From 99272bbc725bd0b59681d93f9408fd049f8263f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Thu, 11 Jul 2024 12:57:23 +0200 Subject: [PATCH 1/3] Display associated password policy --- conf/config.inc.php | 2 ++ htdocs/display.php | 5 +++++ htdocs/index.php | 2 +- lang/en.inc.php | 1 + lang/fr.inc.php | 1 + templates/value_displayer.tpl | 6 ++++++ 6 files changed, 16 insertions(+), 1 deletion(-) diff --git a/conf/config.inc.php b/conf/config.inc.php index 9250b05..07f925d 100644 --- a/conf/config.inc.php +++ b/conf/config.inc.php @@ -31,6 +31,7 @@ $ldap_base = "dc=example,dc=com"; $ldap_user_base = "ou=users,".$ldap_base; $ldap_user_filter = "(objectClass=inetOrgPerson)"; +$ldap_ppolicy_filter = "(objectClass=pwdPolicy)"; $ldap_size_limit = 100; #$ldap_default_ppolicy = "cn=default,ou=ppolicy,dc=example,dc=com"; $ldap_lastauth_attribute = "authTimestamp"; @@ -67,6 +68,7 @@ 'pwdchangedtime' => array( 'attribute' => 'pwdchangedtime', 'faclass' => 'lock', 'type' => 'date' ), 'pwdfailuretime' => array( 'attribute' => 'pwdfailuretime', 'faclass' => 'lock', 'type' => 'date' ), 'pwdlastsuccess' => array( 'attribute' => 'pwdlastsuccess', 'faclass' => 'lock', 'type' => 'date' ), + 'pwdpolicysubentry' => array( 'attribute' => 'pwdpolicysubentry', 'faclass' => 'lock', 'type' => 'ppolicy_dn' ), 'pwdreset' => array( 'attribute' => 'pwdreset', 'faclass' => 'lock', 'type' => 'boolean' ), 'secretary' => array( 'attribute' => 'secretary', 'faclass' => 'user-circle-o', 'type' => 'dn_link' ), 'state' => array( 'attribute' => 'st', 'faclass' => 'globe', 'type' => 'text' ), diff --git a/htdocs/display.php b/htdocs/display.php index 4530157..2bd3ce9 100644 --- a/htdocs/display.php +++ b/htdocs/display.php @@ -93,6 +93,11 @@ $entry[0][$attr] = $values; } + # Include default password policy + if ( !$entry[0]['pwdpolicysubentry'] and $ldap_default_ppolicy) { + $entry[0]['pwdpolicysubentry'][] = $ldap_default_ppolicy; + } + if ($display_edit_link) { # Replace {dn} in URL $edit_link = str_replace("{dn}", urlencode($dn), $display_edit_link); diff --git a/htdocs/index.php b/htdocs/index.php index 3435c71..297605f 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -48,7 +48,7 @@ # Assign configuration variables $smarty->assign("page_title", false); -$smarty->assign('ldap_params',array('ldap_url' => $ldap_url, 'ldap_starttls' => $ldap_starttls, 'ldap_binddn' => $ldap_binddn, 'ldap_bindpw' => $ldap_bindpw, 'ldap_user_base' => $ldap_user_base, 'ldap_user_filter' => $ldap_user_filter)); +$smarty->assign('ldap_params',array('ldap_url' => $ldap_url, 'ldap_starttls' => $ldap_starttls, 'ldap_binddn' => $ldap_binddn, 'ldap_bindpw' => $ldap_bindpw, 'ldap_user_base' => $ldap_user_base, 'ldap_user_filter' => $ldap_user_filter, 'ldap_ppolicy_filter' => $ldap_ppolicy_filter, 'ldap_default_ppolicy' => $ldap_default_ppolicy)); $smarty->assign('logo',$logo); $smarty->assign('background_image',$background_image); $smarty->assign('custom_css',$custom_css); diff --git a/lang/en.inc.php b/lang/en.inc.php index f808d15..493600a 100644 --- a/lang/en.inc.php +++ b/lang/en.inc.php @@ -58,6 +58,7 @@ $messages['label_pwdaccountlockedtime'] = "Locking date"; $messages['label_pwdchangedtime'] = "Last password change"; $messages['label_pwdfailuretime'] = "Last authentication failures"; +$messages['label_pwdpolicysubentry'] = "Associated password policy"; $messages['label_pwdreset'] = "Reset password at next connection"; $messages['label_secretary'] = "Secretary"; $messages['label_state'] = "State"; diff --git a/lang/fr.inc.php b/lang/fr.inc.php index 41df712..ca3ecb8 100644 --- a/lang/fr.inc.php +++ b/lang/fr.inc.php @@ -58,6 +58,7 @@ $messages['label_pwdaccountlockedtime'] = "Date de blocage"; $messages['label_pwdchangedtime'] = "Dernier changement de mot de passe"; $messages['label_pwdfailuretime'] = "Derniers échecs d'authentification"; +$messages['label_pwdpolicysubentry'] = "Politique des mots de passe associée"; $messages['label_pwdreset'] = "Réinitialisation du mot de passe à la prochaine connexion"; $messages['label_secretary'] = "Secrétaire"; $messages['label_state'] = "État"; diff --git a/templates/value_displayer.tpl b/templates/value_displayer.tpl index e915541..92a8ae7 100644 --- a/templates/value_displayer.tpl +++ b/templates/value_displayer.tpl @@ -38,6 +38,12 @@ {/if} {/if} +{if $type eq 'ppolicy_dn'} + {assign var="name" value="{{get_attribute dn="{$value}" attribute="cn" ldap_url="{$ldap_params.ldap_url}" ldap_starttls="{$ldap_params.ldap_starttls}" ldap_binddn="{$ldap_params.ldap_binddn}" ldap_bindpw="{$ldap_params.ldap_bindpw}" ldap_filter="{$ldap_params.ldap_ppolicy_filter}" ldap_network_timeout="{$ldap_params.ldap_network_timeout}"}|truncate:{$truncate_value_after}}"} + {if $name}{$name}
{/if} +{/if} + + {if $type eq 'address'} {foreach split_value($value,'$') as $fragment} {$fragment|truncate:{$truncate_value_after}}
From b8e0d64299d3e02c61ae80a72c0c43c61c7c7822 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Thu, 11 Jul 2024 16:11:00 +0200 Subject: [PATCH 2/3] Add doc about ldap_ppolicy_filter --- docs/ldap-parameters.rst | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/ldap-parameters.rst b/docs/ldap-parameters.rst index 92845db..1200897 100644 --- a/docs/ldap-parameters.rst +++ b/docs/ldap-parameters.rst @@ -75,8 +75,14 @@ It is advised to set a search limit on client side if no limit is set by the ser $ldap_size_limit = 100; -Default password policy ------------------------ +Password policies +----------------- + +Configure the filter to match password policy configuration objects: + +.. code-block:: php + + $ldap_ppolicy_filter = "(objectClass=pwdPolicy)"; Set ``$ldap_default_ppolicy`` value if a default policy is configured in your LDAP directory. From c9f6a0fdfb02fef0b1ddb17f5c3b4964bbff5c0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Fri, 12 Jul 2024 10:13:34 +0200 Subject: [PATCH 3/3] Parameter to choose ppolicy name attribute --- conf/config.inc.php | 1 + docs/ldap-parameters.rst | 6 ++++++ htdocs/index.php | 2 +- templates/value_displayer.tpl | 3 +-- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/conf/config.inc.php b/conf/config.inc.php index 07f925d..f0bd618 100644 --- a/conf/config.inc.php +++ b/conf/config.inc.php @@ -32,6 +32,7 @@ $ldap_user_base = "ou=users,".$ldap_base; $ldap_user_filter = "(objectClass=inetOrgPerson)"; $ldap_ppolicy_filter = "(objectClass=pwdPolicy)"; +$ldap_ppolicy_name_attribute = "cn"; $ldap_size_limit = 100; #$ldap_default_ppolicy = "cn=default,ou=ppolicy,dc=example,dc=com"; $ldap_lastauth_attribute = "authTimestamp"; diff --git a/docs/ldap-parameters.rst b/docs/ldap-parameters.rst index 1200897..5627d81 100644 --- a/docs/ldap-parameters.rst +++ b/docs/ldap-parameters.rst @@ -84,6 +84,12 @@ Configure the filter to match password policy configuration objects: $ldap_ppolicy_filter = "(objectClass=pwdPolicy)"; +Define which attribute value will be displayed as password policy name: + +.. code-block:: php + + $ldap_ppolicy_name_attribute = "cn"; + Set ``$ldap_default_ppolicy`` value if a default policy is configured in your LDAP directory. .. code-block:: php diff --git a/htdocs/index.php b/htdocs/index.php index 297605f..ec92eb9 100644 --- a/htdocs/index.php +++ b/htdocs/index.php @@ -48,7 +48,7 @@ # Assign configuration variables $smarty->assign("page_title", false); -$smarty->assign('ldap_params',array('ldap_url' => $ldap_url, 'ldap_starttls' => $ldap_starttls, 'ldap_binddn' => $ldap_binddn, 'ldap_bindpw' => $ldap_bindpw, 'ldap_user_base' => $ldap_user_base, 'ldap_user_filter' => $ldap_user_filter, 'ldap_ppolicy_filter' => $ldap_ppolicy_filter, 'ldap_default_ppolicy' => $ldap_default_ppolicy)); +$smarty->assign('ldap_params',array('ldap_url' => $ldap_url, 'ldap_starttls' => $ldap_starttls, 'ldap_binddn' => $ldap_binddn, 'ldap_bindpw' => $ldap_bindpw, 'ldap_user_base' => $ldap_user_base, 'ldap_user_filter' => $ldap_user_filter, 'ldap_ppolicy_filter' => $ldap_ppolicy_filter, 'ldap_ppolicy_name_attribute' => $ldap_ppolicy_name_attribute, 'ldap_default_ppolicy' => $ldap_default_ppolicy)); $smarty->assign('logo',$logo); $smarty->assign('background_image',$background_image); $smarty->assign('custom_css',$custom_css); diff --git a/templates/value_displayer.tpl b/templates/value_displayer.tpl index 92a8ae7..0a4384c 100644 --- a/templates/value_displayer.tpl +++ b/templates/value_displayer.tpl @@ -39,11 +39,10 @@ {/if} {if $type eq 'ppolicy_dn'} - {assign var="name" value="{{get_attribute dn="{$value}" attribute="cn" ldap_url="{$ldap_params.ldap_url}" ldap_starttls="{$ldap_params.ldap_starttls}" ldap_binddn="{$ldap_params.ldap_binddn}" ldap_bindpw="{$ldap_params.ldap_bindpw}" ldap_filter="{$ldap_params.ldap_ppolicy_filter}" ldap_network_timeout="{$ldap_params.ldap_network_timeout}"}|truncate:{$truncate_value_after}}"} + {assign var="name" value="{{get_attribute dn="{$value}" attribute="{$ldap_params.ldap_ppolicy_name_attribute}" ldap_url="{$ldap_params.ldap_url}" ldap_starttls="{$ldap_params.ldap_starttls}" ldap_binddn="{$ldap_params.ldap_binddn}" ldap_bindpw="{$ldap_params.ldap_bindpw}" ldap_filter="{$ldap_params.ldap_ppolicy_filter}" ldap_network_timeout="{$ldap_params.ldap_network_timeout}"}|truncate:{$truncate_value_after}}"} {if $name}{$name}
{/if} {/if} - {if $type eq 'address'} {foreach split_value($value,'$') as $fragment} {$fragment|truncate:{$truncate_value_after}}