mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-06-02 13:00:16 +02:00
167 lines
5.4 KiB
PHP
167 lines
5.4 KiB
PHP
<?php
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
|
|
namespace Icinga\Form\Config\Authentication;
|
|
|
|
use \Exception;
|
|
use \Zend_Config;
|
|
use Icinga\Web\Form;
|
|
use Icinga\Data\ResourceFactory;
|
|
use Icinga\Authentication\Backend\LdapUserBackend;
|
|
use Icinga\Exception\ConfigurationError;
|
|
|
|
/**
|
|
* Form for adding or modifying LDAP authentication backends
|
|
*/
|
|
class LdapBackendForm extends BaseBackendForm
|
|
{
|
|
/**
|
|
* @var array
|
|
*/
|
|
protected $resources;
|
|
|
|
public function __construct()
|
|
{
|
|
$ldapResources = array_keys(
|
|
ResourceFactory::getResourceConfigs('ldap')->toArray()
|
|
);
|
|
if (empty($ldapResources)) {
|
|
throw new ConfigurationError(
|
|
t('There are no LDAP resources')
|
|
);
|
|
}
|
|
$this->resources = array_combine($ldapResources, $ldapResources);
|
|
|
|
parent::__construct();
|
|
}
|
|
|
|
public function createElements(array $formData)
|
|
{
|
|
return array(
|
|
$this->createElement(
|
|
'text',
|
|
'name',
|
|
array(
|
|
'required' => true,
|
|
'allowEmpty' => false,
|
|
'label' => t('Backend Name'),
|
|
'helptext' => t('The name of this authentication backend')
|
|
)
|
|
),
|
|
$this->createElement(
|
|
'select',
|
|
'resource',
|
|
array(
|
|
'required' => true,
|
|
'allowEmpty' => false,
|
|
'label' => t('LDAP Resource'),
|
|
'helptext' => t('The resource to use for authenticating with this provider'),
|
|
'multiOptions' => $this->resources
|
|
)
|
|
),
|
|
$this->createElement(
|
|
'text',
|
|
'user_class',
|
|
array(
|
|
'required' => true,
|
|
'label' => t('LDAP User Object Class'),
|
|
'helptext' => t('The object class used for storing users on the ldap server'),
|
|
'value' => 'inetOrgPerson'
|
|
)
|
|
),
|
|
$this->createElement(
|
|
'text',
|
|
'user_name_attribute',
|
|
array(
|
|
'required' => true,
|
|
'label' => t('LDAP User Name Attribute'),
|
|
'helptext' => t('The attribute name used for storing the user name on the ldap server'),
|
|
'value' => 'uid'
|
|
)
|
|
),
|
|
$this->createElement(
|
|
'button',
|
|
'btn_submit',
|
|
array(
|
|
'type' => 'submit',
|
|
'value' => '1',
|
|
'escape' => false,
|
|
'class' => 'btn btn-cta btn-wide',
|
|
'label' => '<i class="icinga-icon-save"></i> Save Backend'
|
|
)
|
|
),
|
|
$this->createElement(
|
|
'hidden',
|
|
'backend',
|
|
array(
|
|
'required' => true,
|
|
'value' => 'ldap'
|
|
)
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Return the ldap authentication backend configuration for this form
|
|
*
|
|
* @return array
|
|
*
|
|
* @see BaseBackendForm::getConfig()
|
|
*/
|
|
public function getConfig()
|
|
{
|
|
return array(
|
|
$this->getValue('name') => array(
|
|
'backend' => 'ldap',
|
|
'resource' => $this->getValue('resource'),
|
|
'user_class' => $this->getValue('user_class'),
|
|
'user_name_attribute' => $this->getValue('user_name_attribute')
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Validate the current configuration by creating a backend and requesting the user count
|
|
*
|
|
* @return bool Whether validation succeeded or not
|
|
*
|
|
* @see BaseBackendForm::isValidAuthenticationBacken
|
|
*/
|
|
public function isValidAuthenticationBackend()
|
|
{
|
|
if (! ResourceFactory::ldapAvailable()) {
|
|
/*
|
|
* It should be possible to run icingaweb without the php ldap extension, when
|
|
* no ldap backends are needed. When the user tries to create an ldap backend
|
|
* without ldap installed we need to show him an error.
|
|
*/
|
|
$this->addErrorMessage(t('Using ldap is not possible, the php extension "ldap" is not installed.'));
|
|
return false;
|
|
}
|
|
try {
|
|
$cfg = $this->getConfig();
|
|
$backendConfig = new Zend_Config($cfg[$this->getValue('name')]);
|
|
$backend = ResourceFactory::createResource(ResourceFactory::getResourceConfig($backendConfig->resource));
|
|
$testConn = new LdapUserBackend(
|
|
$backend,
|
|
$backendConfig->user_class,
|
|
$backendConfig->user_name_attribute
|
|
);
|
|
$testConn->assertAuthenticationPossible();
|
|
/*
|
|
if ($testConn->count() === 0) {
|
|
throw new Exception('No Users Found On Directory Server');
|
|
}
|
|
*/
|
|
} catch (Exception $exc) {
|
|
$this->addErrorMessage(
|
|
t('Connection Validation Failed: ' . $exc->getMessage())
|
|
);
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|