$arGroups = array();
}
// add groups, which import is forbidden, to common mapping with an id of -1
foreach ($noimportGroups as $ldapGroupId) {
$arGroups[] = array("LDAP_GROUP_ID" => $ldapGroupId, "GROUP_ID" => -1);
}
}
$arFields = array("NAME" => $_REQUEST['NAME'], "DESCRIPTION" => $_REQUEST['DESCRIPTION'], "CODE" => $_REQUEST['CODE'], "SERVER" => $_REQUEST['SERVER'], "PORT" => $_REQUEST['PORT'], "CONVERT_UTF8" => $_REQUEST['CONVERT_UTF8'], "ADMIN_LOGIN" => $_REQUEST['ADMIN_LOGIN'], "ACTIVE" => $_REQUEST['ACTIVE'], "ADMIN_PASSWORD" => $_REQUEST['ADMIN_PASSWORD'], "BASE_DN" => $_REQUEST['BASE_DN'], "GROUP_FILTER" => $_REQUEST['GROUP_FILTER'], "GROUP_ID_ATTR" => $_REQUEST['GROUP_ID_ATTR'], "GROUP_NAME_ATTR" => $_REQUEST['GROUP_NAME_ATTR'], "GROUP_MEMBERS_ATTR" => $_REQUEST['GROUP_MEMBERS_ATTR'], "USER_FILTER" => $_REQUEST['USER_FILTER'], "USER_ID_ATTR" => $_REQUEST['USER_ID_ATTR'], "USER_NAME_ATTR" => $_REQUEST['USER_NAME_ATTR'], "USER_LAST_NAME_ATTR" => $_REQUEST['USER_LAST_NAME_ATTR'], "USER_EMAIL_ATTR" => $_REQUEST['USER_EMAIL_ATTR'], "USER_GROUP_ATTR" => $_REQUEST['USER_GROUP_ATTR'], "USER_GROUP_ACCESSORY" => $_REQUEST['USER_GROUP_ACCESSORY'], "SYNC_PERIOD" => $_REQUEST['SYNC_PERIOD'], "SYNC" => $_REQUEST['SYNC'], "SYNC_ATTR" => $_REQUEST['SYNC_ATTR'], "USER_DEPARTMENT_ATTR" => $_REQUEST['USER_DEPARTMENT_ATTR'], "USER_MANAGER_ATTR" => $_REQUEST['USER_MANAGER_ATTR'], "IMPORT_STRUCT" => $_REQUEST['IMPORT_STRUCT'], "STRUCT_HAVE_DEFAULT" => $_REQUEST['STRUCT_HAVE_DEFAULT'], "ROOT_DEPARTMENT" => $_REQUEST['ROOT_DEPARTMENT'], "DEFAULT_DEPARTMENT_NAME" => $_REQUEST['DEFAULT_DEPARTMENT_NAME'], "FIELD_MAP" => $arUserFieldMap, "MAX_PAGE_SIZE" => $_REQUEST['MAX_PAGE_SIZE'], "SYNC_USER_ADD" => $_REQUEST['SYNC_USER_ADD']);
if (is_array($arGroups)) {
$arFields['GROUPS'] = $arGroups;
}
// apply form to server config
if ($ID > 0) {
$res = CLdapServer::Update($ID, $arFields);
} else {
$ID = CLdapServer::Add($arFields);
$res = $ID > 0;
}
if ($res) {
if (strlen($save) > 0) {
if (substr($_REQUEST['back_url'], 0, 1) == '/') {
LocalRedirect($_REQUEST['back_url'] . '&ldapServer=' . $ID);
} else {
LocalRedirect("ldap_server_admin.php?lang=" . LANG);
}
} else {
LocalRedirect($APPLICATION->GetCurPage() . "?lang=" . LANG . "&ID=" . $ID . "&tabControl_active_tab=" . urlencode($tabControl_active_tab));
}
} else {
if ($e = $APPLICATION->GetException()) {
$message = new CAdminMessage(GetMessage("LDAP_SAVING_ERROR"), $e);
function OnPostForm()
{
$wizard =& $this->GetWizard();
if ($wizard->IsPrevButtonClick()) {
return;
}
if (!$this->ldp) {
$wizard->SetCurrentStep("ldap_settings");
$this->SetError(GetMessage("wiz_ldap_error"), "ldapServer");
return;
} elseif (!$this->ldp->BindAdmin()) {
$wizard->SetCurrentStep("ldap_settings");
$this->SetError(GetMessage("wiz_ldap_error1"), "ldapLogin");
return;
} elseif ($this->ldp) {
$dbGroup = $this->ldp->GetGroupList();
if (!$dbGroup->Fetch()) {
$wizard->SetCurrentStep("ldap_settings");
$this->SetError(GetMessage("wiz_ldap_error_root"), "ldapBaseDN");
return;
}
}
$arUserFieldMap = array("ACTIVE" => "UserAccountControl&2", "EMAIL" => "email", "NAME" => "givenName", "LAST_NAME" => "sn", "PERSONAL_WWW" => "wWWHomePage", "PERSONAL_PHONE" => "homePhone", "PERSONAL_MOBILE" => "mobile", "PERSONAL_STREET" => "streetAddress", "PERSONAL_MAILBOX" => "postOfficeBox", "PERSONAL_CITY" => "l", "PERSONAL_STATE" => "st", "PERSONAL_ZIP" => "postalCode", "PERSONAL_COUNTRY" => "c", "WORK_COMPANY" => "company", "WORK_DEPARTMENT" => "department", "WORK_POSITION" => "title", "WORK_PHONE" => "telephoneNumber", "WORK_FAX" => "facsimileTelephoneNumber", "ADMIN_NOTES" => "description");
$arFields = array("NAME" => GetMessage("wiz_ldap_server1"), "DESCRIPTION" => "", "CODE" => $wizard->GetVar('ldapNTLMDomain') ? $wizard->GetVar('ldapNTLMDomain') : '', "SERVER" => $wizard->GetVar("ldapServer"), "PORT" => $wizard->GetVar("ldapPort"), "CONVERT_UTF8" => "Y", "ADMIN_LOGIN" => $wizard->GetVar("ldapLogin"), "ACTIVE" => "Y", "ADMIN_PASSWORD" => $wizard->GetVar("ldapPassword"), "BASE_DN" => $wizard->GetVar("ldapBaseDN"), "GROUP_FILTER" => "(objectCategory=group)", "GROUP_ID_ATTR" => "dn", "GROUP_NAME_ATTR" => "sAMAccountName", "USER_FILTER" => "(&(objectClass=user)(objectCategory=PERSON))", "USER_ID_ATTR" => "samaccountname", "USER_NAME_ATTR" => "givenName", "USER_LAST_NAME_ATTR" => "sn", "USER_EMAIL_ATTR" => "mail", "USER_GROUP_ATTR" => "memberof", "SYNC_PERIOD" => "5", "SYNC" => "N", "SYNC_ATTR" => "whenChanged", "FIELD_MAP" => $arUserFieldMap);
$ldapGroup = $wizard->GetVar("ldapGroup");
if (is_array($ldapGroup) && !empty($ldapGroup)) {
$arGroups = array();
foreach ($ldapGroup as $groupID => $ldapGroupID) {
$arGroups[] = array("GROUP_ID" => $groupID, "LDAP_GROUP_ID" => $ldapGroupID);
}
$arFields["GROUPS"] = $arGroups;
}
$ID = CLdapServer::Add($arFields);
if ($ID < 1) {
$this->SetError(GetMessage("wiz_ldap_server_err") . ($exception = $GLOBALS["APPLICATION"]->GetException() ? $exception->GetString() : ""));
} elseif ($wizard->GetVar('ldapNTLM') == 'Y' && strlen($wizard->GetVar('ldapNTLMDomain')) > 0) {
COption::SetOptionString("ldap", "use_ntlm", "Y");
COption::SetOptionString("ldap", "ntlm_default_server", $ID);
RegisterModuleDependences('main', 'OnBeforeProlog', 'ldap', 'CLDAP', 'NTLMAuth', 40);
$fhtaccess = $_SERVER['DOCUMENT_ROOT'] . '/.htaccess';
$f = fopen($fhtaccess, "rb");
$fcontent = fread($f, filesize($fhtaccess));
fclose($f);
$fcontent = preg_replace('/AuthType .+SSPIOfferBasic On[\\r\\n\\t #]Require valid-user/is', '', $fcontent);
$fcontent = $fcontent . "\r\n" . "AuthName \"My Intranet\"\r\n" . "AuthType SSPI\r\n" . "SSPIAuth On\r\n" . "SSPIPackage NTLM\r\n" . "SSPIDomain " . $wizard->GetVar('ldapNTLMDomain') . "\r\n" . "SSPIPerRequestAuth On\r\n" . "SSPIAuthoritative On\r\n" . "SSPIOfferBasic On\r\n" . "Require valid-user\r\n";
$f = fopen($fhtaccess, "wb+");
fwrite($f, $fcontent);
fclose($f);
}
}
