diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-27 19:39:21 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-27 19:39:21 +0000 |
commit | 0360823f5d4aed4d2c1f2cb97e0c3b414f1f0720 (patch) | |
tree | 140d3c98c2ff38a554834aa916be1d7d799dfc33 /etc/inc/auth.inc | |
parent | 8c7f51fbe7e0f55e463dd28bf27133a8a7d2da07 (diff) | |
download | pfsense-0360823f5d4aed4d2c1f2cb97e0c3b414f1f0720.zip pfsense-0360823f5d4aed4d2c1f2cb97e0c3b414f1f0720.tar.gz |
Adding LDAP backend glue.
Work sponsored-by: Centipede Networks <http://centipedenetworks.com/>
Diffstat (limited to 'etc/inc/auth.inc')
-rw-r--r-- | etc/inc/auth.inc | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index bdc6487..9f3dcb5 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -1,6 +1,9 @@ <?php /* $Id$ */ /* + Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com> + All rights reserved. + Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com> All rights reserved. @@ -563,6 +566,41 @@ function passwd_backed($username, $passwd) { return false; } +function ldap_backed($username, $passwd) { + global $config; + + $ldapserver = $config['system']['webgui']['ldapserver']; + $ldapsearchbase = $config['system']['webgui']['ldapsearchbase']; + + if(!$ldapsearchbase) + log_error("WARNING! LDAP backend search base not defined."); + + if(!$ldapserver) { + log_error("ERROR! LDAP backend selected with no LDAP authentication server defined. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + if (!($ldap = ldap_connect($ldapserver))) { + log_error("ERROR! LDAP could not connect to server {$ldapserver}. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + if (!($res = @ldap_bind($ldap, $ldapsearchbase, $passwd))) { + log_error("ERROR! LDAP could not bind to {$ldapserver} - {$dn}. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + /* Time to close LDAP connection */ + ldap_close($ldap); + + /* At this point we are binded to LDAP so the user was auth'd okay. */ + return true; + +} + function htpasswd_backed($username, $passwd) { $authfile = file("/var/run/htpasswd"); |