diff options
author | jim-p <jimp@pfsense.org> | 2015-09-14 14:36:16 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-09-14 14:36:31 -0400 |
commit | 149efbeac4e6eaa9d8062f26bbc172c86020e231 (patch) | |
tree | 70f4de95dd8a97f01a85456deea6bbd62afc7ef7 /src/usr/local/www/system_authservers.php | |
parent | d137967b79096540b0b6d5d74b773c559dd5616c (diff) | |
download | pfsense-149efbeac4e6eaa9d8062f26bbc172c86020e231.zip pfsense-149efbeac4e6eaa9d8062f26bbc172c86020e231.tar.gz |
Add support for LDAP RFC2307 style group membership. Resolves #4923
Diffstat (limited to 'src/usr/local/www/system_authservers.php')
-rw-r--r-- | src/usr/local/www/system_authservers.php | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index 1bf47ea..72780b1 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -143,8 +143,10 @@ if ($act == "edit") { $pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user']; $pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group']; $pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member']; + $pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj']; $pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']); $pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']); + $pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']); if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw']) { $pconfig['ldap_anon'] = true; @@ -296,6 +298,9 @@ if ($_POST) { $server['ldap_attr_user'] = $pconfig['ldap_attr_user']; $server['ldap_attr_group'] = $pconfig['ldap_attr_group']; $server['ldap_attr_member'] = $pconfig['ldap_attr_member']; + + $server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj']; + if ($pconfig['ldap_utf8'] == "yes") { $server['ldap_utf8'] = true; } else { @@ -306,6 +311,11 @@ if ($_POST) { } else { unset($server['ldap_nostrip_at']); } + if ($pconfig['ldap_rfc2307'] == "yes") { + $server['ldap_rfc2307'] = true; + } else { + unset($server['ldap_rfc2307']); + } if (!$pconfig['ldap_anon']) { @@ -641,6 +651,24 @@ $section->addInput(new Form_Input( )); $section->addInput(new Form_Checkbox( + 'ldap_rfc2307', + 'RFC 2307 Groups', + 'LDAP Server uses RFC 2307 style group membership', + $pconfig['ldap_rfc2307'] +))->setHelp('RFC 2307 style group membership has members listed on the group '. + 'object rather than using groups listed on user object. Leave unchecked '. + 'for Active Directory style group membership (RFC 2307bis).'); + +$section->addInput(new Form_Input( + 'ldap_attr_groupobj', + 'Group Object Class', + 'text', + $pconfig['ldap_attr_groupobj'], + ['placeholder' => 'posixGroup'] +))->setHelp('Object class used for groups in RFC2307 mode. '. + 'Typically "posixGroup" or "group".'); + +$section->addInput(new Form_Checkbox( 'ldap_utf8', 'UTF8 Encode', 'UTF8 encode LDAP parameters before sending them to the server.', |