diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-12-29 21:49:53 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-12-29 21:49:53 +0000 |
commit | 6a85275de42378c0f7f9fdd9aa275cefc6ad39b3 (patch) | |
tree | 5310d8b304e1c9c3304a227dc8aced222544b326 /etc | |
parent | ffcde73bb495c1448f647c83d0de768e46cb3813 (diff) | |
download | pfsense-6a85275de42378c0f7f9fdd9aa275cefc6ad39b3.zip pfsense-6a85275de42378c0f7f9fdd9aa275cefc6ad39b3.tar.gz |
Add ldap_get_user_ous() which will return an array of containers that hold
user objects. This will be used by the ldap settings manager to allow the
operator to specify which containers they would like to authenticate from.
Work sponsored-by: Centipede Networks <http://centipedenetworks.com/>
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/auth.inc | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 95df120..73c9a71 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -608,6 +608,49 @@ function passwd_backed($username, $passwd) { return false; } +function ldap_get_user_ous() { + global $config, $g; + + $ldapserver = $config['system']['webgui']['ldapserver']; + $ldapbindun = $config['system']['webgui']['ldapbindun']; + $ldapbindpw = $config['system']['webgui']['ldapbindpw']; + $ldapsearchbase = "{$config['system']['webgui']['ldapsearchbase']}"; + + $ldapfilter = "(ou=*)"; + + if (!($ldap = ldap_connect($ldapserver))) { + log_error("ERROR! ldap_get_groups() could not connect to server {$ldapserver}. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + + if (!($res = @ldap_bind($ldap, $ldapbindun, $ldapbindpw))) { + log_error("ERROR! ldap_get_groups() could not bind to {$ldapserver} - {$ldapfilter}. Defaulting to built-in htpasswd_backed()"); + $status = htpasswd_backed($username, $passwd); + return $status; + } + + $search = ldap_search($ldap, $ldapsearchbase, $ldapfilter); + + $info = ldap_get_entries($ldap, $search); + + $ous = array(); + + foreach($info as $inf) { + $inf_split = split(",", $inf['dn']); + $ou = $inf_split[0]; + $ou = str_replace("OU=","", $ou); + if($ou) + $ous[] = $ou; + } + + return $ous; + +} + function ldap_get_groups($username) { global $config; |