MDL-69492 auth_cas: normalise member distinguished name config.
[moodle.git] / auth / cas / settings.php
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
17 /**
18  * Admin settings and defaults.
19  *
20  * @package auth_cas
21  * @copyright  2017 Stephen Bourget
22  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23  */
25 defined('MOODLE_INTERNAL') || die;
27 if ($ADMIN->fulltree) {
29     if (!function_exists('ldap_connect')) {
30         $settings->add(new admin_setting_heading('auth_casnotinstalled', '', get_string('auth_casnotinstalled', 'auth_cas')));
31     } else {
32         // We use a couple of custom admin settings since we need to massage the data before it is inserted into the DB.
33         require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_lowercase_configtext.php');
34         require_once($CFG->dirroot.'/auth/ldap/classes/admin_setting_special_contexts_configtext.php');
36         // Include needed files.
37         require_once($CFG->dirroot.'/auth/cas/auth.php');
38         require_once($CFG->dirroot.'/auth/cas/languages.php');
40         // Introductory explanation.
41         $settings->add(new admin_setting_heading('auth_cas/pluginname', '',
42                 new lang_string('auth_casdescription', 'auth_cas')));
44         // CAS server configuration label.
45         $settings->add(new admin_setting_heading('auth_cas/casserversettings',
46                 new lang_string('auth_cas_server_settings', 'auth_cas'), ''));
48         // Authentication method name.
49         $settings->add(new admin_setting_configtext('auth_cas/auth_name',
50                 get_string('auth_cas_auth_name', 'auth_cas'),
51                 get_string('auth_cas_auth_name_description', 'auth_cas'),
52                 get_string('auth_cas_auth_service', 'auth_cas'),
53                 PARAM_RAW_TRIMMED));
55         // Authentication method logo.
56         $opts = array('accepted_types' => array('.png', '.jpg', '.gif', '.webp', '.tiff', '.svg'));
57         $settings->add(new admin_setting_configstoredfile('auth_cas/auth_logo',
58                  get_string('auth_cas_auth_logo', 'auth_cas'),
59                  get_string('auth_cas_auth_logo_description', 'auth_cas'), 'logo', 0, $opts));
62         // Hostname.
63         $settings->add(new admin_setting_configtext('auth_cas/hostname',
64                 get_string('auth_cas_hostname_key', 'auth_cas'),
65                 get_string('auth_cas_hostname', 'auth_cas'), '', PARAM_RAW_TRIMMED));
67         // Base URI.
68         $settings->add(new admin_setting_configtext('auth_cas/baseuri',
69                 get_string('auth_cas_baseuri_key', 'auth_cas'),
70                 get_string('auth_cas_baseuri', 'auth_cas'), '', PARAM_RAW_TRIMMED));
72         // Port.
73         $settings->add(new admin_setting_configtext('auth_cas/port',
74                 get_string('auth_cas_port_key', 'auth_cas'),
75                 get_string('auth_cas_port', 'auth_cas'), '', PARAM_INT));
77         // CAS Version.
78         $casversions = array();
79         $casversions[CAS_VERSION_1_0] = 'CAS 1.0';
80         $casversions[CAS_VERSION_2_0] = 'CAS 2.0';
81         $settings->add(new admin_setting_configselect('auth_cas/casversion',
82                 new lang_string('auth_cas_casversion', 'auth_cas'),
83                 new lang_string('auth_cas_version', 'auth_cas'), CAS_VERSION_2_0, $casversions));
85         // Language.
86         if (!isset($CASLANGUAGES) || empty($CASLANGUAGES)) {
87             // Prevent warnings on other admin pages.
88             // $CASLANGUAGES is defined in /auth/cas/languages.php.
89             $CASLANGUAGES = array();
90             $CASLANGUAGES[PHPCAS_LANG_ENGLISH] = 'English';
91             $CASLANGUAGES[PHPCAS_LANG_FRENCH] = 'French';
92         }
93         $settings->add(new admin_setting_configselect('auth_cas/language',
94                 new lang_string('auth_cas_language_key', 'auth_cas'),
95                 new lang_string('auth_cas_language', 'auth_cas'), PHPCAS_LANG_ENGLISH, $CASLANGUAGES));
97         // Proxy.
98         $yesno = array(
99             new lang_string('no'),
100             new lang_string('yes'),
101         );
102         $settings->add(new admin_setting_configselect('auth_cas/proxycas',
103                 new lang_string('auth_cas_proxycas_key', 'auth_cas'),
104                 new lang_string('auth_cas_proxycas', 'auth_cas'), 0 , $yesno));
106         // Logout option.
107         $settings->add(new admin_setting_configselect('auth_cas/logoutcas',
108                 new lang_string('auth_cas_logoutcas_key', 'auth_cas'),
109                 new lang_string('auth_cas_logoutcas', 'auth_cas'), 0 , $yesno));
111         // Multi-auth.
112         $settings->add(new admin_setting_configselect('auth_cas/multiauth',
113                 new lang_string('auth_cas_multiauth_key', 'auth_cas'),
114                 new lang_string('auth_cas_multiauth', 'auth_cas'), 0 , $yesno));
116         // Server validation.
117         $settings->add(new admin_setting_configselect('auth_cas/certificate_check',
118                 new lang_string('auth_cas_certificate_check_key', 'auth_cas'),
119                 new lang_string('auth_cas_certificate_check', 'auth_cas'), 0 , $yesno));
121         // Certificate path.
122         $settings->add(new admin_setting_configfile('auth_cas/certificate_path',
123                 get_string('auth_cas_certificate_path_key', 'auth_cas'),
124                 get_string('auth_cas_certificate_path', 'auth_cas'), ''));
126         // CURL SSL version.
127         $sslversions = array();
128         $sslversions[''] = get_string('auth_cas_curl_ssl_version_default', 'auth_cas');
129         if (defined('CURL_SSLVERSION_TLSv1')) {
130             $sslversions[CURL_SSLVERSION_TLSv1] = get_string('auth_cas_curl_ssl_version_TLSv1x', 'auth_cas');
131         }
132         if (defined('CURL_SSLVERSION_TLSv1_0')) {
133             $sslversions[CURL_SSLVERSION_TLSv1_0] = get_string('auth_cas_curl_ssl_version_TLSv10', 'auth_cas');
134         }
135         if (defined('CURL_SSLVERSION_TLSv1_1')) {
136             $sslversions[CURL_SSLVERSION_TLSv1_1] = get_string('auth_cas_curl_ssl_version_TLSv11', 'auth_cas');
137         }
138         if (defined('CURL_SSLVERSION_TLSv1_2')) {
139             $sslversions[CURL_SSLVERSION_TLSv1_2] = get_string('auth_cas_curl_ssl_version_TLSv12', 'auth_cas');
140         }
141         if (defined('CURL_SSLVERSION_SSLv2')) {
142             $sslversions[CURL_SSLVERSION_SSLv2] = get_string('auth_cas_curl_ssl_version_SSLv2', 'auth_cas');
143         }
144         if (defined('CURL_SSLVERSION_SSLv3')) {
145             $sslversions[CURL_SSLVERSION_SSLv3] = get_string('auth_cas_curl_ssl_version_SSLv3', 'auth_cas');
146         }
147         $settings->add(new admin_setting_configselect('auth_cas/curl_ssl_version',
148                 new lang_string('auth_cas_curl_ssl_version_key', 'auth_cas'),
149                 new lang_string('auth_cas_curl_ssl_version', 'auth_cas'), '' , $sslversions));
151         // Alt Logout URL.
152         $settings->add(new admin_setting_configtext('auth_cas/logout_return_url',
153                 get_string('auth_cas_logout_return_url_key', 'auth_cas'),
154                 get_string('auth_cas_logout_return_url', 'auth_cas'), '', PARAM_URL));
156         // LDAP server settings.
157         $settings->add(new admin_setting_heading('auth_cas/ldapserversettings',
158                 new lang_string('auth_ldap_server_settings', 'auth_ldap'), ''));
160         // Host.
161         $settings->add(new admin_setting_configtext('auth_cas/host_url',
162                 get_string('auth_ldap_host_url_key', 'auth_ldap'),
163                 get_string('auth_ldap_host_url', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
165         // Version.
166         $versions = array();
167         $versions[2] = '2';
168         $versions[3] = '3';
169         $settings->add(new admin_setting_configselect('auth_cas/ldap_version',
170                 new lang_string('auth_ldap_version_key', 'auth_ldap'),
171                 new lang_string('auth_ldap_version', 'auth_ldap'), 3, $versions));
173         // Start TLS.
174         $settings->add(new admin_setting_configselect('auth_cas/start_tls',
175                 new lang_string('start_tls_key', 'auth_ldap'),
176                 new lang_string('start_tls', 'auth_ldap'), 0 , $yesno));
179         // Encoding.
180         $settings->add(new admin_setting_configtext('auth_cas/ldapencoding',
181                 get_string('auth_ldap_ldap_encoding_key', 'auth_ldap'),
182                 get_string('auth_ldap_ldap_encoding', 'auth_ldap'), 'utf-8', PARAM_RAW_TRIMMED));
184         // Page Size. (Hide if not available).
185         $settings->add(new admin_setting_configtext('auth_cas/pagesize',
186                 get_string('pagesize_key', 'auth_ldap'),
187                 get_string('pagesize', 'auth_ldap'), '250', PARAM_INT));
189         // Bind settings.
190         $settings->add(new admin_setting_heading('auth_cas/ldapbindsettings',
191                 new lang_string('auth_ldap_bind_settings', 'auth_ldap'), ''));
193         // User ID.
194         $settings->add(new admin_setting_configtext('auth_cas/bind_dn',
195                 get_string('auth_ldap_bind_dn_key', 'auth_ldap'),
196                 get_string('auth_ldap_bind_dn', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
198         // Password.
199         $settings->add(new admin_setting_configpasswordunmask('auth_cas/bind_pw',
200                 get_string('auth_ldap_bind_pw_key', 'auth_ldap'),
201                 get_string('auth_ldap_bind_pw', 'auth_ldap'), ''));
203         // User Lookup settings.
204         $settings->add(new admin_setting_heading('auth_cas/ldapuserlookup',
205                 new lang_string('auth_ldap_user_settings', 'auth_ldap'), ''));
207         // User Type.
208         $settings->add(new admin_setting_configselect('auth_cas/user_type',
209                 new lang_string('auth_ldap_user_type_key', 'auth_ldap'),
210                 new lang_string('auth_ldap_user_type', 'auth_ldap'), 'default', ldap_supported_usertypes()));
212         // Contexts.
213         $settings->add(new auth_ldap_admin_setting_special_contexts_configtext('auth_cas/contexts',
214                 get_string('auth_ldap_contexts_key', 'auth_ldap'),
215                 get_string('auth_ldap_contexts', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
217         // Search subcontexts.
218         $settings->add(new admin_setting_configselect('auth_cas/search_sub',
219                 new lang_string('auth_ldap_search_sub_key', 'auth_ldap'),
220                 new lang_string('auth_ldap_search_sub', 'auth_ldap'), 0 , $yesno));
222         // Dereference aliases.
223         $optderef = array();
224         $optderef[LDAP_DEREF_NEVER] = get_string('no');
225         $optderef[LDAP_DEREF_ALWAYS] = get_string('yes');
227         $settings->add(new admin_setting_configselect('auth_cas/opt_deref',
228                 new lang_string('auth_ldap_opt_deref_key', 'auth_ldap'),
229                 new lang_string('auth_ldap_opt_deref', 'auth_ldap'), LDAP_DEREF_NEVER , $optderef));
231         // User attribute.
232         $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_cas/user_attribute',
233                 get_string('auth_ldap_user_attribute_key', 'auth_ldap'),
234                 get_string('auth_ldap_user_attribute', 'auth_ldap'), '', PARAM_RAW));
236         // Member attribute.
237         $settings->add(new auth_ldap_admin_setting_special_lowercase_configtext('auth_cas/memberattribute',
238                 get_string('auth_ldap_memberattribute_key', 'auth_ldap'),
239                 get_string('auth_ldap_memberattribute', 'auth_ldap'), '', PARAM_RAW));
241         // Member attribute uses dn.
242         $settings->add(new admin_setting_configselect('auth_cas/memberattribute_isdn',
243                 get_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap'),
244                 get_string('auth_ldap_memberattribute_isdn', 'auth_ldap'), 0, $yesno));
246         // Object class.
247         $settings->add(new admin_setting_configtext('auth_cas/objectclass',
248                 get_string('auth_ldap_objectclass_key', 'auth_ldap'),
249                 get_string('auth_ldap_objectclass', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
251         // Course Creators Header.
252         $settings->add(new admin_setting_heading('auth_cas/coursecreators',
253                 new lang_string('coursecreators'), ''));
255         // Course creators attribute field mapping.
256         $settings->add(new admin_setting_configtext('auth_cas/attrcreators',
257                 get_string('auth_ldap_attrcreators_key', 'auth_ldap'),
258                 get_string('auth_ldap_attrcreators', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
260         // Course creator group field mapping.
261         $settings->add(new admin_setting_configtext('auth_cas/groupecreators',
262                 get_string('auth_ldap_groupecreators_key', 'auth_ldap'),
263                 get_string('auth_ldap_groupecreators', 'auth_ldap'), '', PARAM_RAW_TRIMMED));
265         // User Account Sync.
266         $settings->add(new admin_setting_heading('auth_cas/syncusers',
267                 new lang_string('auth_sync_script', 'auth'), ''));
269         // Remove external user.
270         $deleteopt = array();
271         $deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth');
272         $deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth');
273         $deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth');
275         $settings->add(new admin_setting_configselect('auth_cas/removeuser',
276                 new lang_string('auth_remove_user_key', 'auth'),
277                 new lang_string('auth_remove_user', 'auth'), AUTH_REMOVEUSER_KEEP, $deleteopt));
278     }
280     // Display locking / mapping of profile fields.
281     $authplugin = get_auth_plugin('cas');
282     $help  = get_string('auth_ldapextrafields', 'auth_ldap');
283     $help .= get_string('auth_updatelocal_expl', 'auth');
284     $help .= get_string('auth_fieldlock_expl', 'auth');
285     $help .= get_string('auth_updateremote_expl', 'auth');
286     $help .= '<hr />';
287     $help .= get_string('auth_updateremote_ldap', 'auth');
288     display_auth_lock_options($settings, $authplugin->authtype, $authplugin->userfields, $help, true, true,
289             $authplugin->get_custom_user_profile_fields());