Use other attributes (#77)

* Changes to allow using different account attributes, additional objectclasses, protection against accidentally removing all admin acccess, remove Helm files, username sanity updates

* Fixed LDAP user searches using the base DN

* Don't render the menu if there are fatal errors

* FIx tag parsing.  No TLS warning for local LDAP connections.

* Fix bug retrieving account attributes

* Multi-arch support and tidied-up README

Dockerfile

@@ -6,21 +6,21 @@ RUN apt-get update && \
         libfreetype6-dev \
         libjpeg-dev \
         libpng-dev && \
-    rm -rf /var/lib/apt/lists/* && \
-    ln -s /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/libldap.so && \
-    ln -s /usr/lib/x86_64-linux-gnu/liblber.so /usr/lib/liblber.so
+    rm -rf /var/lib/apt/lists/*
 
 RUN docker-php-ext-configure gd \
          --enable-gd-native-ttf \
          --with-freetype-dir=/usr/include/freetype2 \
          --with-png-dir=/usr/include \
          --with-jpeg-dir=/usr/include && \
-    docker-php-ext-install -j$(nproc) ldap gd
+    docker-php-ext-install -j$(nproc) gd && \
+    libdir=$(find /usr -name "libldap.so*" | sed -e 's/\/usr\///' -e 's/\/libldap.so//') && \
+    docker-php-ext-configure ldap --with-libdir=$libdir && \
+    docker-php-ext-install -j$(nproc) ldap
 
 ADD https://github.com/PHPMailer/PHPMailer/archive/v6.2.0.tar.gz /tmp
 
-RUN a2enmod rewrite ssl
-RUN a2dissite 000-default default-ssl
+RUN a2enmod rewrite ssl && a2dissite 000-default default-ssl
 
 EXPOSE 80
 EXPOSE 443

www/account_manager/groups.php

@@ -25,28 +25,26 @@
  $this_group = $_POST['delete_group'];
  $this_group = urldecode($this_group);
 
- if (preg_match("/$USERNAME_REGEX/",$this_group)) {
+ $del_group = ldap_delete_group($ldap_connection,$this_group);
 
-  $del_group = ldap_delete_group($ldap_connection,$this_group);
-
-  if ($del_group) {
+ if ($del_group) {
   ?>
   <div class="alert alert-success" role="alert">
    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
-   <strong>Success!</strong> Group <strong><?php print $this_group; ?> was deleted.
+   <p class="text-center">Group <strong><?php print $this_group; ?> was deleted.</p>
   </div>
   <?php
-  }
-  else {
+ }
+ else {
   ?>
   <div class="alert alert-danger" role="alert">
    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
-   <strong>Problem!</strong> Group <strong><?php print $this_group; ?></strong> wasn't deleted.
+   <p class="text-center">Group <strong><?php print $this_group; ?></strong> wasn't deleted.</p>
   </div>
   <?php
-  }
  }
 
+
 }
 
 $groups = ldap_get_group_list($ldap_connection);

www/account_manager/index.php

@@ -25,27 +25,25 @@
  $this_user = $_POST['delete_user'];
  $this_user = urldecode($this_user);
 
- if (preg_match("/$USERNAME_REGEX/",$this_user)) {
+ $del_user = ldap_delete_account($ldap_connection,$this_user);
 
-  $del_user = ldap_delete_account($ldap_connection,$this_user);
-
-  if ($del_user) {
-  ?>
-  <div class="alert alert-success" role="alert">
-   <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
-   <strong>Success!</strong> User <strong><?php print $this_user; ?> was deleted.
-  </div>
-  <?php
-  }
-  else {
-  ?>
-  <div class="alert alert-danger" role="alert">
-   <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
-   <strong>Problem!</strong> User <strong><?php print $this_user; ?></strong> wasn't deleted.
-  </div>
-  <?php
-  }
+ if ($del_user) {
+ ?>
+ <div class="alert alert-success" role="alert">
+  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
+  <p class="text-center">User <strong><?php print $this_user; ?> was deleted.</p>
+ </div>
+ <?php
  }
+ else {
+ ?>
+ <div class="alert alert-danger" role="alert">
+  <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="TRUE">&times;</span></button>
+  <p class="text-center">User <strong><?php print $this_user; ?></strong> wasn't deleted.</p>
+ </div>
+ <?php
+ }
+
 
 }
 #'
@@ -59,7 +57,7 @@
  <table class="table table-striped">
   <thead>
    <tr>
-     <th>Username</th>
+     <th>Account name</th>
      <th>First name</th>
      <th>Last name</th>
      <th>Email</th>
@@ -68,14 +66,14 @@
   </thead>
  <tbody>
 <?php
-foreach ($people as $username => $attribs){
+foreach ($people as $account_identifier => $attribs){
 
- $group_membership = ldap_user_group_membership($ldap_connection,$username);
+ $group_membership = ldap_user_group_membership($ldap_connection,$account_identifier);
 
- print " <tr>\n   <td><a href='/$THIS_MODULE_PATH/show_user.php?username=" . urlencode($username) . "'>$username</a></td>\n";
- print "   <td>" . $people[$username]['givenname'] . "</td>\n";
- print "   <td>" . $people[$username]['sn'] . "</td>\n";
- print "   <td>" . $people[$username]['mail'] . "</td>\n";
+ print " <tr>\n   <td><a href='/$THIS_MODULE_PATH/show_user.php?account_identifier=" . urlencode($account_identifier) . "'>$account_identifier</a></td>\n";
+ print "   <td>" . $people[$account_identifier]['givenname'] . "</td>\n";
+ print "   <td>" . $people[$account_identifier]['sn'] . "</td>\n";
+ print "   <td>" . $people[$account_identifier]['mail'] . "</td>\n";
  print "   <td>" . implode(", ", $group_membership) . "</td>\n";
  print " </tr>\n";
 }