Commit 6f9765fe authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

whitespace system_usermanager_import_ldap.php

(cherry picked from commit afba0908)
parent 1b29c97b
...@@ -31,34 +31,34 @@ require_once("guiconfig.inc"); ...@@ -31,34 +31,34 @@ require_once("guiconfig.inc");
require_once("auth.inc"); require_once("auth.inc");
function add_local_user($username, $userdn, $userfullname) { function add_local_user($username, $userdn, $userfullname) {
global $config; global $config;
// generate new random user_password // generate new random user_password
$bytes = openssl_random_pseudo_bytes(50); $bytes = openssl_random_pseudo_bytes(50);
$user_password = pack('H*',bin2hex($bytes)); $user_password = pack('H*',bin2hex($bytes));
foreach ($config['system']['user'] as &$user) { foreach ($config['system']['user'] as &$user) {
if ($user['name'] == $username && $user['name'] != 'root') { if ($user['name'] == $username && $user['name'] != 'root') {
// link local user to remote server by updating user_dn // link local user to remote server by updating user_dn
$user['user_dn'] = $userdn; $user['user_dn'] = $userdn;
// trash user password when linking to ldap, avoid accidental login // trash user password when linking to ldap, avoid accidental login
// using fall-back local password. User could still reset it's // using fall-back local password. User could still reset it's
// local password, but only by choice. // local password, but only by choice.
local_user_set_password($user, $user_password); local_user_set_password($user, $user_password);
local_user_set($user); local_user_set($user);
return; return;
} }
} }
// new user, add // new user, add
$new_user = array(); $new_user = array();
$new_user['scope'] = 'user'; $new_user['scope'] = 'user';
$new_user['name'] = $username; $new_user['name'] = $username;
$new_user['user_dn'] = $userdn; $new_user['user_dn'] = $userdn;
$new_user['descr'] = $userfullname; $new_user['descr'] = $userfullname;
local_user_set_password($new_user, $user_password); local_user_set_password($new_user, $user_password);
$new_user['uid'] = $config['system']['nextuid']++; $new_user['uid'] = $config['system']['nextuid']++;
$config['system']['user'][] = $new_user; $config['system']['user'][] = $new_user;
local_user_set($new_user); local_user_set($new_user);
} }
global $config; global $config;
...@@ -71,60 +71,60 @@ $exit_form = false; ...@@ -71,60 +71,60 @@ $exit_form = false;
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']); $authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
if ($authcfg['type'] == 'ldap') { if ($authcfg['type'] == 'ldap') {
// setup peer ca // setup peer ca
ldap_setup_caenv($authcfg); ldap_setup_caenv($authcfg);
// connect to ldap server // connect to ldap server
$ldap_auth = new OPNsense\Auth\LDAP($authcfg['ldap_basedn'], $authcfg['ldap_protver']); $ldap_auth = new OPNsense\Auth\LDAP($authcfg['ldap_basedn'], $authcfg['ldap_protver']);
$ldap_is_connected = $ldap_auth->connect($authcfg['ldap_full_url'] $ldap_is_connected = $ldap_auth->connect($authcfg['ldap_full_url']
, $authcfg['ldap_binddn'] , $authcfg['ldap_binddn']
, $authcfg['ldap_bindpw'] , $authcfg['ldap_bindpw']
); );
if ($ldap_is_connected) { if ($ldap_is_connected) {
// collect list of current ldap users from config // collect list of current ldap users from config
$confDNs = array(); $confDNs = array();
foreach ($config['system']['user'] as $confUser) { foreach ($config['system']['user'] as $confUser) {
if (!empty($confUser['user_dn'])) { if (!empty($confUser['user_dn'])) {
$confDNs[] = trim($confUser['user_dn']); $confDNs[] = trim($confUser['user_dn']);
} }
}
// search ldap
$result = $ldap_auth->searchUsers("*"
, $authcfg['ldap_attr_user']
, $authcfg['ldap_extended_query']
);
// actual form action, either save new accounts or list missing
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// create selected accounts
$exit_form = true;
if (isset($_POST['user_dn'])) {
$update_count = 0;
foreach ($result as $ldap_user ) {
foreach ($_POST['user_dn'] as $userDN) {
if ($userDN == $ldap_user['dn'] && !in_array($ldap_user['dn'], $confDNs)) {
add_local_user($ldap_user['name'] , $ldap_user['dn'], $ldap_user['fullname']);
$update_count++;
}
}
if ($update_count > 0){
// write config when changed
write_config();
}
} }
}
} else { // search ldap
if (is_array($result)) { $result = $ldap_auth->searchUsers("*"
// list all missing accounts , $authcfg['ldap_attr_user']
foreach ($result as $ldap_user ) { , $authcfg['ldap_extended_query']
if (!in_array($ldap_user['dn'], $confDNs)) { );
$ldap_users[$ldap_user['name']] = $ldap_user['dn'];
// actual form action, either save new accounts or list missing
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// create selected accounts
$exit_form = true;
if (isset($_POST['user_dn'])) {
$update_count = 0;
foreach ($result as $ldap_user ) {
foreach ($_POST['user_dn'] as $userDN) {
if ($userDN == $ldap_user['dn'] && !in_array($ldap_user['dn'], $confDNs)) {
add_local_user($ldap_user['name'] , $ldap_user['dn'], $ldap_user['fullname']);
$update_count++;
}
}
if ($update_count > 0){
// write config when changed
write_config();
}
}
} }
} else {
if (is_array($result)) {
// list all missing accounts
foreach ($result as $ldap_user ) {
if (!in_array($ldap_user['dn'], $confDNs)) {
$ldap_users[$ldap_user['name']] = $ldap_user['dn'];
}
}
ksort($ldap_users);
}
} }
ksort($ldap_users);
}
} }
}
} }
include('head.inc'); include('head.inc');
...@@ -133,38 +133,38 @@ include('head.inc'); ...@@ -133,38 +133,38 @@ include('head.inc');
<body> <body>
<?php if ($exit_form) : <?php if ($exit_form) :
?> ?>
<script type="text/javascript"> <script type="text/javascript">
// exit form and reload parent after save // exit form and reload parent after save
window.opener.location.href = window.opener.location.href; window.opener.location.href = window.opener.location.href;
window.close(); window.close();
</script> </script>
<?php elseif (!$ldap_is_connected) : <?php elseif (!$ldap_is_connected) :
?> ?>
<p><?=gettext("Could not connect to the LDAP server. Please check your LDAP configuration.");?></p> <p><?=gettext("Could not connect to the LDAP server. Please check your LDAP configuration.");?></p>
<input type='button' class="btn btn-default" value='<?=gettext("Close"); ?>' onClick="window.close();"> <input type='button' class="btn btn-default" value='<?=gettext("Close"); ?>' onClick="window.close();">
<?php <?php
else : else :
?> ?>
<form method="post"> <form method="post">
<table class="table table-striped"> <table class="table table-striped">
<tbody> <tbody>
<tr> <tr>
<th colspan="3"> <th colspan="3">
<?=gettext("Please select users to import:");?> <?=gettext("Please select users to import:");?>
</th> </th>
</tr> </tr>
<?php foreach ($ldap_users as $username => $userDN) : <?php foreach ($ldap_users as $username => $userDN) :
?> ?>
<tr><td><?=$username?></td><td><?=$userDN?></td><td> <input type='checkbox' value="<?=$userDN?>" id='user_dn' name='user_dn[]'> </td></tr> <tr><td><?=$username?></td><td><?=$userDN?></td><td> <input type='checkbox' value="<?=$userDN?>" id='user_dn' name='user_dn[]'> </td></tr>
<?php endforeach; <?php endforeach;
?> ?>
<tr> <tr>
<td align="left" colspan="3"> <td align="left" colspan="3">
<input type='submit' class="btn btn-primary" value='<?=gettext("Save");?>'> <input type='submit' class="btn btn-primary" value='<?=gettext("Save");?>'>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
</form> </form>
<?php <?php
endif; ?> endif; ?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment