Move LDAP config into PHP

Summary: This config section is weak (poorly documented) and inconsistent (keys with "_" instead of "-") but I'm going to keep punting on improving it until after T1536.

Test Plan: Loaded, examined LDAP config.

Reviewers: btrahan, codeblock

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2255

Differential Revision: https://secure.phabricator.com/D4322

conf/default.conf.php

@@ -683,16 +683,16 @@ return array(
   'ldap.auth-enabled'         => false,
 
   // The LDAP server hostname
-  'ldap.hostname' => '',
+  'ldap.hostname' => null,
 
   // The LDAP server port
   'ldap.port' => 389,
 
   // The LDAP base domain name
-  'ldap.base_dn' => '',
+  'ldap.base_dn' => null,
 
   // The attribute to be regarded as 'username'. Has to be unique
-  'ldap.search_attribute' => '',
+  'ldap.search_attribute' => null,
 
   // Perform a search to find a user
   // Many LDAP installations do not have the username in the dn, if this is
@@ -700,7 +700,7 @@ return array(
   'ldap.search-first'         => false,
 
   // The attribute to search for if you have to search for a user
-  'ldap.username-attribute' => '',
+  'ldap.username-attribute' => null,
 
   // The attribute(s) to be regarded as 'real name'.
   // If more then one attribute is supplied the values of the attributes in
@@ -709,7 +709,7 @@ return array(
 
   // A domain name to use when authenticating against Active Directory
   // (e.g. 'example.com')
-  'ldap.activedirectory_domain' => '',
+  'ldap.activedirectory_domain' => null,
 
   // The LDAP version
   'ldap.version' => 3,
@@ -717,15 +717,15 @@ return array(
   // LDAP Referrals Option
   // Whether referrals should be followed by the client
   // Should be set to 0 if you use Windows 2003 AD
-  'ldap.referrals' => 1,
+  'ldap.referrals' => true,
 
   // The anonymous user name to use before searching a user.
   // Many LDAP installations require login even before searching a user, set
   // this option to enable it.
-  'ldap.anonymous-user-name'     => '',
+  'ldap.anonymous-user-name'     => null,
 
   // The password of the LDAP anonymous user.
-  'ldap.anonymous-user-password' => '',
+  'ldap.anonymous-user-password' => null,
 
 
 // -- Disqus OAuth ---------------------------------------------------------- //

src/__celerity_resource_map__.php

@@ -727,7 +727,7 @@ celerity_register_resource_map(array(
   ),
   'config-options-css' =>
   array(
-    'uri' => '/res/c67b0cbf/rsrc/css/application/config/config-options.css',
+    'uri' => '/res/6f7f64e8/rsrc/css/application/config/config-options.css',
     'type' => 'css',
     'requires' =>
     array(

src/__phutil_library_map__.php

@@ -874,6 +874,7 @@ phutil_register_library_map(array(
     'PhabricatorJavelinLinter' => 'infrastructure/lint/linter/PhabricatorJavelinLinter.php',
     'PhabricatorJumpNavHandler' => 'applications/search/engine/PhabricatorJumpNavHandler.php',
     'PhabricatorKeyValueDatabaseCache' => 'applications/cache/PhabricatorKeyValueDatabaseCache.php',
+    'PhabricatorLDAPConfigOptions' => 'applications/config/option/PhabricatorLDAPConfigOptions.php',
     'PhabricatorLDAPLoginController' => 'applications/auth/controller/PhabricatorLDAPLoginController.php',
     'PhabricatorLDAPProvider' => 'applications/auth/ldap/PhabricatorLDAPProvider.php',
     'PhabricatorLDAPRegistrationController' => 'applications/auth/controller/PhabricatorLDAPRegistrationController.php',
@@ -2205,6 +2206,7 @@ phutil_register_library_map(array(
     'PhabricatorInlineSummaryView' => 'AphrontView',
     'PhabricatorJavelinLinter' => 'ArcanistLinter',
     'PhabricatorKeyValueDatabaseCache' => 'PhutilKeyValueCache',
+    'PhabricatorLDAPConfigOptions' => 'PhabricatorApplicationConfigOptions',
     'PhabricatorLDAPLoginController' => 'PhabricatorAuthController',
     'PhabricatorLDAPRegistrationController' => 'PhabricatorAuthController',
     'PhabricatorLDAPUnknownUserException' => 'Exception',

src/applications/config/option/PhabricatorApplicationConfigOptions.php

@@ -46,7 +46,7 @@ abstract class PhabricatorApplicationConfigOptions extends Phobject {
         if (!is_array($value)) {
           throw new PhabricatorConfigValidationException(
             pht(
-              "Option '%s' must be a list of strings, but value is not a ".
+              "Option '%s' must be a list of strings, but value is not ".
               "an array.",
               $option->getKey()));
         }

src/applications/config/option/PhabricatorLDAPConfigOptions.php

@@ -0,0 +1,68 @@
+<?php
+
+final class PhabricatorLDAPConfigOptions
+  extends PhabricatorApplicationConfigOptions {
+
+  public function getName() {
+    return pht("Integration with LDAP");
+  }
+
+  public function getDescription() {
+    return pht("LDAP authentication and integration options.");
+  }
+
+  public function getOptions() {
+    return array(
+      $this->newOption('ldap.auth-enabled', 'bool', false)
+        ->setOptions(
+          array(
+            pht("Disable LDAP Authentication"),
+            pht("Enable LDAP Authentication"),
+          ))
+        ->setDescription(
+          pht('Enable LDAP for authentication and registration.')),
+      $this->newOption('ldap.hostname', 'string', null)
+        ->setDescription(pht('LDAP server host name.')),
+      $this->newOption('ldap.port', 'int', 389)
+        ->setDescription(pht('LDAP server port.')),
+      $this->newOption('ldap.anonymous-user-name', 'string', null)
+        ->setDescription(
+          pht('Username to login to LDAP server with.')),
+      $this->newOption('ldap.anonymous-user-password', 'string', null)
+        ->setDescription(
+          pht('Password to login to LDAP server with.')),
+
+      // TODO: I have only a vague understanding of what these options do;
+      // improve the documentation here and provide examples.
+
+      $this->newOption('ldap.base_dn', 'string', null)
+        ->setDescription(pht('LDAP base domain name.')),
+      $this->newOption('ldap.search_attribute', 'string', null),
+      $this->newOption('ldap.search-first', 'bool', false)
+        ->setOptions(
+          array(
+            pht("Disabled"),
+            pht("Enabled"),
+          )),
+      $this->newOption('ldap.username-attribute', 'string', null),
+      $this->newOption('ldap.real_name_attributes', 'list<string>', array())
+        ->setDescription(
+          pht(
+            "Attribute or attributes to use as the user's real name. If ".
+            "multiple attributes are provided, they will be joined with ".
+            "spaces.")),
+      $this->newOption('ldap.activedirectory_domain', 'string', null),
+      $this->newOption('ldap.version', 'int', 3),
+      $this->newOption('ldap.referrals', 'bool', true)
+        ->setOptions(
+          array(
+            pht("Do Not Follow Referrals"),
+            pht("Follow Referrals"),
+          ))
+        ->setDescription(
+          pht("You may need to disable this if you use Windows 2003 ".
+              "Active Directory.")),
+    );
+  }
+
+}