MDL-31968 Make NTLM REMOTE_USER format configurable by the admin
[moodle.git] / auth / ldap / config.html
1 <?php
3 // Set to defaults if undefined
4 if (!isset($config->host_url)) {
5     $config->host_url = '';
6 }
7 if (empty($config->ldapencoding)) {
8     $config->ldapencoding = 'utf-8';
9 }
10 if (!isset($config->contexts)) {
11     $config->contexts = '';
12 }
13 if (!isset($config->user_type)) {
14     $config->user_type = 'default';
15 }
16 if (!isset($config->user_attribute)) {
17     $config->user_attribute = '';
18 }
19 if (!isset($config->search_sub)) {
20     $config->search_sub = '';
21 }
22 if (!isset($config->opt_deref)) {
23     $config->opt_deref = LDAP_DEREF_NEVER;
24 }
25 if (!isset($config->preventpassindb)) {
26     $config->preventpassindb = 0;
27 }
28 if (!isset($config->bind_dn)) {
29     $config->bind_dn = '';
30 }
31 if (!isset($config->bind_pw)) {
32     $config->bind_pw = '';
33 }
34 if (!isset($config->ldap_version)) {
35     $config->ldap_version = '3';
36 }
37 if (!isset($config->objectclass)) {
38     $config->objectclass = '';
39 }
40 if (!isset($config->memberattribute)) {
41     $config->memberattribute = '';
42 }
43 if (!isset($config->memberattribute_isdn)) {
44     $config->memberattribute_isdn = '';
45 }
46 if (!isset($config->creators)) {
47     $config->creators = '';
48 }
49 if (!isset($config->create_context)) {
50     $config->create_context = '';
51 }
52 if (!isset($config->expiration)) {
53     $config->expiration = '';
54 }
55 if (!isset($config->expiration_warning)) {
56     $config->expiration_warning = '10';
57 }
58 if (!isset($config->expireattr)) {
59     $config->expireattr = '';
60 }
61 if (!isset($config->gracelogins)) {
62     $config->gracelogins = '';
63 }
64 if (!isset($config->graceattr)) {
65     $config->graceattr = '';
66 }
67 if (!isset($config->auth_user_create)) {
68     $config->auth_user_create = '';
69 }
70 if (!isset($config->forcechangepassword)) {
71     $config->forcechangepassword = 0;
72 }
73 if (!isset($config->stdchangepassword)) {
74     $config->stdchangepassword = 0;
75 }
76 if (!isset($config->passtype)) {
77     $config->passtype = 'plaintext';
78 }
79 if (!isset($config->changepasswordurl)) {
80     $config->changepasswordurl = '';
81 }
82 if (!isset($config->removeuser)) {
83     $config->removeuser = AUTH_REMOVEUSER_KEEP;
84 }
85 if (!isset($config->ntlmsso_enabled)) {
86     $config->ntlmsso_enabled = 0;
87 }
88 if (!isset($config->ntlmsso_subnet)) {
89     $config->ntlmsso_subnet = '';
90 }
91 if (!isset($config->ntlmsso_ie_fastpath)) {
92     $config->ntlmsso_ie_fastpath = 0;
93 }
94 if (!isset($config->ntlmsso_type)) {
95     $config->ntlmsso_type = 'ntlm';
96 }
97 if (!isset($config->ntlmsso_remoteuserformat)) {
98     $config->ntlmsso_remoteuserformat = '';
99 }
101 $yesno = array(get_string('no'), get_string('yes'));
103 ?>
104 <table cellspacing="0" cellpadding="5" border="0">
105 <tr>
106    <td colspan="2">
107        <h4><?php print_string('auth_ldap_server_settings', 'auth_ldap') ?></h4>
108    </td>
109 </tr>
110 <tr valign="top" class="required">
111     <td align="right">
112         <label for="host_url"><?php print_string('auth_ldap_host_url_key', 'auth_ldap') ?></label>
113     </td>
114     <td>
115         <input name="host_url" id="host_url" type="text" size="30" value="<?php echo $config->host_url?>" />
116         <?php if (isset($err['host_url'])) { echo $OUTPUT->error_text($err['host_url']); } ?>
117     </td>
118     <td>
119         <?php print_string('auth_ldap_host_url', 'auth_ldap') ?>
120     </td>
121 </tr>
122 <tr valign="top" class="required">
123     <td align="right">
124         <label for="menuldap_version"><?php print_string('auth_ldap_version_key', 'auth_ldap') ?></label>
125     </td>
126     <td>
127         <?php
128            $versions = array();
129            $versions[2] = '2';
130            $versions[3] = '3';
131            echo html_writer::select($versions, 'ldap_version', $config->ldap_version, false);
132            if (isset($err['ldap_version'])) { echo $OUTPUT->error_text($err['ldap_version']); }
133         ?>
134     </td>
135     <td>
136         <?php print_string('auth_ldap_version', 'auth_ldap') ?>
137     </td>
138 </tr>
139 <tr valign="top" class="required">
140     <td align="right">
141         <label for="ldapencoding"><?php print_string('auth_ldap_ldap_encoding_key', 'auth_ldap') ?></label>
142     </td>
143     <td>
144         <input id="ldapencoding" name="ldapencoding" type="text" value="<?php echo $config->ldapencoding ?>" />
145         <?php if (isset($err['ldapencoding'])) { echo $OUTPUT->error_text($err['ldapencoding']); } ?>
146     </td>
147     <td>
148         <?php print_string('auth_ldap_ldap_encoding', 'auth_ldap') ?>
149     </td>
150 </tr>
151 <tr>
152     <td colspan="2">
153         <h4><?php print_string('auth_ldap_bind_settings', 'auth_ldap') ?></h4>
154     </td>
155 </tr>
156 <tr valign="top" class="required">
157     <td align="right">
158         <label for="menupreventpassindb"><?php print_string('auth_ldap_preventpassindb_key', 'auth_ldap') ?></label>
159     </td>
160     <td>
161         <?php echo html_writer::select($yesno, 'preventpassindb', $config->preventpassindb, false); ?>
162     </td>
163     <td>
164         <?php print_string('auth_ldap_preventpassindb', 'auth_ldap') ?>
165     </td>
166 </tr>
167 <tr valign="top" class="required">
168     <td align="right">
169         <label for="bind_dn"><?php print_string('auth_ldap_bind_dn_key', 'auth_ldap') ?></label>
170     </td>
171     <td>
172         <input name="bind_dn" id="bind_dn" type="text" size="30" value="<?php echo $config->bind_dn?>" />
173         <?php if (isset($err['bind_dn'])) { echo $OUTPUT->error_text($err['bind_dn']); } ?>
174     </td>
175     <td>
176         <?php print_string('auth_ldap_bind_dn', 'auth_ldap') ?>
177     </td>
178 </tr>
179 <tr valign="top" class="required">
180     <td align="right">
181         <label for="bind_pw"><?php print_string('auth_ldap_bind_pw_key', 'auth_ldap') ?></label>
182     </td>
183     <td>
184         <input name="bind_pw" id="bind_pw" type="password" size="30" value="<?php echo $config->bind_pw?>" />
185         <?php if (isset($err['bind_pw'])) { echo $OUTPUT->error_text($err['bind_pw']); } ?>
186     </td>
187     <td>
188         <?php print_string('auth_ldap_bind_pw', 'auth_ldap') ?>
189     </td>
190 </tr>
191 <tr>
192     <td colspan="2">
193         <h4><?php print_string('auth_ldap_user_settings', 'auth_ldap') ?></h4>
194     </td>
195 </tr>
196 <tr valign="top" class="required">
197     <td align="right">
198         <label for="menuuser_type"><?php print_string('auth_ldap_user_type_key', 'auth_ldap') ?></label>
199     </td>
200     <td>
201         <?php
202             echo html_writer::select(ldap_supported_usertypes(), 'user_type', $config->user_type, false);
203             if (isset($err['user_type'])) { echo $OUTPUT->error_text($err['user_type']); }
204         ?>
205     </td>
206     <td>
207         <?php print_string('auth_ldap_user_type', 'auth_ldap') ?>
208     </td>
209 </tr>
210 <tr valign="top" class="required">
211     <td align="right">
212         <label for="contexts"><?php print_string('auth_ldap_contexts_key', 'auth_ldap') ?></label>
213     </td>
214     <td>
215         <input name="contexts" id="contexts" type="text" size="30" value="<?php echo $config->contexts?>" />
216         <?php if (isset($err['contexts'])) { echo $OUTPUT->error_text($err['contexts']); } ?>
217     </td>
218     <td>
219         <?php print_string('auth_ldap_contexts', 'auth_ldap') ?>
220     </td>
221 </tr>
222 <tr valign="top" class="required">
223     <td align="right">
224         <label for="menusearch_sub"><?php print_string('auth_ldap_search_sub_key', 'auth_ldap') ?></label>
225     </td>
226     <td>
227         <?php echo html_writer::select($yesno, 'search_sub', $config->search_sub, false); ?>
228     </td>
229     <td>
230         <?php print_string('auth_ldap_search_sub', 'auth_ldap') ?>
231     </td>
232 </tr>
233 <tr valign="top" class="required">
234     <td align="right">
235         <label for="menuopt_deref"><?php print_string('auth_ldap_opt_deref_key', 'auth_ldap') ?></label>
236     </td>
237     <td>
238         <?php
239            $opt_deref = array();
240            $opt_deref[LDAP_DEREF_NEVER] = get_string('no');
241            $opt_deref[LDAP_DEREF_ALWAYS] = get_string('yes');
242            echo html_writer::select($opt_deref, 'opt_deref', $config->opt_deref, false);
243            if (isset($err['opt_deref'])) { echo $OUTPUT->error_text($err['opt_deref']); }
244         ?>
245     </td>
246     <td>
247         <?php print_string('auth_ldap_opt_deref', 'auth_ldap') ?>
248     </td>
249 </tr>
250 <tr valign="top" class="required">
251     <td align="right">
252         <label for="user_attribute"><?php print_string('auth_ldap_user_attribute_key', 'auth_ldap') ?></label>
253     </td>
254     <td>
255         <input name="user_attribute" id="user_attribute" type="text" size="30" value="<?php echo $config->user_attribute?>" />
256         <?php if (isset($err['user_attribute'])) { echo $OUTPUT->error_text($err['user_attribute']); } ?>
257     </td>
258     <td>
259         <?php print_string('auth_ldap_user_attribute', 'auth_ldap') ?>
260     </td>
261 </tr>
262 <tr valign="top" class="required">
263     <td align="right">
264         <label for="memberattribute"><?php print_string('auth_ldap_memberattribute_key', 'auth_ldap') ?></label>
265     </td>
266     <td>
267         <input name="memberattribute" id="memberattribute" type="text" size="30" value="<?php echo $config->memberattribute?>" />
268         <?php if (isset($err['memberattribute'])) { echo $OUTPUT->error_text($err['memberattribute']); } ?>
269     </td>
270     <td>
271         <?php print_string('auth_ldap_memberattribute', 'auth_ldap') ?>
272     </td>
273 </tr>
274 <tr valign="top" class="required">
275     <td align="right">
276         <label for="memberattribute_isdn"><?php print_string('auth_ldap_memberattribute_isdn_key', 'auth_ldap') ?></label>
277     </td>
278     <td>
279         <input name="memberattribute_isdn" id="memberattribute_isdn" type="text" size="30" value="<?php echo $config->memberattribute_isdn?>" />
280         <?php if (isset($err['memberattribute_isdn'])) { echo $OUTPUT->error_text($err['memberattribute_isdn']); } ?>
281     </td>
282     <td>
283         <?php print_string('auth_ldap_memberattribute_isdn', 'auth_ldap') ?>
284     </td>
285 </tr>
286 <tr valign="top" class="required">
287     <td align="right">
288         <label for="objectclass"><?php print_string('auth_ldap_objectclass_key', 'auth_ldap') ?></label>
289     </td>
290     <td>
291         <input name="objectclass" id="objectclass" type="text" size="30" value="<?php echo $config->objectclass?>" />
292         <?php if (isset($err['objectclass'])) { echo $OUTPUT->error_text($err['objectclass']); } ?>
293     </td>
294     <td>
295         <?php print_string('auth_ldap_objectclass', 'auth_ldap') ?>
296     </td>
297 </tr>
298 <tr>
299     <td colspan="2">
300         <h4><?php print_string('forcechangepassword', 'auth') ?></h4>
301     </td>
302 </tr>
303 <tr valign="top" class="required">
304     <td align="right" valign="top">
305         <label for="menuforcechangepassword"><?php print_string('forcechangepassword', 'auth') ?></label>
306     </td>
307     <td>
308         <?php echo html_writer::select($yesno, 'forcechangepassword', $config->forcechangepassword, false); ?>
309     </td>
310     <td align="left" valign="top">
311         <p><?php print_string('forcechangepasswordfirst_help', 'auth') ?></p>
312     </td>
313 </tr>
314 <tr valign="top" class="required">
315     <td align="right" valign="top">
316         <label for="menustdchangepassword"><?php print_string('stdchangepassword', 'auth') ?></label>
317     </td>
318     <td>
319         <?php echo html_writer::select($yesno, 'stdchangepassword', $config->stdchangepassword, false); ?>
320     </td>
321     <td align="left" valign="top">
322         <p><?php print_string('stdchangepassword_expl', 'auth') ?></p>
323         <p><?php print_string('stdchangepassword_explldap', 'auth') ?></p>
324     </td>
325 </tr>
326 <tr valign="top" class="required">
327     <td align="right">
328         <label for="menupasstype"><?php print_string('auth_ldap_passtype_key', 'auth_ldap') ?></label>
329     </td>
330     <td>
331         <?php
332             $passtype = array();
333             $passtype['plaintext'] = get_string('plaintext', 'auth');
334             $passtype['md5']       = get_string('md5', 'auth');
335             $passtype['sha1']      = get_string('sha1', 'auth');
336             echo html_writer::select($passtype, 'passtype', $config->passtype, false);
337         ?>
338     </td>
339     <td>
340         <?php print_string('auth_ldap_passtype', 'auth_ldap') ?>
341     </td>
342 </tr>
343 <tr valign="top">
344     <td align="right">
345         <label for="changepasswordurl"><?php print_string('auth_ldap_changepasswordurl_key', 'auth_ldap') ?></label>
346     </td>
347     <td>
348         <input name="changepasswordurl" id="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
349         <?php if (isset($err['changepasswordurl'])) { echo $OUTPUT->error_text($err['changepasswordurl']); } ?>
350     </td>
351     <td>
352         <?php print_string('changepasswordhelp', 'auth') ?>
353     </td>
354 </tr>
355 <tr>
356     <td colspan="2">
357         <h4><?php print_string('auth_ldap_passwdexpire_settings', 'auth_ldap') ?></h4>
358     </td>
359 </tr>
360 <tr valign="top" class="required">
361     <td align="right">
362         <label for="menuexpiration"><?php print_string('auth_ldap_expiration_key', 'auth_ldap') ?></label>
363     </td>
364     <td>
365         <?php
366            $expiration = array();
367            $expiration['0'] = 'no';
368            $expiration['1'] = 'LDAP';
369            echo html_writer::select($expiration, 'expiration', $config->expiration, false);
370            if (isset($err['expiration'])) { echo $OUTPUT->error_text($err['expiration']); }
371         ?>
372     </td>
373     <td>
374         <?php print_string('auth_ldap_expiration_desc', 'auth_ldap') ?>
375     </td>
376 </tr>
377 <tr valign="top" class="required">
378     <td align="right">
379         <label for="expiration_warning"><?php print_string('auth_ldap_expiration_warning_key', 'auth_ldap') ?></label>
380     </td>
381     <td>
382         <input name="expiration_warning" id="expiration_warning" type="text" size="2" value="<?php echo $config->expiration_warning?>" />
383         <?php if (isset($err['expiration_warning'])) { echo $OUTPUT->error_text($err['expiration_warning']); } ?>
384     </td>
385     <td>
386         <?php print_string('auth_ldap_expiration_warning_desc', 'auth_ldap') ?>
387     </td>
388 </tr>
389 <tr valign="top" class="required">
390     <td align="right">
391         <label for="expireattr"><?php print_string('auth_ldap_expireattr_key', 'auth_ldap') ?></label>
392     </td>
393     <td>
394         <input name="expireattr" id="expireattr" type="text" size="30" value="<?php echo $config->expireattr?>" />
395         <?php if (isset($err['expireattr'])) { echo $OUTPUT->error_text($err['expireattr']); } ?>
396     </td>
397     <td>
398         <?php print_string('auth_ldap_expireattr_desc', 'auth_ldap') ?>
399     </td>
400 </tr>
401 <tr valign="top" class="required">
402     <td align="right">
403         <label for="menugracelogins"><?php print_string('auth_ldap_gracelogins_key', 'auth_ldap') ?></label>
404     </td>
405     <td>
406         <?php echo html_writer::select($yesno, 'gracelogins', $config->gracelogins, false); ?>
407     </td>
408     <td>
409         <?php print_string('auth_ldap_gracelogins_desc', 'auth_ldap') ?>
410     </td>
411 </tr>
412 <tr valign="top" class="required">
413     <td align="right">
414         <label for="graceattr"><?php print_string('auth_ldap_gracelogin_key', 'auth_ldap') ?></label>
415     </td>
416     <td>
417         <input name="graceattr" id="graceattr" type="text" size="30" value="<?php echo $config->graceattr?>" />
418         <?php if (isset($err['graceattr'])) { echo $OUTPUT->error_text($err['graceattr']); } ?>
419     </td>
420     <td>
421         <?php print_string('auth_ldap_graceattr_desc', 'auth_ldap') ?>
422     </td>
423 </tr>
424 <tr>
425     <td colspan="2">
426         <h4><?php print_string('auth_user_create', 'auth') ?></h4>
427     </td>
428 </tr>
429 <tr valign="top">
430     <td align="right">
431         <label for="menuauth_user_create"><?php print_string('auth_ldap_auth_user_create_key', 'auth_ldap') ?></label>
432     </td>
433     <td>
434         <?php echo html_writer::select($yesno, 'auth_user_create', $config->auth_user_create, false); ?>
435     </td>
436     <td>
437         <?php print_string('auth_user_creation', 'auth'); ?>
438     </td>
439 </tr>
440 <tr valign="top" class="required">
441     <td align="right">
442         <label for="create_context"><?php print_string('auth_ldap_create_context_key', 'auth_ldap') ?></label>
443     </td>
444     <td>
445         <input name="create_context" id="create_context" type="text" size="30" value="<?php echo $config->create_context?>" />
446         <?php if (isset($err['create_context'])) { echo $OUTPUT->error_text($err['create_context']); } ?>
447     </td>
448     <td>
449         <?php print_string('auth_ldap_create_context', 'auth_ldap') ?>
450     </td>
451 </tr>
452 <tr>
453     <td colspan="2">
454         <h4><?php print_string('coursecreators') ?></h4>
455     </td>
456 </tr>
457 <tr valign="top" class="required">
458     <td align="right">
459         <label for="creators"><?php print_string('auth_ldap_creators_key', 'auth_ldap') ?></label>
460     </td>
461     <td>
462         <input name="creators" id="creators" type="text" size="30" value="<?php echo $config->creators?>" />
463         <?php if (isset($err['creators'])) { echo $OUTPUT->error_text($err['creators']); } ?>
464     </td>
465     <td>
466         <?php print_string('auth_ldap_creators', 'auth_ldap') ?>
467     </td>
468 </tr>
469 <tr>
470     <td colspan="2">
471         <h4><?php print_string('auth_sync_script', 'auth') ?></h4>
472     </td>
473 </tr>
474 <tr valign="top">
475     <td align="right">
476         <label for="menuremoveuser"><?php print_string('auth_remove_user_key', 'auth') ?></label>
477     </td>
478     <td>
479         <?php
480             $deleteopt = array();
481             $deleteopt[AUTH_REMOVEUSER_KEEP] = get_string('auth_remove_keep', 'auth');
482             $deleteopt[AUTH_REMOVEUSER_SUSPEND] = get_string('auth_remove_suspend', 'auth');
483             $deleteopt[AUTH_REMOVEUSER_FULLDELETE] = get_string('auth_remove_delete', 'auth');
484             echo html_writer::select($deleteopt, 'removeuser', $config->removeuser, false);
485         ?>
486     </td>
487     <td>
488         <?php print_string('auth_remove_user', 'auth') ?>
489     </td>
490 </tr>
491 <tr>
492     <td colspan="2">
493         <h4><?php print_string('auth_ntlmsso', 'auth_ldap') ?></h4>
494     </td>
495 </tr>
496 <tr valign="top">
497     <td align="right">
498         <label for="menuntlmsso_enabled"><?php print_string('auth_ntlmsso_enabled_key', 'auth_ldap') ?></label>
499     </td>
500     <td>
501         <?php echo html_writer::select($yesno, 'ntlmsso_enabled', $config->ntlmsso_enabled, false); ?>
502     </td>
503     <td>
504         <?php print_string('auth_ntlmsso_enabled', 'auth_ldap') ?>
505     </td>
506 </tr>
507 <tr valign="top">
508     <td align="right">
509         <label for="ntlmsso_subnet"><?php print_string('auth_ntlmsso_subnet_key', 'auth_ldap') ?></label>
510     </td>
511     <td>
512         <input name="ntlmsso_subnet" id="ntlmsso_subnet" type="text" size="30" value="<?php p($config->ntlmsso_subnet) ?>" />
513     </td>
514     <td>
515         <?php print_string('auth_ntlmsso_subnet', 'auth_ldap') ?>
516     </td>
517 </tr>
518 <tr valign="top">
519     <td align="right">
520         <label for="menuntlmsso_ie_fastpath"><?php print_string('auth_ntlmsso_ie_fastpath_key', 'auth_ldap') ?></label>
521     </td>
522     <td>
523         <?php echo html_writer::select($yesno, 'ntlmsso_ie_fastpath', $config->ntlmsso_ie_fastpath, false); ?>
524     </td>
525     <td>
526     <?php print_string('auth_ntlmsso_ie_fastpath', 'auth_ldap') ?>
527     </td>
528 </tr>
529 <tr valign="top">
530     <td align="right">
531         <label for="menuntlmsso_type"><?php print_string('auth_ntlmsso_type_key', 'auth_ldap')?></label>
532     </td>
533     <td>
534         <?php
535             $types = array();
536             $types['ntlm'] = 'NTLM';
537             $types['kerberos'] = 'Kerberos';
538             echo html_writer::select($types, 'ntlmsso_type', $config->ntlmsso_type, false);
539         ?>
540     </td>
541     <td>
542         <?php print_string('auth_ntlmsso_type','auth_ldap') ?>
543     </td>
544 </tr>
545 <tr valign="top">
546     <td align="right">
547         <label for="ntlmsso_remoteuserformat"><?php print_string('auth_ntlmsso_remoteuserformat_key', 'auth_ldap') ?></label>
548     </td>
549     <td>
550         <input name="ntlmsso_remoteuserformat" id="ntlmsso_remoteuserformat" type="text" size="30" value="<?php echo $config->ntlmsso_remoteuserformat?>" />
551         <?php if (isset($err['ntlmsso_remoteuserformat'])) { echo $OUTPUT->error_text($err['ntlmsso_remoteuserformat']); } ?>
552     </td>
553     <td>
554         <?php print_string('auth_ntlmsso_remoteuserformat', 'auth_ldap') ?>
555     </td>
556 </tr>
557 <?php
558 $help  = get_string('auth_ldapextrafields', 'auth_ldap');
559 $help .= get_string('auth_updatelocal_expl', 'auth');
560 $help .= get_string('auth_fieldlock_expl', 'auth');
561 $help .= get_string('auth_updateremote_expl', 'auth');
562 $help .= '<hr />';
563 $help .= get_string('auth_updateremote_ldap', 'auth');
565 print_auth_lock_options($this->authtype, $user_fields, $help, true, true);
566 ?>
567 </table>