diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e6d7f09
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+.idea
+*.iml
+*.sublime-project
+*.sublime-workspace
\ No newline at end of file
diff --git a/README.md b/README.md
index b780c29..986bd6e 100644
--- a/README.md
+++ b/README.md
@@ -115,6 +115,8 @@ These settings should only be changed if you're trying to make the user manager
* `LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES` (no default): A comma-separated list of additional objectClasses to use when creating an account. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
* `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES` (no default): A comma-separated list of extra attributes to display when creating an account. See [Extra objectClasses and attributes](#extra-objectclasses-and-attributes) for more information.
+
+* `LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES_PERSONAL` (default: *FALSE*): If *TRUE* then user is able to modify all his account additional attributes himself in module "Additional Attributes" (also some account additional attributes have to be set), otherwise just admin is able to update them. Personal account attributes can be e.g. SSH public key.
* `LDAP_GROUP_MEMBERSHIP_USES_UID` (default: *TRUE* or *FALSE*): If *TRUE* then the entry for a member of a group will be just the username, otherwise it's the member's full DN. When the `groupOfMembers` objectClass is detected or `FORCE_RFC2307BIS` is `TRUE` it defaults to `FALSE`, otherwise it'll default to `TRUE`. Explicitly setting this variable will override the default.
@@ -181,6 +183,24 @@ To send emails you'll need to use an existing SMTP server. Email sending will b
* `SESSION_TIMEOUT` (default: *10 minutes*): How long before an idle session will be timed out.
+#### Website customization
+
+* `$CUSTOM_LOGO` (default: *FALSE*)*: If this is defined with path to image file, then this image will be displayed in header. You need also mount volume with this file.
+
+* `$CUSTOM_STYLES` (default: *FALSE*)*: If this is defined with path to css file, then this style will be used in header. Also helps vith logo positioninig. You need also mount volume with this file.
+
+docker-compose.yml example:
+
+```yaml
+ldap-user-manager:
+ environment:
+ CUSTOM_LOGO: "../gfx/logo.svg"
+ CUSTOM_STYLES: "../css/custom.css"
+ volumes:
+ - '/opt/openldap/www/gfx:/opt/ldap_user_manager/gfx'
+ - '/opt/openldap/www/css:/opt/ldap_user_manager/css'
+```
+
#### Debugging settings
* `LDAP_DEBUG` (default: *FALSE*): Set to TRUE to increase the logging level for LDAP requests. This will output passwords to the error log - don't enable this in a production environment. This is for information on problems updating LDAP records and such. To debug problems connecting to the LDAP server in the first place use `LDAP_VERBOSE_CONNECTION_LOGS`.
diff --git a/www/additional_attributes/index.php b/www/additional_attributes/index.php
new file mode 100644
index 0000000..736cdc6
--- /dev/null
+++ b/www/additional_attributes/index.php
@@ -0,0 +1,143 @@
+ $attr_r) {
+
+ $$attribute = $user[0][$attribute][0];
+
+ if (isset($_POST['update_account']) and isset($_POST[$attribute]) and $_POST[$attribute] != $$attribute) {
+ $$attribute = filter_var($_POST[$attribute], FILTER_SANITIZE_STRING);
+ $to_update[$attribute] = $$attribute;
+ }
+ elseif (isset($attr_r['default'])) {
+ $$attribute = $attr_r['default'];
+ }
+
+ }
+ $dn = $user[0]['dn'];
+
+
+ ### Update values
+
+ if (isset($_POST['update_account'])) {
+
+ if (array_key_exists($LDAP['account_attribute'], $to_update)) {
+ $new_rdn = "${LDAP['account_attribute']}=${to_update[$LDAP['account_attribute']]}";
+ $renamed_entry = ldap_rename($ldap_connection, $dn, $new_rdn, $LDAP['user_dn'], true);
+ if ($renamed_entry) {
+ $dn = "${new_rdn},${LDAP['user_dn']}";
+ $account_identifier = $to_update[$LDAP['account_attribute']];
+ }
+ else {
+ ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
+ error_log("$log_prefix Failed to rename the DN for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
+ }
+ }
+
+ $updated_account = @ ldap_mod_replace($ldap_connection, $dn, $to_update);
+ if (!$updated_account) {
+ ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $detailed_err);
+ error_log("$log_prefix Failed to modify account details for ${account_identifier}: " . ldap_error($ldap_connection) . " -- " . $detailed_err,0);
+ }
+
+ if ($updated_account) {
+ ?>
+
+
+
+
The account has been updated.
+
+
+
+
+
+
There was a problem updating the account. Check the logs for more information.
+
+
+
+
+
+
+
+
Update your additional attributes
+
+
+
+
+
+
+
+
+
+
+
diff --git a/www/additional_attributes/module_functions.inc.php b/www/additional_attributes/module_functions.inc.php
new file mode 100644
index 0000000..7dfd6c0
--- /dev/null
+++ b/www/additional_attributes/module_functions.inc.php
@@ -0,0 +1,47 @@
+
diff --git a/www/includes/config.inc.php b/www/includes/config.inc.php
index 749ebd6..3d0113b 100644
--- a/www/includes/config.inc.php
+++ b/www/includes/config.inc.php
@@ -32,6 +32,8 @@
if (getenv('LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES')) { $LDAP['account_additional_objectclasses'] = strtolower(getenv('LDAP_ACCOUNT_ADDITIONAL_OBJECTCLASSES')); }
if (getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES')) { $LDAP['account_additional_attributes'] = getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES'); }
+ $LDAP['account_additional_attributes_personal'] = ((strcasecmp(getenv('LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES_PERSONAL'), 'TRUE') == 0) ? TRUE : FALSE);
+
if (getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE')) { $LDAP['group_membership_attribute'] = getenv('LDAP_GROUP_MEMBERSHIP_ATTRIBUTE'); }
if (getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) {
if (strtoupper(getenv('LDAP_GROUP_MEMBERSHIP_USES_UID')) == TRUE ) { $LDAP['group_membership_uses_uid'] = TRUE; }
@@ -109,6 +111,9 @@
###
+ $CUSTOM_LOGO = (getenv('CUSTOM_LOGO') ? getenv('CUSTOM_LOGO') : FALSE);
+ $CUSTOM_STYLES = (getenv('CUSTOM_STYLES') ? getenv('CUSTOM_STYLES') : FALSE);
+
$errors = "";
if (empty($LDAP['uri'])) {
diff --git a/www/includes/modules.inc.php b/www/includes/modules.inc.php
index c44e0d7..31757b4 100644
--- a/www/includes/modules.inc.php
+++ b/www/includes/modules.inc.php
@@ -7,12 +7,25 @@
#hidden_on_login = only visible when not logged in
#admin = need to be logged in as an admin to see it
- $MODULES = array(
- 'log_in' => 'hidden_on_login',
- 'change_password' => 'auth',
- 'account_manager' => 'admin',
- 'log_out' => 'auth'
- );
+if (isset($LDAP['account_additional_attributes']) && $LDAP['account_additional_attributes_personal']) {
+
+ $MODULES = array(
+ 'log_in' => 'hidden_on_login',
+ 'account_manager' => 'admin',
+ 'change_password' => 'auth',
+ 'additional_attributes' => 'auth',
+ 'log_out' => 'auth'
+ );
+
+} else {
+
+ $MODULES = array(
+ 'log_in' => 'hidden_on_login',
+ 'account_manager' => 'admin',
+ 'change_password' => 'auth',
+ 'log_out' => 'auth'
+ );
+}
if ($ACCOUNT_REQUESTS_ENABLED == TRUE) {
$MODULES['request_account'] = 'hidden_on_login';
diff --git a/www/includes/web_functions.inc.php b/www/includes/web_functions.inc.php
index 1548d4f..74f0ec1 100644
--- a/www/includes/web_functions.inc.php
+++ b/www/includes/web_functions.inc.php
@@ -229,7 +229,7 @@ function log_out($method='normal') {
function render_header($title="",$menu=TRUE) {
- global $SITE_NAME, $IS_ADMIN, $SENT_HEADERS, $SERVER_PATH;
+ global $SITE_NAME, $IS_ADMIN, $SENT_HEADERS, $SERVER_PATH, $CUSTOM_STYLES;
if (empty($title)) { $title = $SITE_NAME; }
@@ -242,6 +242,7 @@ function render_header($title="",$menu=TRUE) {
+ ' ?>
@@ -277,14 +278,15 @@ function render_menu() {
#Render the navigation menu.
#The menu is dynamically rendered the $MODULES hash
- global $SITE_NAME, $MODULES, $THIS_MODULE, $VALIDATED, $IS_ADMIN, $USER_ID, $SERVER_PATH;
+ global $SITE_NAME, $MODULES, $THIS_MODULE, $VALIDATED, $IS_ADMIN, $USER_ID, $SERVER_PATH, $CUSTOM_LOGO;
?>