Search moodle.org's
Developer Documentation
Developer Documentation
See Release Notes
Long Term Support Release
- Bug fixes for general core bugs in 3.9.x will end* 10 May 2021 (12 months).
- Bug fixes for security issues in 3.9.x will end* 8 May 2023 (36 months).
- PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
/auth/ldap/ -> settings.php (source)
Differences Between: [Versions 39 and 310] [Versions 39 and 311] [Versions 39 and 400] [Versions 39 and 401] [Versions 39 and 402] [Versions 39 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Admin settings and defaults. 19 * 20 * @package auth_ldap 21 * @copyright 2017 Stephen Bourget 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 defined('MOODLE_INTERNAL') || die; 26 27 if ($ADMIN->fulltree) { 28 29 if (!function_exists('ldap_connect')) { 30 $settings->add(new admin_setting_heading('auth_ldap_noextension', '', get_string('auth_ldap_noextension', 'auth_ldap'))); 31 } else { 32 33 // We use a couple of custom admin settings since we need to massage the data before it is inserted into the DB. 34 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_lowercase_configtext.php'); 35 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_contexts_configtext.php'); 36 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_ntlm_configtext.php'); 37 38 // We need to use some of the Moodle LDAP constants / functions to create the list of options. 39 require_once($CFG->dirroot.'/auth/ldap/auth.php'); 40 41 // Introductory explanation. 42 $settings->add(new admin_setting_heading('auth_ldap/pluginname', '', 43 new lang_string('auth_ldapdescription', 'auth_ldap'))); 44 45 // LDAP server settings. 46 $settings->add(new admin_setting_heading('auth_ldap/ldapserversettings', 47 new lang_string('auth_ldap_server_settings', 'auth_ldap'), '')); 48 49 // Host. 50 $settings->add(new admin_setting_configtext('auth_ldap/host_url', 51 get_string('auth_ldap_host_url_key', 'auth_ldap'), 52 get_string('auth_ldap_host_url', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 53 54 // Version. 55 $versions = array(); 56 $versions[2] = '2'; 57 $versions[3] = '3'; 58 $settings->add(new admin_setting_configselect('auth_ldap/ldap_version', 59 new lang_string('auth_ldap_version_key', 'auth_ldap'), 60 new lang_string('auth_ldap_version', 'auth_ldap'), 3, $versions)); 61 62 // Start TLS. 63 $yesno = array( 64 new lang_string('no'), 65 new lang_string('yes'), 66 ); 67 $settings->add(new admin_setting_configselect('auth_ldap/start_tls', 68 new lang_string('start_tls_key', 'auth_ldap'), 69 new lang_string('start_tls', 'auth_ldap'), 0 , $yesno)); 70 71 72 // Encoding. 73 $settings->add(new admin_setting_configtext('auth_ldap/ldapencoding', 74 get_string('auth_ldap_ldap_encoding_key', 'auth_ldap'), 75 get_string('auth_ldap_ldap_encoding', 'auth_ldap'), 'utf-8', PARAM_RAW_TRIMMED)); 76 77 // Page Size. (Hide if not available). 78 $settings->add(new admin_setting_configtext('auth_ldap/pagesize', 79 get_string('pagesize_key', 'auth_ldap'), 80 get_string('pagesize', 'auth_ldap'), '250', PARAM_INT)); 81 82 // Bind settings. 83 $settings->add(new admin_setting_heading('auth_ldap/ldapbindsettings', 84 new lang_string('auth_ldap_bind_settings', 'auth_ldap'), '')); 85 86 // Store Password in DB. 87 $settings->add(new admin_setting_configselect('auth_ldap/preventpassindb', 88 new lang_string('auth_ldap_preventpassindb_key', 'auth_ldap'), 89 new lang_string('auth_ldap_preventpassindb', 'auth_ldap'), 0 , $yesno)); 90 91 // User ID. 92 $settings->add(new admin_setting_configtext('auth_ldap/bind_dn', 93 get_string('auth_ldap_bind_dn_key', 'auth_ldap'), 94 get_string('auth_ldap_bind_dn', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 95 96 // Password. 97 $settings->add(new admin_setting_configpasswordunmask('auth_ldap/bind_pw', 98 get_string('auth_ldap_bind_pw_key', 'auth_ldap'), 99 get_string('auth_ldap_bind_pw', 'auth_ldap'), '')); 100 101 // User Lookup settings. 102 $settings->add(new admin_setting_heading('auth_ldap/ldapuserlookup', 103 new lang_string('auth_ldap_user_settings', 'auth_ldap'), '')); 104 105 // User Type. 106 $settings->add(new admin_setting_configselect('auth_ldap/user_type', 107 new lang_string('auth_ldap_user_type_key', 'auth_ldap'), 108 new lang_string('auth_ldap_user_type', 'auth_ldap'), 'default', ldap_supported_usertypes())); 109 110 // Contexts. 111 $settings->add(new auth_ldap_admin_setting_special_contexts_configtext('auth_ldap/contexts', 112 get_string('auth_ldap_contexts_key', 'auth_ldap'), 113 get_string('auth_ldap_contexts', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 114 115 // Search subcontexts. 116 $settings->add(new admin_setting_configselect('auth_ldap/search_sub', 117 new lang_string('auth_ldap_search_sub_key', 'auth_ldap'), 118 new lang_string('auth_ldap_search_sub', 'auth_ldap'), 0 , $yesno)); 119 120 // Dereference aliases. 121 $optderef = array(); 122 $optderef[LDAP_DEREF_NEVER] = get_string('no'); 123 $optderef[LDAP_DEREF_ALWAYS] = get_string('yes'); 124 125 $settings->add(new admin_setting_configselect('auth_ldap/opt_deref', 126 new lang_string('auth_ldap_opt_deref_key', 'auth_ldap'), 127 new lang_string('auth_ldap_opt_deref', 'auth_ldap'), LDAP_DEREF_NEVER , $optderef)); 128 129 // User attribute. 130 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/user_attribute', 131 get_string('auth_ldap_user_attribute_key', 'auth_ldap'), 132 get_string('auth_ldap_user_attribute', 'auth_ldap'), '', PARAM_RAW)); 133 134 // Suspended attribute. 135 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/suspended_attribute', 136 get_string('auth_ldap_suspended_attribute_key', 'auth_ldap'), 137 get_string('auth_ldap_suspended_attribute', 'auth_ldap'), '', PARAM_RAW)); 138 139 // Member attribute. 140 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/memberattribute', 141 get_string('auth_ldap_memberattribute_key', 'auth_ldap'), 142 get_string('auth_ldap_memberattribute', 'auth_ldap'), '', PARAM_RAW)); 143 144 // Member attribute uses dn. 145 $settings->add(new admin_setting_configselect('auth_ldap/memberattribute_isdn', 146 get_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap'), 147 get_string('auth_ldap_memberattribute_isdn', 'auth_ldap'), 0, $yesno)); 148 149 // Object class. 150 $settings->add(new admin_setting_configtext('auth_ldap/objectclass', 151 get_string('auth_ldap_objectclass_key', 'auth_ldap'), 152 get_string('auth_ldap_objectclass', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 153 154 // Force Password change Header. 155 $settings->add(new admin_setting_heading('auth_ldap/ldapforcepasswordchange', 156 new lang_string('forcechangepassword', 'auth'), '')); 157 158 // Force Password change. 159 $settings->add(new admin_setting_configselect('auth_ldap/forcechangepassword', 160 new lang_string('forcechangepassword', 'auth'), 161 new lang_string('forcechangepasswordfirst_help', 'auth'), 0 , $yesno)); 162 163 // Standard Password Change. 164 $settings->add(new admin_setting_configselect('auth_ldap/stdchangepassword', 165 new lang_string('stdchangepassword', 'auth'), new lang_string('stdchangepassword_expl', 'auth') .' '. 166 get_string('stdchangepassword_explldap', 'auth'), 0 , $yesno)); 167 168 // Password Type. 169 $passtype = array(); 170 $passtype['plaintext'] = get_string('plaintext', 'auth'); 171 $passtype['md5'] = get_string('md5', 'auth'); 172 $passtype['sha1'] = get_string('sha1', 'auth'); 173 174 $settings->add(new admin_setting_configselect('auth_ldap/passtype', 175 new lang_string('auth_ldap_passtype_key', 'auth_ldap'), 176 new lang_string('auth_ldap_passtype', 'auth_ldap'), 'plaintext', $passtype)); 177 178 // Password change URL. 179 $settings->add(new admin_setting_configtext('auth_ldap/changepasswordurl', 180 get_string('auth_ldap_changepasswordurl_key', 'auth_ldap'), 181 get_string('changepasswordhelp', 'auth'), '', PARAM_URL)); 182 183 // Password Expiration Header. 184 $settings->add(new admin_setting_heading('auth_ldap/passwordexpire', 185 new lang_string('auth_ldap_passwdexpire_settings', 'auth_ldap'), '')); 186 187 // Password Expiration. 188 189 // Create the description lang_string object. 190 $strno = get_string('no'); 191 $strldapserver = get_string('pluginname', 'auth_ldap'); 192 $langobject = new stdClass(); 193 $langobject->no = $strno; 194 $langobject->ldapserver = $strldapserver; 195 $description = new lang_string('auth_ldap_expiration_desc', 'auth_ldap', $langobject); 196 197 // Now create the options. 198 $expiration = array(); 199 $expiration['0'] = $strno; 200 $expiration['1'] = $strldapserver; 201 202 // Add the setting. 203 $settings->add(new admin_setting_configselect('auth_ldap/expiration', 204 new lang_string('auth_ldap_expiration_key', 'auth_ldap'), 205 $description, 0 , $expiration)); 206 207 // Password Expiration warning. 208 $settings->add(new admin_setting_configtext('auth_ldap/expiration_warning', 209 get_string('auth_ldap_expiration_warning_key', 'auth_ldap'), 210 get_string('auth_ldap_expiration_warning_desc', 'auth_ldap'), '', PARAM_RAW)); 211 212 // Password Expiration attribute. 213 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/expireattr', 214 get_string('auth_ldap_expireattr_key', 'auth_ldap'), 215 get_string('auth_ldap_expireattr_desc', 'auth_ldap'), '', PARAM_RAW)); 216 217 // Grace Logins. 218 $settings->add(new admin_setting_configselect('auth_ldap/gracelogins', 219 new lang_string('auth_ldap_gracelogins_key', 'auth_ldap'), 220 new lang_string('auth_ldap_gracelogins_desc', 'auth_ldap'), 0 , $yesno)); 221 222 // Grace logins attribute. 223 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_ldap/graceattr', 224 get_string('auth_ldap_gracelogin_key', 'auth_ldap'), 225 get_string('auth_ldap_graceattr_desc', 'auth_ldap'), '', PARAM_RAW)); 226 227 // User Creation. 228 $settings->add(new admin_setting_heading('auth_ldap/usercreation', 229 new lang_string('auth_user_create', 'auth'), '')); 230 231 // Create users externally. 232 $settings->add(new admin_setting_configselect('auth_ldap/auth_user_create', 233 new lang_string('auth_ldap_auth_user_create_key', 'auth_ldap'), 234 new lang_string('auth_user_creation', 'auth'), 0 , $yesno)); 235 236 // Context for new users. 237 $settings->add(new admin_setting_configtext('auth_ldap/create_context', 238 get_string('auth_ldap_create_context_key', 'auth_ldap'), 239 get_string('auth_ldap_create_context', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 240 241 // System roles mapping header. 242 $settings->add(new admin_setting_heading('auth_ldap/systemrolemapping', 243 new lang_string('systemrolemapping', 'auth_ldap'), '')); 244 245 // Create system role mapping field for each assignable system role. 246 $roles = get_ldap_assignable_role_names(); 247 foreach ($roles as $role) { 248 // Before we can add this setting we need to check a few things. 249 // A) It does not exceed 100 characters otherwise it will break the DB as the 'name' field 250 // in the 'config_plugins' table is a varchar(100). 251 // B) The setting name does not contain hyphens. If it does then it will fail the check 252 // in parse_setting_name() and everything will explode. Role short names are validated 253 // against PARAM_ALPHANUMEXT which is similar to the regex used in parse_setting_name() 254 // except it also allows hyphens. 255 // Instead of shortening the name and removing/replacing the hyphens we are showing a warning. 256 // If we were to manipulate the setting name by removing the hyphens we may get conflicts, eg 257 // 'thisisashortname' and 'this-is-a-short-name'. The same applies for shortening the setting name. 258 if (core_text::strlen($role['settingname']) > 100 || !preg_match('/^[a-zA-Z0-9_]+$/', $role['settingname'])) { 259 $url = new moodle_url('/admin/roles/define.php', array('action' => 'edit', 'roleid' => $role['id'])); 260 $a = (object)['rolename' => $role['localname'], 'shortname' => $role['shortname'], 'charlimit' => 93, 261 'link' => $url->out()]; 262 $settings->add(new admin_setting_heading('auth_ldap/role_not_mapped_' . sha1($role['settingname']), '', 263 get_string('cannotmaprole', 'auth_ldap', $a))); 264 } else { 265 $settings->add(new admin_setting_configtext('auth_ldap/' . $role['settingname'], 266 get_string('auth_ldap_rolecontext', 'auth_ldap', $role), 267 get_string('auth_ldap_rolecontext_help', 'auth_ldap', $role), '', PARAM_RAW_TRIMMED)); 268 } 269 } 270 271 // User Account Sync. 272 $settings->add(new admin_setting_heading('auth_ldap/syncusers', 273 new lang_string('auth_sync_script', 'auth'), '')); 274 275 // Remove external user. 276 $deleteopt = array(); 277 $deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth'); 278 $deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth'); 279 $deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth'); 280 281 $settings->add(new admin_setting_configselect('auth_ldap/removeuser', 282 new lang_string('auth_remove_user_key', 'auth'), 283 new lang_string('auth_remove_user', 'auth'), AUTH_REMOVEUSER_KEEP, $deleteopt)); 284 285 // Sync Suspension. 286 $settings->add(new admin_setting_configselect('auth_ldap/sync_suspended', 287 new lang_string('auth_sync_suspended_key', 'auth'), 288 new lang_string('auth_sync_suspended', 'auth'), 0 , $yesno)); 289 290 // NTLM SSO Header. 291 $settings->add(new admin_setting_heading('auth_ldap/ntlm', 292 new lang_string('auth_ntlmsso', 'auth_ldap'), '')); 293 294 // Enable NTLM. 295 $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_enabled', 296 new lang_string('auth_ntlmsso_enabled_key', 'auth_ldap'), 297 new lang_string('auth_ntlmsso_enabled', 'auth_ldap'), 0 , $yesno)); 298 299 // Subnet. 300 $settings->add(new admin_setting_configtext('auth_ldap/ntlmsso_subnet', 301 get_string('auth_ntlmsso_subnet_key', 'auth_ldap'), 302 get_string('auth_ntlmsso_subnet', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 303 304 // NTLM Fast Path. 305 $fastpathoptions = array(); 306 $fastpathoptions[AUTH_NTLM_FASTPATH_YESFORM] = get_string('auth_ntlmsso_ie_fastpath_yesform', 'auth_ldap'); 307 $fastpathoptions[AUTH_NTLM_FASTPATH_YESATTEMPT] = get_string('auth_ntlmsso_ie_fastpath_yesattempt', 'auth_ldap'); 308 $fastpathoptions[AUTH_NTLM_FASTPATH_ATTEMPT] = get_string('auth_ntlmsso_ie_fastpath_attempt', 'auth_ldap'); 309 310 $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_ie_fastpath', 311 new lang_string('auth_ntlmsso_ie_fastpath_key', 'auth_ldap'), 312 new lang_string('auth_ntlmsso_ie_fastpath', 'auth_ldap'), 313 AUTH_NTLM_FASTPATH_ATTEMPT, $fastpathoptions)); 314 315 // Authentication type. 316 $types = array(); 317 $types['ntlm'] = 'NTLM'; 318 $types['kerberos'] = 'Kerberos'; 319 320 $settings->add(new admin_setting_configselect('auth_ldap/ntlmsso_type', 321 new lang_string('auth_ntlmsso_type_key', 'auth_ldap'), 322 new lang_string('auth_ntlmsso_type', 'auth_ldap'), 'ntlm', $types)); 323 324 // Remote Username format. 325 $settings->add(new auth_ldap_admin_setting_special_ntlm_configtext('auth_ldap/ntlmsso_remoteuserformat', 326 get_string('auth_ntlmsso_remoteuserformat_key', 'auth_ldap'), 327 get_string('auth_ntlmsso_remoteuserformat', 'auth_ldap'), '', PARAM_RAW_TRIMMED)); 328 } 329 330 // Display locking / mapping of profile fields. 331 $authplugin = get_auth_plugin('ldap'); 332 $help = get_string('auth_ldapextrafields', 'auth_ldap'); 333 $help .= get_string('auth_updatelocal_expl', 'auth'); 334 $help .= get_string('auth_fieldlock_expl', 'auth'); 335 $help .= get_string('auth_updateremote_expl', 'auth'); 336 $help .= '<hr />'; 337 $help .= get_string('auth_updateremote_ldap', 'auth'); 338 display_auth_lock_options($settings, $authplugin->authtype, $authplugin->userfields, 339 $help, true, true, $authplugin->get_custom_user_profile_fields()); 340 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
