = $pconfig['ldap_scope'];
246
			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
247
			$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
248
			$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
249
			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
250
			$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
251
			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
252
			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
253
			if ($pconfig['ldap_utf8'] == "yes")
254
				$server['ldap_utf8'] = true;
255
			else
256
				unset($server['ldap_utf8']);
257
			if ($pconfig['ldap_nostrip_at'] == "yes")
258
				$server['ldap_nostrip_at'] = true;
259
			else
260
				unset($server['ldap_nostrip_at']);
261

    
262

    
263
			if (!$pconfig['ldap_anon']) {
264
				$server['ldap_binddn'] = $pconfig['ldap_binddn'];
265
				$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
266
			} else {
267
				unset($server['ldap_binddn']);
268
				unset($server['ldap_bindpw']);
269
			}
270
		}
271

    
272
		if ($server['type'] == "radius") {
273

    
274
			$server['host'] = $pconfig['radius_host'];
275

    
276
			if ($pconfig['radius_secret'])
277
				$server['radius_secret'] = $pconfig['radius_secret'];
278

    
279
			if ($pconfig['radius_timeout'])
280
				$server['radius_timeout'] = $pconfig['radius_timeout'];
281
			else
282
				$server['radius_timeout'] = 5;
283

    
284
			if ($pconfig['radius_srvcs'] == "both") {
285
				$server['radius_auth_port'] = $pconfig['radius_auth_port'];
286
				$server['radius_acct_port'] = $pconfig['radius_acct_port'];
287
			}
288

    
289
			if ($pconfig['radius_srvcs'] == "auth") {
290
				$server['radius_auth_port'] = $pconfig['radius_auth_port'];
291
				unset($server['radius_acct_port']);
292
			}
293

    
294
			if ($pconfig['radius_srvcs'] == "acct") {
295
				$server['radius_acct_port'] = $pconfig['radius_acct_port'];
296
				unset($server['radius_auth_port']);
297
			}
298
		}
299

    
300
		if (isset($id) && $config['system']['authserver'][$id])
301
			$config['system']['authserver'][$id] = $server;
302
		else
303
			$config['system']['authserver'][] = $server;
304

    
305
		write_config();
306

    
307
		pfSenseHeader("system_authservers.php");
308
	}
309
}
310

    
311
include("head.inc");
312
?>
313

    
314
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
315
<?php include("fbegin.inc"); ?>
316
<script type="text/javascript">
317
//<![CDATA[
318

    
319
function server_typechange(typ) {
320

    
321
	var idx = 0;
322
	if (!typ) {
323
		idx = document.getElementById("type").selectedIndex;
324
		typ = document.getElementById("type").options[idx].value;
325
	}
326

    
327
    	switch (typ) {
328
		case "ldap":
329
			document.getElementById("ldap").style.display="";
330
			document.getElementById("radius").style.display="none";
331
			break;
332
		case "radius":
333
			document.getElementById("ldap").style.display="none";
334
			document.getElementById("radius").style.display="";
335
			break;
336
	}
337
}
338

    
339
function ldap_urlchange() {
340
    switch (document.getElementById("ldap_urltype").selectedIndex) {
341
<?php
342
	$index = 0;
343
	foreach ($ldap_urltypes as $urltype => $urlport):
344
?>
345
		case <?=$index;?>:
346
			document.getElementById("ldap_port").value = "<?=$urlport;?>";
347
			break;
348
<?php
349
		$index++;
350
	endforeach;
351
?>
352
	}
353
}
354

    
355
function ldap_bindchange() {
356

    
357
	if (document.getElementById("ldap_anon").checked)
358
		document.getElementById("ldap_bind").style.display="none";
359
    else
360
		document.getElementById("ldap_bind").style.display="";
361
}
362

    
363
function ldap_tmplchange(){
364
    switch (document.getElementById("ldap_tmpltype").selectedIndex) {
365
<?php
366
	$index = 0;
367
	foreach ($ldap_templates as $tmpldata):
368
?>
369
		case <?=$index;?>:
370
			document.getElementById("ldap_attr_user").value = "<?=$tmpldata['attr_user'];?>";
371
			document.getElementById("ldap_attr_group").value = "<?=$tmpldata['attr_group'];?>";
372
			document.getElementById("ldap_attr_member").value = "<?=$tmpldata['attr_member'];?>";
373
			break;
374
<?php
375
		$index++;
376
	endforeach;
377
?>
378
	}
379
}
380

    
381
function radius_srvcschange(){
382
    switch (document.getElementById("radius_srvcs").selectedIndex) {
383
		case 0: // both
384
			document.getElementById("radius_auth").style.display="";
385
			document.getElementById("radius_acct").style.display="";
386
			break;
387
		case 1: // authentication
388
			document.getElementById("radius_auth").style.display="";
389
			document.getElementById("radius_acct").style.display="none";
390
			break;
391
		case 2: // accounting
392
			document.getElementById("radius_auth").style.display="none";
393
			document.getElementById("radius_acct").style.display="";
394
			break;
395
	}
396
}
397

    
398
function select_clicked() {
399
	if (document.getElementById("ldap_port").value == '' ||
400
	    document.getElementById("ldap_host").value == '' ||
401
	    document.getElementById("ldap_scope").value == '' ||
402
	    document.getElementById("ldap_basedn").value == '' ||
403
	    document.getElementById("ldapauthcontainers").value == '') {
404
		alert("<?=gettext("Please fill the required values.");?>");
405
		return;
406
	}
407
	if (!document.getElementById("ldap_anon").checked) {
408
		if (document.getElementById("ldap_binddn").value == '' ||
409
		    document.getElementById("ldap_bindpw").value == '') {
410
				alert("<?=gettext("Please fill the bind username/password.");?>");
411
			return;
412
		}
413
	}
414
        var url = 'system_usermanager_settings_ldapacpicker.php?';
415
        url += 'port=' + document.getElementById("ldap_port").value;
416
        url += '&host=' + document.getElementById("ldap_host").value;
417
        url += '&scope=' + document.getElementById("ldap_scope").value;
418
        url += '&basedn=' + document.getElementById("ldap_basedn").value;
419
        url += '&binddn=' + document.getElementById("ldap_binddn").value;
420
        url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
421
        url += '&urltype=' + document.getElementById("ldap_urltype").value;
422
        url += '&proto=' + document.getElementById("ldap_protver").value;
423
	url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
424
	<?php if (count($a_ca) > 0): ?>
425
		url += '&cert=' + document.getElementById("ldap_caref").value;
426
	<?php else: ?>
427
		url += '&cert=';
428
	<?php endif; ?>
429

    
430
        var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150");
431
        if (oWin==null || typeof(oWin)=="undefined")
432
			alert("<?=gettext('Popup blocker detected.  Action aborted.');?>");
433
}
434
//]]>
435
</script>
436
<?php
437
	if ($input_errors)
438
		print_input_errors($input_errors);
439
	if ($savemsg)
440
		print_info_box($savemsg);
441
?>
442
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="auth servers">
443
	<tr>
444
		<td>
445
		<?php
446
			$tab_array = array();
447
			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
448
			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
449
			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
450
			$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
451
			display_top_tabs($tab_array);
452
		?>
453
		</td>
454
	</tr>
455
	<tr>
456
		<td id="mainarea">
457
			<div class="tabcont">
458

    
459
				<?php if ($act == "new" || $act == "edit" || $input_errors): ?>
460

    
461
				<form action="system_authservers.php" method="post" name="iform" id="iform">
462
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
463
						<tr>
464
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
465
							<td width="78%" class="vtable">
466
							<?php if (!isset($id)): ?>
467
								<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
468
							<?php else: ?>
469
                                                                <strong><?=htmlspecialchars($pconfig['name']);?></strong>
470
                                                                <input name='name' type='hidden' id='name' value="<?=htmlspecialchars($pconfig['name']);?>"/>
471
                                                                <?php endif; ?>
472
							</td>
473
						</tr>
474
						<tr>
475
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td>
476
							<td width="78%" class="vtable">
477
								<?php if (!isset($id)): ?>
478
								<select name='type' id='type' class="formselect" onchange='server_typechange()'>
479
								<?php
480
									foreach ($auth_server_types as $typename => $typedesc ):
481
										$selected = "";
482
										if ($pconfig['type'] == $typename)
483
											$selected = "selected=\"selected\"";
484
								?>
485
									<option value="<?=$typename;?>" <?=$selected;?>><?=$typedesc;?></option>
486
								<?php endforeach; ?>
487
								</select>
488
								<?php else: ?>
489
								<strong><?=$auth_server_types[$pconfig['type']];?></strong>
490
								<input name='type' type='hidden' id='type' value="<?=htmlspecialchars($pconfig['type']);?>"/>
491
								<?php endif; ?>
492
							</td>
493
						</tr>
494
					</table>
495

    
496
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="ldap" style="display:none" summary="">
497
						<tr>
498
							<td colspan="2" class="list" height="12"></td>
499
						</tr>
500
						<tr>
501
							<td colspan="2" valign="top" class="listtopic"><?=gettext("LDAP Server Settings");?></td>
502
						</tr>
503
						<tr>
504
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
505
							<td width="78%" class="vtable">
506
								<input name="ldap_host" type="text" class="formfld unknown" id="ldap_host" size="20" value="<?=htmlspecialchars($pconfig['ldap_host']);?>"/>
507
								<br /><?= gettext("NOTE: When using SSL, this hostname MUST match the Common Name (CN) of the LDAP server's SSL Certificate."); ?>
508
							</td>
509
						</tr>
510
						<tr>
511
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Port value");?></td>
512
							<td width="78%" class="vtable">
513
								<input name="ldap_port" type="text" class="formfld unknown" id="ldap_port" size="5" value="<?=htmlspecialchars($pconfig['ldap_port']);?>"/>
514
							</td>
515
						</tr>
516
						<tr>
517
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Transport");?></td>
518
							<td width="78%" class="vtable">
519
								<select name='ldap_urltype' id='ldap_urltype' class="formselect" onchange='ldap_urlchange()'>
520
								<?php
521
									foreach ($ldap_urltypes as $urltype => $urlport):
522
										$selected = "";
523
										if ($pconfig['ldap_urltype'] == $urltype)
524
											$selected = "selected=\"selected\"";
525
								?>
526
									<option value="<?=$urltype;?>" <?=$selected;?>><?=$urltype;?></option>
527
								<?php endforeach; ?>
528
								</select>
529
							</td>
530
						</tr>
531
						<tr id="tls_ca">
532
							<td width="22%" valign="top" class="vncell"><?=gettext("Peer Certificate Authority"); ?></td>
533
                                                        <td width="78%" class="vtable">
534
                                                        <?php if (count($a_ca)): ?>
535
								<select id='ldap_caref' name='ldap_caref' class="formselect">
536
                                                        <?php
537
                                                                foreach ($a_ca as $ca):
538
                                                                        $selected = "";
539
                                                                        if ($pconfig['ldap_caref'] == $ca['refid'])
540
                                                                                $selected = "selected=\"selected\"";
541
                                                        ?>
542
									<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
543
                                                        <?php	endforeach; ?>
544
								</select>
545
								<br /><span><?=gettext("This option is used if 'SSL Encrypted' option is choosen.");?> <br />
546
								<?=gettext("It must match with the CA in the AD otherwise problems will arise.");?></span>
547
                                                        <?php else: ?>
548
                                                                <b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System &gt; Cert Manager</a>.
549
                                                        <?php endif; ?>
550
                                                        </td>
551
						</tr>
552
						<tr>
553
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol version");?></td>
554
							<td width="78%" class="vtable">
555
								<select name='ldap_protver' id='ldap_protver' class="formselect">
556
								<?php
557
									foreach ($ldap_protvers as $version):
558
										$selected = "";
559
										if ($pconfig['ldap_protver'] == $version)
560
											$selected = "selected=\"selected\"";
561
								?>
562
									<option value="<?=$version;?>" <?=$selected;?>><?=$version;?></option>
563
								<?php endforeach; ?>
564
								</select>
565
							</td>
566
						</tr>
567
						<tr>
568
							<td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td>
569
							<td width="78%" class="vtable">
570
								<table border="0" cellspacing="0" cellpadding="2" summary="search scope">
571
									<tr>
572
										<td><?=gettext("Level:");?> &nbsp;</td>
573
										<td>
574
											<select name='ldap_scope' id='ldap_scope' class="formselect">
575
											<?php
576
												foreach ($ldap_scopes as $scopename => $scopedesc):
577
													$selected = "";
578
													if ($pconfig['ldap_scope'] == $scopename)
579
														$selected = "selected=\"selected\"";
580
											?>
581
												<option value="<?=$scopename;?>" <?=$selected;?>><?=$scopedesc;?></option>
582
											<?php endforeach; ?>
583
											</select>
584
										</td>
585
									</tr>
586
									<tr>
587
										<td><?=gettext("Base DN:");?> &nbsp;</td>
588
										<td>
589
											<input name="ldap_basedn" type="text" class="formfld unknown" id="ldap_basedn" size="40" value="<?=htmlspecialchars($pconfig['ldap_basedn']);?>"/>
590
										</td>
591
									</tr>
592
								</table>
593

    
594
							</td>
595
						</tr>
596
						<tr>
597
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication containers");?></td>
598
							<td width="78%" class="vtable">
599
								<table border="0" cellspacing="0" cellpadding="2" summary="auth containers">
600
									<tr>
601
										<td><?=gettext("Containers:");?> &nbsp;</td>
602
										<td>
603
											<input name="ldapauthcontainers" type="text" class="formfld unknown" id="ldapauthcontainers" size="40" value="<?=htmlspecialchars($pconfig['ldap_authcn']);?>"/>
604
											<input type="button" onclick="select_clicked();" value="<?=gettext("Select");?>" />
605
											<br /><?=gettext("Note: Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path containing a dc= component.");?>
606
											<br /><?=gettext("Example:");?> CN=Users;DC=example,DC=com
607
											<br /><?=gettext("Example:");?> OU=Staff;OU=Freelancers
608
										</td>
609
									</tr>
610
								</table>
611
							</td>
612
						</tr>
613
						<tr>
614
							<td width="22%" valign="top" class="vncell"><?=gettext("Extended Query");?></td>
615
							<td width="78%" class="vtable">
616
								<table border="0" cellspacing="0" cellpadding="2" summary="query">
617
									<tr>
618
										<td>
619
											<input name="ldap_extended_enabled" type="checkbox" id="ldap_extended_enabled" value="no" <?php if ($pconfig['ldap_extended_enabled']) echo "checked=\"checked\""; ?> />
620
										</td>
621
										<td>
622

    
623
											<input name="ldap_extended_query" type="text" class="formfld unknown" id="ldap_extended_query" size="40" value="<?=htmlspecialchars($pconfig['ldap_extended_query']);?>"/>
624
											<br /><?=gettext("Example:");?> &amp;(objectClass=inetOrgPerson)(mail=*@example.com)
625
										</td>
626
									</tr>
627
								</table>
628
							</td>
629
						</tr>
630
						<tr>
631
							<td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
632
							<td width="78%" class="vtable">
633
								<table border="0" cellspacing="0" cellpadding="2" summary="bind credentials">
634
									<tr>
635
										<td>
636
											<input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) echo "checked=\"checked\""; ?> onclick="ldap_bindchange()" />
637
										</td>
638
										<td>
639
											<?=gettext("Use anonymous binds to resolve distinguished names");?>
640
										</td>
641
									</tr>
642
								</table>
643
								<table border="0" cellspacing="0" cellpadding="2" id="ldap_bind" summary="bind">
644
									<tr>
645
										<td colspan="2"></td>
646
									</tr>
647
									<tr>
648
										<td><?=gettext("User DN:");?> &nbsp;</td>
649
										<td>
650
											<input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br />
651
										</td>
652
									</tr>
653
									<tr>
654
										<td><?=gettext("Password:");?> &nbsp;</td>
655
										<td>
656
											<input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br />
657
										</td>
658
									</tr>
659
								</table>
660
							</td>
661
						</tr>
662
						<?php if (!isset($id)): ?>
663
						<tr>
664
							<td width="22%" valign="top" class="vncell"><?=gettext("Initial Template");?></td>
665
							<td width="78%" class="vtable">
666
								<select name='ldap_tmpltype' id='ldap_tmpltype' class="formselect" onchange='ldap_tmplchange()'>
667
								<?php
668
									foreach ($ldap_templates as $tmplname => $tmpldata):
669
										$selected = "";
670
										if ($pconfig['ldap_template'] == $tmplname)
671
											$selected = "selected=\"selected\"";
672
								?>
673
									<option value="<?=$tmplname;?>" <?=$selected;?>><?=$tmpldata['desc'];?></option>
674
								<?php endforeach; ?>
675
								</select>
676
							</td>
677
						</tr>
678
						<?php endif; ?>
679
						<tr>
680
							<td width="22%" valign="top" class="vncell"><?=gettext("User naming attribute");?></td>
681
							<td width="78%" class="vtable">
682
								<input name="ldap_attr_user" type="text" class="formfld unknown" id="ldap_attr_user" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_user']);?>"/>
683
							</td>
684
						</tr>
685
						<tr>
686
							<td width="22%" valign="top" class="vncell"><?=gettext("Group naming attribute");?></td>
687
							<td width="78%" class="vtable">
688
								<input name="ldap_attr_group" type="text" class="formfld unknown" id="ldap_attr_group" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_group']);?>"/>
689
							</td>
690
						</tr>
691
						<tr>
692
							<td width="22%" valign="top" class="vncell"><?=gettext("Group member attribute");?></td>
693
							<td width="78%" class="vtable">
694
								<input name="ldap_attr_member" type="text" class="formfld unknown" id="ldap_attr_member" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_member']);?>"/>
695
							</td>
696
						</tr>
697
						<tr>
698
							<td width="22%" valign="top" class="vncell"><?=gettext("UTF8 Encode");?></td>
699
							<td width="78%" class="vtable">
700
								<table border="0" cellspacing="0" cellpadding="2" summary="utf8 encoding">
701
									<tr>
702
										<td>
703
											<input name="ldap_utf8" type="checkbox" id="ldap_utf8" value="yes" <?php if ($pconfig['ldap_utf8']) echo "checked=\"checked\""; ?> />
704
										</td>
705
										<td>
706
											<?=gettext("UTF8 encode LDAP parameters before sending them to the server. Required to support international characters, but may not be supported by every LDAP server.");?>
707
										</td>
708
									</tr>
709
								</table>
710
							</td>
711
						</tr>
712
						<tr>
713
							<td width="22%" valign="top" class="vncell"><?=gettext("Username Alterations");?></td>
714
							<td width="78%" class="vtable">
715
								<table border="0" cellspacing="0" cellpadding="2" summary="username alterations">
716
									<tr>
717
										<td>
718
											<input name="ldap_nostrip_at" type="checkbox" id="ldap_nostrip_at" value="yes" <?php if ($pconfig['ldap_nostrip_at']) echo "checked=\"checked\""; ?> />
719
										</td>
720
										<td>
721
											<?=gettext("Do not strip away parts of the username after the @ symbol, e.g. user@host becomes user when unchecked.");?>
722
										</td>
723
									</tr>
724
								</table>
725
							</td>
726
						</tr>
727
					</table>
728

    
729
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="radius" style="display:none" summary="">
730
						<tr>
731
							<td colspan="2" class="list" height="12"></td>
732
						</tr>
733
						<tr>
734
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Radius Server Settings");?></td>
735
						</tr>
736
						<tr>
737
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
738
							<td width="78%" class="vtable">
739
								<input name="radius_host" type="text" class="formfld unknown" id="radius_host" size="20" value="<?=htmlspecialchars($pconfig['radius_host']);?>"/>
740
							</td>
741
						</tr>
742
						<tr>
743
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Secret");?></td>
744
							<td width="78%" class="vtable">
745
								<input name="radius_secret" type="password" class="formfld pwd" id="radius_secret" size="20" value="<?=htmlspecialchars($pconfig['radius_secret']);?>"/>
746
							</td>
747
						</tr>
748
						<tr>
749
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Services offered");?></td>
750
							<td width="78%" class="vtable">
751
								<select name='radius_srvcs' id='radius_srvcs' class="formselect" onchange='radius_srvcschange()'>
752
								<?php
753
									foreach ($radius_srvcs as $srvcname => $srvcdesc):
754
										$selected = "";
755
										if ($pconfig['radius_srvcs'] == $srvcname)
756
											$selected = "selected=\"selected\"";
757
								?>
758
									<option value="<?=$srvcname;?>" <?=$selected;?>><?=$srvcdesc;?></option>
759
								<?php endforeach; ?>
760
								</select>
761
							</td>
762
						</tr>
763
						<tr id="radius_auth">
764
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication port value");?></td>
765
							<td width="78%" class="vtable">
766
								<input name="radius_auth_port" type="text" class="formfld unknown" id="radius_auth_port" size="5" value="<?=htmlspecialchars($pconfig['radius_auth_port']);?>"/>
767
							</td>
768
						</tr>
769
						<tr id="radius_acct">
770
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Accounting port value");?></td>
771
							<td width="78%" class="vtable">
772
								<input name="radius_acct_port" type="text" class="formfld unknown" id="radius_acct_port" size="5" value="<?=htmlspecialchars($pconfig['radius_acct_port']);?>"/>
773
							</td>
774
						</tr>
775
						<tr>
776
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication Timeout");?></td>
777
							<td width="78%" class="vtable">
778
								<input name="radius_timeout" type="text" class="formfld unknown" id="radius_timeout" size="20" value="<?=htmlspecialchars($pconfig['radius_timeout']);?>"/>
779
								<br /><?= gettext("This value controls how long, in seconds, that the RADIUS server may take to respond to an authentication request.") ?>
780
								<br /><?= gettext("If left blank, the default value is 5 seconds.") ?>
781
								<br /><br /><?= gettext("NOTE: If you are using an interactive two-factor authentication system, increase this timeout to account for how long it will take the user to receive and enter a token.") ?>
782
							</td>
783
						</tr>
784
					</table>
785

    
786
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="">
787
						<tr>
788
							<td width="22%" valign="top">&nbsp;</td>
789
							<td width="78%">
790
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
791
								<?php if (isset($id) && $a_server[$id]): ?>
792
								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
793
								<?php endif;?>
794
							</td>
795
						</tr>
796
					</table>
797
				</form>
798

    
799
				<?php else: ?>
800

    
801
				<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
802
					<thead>
803
						<tr>
804
							<th width="25%" class="listhdrr"><?=gettext("Server Name");?></th>
805
							<th width="25%" class="listhdrr"><?=gettext("Type");?></th>
806
							<th width="35%" class="listhdrr"><?=gettext("Host Name");?></th>
807
							<th width="10%" class="list"></th>
808
						</tr>
809
					</thead>
810
					<tfoot>
811
						<tr>
812
							<td class="list" colspan="3"></td>
813
							<td class="list">
814
								<a href="system_authservers.php?act=new">
815
									<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server");?>" alt="<?=gettext("add server");?>" width="17" height="17" border="0" />
816
								</a>
817
							</td>
818
						</tr>
819
						<tr>
820
							<td colspan="3">
821
								<p>
822
									<?=gettext("Additional authentication servers can be added here.");?>
823
								</p>
824
							</td>
825
						</tr>
826
					</tfoot>
827
					<tbody>
828
						<?php
829
							$i = 0;
830
							foreach($a_server as $server):
831
								$name = htmlspecialchars($server['name']);
832
								$type = htmlspecialchars($auth_server_types[$server['type']]);
833
								$host = htmlspecialchars($server['host']);
834
						?>
835
						<tr <?php if ($i < (count($a_server) - 1)): ?> ondblclick="document.location='system_authservers.php?act=edit&amp;id=<?=$i;?>'" <?php endif; ?>>
836
							<td class="listlr"><?=$name?>&nbsp;</td>
837
							<td class="listr"><?=$type;?>&nbsp;</td>
838
							<td class="listr"><?=$host;?>&nbsp;</td>
839
							<td valign="middle" class="list nowrap">
840
							<?php if ($i < (count($a_server) - 1)): ?>
841
								<a href="system_authservers.php?act=edit&amp;id=<?=$i;?>">
842
									<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server");?>" alt="<?=gettext("edit server");?>" width="17" height="17" border="0" />
843
								</a>
844
								&nbsp;
845
								<a href="system_authservers.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')">
846
									<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server");?>" alt="<?=gettext("delete server");?>" width="17" height="17" border="0" />
847
								</a>
848
							<?php endif; ?>
849
							</td>
850
						</tr>
851
						<?php
852
							$i++; endforeach;
853
						?>
854
					</tbody>
855
				</table>
856

    
857
				<?php endif; ?>
858

    
859
			</div>
860
		</td>
861
	</tr>
862
</table>
863
<?php include("fend.inc"); ?>
864
<script type="text/javascript">
865
//<![CDATA[
866
server_typechange('<?=htmlspecialchars($pconfig['type']);?>');
867
<?php if (!isset($id) || $pconfig['type'] == "ldap"): ?>
868
ldap_bindchange();
869
if (document.getElementById("ldap_port").value == "")
870
	ldap_urlchange();
871
<?php if (!isset($id)): ?>
872
ldap_tmplchange();
873
<?php endif; ?>
874
<?php endif; ?>
875
<?php if (!isset($id) || $pconfig['type'] == "radius"): ?>
876
radius_srvcschange();
877
<?php endif; ?>
878
//]]>
879
</script>
880
</body>
881
</html>
(211-211/256)