diff options
author | Ermal Luçi <eri@pfsense.org> | 2013-04-03 03:10:24 -0700 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2013-04-03 03:10:24 -0700 |
commit | cd4a47d899d01a4037f0e0d0428a05a58e855409 (patch) | |
tree | 434d56b288341f494cc2274662d1c3de6f856eb2 /etc | |
parent | 7d1cf1d0f160041505c6bd41cec380673eaf186f (diff) | |
parent | 3d3081ecbb6e8a8403a3a67eabb271fcab87f8c5 (diff) | |
download | pfsense-cd4a47d899d01a4037f0e0d0428a05a58e855409.zip pfsense-cd4a47d899d01a4037f0e0d0428a05a58e855409.tar.gz |
Merge pull request #504 from awm/ldap_deref
Set LDAP option to dereference aliases when searching
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/auth.inc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index c78b063..afddc5b 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -739,6 +739,7 @@ function ldap_test_bind($authcfg) { } ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); if ($ldapanon == true) { @@ -809,6 +810,7 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { $ldapfilter = "(|(ou=*)(cn=Users))"; ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); if ($ldapanon == true) { @@ -919,6 +921,7 @@ function ldap_get_groups($username, $authcfg) { } ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); /* bind as user that has rights to read group attributes */ @@ -1042,6 +1045,7 @@ function ldap_backed($username, $passwd, $authcfg) { ldap_setup_caenv($authcfg); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); /* Make sure we can connect to LDAP */ |