MDL-69492 auth_cas: normalise member distinguished name config.
[moodle.git] / auth / cas / settings.php
CommitLineData
037273d8
SB
1<?php
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17/**
18 * Admin settings and defaults.
19 *
20 * @package auth_cas
21 * @copyright 2017 Stephen Bourget
22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23 */
24
25defined('MOODLE_INTERNAL') || die;
26
27if ($ADMIN->fulltree) {
28
36158426
DW
29 if (!function_exists('ldap_connect')) {
30 $settings->add(new admin_setting_heading('auth_casnotinstalled', '', get_string('auth_casnotinstalled', 'auth_cas')));
31 } else {
32 // We use a couple of custom admin settings since we need to massage the data before it is inserted into the DB.
33 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_lowercase_configtext.php');
34 require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_contexts_configtext.php');
35
36 // Include needed files.
37 require_once($CFG->dirroot.'/auth/cas/auth.php');
38 require_once($CFG->dirroot.'/auth/cas/languages.php');
39
40 // Introductory explanation.
41 $settings->add(new admin_setting_heading('auth_cas/pluginname', '',
42 new lang_string('auth_casdescription', 'auth_cas')));
43
44 // CAS server configuration label.
45 $settings->add(new admin_setting_heading('auth_cas/casserversettings',
46 new lang_string('auth_cas_server_settings', 'auth_cas'), ''));
47
ddb9b02b
FM
48 // Authentication method name.
49 $settings->add(new admin_setting_configtext('auth_cas/auth_name',
50 get_string('auth_cas_auth_name', 'auth_cas'),
3b017210
AN
51 get_string('auth_cas_auth_name_description', 'auth_cas'),
52 get_string('auth_cas_auth_service', 'auth_cas'),
53 PARAM_RAW_TRIMMED));
ddb9b02b
FM
54
55 // Authentication method logo.
56 $opts = array('accepted_types' => array('.png', '.jpg', '.gif', '.webp', '.tiff', '.svg'));
57 $settings->add(new admin_setting_configstoredfile('auth_cas/auth_logo',
58 get_string('auth_cas_auth_logo', 'auth_cas'),
59 get_string('auth_cas_auth_logo_description', 'auth_cas'), 'logo', 0, $opts));
60
61
36158426
DW
62 // Hostname.
63 $settings->add(new admin_setting_configtext('auth_cas/hostname',
64 get_string('auth_cas_hostname_key', 'auth_cas'),
65 get_string('auth_cas_hostname', 'auth_cas'), '', PARAM_RAW_TRIMMED));
66
67 // Base URI.
68 $settings->add(new admin_setting_configtext('auth_cas/baseuri',
69 get_string('auth_cas_baseuri_key', 'auth_cas'),
70 get_string('auth_cas_baseuri', 'auth_cas'), '', PARAM_RAW_TRIMMED));
71
72 // Port.
73 $settings->add(new admin_setting_configtext('auth_cas/port',
74 get_string('auth_cas_port_key', 'auth_cas'),
75 get_string('auth_cas_port', 'auth_cas'), '', PARAM_INT));
76
77 // CAS Version.
78 $casversions = array();
79 $casversions[CAS_VERSION_1_0] = 'CAS 1.0';
80 $casversions[CAS_VERSION_2_0] = 'CAS 2.0';
81 $settings->add(new admin_setting_configselect('auth_cas/casversion',
82 new lang_string('auth_cas_casversion', 'auth_cas'),
83 new lang_string('auth_cas_version', 'auth_cas'), CAS_VERSION_2_0, $casversions));
84
85 // Language.
86 if (!isset($CASLANGUAGES) || empty($CASLANGUAGES)) {
87 // Prevent warnings on other admin pages.
88 // $CASLANGUAGES is defined in /auth/cas/languages.php.
89 $CASLANGUAGES = array();
90 $CASLANGUAGES[PHPCAS_LANG_ENGLISH] = 'English';
91 $CASLANGUAGES[PHPCAS_LANG_FRENCH] = 'French';
92 }
93 $settings->add(new admin_setting_configselect('auth_cas/language',
94 new lang_string('auth_cas_language_key', 'auth_cas'),
6ef63c59 95 new lang_string('auth_cas_language', 'auth_cas'), PHPCAS_LANG_ENGLISH, $CASLANGUAGES));
36158426
DW
96
97 // Proxy.
98 $yesno = array(
99 new lang_string('no'),
100 new lang_string('yes'),
101 );
102 $settings->add(new admin_setting_configselect('auth_cas/proxycas',
103 new lang_string('auth_cas_proxycas_key', 'auth_cas'),
104 new lang_string('auth_cas_proxycas', 'auth_cas'), 0 , $yesno));
105
106 // Logout option.
107 $settings->add(new admin_setting_configselect('auth_cas/logoutcas',
108 new lang_string('auth_cas_logoutcas_key', 'auth_cas'),
109 new lang_string('auth_cas_logoutcas', 'auth_cas'), 0 , $yesno));
110
111 // Multi-auth.
112 $settings->add(new admin_setting_configselect('auth_cas/multiauth',
113 new lang_string('auth_cas_multiauth_key', 'auth_cas'),
114 new lang_string('auth_cas_multiauth', 'auth_cas'), 0 , $yesno));
115
116 // Server validation.
117 $settings->add(new admin_setting_configselect('auth_cas/certificate_check',
118 new lang_string('auth_cas_certificate_check_key', 'auth_cas'),
119 new lang_string('auth_cas_certificate_check', 'auth_cas'), 0 , $yesno));
120
121 // Certificate path.
122 $settings->add(new admin_setting_configfile('auth_cas/certificate_path',
123 get_string('auth_cas_certificate_path_key', 'auth_cas'),
124 get_string('auth_cas_certificate_path', 'auth_cas'), ''));
125
126 // CURL SSL version.
127 $sslversions = array();
128 $sslversions[''] = get_string('auth_cas_curl_ssl_version_default', 'auth_cas');
129 if (defined('CURL_SSLVERSION_TLSv1')) {
130 $sslversions[CURL_SSLVERSION_TLSv1] = get_string('auth_cas_curl_ssl_version_TLSv1x', 'auth_cas');
131 }
132 if (defined('CURL_SSLVERSION_TLSv1_0')) {
133 $sslversions[CURL_SSLVERSION_TLSv1_0] = get_string('auth_cas_curl_ssl_version_TLSv10', 'auth_cas');
134 }
135 if (defined('CURL_SSLVERSION_TLSv1_1')) {
136 $sslversions[CURL_SSLVERSION_TLSv1_1] = get_string('auth_cas_curl_ssl_version_TLSv11', 'auth_cas');
137 }
138 if (defined('CURL_SSLVERSION_TLSv1_2')) {
139 $sslversions[CURL_SSLVERSION_TLSv1_2] = get_string('auth_cas_curl_ssl_version_TLSv12', 'auth_cas');
140 }
141 if (defined('CURL_SSLVERSION_SSLv2')) {
142 $sslversions[CURL_SSLVERSION_SSLv2] = get_string('auth_cas_curl_ssl_version_SSLv2', 'auth_cas');
143 }
144 if (defined('CURL_SSLVERSION_SSLv3')) {
145 $sslversions[CURL_SSLVERSION_SSLv3] = get_string('auth_cas_curl_ssl_version_SSLv3', 'auth_cas');
146 }
147 $settings->add(new admin_setting_configselect('auth_cas/curl_ssl_version',
148 new lang_string('auth_cas_curl_ssl_version_key', 'auth_cas'),
149 new lang_string('auth_cas_curl_ssl_version', 'auth_cas'), '' , $sslversions));
150
151 // Alt Logout URL.
152 $settings->add(new admin_setting_configtext('auth_cas/logout_return_url',
153 get_string('auth_cas_logout_return_url_key', 'auth_cas'),
154 get_string('auth_cas_logout_return_url', 'auth_cas'), '', PARAM_URL));
155
156 // LDAP server settings.
157 $settings->add(new admin_setting_heading('auth_cas/ldapserversettings',
158 new lang_string('auth_ldap_server_settings', 'auth_ldap'), ''));
159
160 // Host.
161 $settings->add(new admin_setting_configtext('auth_cas/host_url',
162 get_string('auth_ldap_host_url_key', 'auth_ldap'),
163 get_string('auth_ldap_host_url', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
164
165 // Version.
166 $versions = array();
167 $versions[2] = '2';
168 $versions[3] = '3';
169 $settings->add(new admin_setting_configselect('auth_cas/ldap_version',
170 new lang_string('auth_ldap_version_key', 'auth_ldap'),
171 new lang_string('auth_ldap_version', 'auth_ldap'), 3, $versions));
172
173 // Start TLS.
174 $settings->add(new admin_setting_configselect('auth_cas/start_tls',
175 new lang_string('start_tls_key', 'auth_ldap'),
176 new lang_string('start_tls', 'auth_ldap'), 0 , $yesno));
177
178
179 // Encoding.
180 $settings->add(new admin_setting_configtext('auth_cas/ldapencoding',
181 get_string('auth_ldap_ldap_encoding_key', 'auth_ldap'),
182 get_string('auth_ldap_ldap_encoding', 'auth_ldap'), 'utf-8', PARAM_RAW_TRIMMED));
183
184 // Page Size. (Hide if not available).
185 $settings->add(new admin_setting_configtext('auth_cas/pagesize',
186 get_string('pagesize_key', 'auth_ldap'),
187 get_string('pagesize', 'auth_ldap'), '250', PARAM_INT));
188
189 // Bind settings.
190 $settings->add(new admin_setting_heading('auth_cas/ldapbindsettings',
191 new lang_string('auth_ldap_bind_settings', 'auth_ldap'), ''));
192
193 // User ID.
194 $settings->add(new admin_setting_configtext('auth_cas/bind_dn',
195 get_string('auth_ldap_bind_dn_key', 'auth_ldap'),
196 get_string('auth_ldap_bind_dn', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
197
198 // Password.
199 $settings->add(new admin_setting_configpasswordunmask('auth_cas/bind_pw',
200 get_string('auth_ldap_bind_pw_key', 'auth_ldap'),
201 get_string('auth_ldap_bind_pw', 'auth_ldap'), ''));
202
203 // User Lookup settings.
204 $settings->add(new admin_setting_heading('auth_cas/ldapuserlookup',
205 new lang_string('auth_ldap_user_settings', 'auth_ldap'), ''));
206
207 // User Type.
208 $settings->add(new admin_setting_configselect('auth_cas/user_type',
209 new lang_string('auth_ldap_user_type_key', 'auth_ldap'),
210 new lang_string('auth_ldap_user_type', 'auth_ldap'), 'default', ldap_supported_usertypes()));
211
212 // Contexts.
213 $settings->add(new auth_ldap_admin_setting_special_contexts_configtext('auth_cas/contexts',
214 get_string('auth_ldap_contexts_key', 'auth_ldap'),
215 get_string('auth_ldap_contexts', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
216
217 // Search subcontexts.
218 $settings->add(new admin_setting_configselect('auth_cas/search_sub',
219 new lang_string('auth_ldap_search_sub_key', 'auth_ldap'),
220 new lang_string('auth_ldap_search_sub', 'auth_ldap'), 0 , $yesno));
221
222 // Dereference aliases.
223 $optderef = array();
224 $optderef[LDAP_DEREF_NEVER] = get_string('no');
225 $optderef[LDAP_DEREF_ALWAYS] = get_string('yes');
226
227 $settings->add(new admin_setting_configselect('auth_cas/opt_deref',
228 new lang_string('auth_ldap_opt_deref_key', 'auth_ldap'),
229 new lang_string('auth_ldap_opt_deref', 'auth_ldap'), LDAP_DEREF_NEVER , $optderef));
230
231 // User attribute.
232 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_cas/user_attribute',
233 get_string('auth_ldap_user_attribute_key', 'auth_ldap'),
234 get_string('auth_ldap_user_attribute', 'auth_ldap'), '', PARAM_RAW));
235
236 // Member attribute.
237 $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_cas/memberattribute',
238 get_string('auth_ldap_memberattribute_key', 'auth_ldap'),
239 get_string('auth_ldap_memberattribute', 'auth_ldap'), '', PARAM_RAW));
240
241 // Member attribute uses dn.
ca742a21 242 $settings->add(new admin_setting_configselect('auth_cas/memberattribute_isdn',
36158426 243 get_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap'),
ca742a21 244 get_string('auth_ldap_memberattribute_isdn', 'auth_ldap'), 0, $yesno));
36158426
DW
245
246 // Object class.
247 $settings->add(new admin_setting_configtext('auth_cas/objectclass',
248 get_string('auth_ldap_objectclass_key', 'auth_ldap'),
249 get_string('auth_ldap_objectclass', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
250
251 // Course Creators Header.
252 $settings->add(new admin_setting_heading('auth_cas/coursecreators',
253 new lang_string('coursecreators'), ''));
254
255 // Course creators attribute field mapping.
256 $settings->add(new admin_setting_configtext('auth_cas/attrcreators',
257 get_string('auth_ldap_attrcreators_key', 'auth_ldap'),
258 get_string('auth_ldap_attrcreators', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
259
260 // Course creator group field mapping.
261 $settings->add(new admin_setting_configtext('auth_cas/groupecreators',
262 get_string('auth_ldap_groupecreators_key', 'auth_ldap'),
263 get_string('auth_ldap_groupecreators', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
264
265 // User Account Sync.
266 $settings->add(new admin_setting_heading('auth_cas/syncusers',
267 new lang_string('auth_sync_script', 'auth'), ''));
268
269 // Remove external user.
270 $deleteopt = array();
271 $deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth');
272 $deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth');
273 $deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth');
274
275 $settings->add(new admin_setting_configselect('auth_cas/removeuser',
276 new lang_string('auth_remove_user_key', 'auth'),
277 new lang_string('auth_remove_user', 'auth'), AUTH_REMOVEUSER_KEEP, $deleteopt));
037273d8 278 }
037273d8
SB
279
280 // Display locking / mapping of profile fields.
9f29e45e 281 $authplugin = get_auth_plugin('cas');
037273d8
SB
282 $help = get_string('auth_ldapextrafields', 'auth_ldap');
283 $help .= get_string('auth_updatelocal_expl', 'auth');
284 $help .= get_string('auth_fieldlock_expl', 'auth');
285 $help .= get_string('auth_updateremote_expl', 'auth');
286 $help .= '<hr />';
287 $help .= get_string('auth_updateremote_ldap', 'auth');
288 display_auth_lock_options($settings, $authplugin->authtype, $authplugin->userfields, $help, true, true,
289 $authplugin->get_custom_user_profile_fields());
290
291}