Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
- Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
- PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.
/auth/ldap/ -> settings.php (source)
Differences Between: [Versions 39 and 311]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Admin settings and defaults. 19 * 20 * @package auth_ldap 21 * @copyright 2017 Stephen Bourget 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 defined('MOODLE_INTERNAL') || die; 26 27 if ($ADMIN->fulltree) { 28 29 if (!function_exists('ldap_connect')) { 30 $notify = new \core\output\notification(get_string('auth_ldap_noextension', 'auth_ldap'), 31 \core\output\notification::NOTIFY_WARNING); 32 $settings->add(new admin_setting_heading('auth_ldap_noextension', '', $OUTPUT->render($notify))); 33 } else { 34 35 // We use a couple of custom admin settings since we need to massage the data before it is inserted into the DB. 36 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_lowercase_configtext.php'); 37 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_contexts_configtext.php'); 38 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_ntlm_configtext.php'); 39 40 // We need to use some of the Moodle LDAP constants / functions to create the list of options. 41 require_once($CFG->dirroot.'/auth/ldap/auth.php'); 42 43 // Introductory explanation. 44 $settings->add(new admin_setting_heading('auth_ldap/pluginname', '', 45 new lang_string('auth_ldapdescription', 'auth_ldap'))); 46 47 // LDAP server settings. 48 $settings->add(new admin_setting_heading('auth_ldap/ldapserversettings', 49 new lang_string('auth_ldap_server_settings', 'auth_ldap'), '')); 50 51 // Host. 52 $settings->add(new admin_setting_configtext('auth_ldap/host_url', 53 get_string('auth_ldap_host_url_key', 'auth_ldap'), 54 get_string('auth_ldap_host_url', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 55 56 // Version. 57 $versions = array(); 58 $versions[2] = '2'; 59 $versions[3] = '3'; 60 $settings->add(new admin_setting_configselect('auth_ldap/ldap_version', 61 new lang_string('auth_ldap_version_key', 'auth_ldap'), 62 new lang_string('auth_ldap_version', 'auth_ldap'), 3, $versions)); 63 64 // Start TLS. 65 $yesno = array( 66 new lang_string('no'), 67 new lang_string('yes'), 68 ); 69 $settings->add(new admin_setting_configselect('auth_ldap/start_tls', 70 new lang_string('start_tls_key', 'auth_ldap'), 71 new lang_string('start_tls', 'auth_ldap'), 0 , $yesno)); 72 73 74 // Encoding. 75 $settings->add(new admin_setting_configtext('auth_ldap/ldapencoding', 76 get_string('auth_ldap_ldap_encoding_key', 'auth_ldap'), 77 get_string('auth_ldap_ldap_encoding', 'auth_ldap'), 'utf-8', PARAM_RAW_TRIMMED)); 78 79 // Page Size. (Hide if not available). 80 $settings->add(new admin_setting_configtext('auth_ldap/pagesize', 81 get_string('pagesize_key', 'auth_ldap'), 82 get_string('pagesize', 'auth_ldap'), '250', PARAM_INT)); 83 84 // Bind settings. 85 $settings->add(new admin_setting_heading('auth_ldap/ldapbindsettings', 86 new lang_string('auth_ldap_bind_settings', 'auth_ldap'), '')); 87 88 // Store Password in DB. 89 $settings->add(new admin_setting_configselect('auth_ldap/preventpassindb', 90 new lang_string('auth_ldap_preventpassindb_key', 'auth_ldap'), 91 new lang_string('auth_ldap_preventpassindb', 'auth_ldap'), 0 , $yesno)); 92 93 // User ID. 94 $settings->add(new admin_setting_configtext('auth_ldap/bind_dn', 95 get_string('auth_ldap_bind_dn_key', 'auth_ldap'), 96 get_string('auth_ldap_bind_dn', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 97 98 // Password. 99 $settings->add(new admin_setting_configpasswordunmask('auth_ldap/bind_pw', 100 get_string('auth_ldap_bind_pw_key', 'auth_ldap'), 101 get_string('auth_ldap_bind_pw', 'auth_ldap'), '')); 102 103 // User Lookup settings. 104 $settings->add(new admin_setting_heading('auth_ldap/ldapuserlookup', 105 new lang_string('auth_ldap_user_settings', 'auth_ldap'), '')); 106 107 // User Type. 108 $settings->add(new admin_setting_configselect('auth_ldap/user_type', 109 new lang_string('auth_ldap_user_type_key', 'auth_ldap'), 110 new lang_string('auth_ldap_user_type', 'auth_ldap'), 'default', ldap_supported_usertypes())); 111 112 // Contexts. 113 $settings->add(new auth_ldap_admin_setting_special_contexts_configtext('auth_ldap/contexts', 114 get_string('auth_ldap_contexts_key', 'auth_ldap'), 115 get_string('auth_ldap_contexts', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 116 117 // Search subcontexts. 118 $settings->add(new admin_setting_configselect('auth_ldap/search_sub', 119 new lang_string('auth_ldap_search_sub_key', 'auth_ldap'), 120 new lang_string('auth_ldap_search_sub', 'auth_ldap'), 0 , $yesno)); 121 122 // Dereference aliases. 123 $optderef = array(); 124 $optderef[LDAP_DEREF_NEVER] = get_string('no'); 125 $optderef[LDAP_DEREF_ALWAYS] = get_string('yes'); 126 127 $settings->add(new admin_setting_configselect('auth_ldap/opt_deref', 128 new lang_string('auth_ldap_opt_deref_key', 'auth_ldap'), 129 new lang_string('auth_ldap_opt_deref', 'auth_ldap'), LDAP_DEREF_NEVER , $optderef)); 130 131 // User attribute. 132 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/user_attribute', 133 get_string('auth_ldap_user_attribute_key', 'auth_ldap'), 134 get_string('auth_ldap_user_attribute', 'auth_ldap'), '', PARAM_RAW)); 135 136 // Suspended attribute. 137 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/suspended_attribute', 138 get_string('auth_ldap_suspended_attribute_key', 'auth_ldap'), 139 get_string('auth_ldap_suspended_attribute', 'auth_ldap'), '', PARAM_RAW)); 140 141 // Member attribute. 142 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/memberattribute', 143 get_string('auth_ldap_memberattribute_key', 'auth_ldap'), 144 get_string('auth_ldap_memberattribute', 'auth_ldap'), '', PARAM_RAW)); 145 146 // Member attribute uses dn. 147 $settings->add(new admin_setting_configselect('auth_ldap/memberattribute_isdn', 148 get_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap'), 149 get_string('auth_ldap_memberattribute_isdn', 'auth_ldap'), 0, $yesno)); 150 151 // Object class. 152 $settings->add(new admin_setting_configtext('auth_ldap/objectclass', 153 get_string('auth_ldap_objectclass_key', 'auth_ldap'), 154 get_string('auth_ldap_objectclass', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 155 156 // Force Password change Header. 157 $settings->add(new admin_setting_heading('auth_ldap/ldapforcepasswordchange', 158 new lang_string('forcechangepassword', 'auth'), '')); 159 160 // Force Password change. 161 $settings->add(new admin_setting_configselect('auth_ldap/forcechangepassword', 162 new lang_string('forcechangepassword', 'auth'), 163 new lang_string('forcechangepasswordfirst_help', 'auth'), 0 , $yesno)); 164 165 // Standard Password Change. 166 $settings->add(new admin_setting_configselect('auth_ldap/stdchangepassword', 167 new lang_string('stdchangepassword', 'auth'), new lang_string('stdchangepassword_expl', 'auth') .' '. 168 get_string('stdchangepassword_explldap', 'auth'), 0 , $yesno)); 169 170 // Password Type. 171 $passtype = array(); 172 $passtype['plaintext'] = get_string('plaintext', 'auth'); 173 $passtype['md5'] = get_string('md5', 'auth'); 174 $passtype['sha1'] = get_string('sha1', 'auth'); 175 176 $settings->add(new admin_setting_configselect('auth_ldap/passtype', 177 new lang_string('auth_ldap_passtype_key', 'auth_ldap'), 178 new lang_string('auth_ldap_passtype', 'auth_ldap'), 'plaintext', $passtype)); 179 180 // Password change URL. 181 $settings->add(new admin_setting_configtext('auth_ldap/changepasswordurl', 182 get_string('auth_ldap_changepasswordurl_key', 'auth_ldap'), 183 get_string('changepasswordhelp', 'auth'), '', PARAM_URL)); 184 185 // Password Expiration Header. 186 $settings->add(new admin_setting_heading('auth_ldap/passwordexpire', 187 new lang_string('auth_ldap_passwdexpire_settings', 'auth_ldap'), '')); 188 189 // Password Expiration. 190 191 // Create the description lang_string object. 192 $strno = get_string('no'); 193 $strldapserver = get_string('pluginname', 'auth_ldap'); 194 $langobject = new stdClass(); 195 $langobject->no = $strno; 196 $langobject->ldapserver = $strldapserver; 197 $description = new lang_string('auth_ldap_expiration_desc', 'auth_ldap', $langobject); 198 199 // Now create the options. 200 $expiration = array(); 201 $expiration['0'] = $strno; 202 $expiration['1'] = $strldapserver; 203 204 // Add the setting. 205 $settings->add(new admin_setting_configselect('auth_ldap/expiration', 206 new lang_string('auth_ldap_expiration_key', 'auth_ldap'), 207 $description, 0 , $expiration)); 208 209 // Password Expiration warning. 210 $settings->add(new admin_setting_configtext('auth_ldap/expiration_warning', 211 get_string('auth_ldap_expiration_warning_key', 'auth_ldap'), 212 get_string('auth_ldap_expiration_warning_desc', 'auth_ldap'), '', PARAM_RAW)); 213 214 // Password Expiration attribute. 215 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/expireattr', 216 get_string('auth_ldap_expireattr_key', 'auth_ldap'), 217 get_string('auth_ldap_expireattr_desc', 'auth_ldap'), '', PARAM_RAW)); 218 219 // Grace Logins. 220 $settings->add(new admin_setting_configselect('auth_ldap/gracelogins', 221 new lang_string('auth_ldap_gracelogins_key', 'auth_ldap'), 222 new lang_string('auth_ldap_gracelogins_desc', 'auth_ldap'), 0 , $yesno)); 223 224 // Grace logins attribute. 225 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/graceattr', 226 get_string('auth_ldap_gracelogin_key', 'auth_ldap'), 227 get_string('auth_ldap_graceattr_desc', 'auth_ldap'), '', PARAM_RAW)); 228 229 // User Creation. 230 $settings->add(new admin_setting_heading('auth_ldap/usercreation', 231 new lang_string('auth_user_create', 'auth'), '')); 232 233 // Create users externally. 234 $settings->add(new admin_setting_configselect('auth_ldap/auth_user_create', 235 new lang_string('auth_ldap_auth_user_create_key', 'auth_ldap'), 236 new lang_string('auth_user_creation', 'auth'), 0 , $yesno)); 237 238 // Context for new users. 239 $settings->add(new admin_setting_configtext('auth_ldap/create_context', 240 get_string('auth_ldap_create_context_key', 'auth_ldap'), 241 get_string('auth_ldap_create_context', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 242 243 // System roles mapping header. 244 $settings->add(new admin_setting_heading('auth_ldap/systemrolemapping', 245 new lang_string('systemrolemapping', 'auth_ldap'), '')); 246 247 // Create system role mapping field for each assignable system role. 248 $roles = get_ldap_assignable_role_names(); 249 foreach ($roles as $role) { 250 // Before we can add this setting we need to check a few things. 251 // A) It does not exceed 100 characters otherwise it will break the DB as the 'name' field 252 // in the 'config_plugins' table is a varchar(100). 253 // B) The setting name does not contain hyphens. If it does then it will fail the check 254 // in parse_setting_name() and everything will explode. Role short names are validated 255 // against PARAM_ALPHANUMEXT which is similar to the regex used in parse_setting_name() 256 // except it also allows hyphens. 257 // Instead of shortening the name and removing/replacing the hyphens we are showing a warning. 258 // If we were to manipulate the setting name by removing the hyphens we may get conflicts, eg 259 // 'thisisashortname' and 'this-is-a-short-name'. The same applies for shortening the setting name. 260 if (core_text::strlen($role['settingname']) > 100 || !preg_match('/^[a-zA-Z0-9_]+$/', $role['settingname'])) { 261 $url = new moodle_url('/admin/roles/define.php', array('action' => 'edit', 'roleid' => $role['id'])); 262 $a = (object)['rolename' => $role['localname'], 'shortname' => $role['shortname'], 'charlimit' => 93, 263 'link' => $url->out()]; 264 $settings->add(new admin_setting_heading('auth_ldap/role_not_mapped_' . sha1($role['settingname']), '', 265 get_string('cannotmaprole', 'auth_ldap', $a))); 266 } else { 267 $settings->add(new admin_setting_configtext('auth_ldap/' . $role['settingname'], 268 get_string('auth_ldap_rolecontext', 'auth_ldap', $role), 269 get_string('auth_ldap_rolecontext_help', 'auth_ldap', $role), '', PARAM_RAW_TRIMMED)); 270 } 271 } 272 273 // User Account Sync. 274 $settings->add(new admin_setting_heading('auth_ldap/syncusers', 275 new lang_string('auth_sync_script', 'auth'), '')); 276 277 // Remove external user. 278 $deleteopt = array(); 279 $deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth'); 280 $deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth'); 281 $deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth'); 282 283 $settings->add(new admin_setting_configselect('auth_ldap/removeuser', 284 new lang_string('auth_remove_user_key', 'auth'), 285 new lang_string('auth_remove_user', 'auth'), AUTH_REMOVEUSER_KEEP, $deleteopt)); 286 287 // Sync Suspension. 288 $settings->add(new admin_setting_configselect('auth_ldap/sync_suspended', 289 new lang_string('auth_sync_suspended_key', 'auth'), 290 new lang_string('auth_sync_suspended', 'auth'), 0 , $yesno)); 291 292 // NTLM SSO Header. 293 $settings->add(new admin_setting_heading('auth_ldap/ntlm', 294 new lang_string('auth_ntlmsso', 'auth_ldap'), '')); 295 296 // Enable NTLM. 297 $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_enabled', 298 new lang_string('auth_ntlmsso_enabled_key', 'auth_ldap'), 299 new lang_string('auth_ntlmsso_enabled', 'auth_ldap'), 0 , $yesno)); 300 301 // Subnet. 302 $settings->add(new admin_setting_configtext('auth_ldap/ntlmsso_subnet', 303 get_string('auth_ntlmsso_subnet_key', 'auth_ldap'), 304 get_string('auth_ntlmsso_subnet', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 305 306 // NTLM Fast Path. 307 $fastpathoptions = array(); 308 $fastpathoptions[AUTH_NTLM_FASTPATH_YESFORM] = get_string('auth_ntlmsso_ie_fastpath_yesform', 'auth_ldap'); 309 $fastpathoptions[AUTH_NTLM_FASTPATH_YESATTEMPT] = get_string('auth_ntlmsso_ie_fastpath_yesattempt', 'auth_ldap'); 310 $fastpathoptions[AUTH_NTLM_FASTPATH_ATTEMPT] = get_string('auth_ntlmsso_ie_fastpath_attempt', 'auth_ldap'); 311 312 $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_ie_fastpath', 313 new lang_string('auth_ntlmsso_ie_fastpath_key', 'auth_ldap'), 314 new lang_string('auth_ntlmsso_ie_fastpath', 'auth_ldap'), 315 AUTH_NTLM_FASTPATH_ATTEMPT, $fastpathoptions)); 316 317 // Authentication type. 318 $types = array(); 319 $types['ntlm'] = 'NTLM'; 320 $types['kerberos'] = 'Kerberos'; 321 322 $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_type', 323 new lang_string('auth_ntlmsso_type_key', 'auth_ldap'), 324 new lang_string('auth_ntlmsso_type', 'auth_ldap'), 'ntlm', $types)); 325 326 // Remote Username format. 327 $settings->add(new auth_ldap_admin_setting_special_ntlm_configtext('auth_ldap/ntlmsso_remoteuserformat', 328 get_string('auth_ntlmsso_remoteuserformat_key', 'auth_ldap'), 329 get_string('auth_ntlmsso_remoteuserformat', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 330 } 331 332 // Display locking / mapping of profile fields. 333 $authplugin = get_auth_plugin('ldap'); 334 $help = get_string('auth_ldapextrafields', 'auth_ldap'); 335 $help .= get_string('auth_updatelocal_expl', 'auth'); 336 $help .= get_string('auth_fieldlock_expl', 'auth'); 337 $help .= get_string('auth_updateremote_expl', 'auth'); 338 $help .= '<hr />'; 339 $help .= get_string('auth_updateremote_ldap', 'auth'); 340 display_auth_lock_options($settings, $authplugin->authtype, $authplugin->userfields, 341 $help, true, true, $authplugin->get_custom_user_profile_fields()); 342 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
