/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ 3edfe694

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_authservers.php
4	ac9d8bed	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8			* Copyright (c) 2014-2019 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
10			* All rights reserved.
11	ac9d8bed	Stephen Beaver	*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	ac9d8bed	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	ac9d8bed	Stephen Beaver	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	ac9d8bed	Stephen Beaver	*/
24	fbf672cb	Matthew Grooms
25			##\|+PRIV
26			##\|*IDENT=page-system-authservers
27			##\|*NAME=System: Authentication Servers
28			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
29	57188e47	Phil Davis	##\|*WARN=standard-warning-root
30	fbf672cb	Matthew Grooms	##\|MATCH=system_authservers.php
31			##\|-PRIV
32
33	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
34	acee624f	Ermal Lu?i	require_once("auth.inc");
35	b4097bca	doktornotor	require_once("pfsense-utils.inc");
36	fbf672cb	Matthew Grooms
37	098604d3	Stephen Beaver	// Have we been called to populate the "Select a container" modal?
38			if ($_REQUEST['ajax']) {
39
40			$ous = array();
41			$authcfg = array();
42
43			$authcfg['ldap_port'] = $_REQUEST['port'];
44			$authcfg['ldap_basedn'] = $_REQUEST['basedn'];
45			$authcfg['host'] = $_REQUEST['host'];
46			$authcfg['ldap_scope'] = $_REQUEST['scope'];
47			$authcfg['ldap_binddn'] = $_REQUEST['binddn'];
48			$authcfg['ldap_bindpw'] = $_REQUEST['bindpw'];
49			$authcfg['ldap_urltype'] = $_REQUEST['urltype'];
50			$authcfg['ldap_protver'] = $_REQUEST['proto'];
51			$authcfg['ldap_authcn'] = explode(";", $_REQUEST['authcn']);
52			$authcfg['ldap_caref'] = $_REQUEST['cert'];
53
54			$ous = ldap_get_user_ous(true, $authcfg);
55
56			if (empty($ous)) {
57	89140b63	NOYB	print('<span class="text-danger">Could not connect to the LDAP server. Please check the LDAP configuration.</span>');
58	098604d3	Stephen Beaver	} else {
59	697b1e07	Stephen Beaver	$modal = new Modal("Select LDAP containers for authentication", "containers", true);
60	098604d3	Stephen Beaver	$group = new Form_MultiCheckboxGroup('Containers');
61
62			if (is_array($ous)) {
63			$idx = 0;
64
65			foreach ($ous as $ou) {
66			$group->add(new Form_MultiCheckbox(
67			'ou' . $idx,
68			'',
69			$ou,
70			in_array($ou, $authcfg['ldap_authcn']),
71			$ou
72			));
73
74			$idx++;
75			}
76			}
77
78	697b1e07	Stephen Beaver	$modal->add($group);
79	098604d3	Stephen Beaver
80			// Create a "Save button"
81	697b1e07	Stephen Beaver
82			$btnsv = new Form_Button(
83	098604d3	Stephen Beaver	'svcontbtn',
84			'Save',
85			null,
86			'fa-save'
87			);
88
89	697b1e07	Stephen Beaver	$btnsv->removeClass("btn-default)")->addClass("btn-primary");
90	098604d3	Stephen Beaver
91	697b1e07	Stephen Beaver	$modal->addInput(new Form_StaticText(
92	098604d3	Stephen Beaver	'',
93	697b1e07	Stephen Beaver	$btnsv
94	098604d3	Stephen Beaver	));
95
96	697b1e07	Stephen Beaver	print($modal);
97	098604d3	Stephen Beaver	}
98
99			exit;
100			}
101
102	4611e283	Steve Beaver	$id = $_REQUEST['id'];
103	fbf672cb	Matthew Grooms
104	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
105	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
106	2ee8dea1	Phil Davis	}
107	fbf672cb	Matthew Grooms
108	4e4cac0d	jim-p	$a_server = array_values(auth_get_authserver_list());
109	59d06739	Steve Beaver
110	c6c398c6	jim-p	init_config_arr(array('ca'));
111			$a_ca = &$config['ca'];
112	fe2031ab	Ermal
113	4611e283	Steve Beaver	$act = $_REQUEST['act'];
114	fbf672cb	Matthew Grooms
115	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
116	fbf672cb	Matthew Grooms
117	59d06739	Steve Beaver	if (!$a_server[$_POST['id']]) {
118	fbf672cb	Matthew Grooms	pfSenseHeader("system_authservers.php");
119			exit;
120			}
121
122	9db6993f	jim-p	/* Remove server from main list. */
123	59d06739	Steve Beaver	$serverdeleted = $a_server[$_POST['id']]['name'];
124	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
125	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
126	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
127	2ee8dea1	Phil Davis	}
128	9db6993f	jim-p	}
129
130			/* Remove server from temp list used later on this page. */
131	59d06739	Steve Beaver	unset($a_server[$_POST['id']]);
132	4e4cac0d	jim-p	$a_server = array_values($a_server);
133	9db6993f	jim-p
134	8545adde	k-paulius	$savemsg = sprintf(gettext("Authentication Server %s deleted."), htmlspecialchars($serverdeleted));
135	9db6993f	jim-p	write_config($savemsg);
136	fbf672cb	Matthew Grooms	}
137
138			if ($act == "edit") {
139			if (isset($id) && $a_server[$id]) {
140
141			$pconfig['type'] = $a_server[$id]['type'];
142			$pconfig['name'] = $a_server[$id]['name'];
143
144			if ($pconfig['type'] == "ldap") {
145	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
146	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
147			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
148	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
149	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
150			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
151			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
152			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
153	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
154	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
155			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
156	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
157			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
158			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
159			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
160			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
161	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
162	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
163			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
164	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
165	fbf672cb	Matthew Grooms
166	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
167	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
168	2ee8dea1	Phil Davis	}
169	fbf672cb	Matthew Grooms	}
170
171			if ($pconfig['type'] == "radius") {
172	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = $a_server[$id]['radius_protocol'];
173	fbf672cb	Matthew Grooms	$pconfig['radius_host'] = $a_server[$id]['host'];
174	f15fdef3	Augustin FL	$pconfig['radius_nasip_attribute'] = $a_server[$id]['radius_nasip_attribute'];
175	fbf672cb	Matthew Grooms	$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
176			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
177	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
178	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
179	fbf672cb	Matthew Grooms
180			if ($pconfig['radius_auth_port'] &&
181	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
182	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
183			}
184
185	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
186	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
187	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
188	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
189	fbf672cb	Matthew Grooms	}
190
191			if (!$pconfig['radius_auth_port'] &&
192	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
193	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
194	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
195	fbf672cb	Matthew Grooms	}
196
197			}
198			}
199			}
200
201			if ($act == "new") {
202			$pconfig['ldap_protver'] = 3;
203			$pconfig['ldap_anon'] = true;
204	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = "MSCHAPv2";
205	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
206	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
207			$pconfig['radius_acct_port'] = "1813";
208	fbf672cb	Matthew Grooms	}
209
210	59d06739	Steve Beaver	if ($_POST['save']) {
211	fbf672cb	Matthew Grooms	unset($input_errors);
212			$pconfig = $_POST;
213
214			/* input validation */
215
216			if ($pconfig['type'] == "ldap") {
217	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
218			"name type ldap_host ldap_port " .
219			"ldap_urltype ldap_protver ldap_scope " .
220			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
221	7b4b0ad3	Stephen Beaver
222	257705ca	Renato Botelho	$reqdfieldsn = array(
223			gettext("Descriptive name"),
224			gettext("Type"),
225			gettext("Hostname or IP"),
226			gettext("Port value"),
227			gettext("Transport"),
228			gettext("Protocol version"),
229			gettext("Search level"),
230			gettext("User naming Attribute"),
231			gettext("Group naming Attribute"),
232			gettext("Group member attribute"),
233			gettext("Authentication container"));
234	fbf672cb	Matthew Grooms
235			if (!$pconfig['ldap_anon']) {
236			$reqdfields[] = "ldap_binddn";
237			$reqdfields[] = "ldap_bindpw";
238	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
239			$reqdfieldsn[] = gettext("Bind Password");
240	fbf672cb	Matthew Grooms	}
241			}
242
243			if ($pconfig['type'] == "radius") {
244	9da4a575	Renato Botelho	$reqdfields = explode(" ", "name type radius_protocol radius_host radius_srvcs");
245	257705ca	Renato Botelho	$reqdfieldsn = array(
246			gettext("Descriptive name"),
247			gettext("Type"),
248	9da4a575	Renato Botelho	gettext("Radius Protocol"),
249	257705ca	Renato Botelho	gettext("Hostname or IP"),
250			gettext("Services"));
251	fbf672cb	Matthew Grooms
252	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
253			$pconfig['radius_srvcs'] == "auth") {
254	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
255	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
256	fbf672cb	Matthew Grooms	}
257
258	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
259			$pconfig['radius_srvcs'] == "acct") {
260	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
261	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
262	fbf672cb	Matthew Grooms	}
263
264			if (!isset($id)) {
265			$reqdfields[] = "radius_secret";
266	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
267	fbf672cb	Matthew Grooms	}
268			}
269
270	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
271	fbf672cb	Matthew Grooms
272	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
273	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
274	2ee8dea1	Phil Davis	}
275	fbf672cb	Matthew Grooms
276	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
277	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
278	2ee8dea1	Phil Davis	}
279	acee624f	Ermal Lu?i
280	24c4275d	jim-p	if (isset($id) && $config['system']['authserver'][$id] &&
281			($config['system']['authserver'][$id]['name'] != $pconfig['name'])) {
282			$input_errors[] = gettext("The name of an authentication server cannot be changed.");
283			}
284
285	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
286			$to_field = "{$pconfig['type']}_timeout";
287			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
288			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
289			}
290	2ee8dea1	Phil Davis	}
291	bddd2be8	jim-p
292	c4a6015b	doktornotor	// https://redmine.pfsense.org/issues/4154
293	a6b610cb	doktornotor	if ($pconfig['type'] == "radius") {
294	c4a6015b	doktornotor	if (is_ipaddrv6($_POST['radius_host'])) {
295			$input_errors[] = gettext("IPv6 does not work for RADIUS authentication, see Bug #4154.");
296			}
297			}
298
299	fbf672cb	Matthew Grooms	if (!$input_errors) {
300			$server = array();
301			$server['refid'] = uniqid();
302	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
303	fbf672cb	Matthew Grooms	$server = $a_server[$id];
304	2ee8dea1	Phil Davis	}
305	fbf672cb	Matthew Grooms
306			$server['type'] = $pconfig['type'];
307			$server['name'] = $pconfig['name'];
308
309			if ($server['type'] == "ldap") {
310
311	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
312	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
313	2ee8dea1	Phil Davis	}
314	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
315			$server['ldap_port'] = $pconfig['ldap_port'];
316			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
317			$server['ldap_protver'] = $pconfig['ldap_protver'];
318			$server['ldap_scope'] = $pconfig['ldap_scope'];
319			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
320	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
321	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
322			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
323	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
324			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
325			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
326	149efbea	jim-p
327			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
328
329	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
330	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
331	2ee8dea1	Phil Davis	} else {
332	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
333	2ee8dea1	Phil Davis	}
334			if ($pconfig['ldap_nostrip_at'] == "yes") {
335	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
336	2ee8dea1	Phil Davis	} else {
337	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
338	2ee8dea1	Phil Davis	}
339	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
340			$server['ldap_rfc2307'] = true;
341			} else {
342			unset($server['ldap_rfc2307']);
343			}
344	a5cd1c5a	jim-p
345	fbf672cb	Matthew Grooms
346			if (!$pconfig['ldap_anon']) {
347			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
348			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
349			} else {
350			unset($server['ldap_binddn']);
351			unset($server['ldap_bindpw']);
352			}
353	d6b4dfe3	jim-p
354			if ($pconfig['ldap_timeout']) {
355			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
356			} else {
357			$server['ldap_timeout'] = 25;
358			}
359	fbf672cb	Matthew Grooms	}
360
361			if ($server['type'] == "radius") {
362
363	9da4a575	Renato Botelho	$server['radius_protocol'] = $pconfig['radius_protocol'];
364	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['radius_host'];
365	f15fdef3	Augustin FL	$server['radius_nasip_attribute'] = $pconfig['radius_nasip_attribute'];
366	fbf672cb	Matthew Grooms
367	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
368	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
369	2ee8dea1	Phil Davis	}
370	fbf672cb	Matthew Grooms
371	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
372	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
373	2ee8dea1	Phil Davis	} else {
374	afdf29d3	jim-p	$server['radius_timeout'] = 5;
375	2ee8dea1	Phil Davis	}
376	bddd2be8	jim-p
377	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
378			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
379			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
380			}
381
382			if ($pconfig['radius_srvcs'] == "auth") {
383			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
384			unset($server['radius_acct_port']);
385			}
386
387			if ($pconfig['radius_srvcs'] == "acct") {
388			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
389			unset($server['radius_auth_port']);
390			}
391			}
392
393	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
394	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
395	2ee8dea1	Phil Davis	} else {
396	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
397	2ee8dea1	Phil Davis	}
398	fbf672cb	Matthew Grooms
399			write_config();
400
401			pfSenseHeader("system_authservers.php");
402			}
403			}
404
405	f15fdef3	Augustin FL	function build_radiusnas_list() {
406			global $config;
407			$list = array();
408
409			$iflist = get_configured_interface_with_descr();
410			foreach ($iflist as $ifdesc => $ifdescr) {
411			$ipaddr = get_interface_ip($ifdesc);
412			if (is_ipaddr($ipaddr)) {
413			$list[$ifdesc] = $ifdescr . ' - ' . $ipaddr;
414			}
415			}
416
417			if (is_array($config['virtualip']['vip'])) {
418			foreach ($config['virtualip']['vip'] as $sn) {
419			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
420			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
421			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
422			$len = $end - $start;
423
424			for ($i = 0; $i <= $len; $i++) {
425			$snip = long2ip32($start+$i);
426			$list[$snip] = $sn['descr'] . ' - ' . $snip;
427			}
428			} else {
429			$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
430			}
431			}
432			}
433
434			return($list);
435			}
436
437	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
438	9d3e8723	Phil Davis	if ($_POST && $input_errors) {
439	504bd882	Stephen Beaver	$pconfig = $_POST;
440			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
441	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
442	504bd882	Stephen Beaver	}
443
444	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Authentication Servers"));
445	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_authservers.php");
446	8f1ab2a4	k-paulius
447			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
448			$pgtitle[] = gettext('Edit');
449	edcd7535	Phil Davis	$pglinks[] = "@self";
450	8f1ab2a4	k-paulius	}
451			$shortcut_section = "authentication";
452	fbf672cb	Matthew Grooms	include("head.inc");
453
454	762faef5	Phil Davis	if ($input_errors) {
455	a0165602	Sjon Hortensius	print_input_errors($input_errors);
456	762faef5	Phil Davis	}
457	7b4b0ad3	Stephen Beaver
458	762faef5	Phil Davis	if ($savemsg) {
459	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
460	762faef5	Phil Davis	}
461	a0165602	Sjon Hortensius
462			$tab_array = array();
463	451b6419	Augustin-FL	if (!isAllowedPage("system_usermanager.php")) {
464	f94e5cc6	Augustin-FL	$tab_array[] = array(gettext("User Password"), false, "system_usermanager_passwordmg.php");
465			} else {
466			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
467			}
468	a0165602	Sjon Hortensius	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
469			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
470	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), true, "system_authservers.php");
471	a0165602	Sjon Hortensius	display_top_tabs($tab_array);
472
473	762faef5	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
474	060ed238	Stephen Beaver	?>
475			<div class="panel panel-default">
476	70dc5cd6	Phil Davis	<div class="panel-heading"><h2 class="panel-title"><?=gettext('Authentication Servers')?></h2></div>
477	060ed238	Stephen Beaver	<div class="panel-body">
478			<div class="table-responsive">
479	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
480	060ed238	Stephen Beaver	<thead>
481			<tr>
482			<th><?=gettext("Server Name")?></th>
483			<th><?=gettext("Type")?></th>
484			<th><?=gettext("Host Name")?></th>
485			<th><?=gettext("Actions")?></th>
486			</tr>
487			</thead>
488			<tbody>
489	9d3e8723	Phil Davis	<?php foreach ($a_server as $i => $server): ?>
490	060ed238	Stephen Beaver	<tr>
491			<td><?=htmlspecialchars($server['name'])?></td>
492			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
493			<td><?=htmlspecialchars($server['host'])?></td>
494			<td>
495			<?php if ($i < (count($a_server) - 1)): ?>
496	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
497	59d06739	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>" usepost></a>
498	060ed238	Stephen Beaver	<?php endif?>
499			</td>
500			</tr>
501			<?php endforeach; ?>
502			</tbody>
503			</table>
504			</div>
505	94404d94	Sander van Leeuwen	</div>
506	060ed238	Stephen Beaver	</div>
507
508			<nav class="action-buttons">
509	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-success btn-sm">
510	060ed238	Stephen Beaver	<i class="fa fa-plus icon-embed-btn"></i>
511			<?=gettext("Add")?>
512			</a>
513			</nav>
514	fbf672cb	Matthew Grooms	<?php
515	a0165602	Sjon Hortensius	include("foot.inc");
516			exit;
517	fbf672cb	Matthew Grooms	}
518
519	a0165602	Sjon Hortensius	$form = new Form;
520			$form->setAction('system_authservers.php?act=edit');
521	ea342b0f	Stephen Beaver
522	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
523			'userid',
524			null,
525			'hidden',
526			$id
527			));
528
529	5f88f964	k-paulius	$section = new Form_Section('Server Settings');
530	a0165602	Sjon Hortensius
531			$section->addInput($input = new Form_Input(
532			'name',
533	153c3aa6	Phil Davis	'*Descriptive name',
534	a0165602	Sjon Hortensius	'text',
535			$pconfig['name']
536			));
537
538			$section->addInput($input = new Form_Select(
539			'type',
540	153c3aa6	Phil Davis	'*Type',
541	a0165602	Sjon Hortensius	$pconfig['type'],
542			$auth_server_types
543	44d906ca	Sjon Hortensius	))->toggles();
544	a0165602	Sjon Hortensius
545			$form->add($section);
546	6157f724	Stephen Beaver
547			// ==== LDAP settings =========================================================
548	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
549	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
550	a0165602	Sjon Hortensius
551			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
552			$section->addClass('in');
553
554			$section->addInput(new Form_Input(
555			'ldap_host',
556	153c3aa6	Phil Davis	'*Hostname or IP address',
557	a0165602	Sjon Hortensius	'text',
558			$pconfig['ldap_host']
559	d672403c	derelict-pf	))->setHelp('NOTE: When using SSL or STARTTLS, this hostname MUST match the Common Name '.
560	5585e65d	Chris Buechler	'(CN) of the LDAP server\'s SSL Certificate.');
561	a0165602	Sjon Hortensius
562			$section->addInput(new Form_Input(
563			'ldap_port',
564	153c3aa6	Phil Davis	'*Port value',
565	a0165602	Sjon Hortensius	'number',
566			$pconfig['ldap_port']
567			));
568
569			$section->addInput(new Form_Select(
570			'ldap_urltype',
571	153c3aa6	Phil Davis	'*Transport',
572	a0165602	Sjon Hortensius	$pconfig['ldap_urltype'],
573			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
574			));
575
576			if (empty($a_ca))
577			{
578			$section->addInput(new Form_StaticText(
579			'Peer Certificate Authority',
580	d4a744b2	k-paulius	'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert. Manager</a>.'
581	a0165602	Sjon Hortensius	));
582	fbf672cb	Matthew Grooms	}
583	a0165602	Sjon Hortensius	else
584			{
585	87c67243	jim-p	$ldapCaRef = array( 'global' => 'Global Root CA List' );
586	a0165602	Sjon Hortensius	foreach ($a_ca as $ca)
587			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
588
589			$section->addInput(new Form_Select(
590			'ldap_caref',
591			'Peer Certificate Authority',
592			$pconfig['ldap_caref'],
593			$ldapCaRef
594	d672403c	derelict-pf	))->setHelp('This option is used if \'SSL Encrypted\' '.
595			'or \'TCP - STARTTLS\' options are chosen. '.
596	a0165602	Sjon Hortensius	'It must match with the CA in the AD otherwise problems will arise.');
597	fbf672cb	Matthew Grooms	}
598
599	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
600			'ldap_protver',
601	153c3aa6	Phil Davis	'*Protocol version',
602	a0165602	Sjon Hortensius	$pconfig['ldap_protver'],
603			array_combine($ldap_protvers, $ldap_protvers)
604			));
605
606	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
607			'ldap_timeout',
608			'Server Timeout',
609			'number',
610			$pconfig['ldap_timeout'],
611			['placeholder' => 25]
612			))->setHelp('Timeout for LDAP operations (seconds)');
613
614	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
615
616	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
617	a0165602	Sjon Hortensius	'ldap_scope',
618	153c3aa6	Phil Davis	'*Level',
619	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
620			$ldap_scopes
621	c84db5bb	Stephen Beaver	);
622	df8fca9d	Stephen Beaver
623	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
624	a0165602	Sjon Hortensius	'ldap_basedn',
625			'Base DN',
626			'text',
627			$pconfig['ldap_basedn']
628	c84db5bb	Stephen Beaver	);
629	905f6119	Stephen Beaver
630	c84db5bb	Stephen Beaver
631			$section->addInput(new Form_StaticText(
632			'Search scope',
633			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
634			));
635	a0165602	Sjon Hortensius
636	5520839e	Phil Davis	$group = new Form_Group('*Authentication containers');
637	a0165602	Sjon Hortensius	$group->add(new Form_Input(
638			'ldapauthcontainers',
639	5520839e	Phil Davis	'Containers',
640	a0165602	Sjon Hortensius	'text',
641			$pconfig['ldap_authcn']
642			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
643	89140b63	NOYB	'base dn above or the full container path can be specified containing a dc= '.
644	781d9ce4	Phil Davis	'component.%1$sExample: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers', '<br/>');
645	504bd882	Stephen Beaver
646	a0165602	Sjon Hortensius	$group->add(new Form_Button(
647			'Select',
648	faab522f	Renato Botelho	'Select a container',
649	2e7fa7ca	jim-p	null,
650			'fa-search'
651	347c0214	Phil Davis	))->setAttribute('type','button')->addClass('btn-info');
652	501efbd2	Stephen Beaver
653	a0165602	Sjon Hortensius	$section->add($group);
654
655	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
656	a0165602	Sjon Hortensius	'ldap_extended_enabled',
657	2e101d89	Sander van Leeuwen	'Extended query',
658			'Enable extended query',
659	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
660	e39a41e9	Stephen Beaver	));
661	a0165602	Sjon Hortensius
662	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
663	e39a41e9	Stephen Beaver	$group->addClass('extended');
664
665	a0165602	Sjon Hortensius	$group->add(new Form_Input(
666			'ldap_extended_query',
667	2e101d89	Sander van Leeuwen	'Query',
668	a0165602	Sjon Hortensius	'text',
669			$pconfig['ldap_extended_query']
670	0a9163aa	Steve Powers	))->setHelp('Example (MSAD): memberOf=CN=Groupname,OU=MyGroups,DC=example,DC=com<br>Example (2307): \|(&(objectClass=posixGroup)(cn=Groupname)(memberUid=))(&(objectClass=posixGroup)(cn=anotherGroup)(memberUid=))');
671	2e101d89	Sander van Leeuwen
672	a0165602	Sjon Hortensius	$section->add($group);
673
674			$section->addInput(new Form_Checkbox(
675			'ldap_anon',
676			'Bind anonymous',
677			'Use anonymous binds to resolve distinguished names',
678			$pconfig['ldap_anon']
679	b0909f2e	Stephen Beaver	));
680	a0165602	Sjon Hortensius
681	153c3aa6	Phil Davis	$group = new Form_Group('*Bind credentials');
682	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
683
684	a0165602	Sjon Hortensius	$group->add(new Form_Input(
685			'ldap_binddn',
686			'User DN:',
687			'text',
688			$pconfig['ldap_binddn']
689			));
690	b0909f2e	Stephen Beaver
691	a0165602	Sjon Hortensius	$group->add(new Form_Input(
692			'ldap_bindpw',
693			'Password',
694	1c1f08f9	Stephen Beaver	'password',
695	a0165602	Sjon Hortensius	$pconfig['ldap_bindpw']
696			));
697			$section->add($group);
698
699	ac9d8bed	Stephen Beaver	if (!isset($id)) {
700			$template_list = array();
701
702	9d3e8723	Phil Davis	foreach ($ldap_templates as $option => $template) {
703	ac9d8bed	Stephen Beaver	$template_list[$option] = $template['desc'];
704			}
705	a0165602	Sjon Hortensius
706			$section->addInput(new Form_Select(
707			'ldap_tmpltype',
708			'Initial Template',
709			$pconfig['ldap_template'],
710	ac9d8bed	Stephen Beaver	$template_list
711	a0165602	Sjon Hortensius	));
712	fbf672cb	Matthew Grooms	}
713
714	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
715			'ldap_attr_user',
716	153c3aa6	Phil Davis	'*User naming attribute',
717	a0165602	Sjon Hortensius	'text',
718			$pconfig['ldap_attr_user']
719			));
720
721			$section->addInput(new Form_Input(
722			'ldap_attr_group',
723	153c3aa6	Phil Davis	'*Group naming attribute',
724	a0165602	Sjon Hortensius	'text',
725			$pconfig['ldap_attr_group']
726			));
727
728			$section->addInput(new Form_Input(
729			'ldap_attr_member',
730	153c3aa6	Phil Davis	'*Group member attribute',
731	a0165602	Sjon Hortensius	'text',
732			$pconfig['ldap_attr_member']
733			));
734
735	149efbea	jim-p	$section->addInput(new Form_Checkbox(
736			'ldap_rfc2307',
737			'RFC 2307 Groups',
738			'LDAP Server uses RFC 2307 style group membership',
739			$pconfig['ldap_rfc2307']
740			))->setHelp('RFC 2307 style group membership has members listed on the group '.
741			'object rather than using groups listed on user object. Leave unchecked '.
742			'for Active Directory style group membership (RFC 2307bis).');
743
744			$section->addInput(new Form_Input(
745			'ldap_attr_groupobj',
746			'Group Object Class',
747			'text',
748			$pconfig['ldap_attr_groupobj'],
749			['placeholder' => 'posixGroup']
750			))->setHelp('Object class used for groups in RFC2307 mode. '.
751			'Typically "posixGroup" or "group".');
752
753	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
754			'ldap_utf8',
755			'UTF8 Encode',
756			'UTF8 encode LDAP parameters before sending them to the server.',
757			$pconfig['ldap_utf8']
758			))->setHelp('Required to support international characters, but may not be '.
759			'supported by every LDAP server.');
760
761			$section->addInput(new Form_Checkbox(
762			'ldap_nostrip_at',
763			'Username Alterations',
764			'Do not strip away parts of the username after the @ symbol',
765			$pconfig['ldap_nostrip_at']
766			))->setHelp('e.g. user@host becomes user when unchecked.');
767
768			$form->add($section);
769	6157f724	Stephen Beaver
770			// ==== RADIUS section ========================================================
771	7aaf60a8	k-paulius	$section = new Form_Section('RADIUS Server Settings');
772	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
773	a0165602	Sjon Hortensius
774	9da4a575	Renato Botelho	$section->addInput(new Form_Select(
775			'radius_protocol',
776	153c3aa6	Phil Davis	'*Protocol',
777	9da4a575	Renato Botelho	$pconfig['radius_protocol'],
778			$radius_protocol
779			));
780
781	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
782			'radius_host',
783	153c3aa6	Phil Davis	'*Hostname or IP address',
784	a0165602	Sjon Hortensius	'text',
785			$pconfig['radius_host']
786			));
787
788			$section->addInput(new Form_Input(
789			'radius_secret',
790	153c3aa6	Phil Davis	'*Shared Secret',
791	406a904b	jim-p	'password',
792	a0165602	Sjon Hortensius	$pconfig['radius_secret']
793			));
794
795			$section->addInput(new Form_Select(
796			'radius_srvcs',
797	153c3aa6	Phil Davis	'*Services offered',
798	a0165602	Sjon Hortensius	$pconfig['radius_srvcs'],
799			$radius_srvcs
800			));
801
802			$section->addInput(new Form_Input(
803			'radius_auth_port',
804	81ec3187	Chris Buechler	'Authentication port',
805	a0165602	Sjon Hortensius	'number',
806	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
807	a0165602	Sjon Hortensius	));
808
809			$section->addInput(new Form_Input(
810			'radius_acct_port',
811	df5d8616	Stephen Beaver	'Accounting port',
812	a0165602	Sjon Hortensius	'number',
813			$pconfig['radius_acct_port']
814			));
815
816			$section->addInput(new Form_Input(
817			'radius_timeout',
818			'Authentication Timeout',
819			'number',
820			$pconfig['radius_timeout']
821			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
822			'server may take to respond to an authentication request. If left blank, the '.
823	89140b63	NOYB	'default value is 5 seconds. NOTE: If using an interactive two-factor '.
824	a0165602	Sjon Hortensius	'authentication system, increase this timeout to account for how long it will '.
825			'take the user to receive and enter a token.');
826
827	f15fdef3	Augustin FL	$section->addInput(new Form_Select(
828			'radius_nasip_attribute',
829			'RADIUS NAS IP Attribute',
830			$pconfig['radius_nasip_attribute'],
831			build_radiusnas_list()
832			))->setHelp('Enter the IP to use for the "NAS-IP-Address" attribute during RADIUS Acccess-Requests.<br />'.
833			'Please note that this choice won\'t change the interface used for contacting the RADIUS server.');
834
835	a0165602	Sjon Hortensius	if (isset($id) && $a_server[$id])
836			{
837	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
838	a0165602	Sjon Hortensius	'id',
839			null,
840			'hidden',
841			$id
842			));
843	6306b5dd	Ermal Lu?i	}
844	a0165602	Sjon Hortensius
845			$form->add($section);
846	098604d3	Stephen Beaver
847			// Create a largely empty modal to show the available containers. We will populate it via AJAX later
848			$modal = new Modal("LDAP containers", "containers", true);
849
850			$form->add($modal);
851
852	a0165602	Sjon Hortensius	print $form;
853	ac9d8bed	Stephen Beaver	?>
854	8fd9052f	Colin Fleming	<script type="text/javascript">
855	ac9d8bed	Stephen Beaver	//<![CDATA[
856	098604d3	Stephen Beaver	events.push(function() {
857
858			// Create an AJAX request (to this page) to get the container list and controls
859	501efbd2	Stephen Beaver	function select_clicked() {
860			if (document.getElementById("ldap_port").value == '' \|\|
861	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
862			document.getElementById("ldap_scope").value == '' \|\|
863			document.getElementById("ldap_basedn").value == '' \|\|
864			document.getElementById("ldapauthcontainers").value == '') {
865	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
866			return;
867			}
868	7b4b0ad3	Stephen Beaver
869	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
870			if (document.getElementById("ldap_binddn").value == '' \|\|
871	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
872	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
873			return;
874			}
875			}
876	098604d3	Stephen Beaver
877			var ajaxRequest;
878			var authserver = $('#authmode').val();
879			var cert;
880
881			<?php if (count($a_ca) > 0): ?>
882			cert = $('#ldap_caref').val();
883			<?php else: ?>
884			cert = '';
885			<?php endif; ?>
886	697b1e07	Stephen Beaver	/*
887	098604d3	Stephen Beaver	$('#containers').modal('show');
888	79df3d68	Stephen Beaver	$('#serverlist').parent('div').prev('label').remove();
889			$('#serverlist').parent('div').removeClass("col-sm-10");
890			$('#serverlist').parent('div').addClass("col-sm-12");
891	697b1e07	Stephen Beaver	*/
892	098604d3	Stephen Beaver	ajaxRequest = $.ajax(
893			{
894			url: "/system_authservers.php",
895			type: "post",
896			data: {
897			ajax: "ajax",
898			port: $('#ldap_port').val(),
899			host: $('#ldap_host').val(),
900			scope: $('#ldap_scope').val(),
901			basedn: $('#ldap_basedn').val(),
902			binddn: $('#ldap_binddn').val(),
903			bindpw: $('#ldap_bindpw').val(),
904			urltype:$('#ldap_urltype').val(),
905			proto: $('#ldap_protver').val(),
906			authcn: $('#ldapauthcontainers').val(),
907			cert: cert
908			}
909			}
910			);
911
912			// Deal with the results of the above ajax call
913			ajaxRequest.done(function (response, textStatus, jqXHR) {
914	697b1e07	Stephen Beaver	$('#containers').replaceWith(response);
915
916			$('#containers').modal('show');
917	098604d3	Stephen Beaver
918			// The button handler needs to be here because until the modal has been populated
919			// the controls we need to attach handlers to do not exist
920			$('#svcontbtn').prop("type", "button");
921			$('#svcontbtn').removeAttr("href");
922
923			$('#svcontbtn').click(function () {
924			var ous = $('[id^=ou]').length;
925			var i;
926
927			$('#ldapauthcontainers').val("");
928
929			for (i = 0; i < ous; i++) {
930			if ($('#ou' + i).prop("checked")) {
931			if ($('#ldapauthcontainers').val() != "") {
932			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() +";");
933			}
934
935			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() + $('#ou' + i).val());
936			}
937			}
938
939			$('#containers').modal('hide');
940			});
941			});
942
943	501efbd2	Stephen Beaver	}
944	7b4b0ad3	Stephen Beaver
945	f3a43095	Stephen Beaver	function set_ldap_port() {
946	d672403c	derelict-pf	if ($('#ldap_urltype').find(":selected").index() == 2)
947	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
948	d672403c	derelict-pf	else
949			$('#ldap_port').val('389');
950	7b4b0ad3	Stephen Beaver	}
951
952	153c3aa6	Phil Davis	function set_required_port_fields() {
953			if (document.getElementById("radius_srvcs").value == 'auth') {
954			setRequired('radius_auth_port', true);
955			setRequired('radius_acct_port', false);
956			} else if (document.getElementById("radius_srvcs").value == 'acct') {
957			setRequired('radius_auth_port', false);
958			setRequired('radius_acct_port', true);
959			} else { // both
960			setRequired('radius_auth_port', true);
961			setRequired('radius_acct_port', true);
962			}
963			}
964
965	7b4b0ad3	Stephen Beaver	// Hides all elements of the specified class. This will usually be a section
966			function hideClass(s_class, hide) {
967	9d3e8723	Phil Davis	if (hide)
968	7b4b0ad3	Stephen Beaver	$('.' + s_class).hide();
969			else
970			$('.' + s_class).show();
971	f3a43095	Stephen Beaver	}
972	7b4b0ad3	Stephen Beaver
973	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
974			switch ($('#ldap_tmpltype').find(":selected").index()) {
975			<?php
976			$index = 0;
977			foreach ($ldap_templates as $tmpldata):
978			?>
979			case <?=$index;?>:
980			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
981			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
982			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
983			break;
984			<?php
985			$index++;
986			endforeach;
987			?>
988			}
989			}
990	a0165602	Sjon Hortensius
991	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
992	782922c2	Stephen Beaver
993	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
994	ac9d8bed	Stephen Beaver	ldap_tmplchange();
995	c4302457	Stephen Beaver	<?php endif; ?>
996
997	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
998	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
999	153c3aa6	Phil Davis	set_required_port_fields();
1000	7b4b0ad3	Stephen Beaver
1001	9d3e8723	Phil Davis	if ($('#ldap_port').val() == "")
1002	f3a43095	Stephen Beaver	set_ldap_port();
1003	ac9d8bed	Stephen Beaver
1004	ea342b0f	Stephen Beaver	<?php
1005	9d3e8723	Phil Davis	if ($act == 'edit') {
1006	ea342b0f	Stephen Beaver	?>
1007	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
1008	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
1009	6157f724	Stephen Beaver	});
1010	7b4b0ad3	Stephen Beaver
1011	2138c41b	Stephen Beaver	<?php
1012	9d3e8723	Phil Davis	if (!$input_errors) {
1013	7b4b0ad3	Stephen Beaver	?>
1014	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
1015	ea342b0f	Stephen Beaver	<?php
1016	2138c41b	Stephen Beaver	}
1017	ea342b0f	Stephen Beaver	}
1018			?>
1019	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
1020	782922c2	Stephen Beaver
1021	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
1022			ldap_tmplchange();
1023			});
1024	b0909f2e	Stephen Beaver
1025	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
1026			hideClass('ldapanon', this.checked);
1027			});
1028
1029	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
1030			set_ldap_port();
1031	7b4b0ad3	Stephen Beaver	});
1032
1033			$('#Select').click(function () {
1034			select_clicked();
1035			});
1036	504bd882	Stephen Beaver
1037	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
1038			hideClass('extended', !this.checked);
1039			});
1040	504bd882	Stephen Beaver
1041	153c3aa6	Phil Davis	$('#radius_srvcs').on('change', function() {
1042			set_required_port_fields();
1043			});
1044
1045	ac9d8bed	Stephen Beaver	});
1046			//]]>
1047			</script>
1048			<?php
1049	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense