diff options
| author | jim-p <jimp@pfsense.org> | 2015-08-13 14:57:45 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-08-13 14:57:45 -0400 |
| commit | f6f7f1c244929016d2ab4664df6d969f664a54f0 (patch) | |
| tree | 19120bcc56916b039c40d296248814d3b1a8b820 /usr/local/www | |
| parent | 9a0c4cd22f853fb77593ad83ebd82c7cc25d6f30 (diff) | |
| download | pfsense-f6f7f1c244929016d2ab4664df6d969f664a54f0.zip pfsense-f6f7f1c244929016d2ab4664df6d969f664a54f0.tar.gz | |
Add support for LDAP RFC2307 style group membership. Implements #4923
To activate, check the box for RFC2307 in the LDAP server settings and fill in the group object class (typically posixGroup).
Diffstat (limited to 'usr/local/www')
| -rw-r--r-- | usr/local/www/system_authservers.php | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index d9d7ed4..8e5d03c 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -110,8 +110,10 @@ if ($act == "edit") { $pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user']; $pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group']; $pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member']; + $pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj']; $pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']); $pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']); + $pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']); if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw']) $pconfig['ldap_anon'] = true; @@ -256,6 +258,9 @@ if ($_POST) { $server['ldap_attr_user'] = $pconfig['ldap_attr_user']; $server['ldap_attr_group'] = $pconfig['ldap_attr_group']; $server['ldap_attr_member'] = $pconfig['ldap_attr_member']; + + $server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj']; + if ($pconfig['ldap_utf8'] == "yes") $server['ldap_utf8'] = true; else @@ -265,6 +270,11 @@ if ($_POST) { else unset($server['ldap_nostrip_at']); + if ($pconfig['ldap_rfc2307'] == "yes") { + $server['ldap_rfc2307'] = true; + } else { + unset($server['ldap_rfc2307']); + } if (!$pconfig['ldap_anon']) { $server['ldap_binddn'] = $pconfig['ldap_binddn']; @@ -716,6 +726,28 @@ function select_clicked() { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("RFC2307 Groups");?></td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="2" summary="rfc2307 groups"> + <tr> + <td> + <input name="ldap_rfc2307" type="checkbox" id="ldap_rfc2307" value="yes" <?php if ($pconfig['ldap_rfc2307']) echo "checked=\"checked\""; ?> /> + </td> + <td> + <?=gettext("Check if the LDAP server uses RFC 2307 style group membership where members are listed on the group object rather than using groups listed on user object. Leave unchecked for Active Directory style group membership (RFC 2307bis).");?> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Group Object Class");?></td> + <td width="78%" class="vtable"> + <input name="ldap_attr_groupobj" type="text" class="formfld unknown" id="ldap_attr_groupobj" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_groupobj']);?>"/> + <br /><?= gettext("Object class used for groups in RFC2307 mode. Typically 'posixGroup' or 'group'. Default: posixGroup"); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("UTF8 Encode");?></td> <td width="78%" class="vtable"> <table border="0" cellspacing="0" cellpadding="2" summary="utf8 encoding"> |
