diff options
-rw-r--r-- | etc/inc/auth.inc | 29 | ||||
-rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 15 |
2 files changed, 22 insertions, 22 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index aa31f08..3f88069 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -723,6 +723,9 @@ function ldap_get_groups($username) { $status = htpasswd_backed($username, $passwd); return $status; } + + ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); if (!($res = @ldap_bind($ldap, $ldapbindun, $ldapbindpw))) { log_error("ERROR! ldap_get_groups() could not bind to {$ldapserver} - {$ldapfilter}. Defaulting to built-in htpasswd_backed()"); @@ -732,12 +735,8 @@ function ldap_get_groups($username) { /* user specified login containers */ $ldac_split = split(";", $ldapauthcontainers); - foreach($ldac_split as $ldac) { - $search = ldap_search($ldap, $ldac, $ldapfilter, array('memberOf')); - if($search) - break; // found the container - } - + $search = ldap_search($ldap, $ldapsearchbase, $ldapfilter); + if(!$search) { log_error("ERROR! Could not locate User group container for username {}$username}."); log_error(" Please ensure that the needed container is defined in the ldap auth containers setting feature."); @@ -746,6 +745,20 @@ function ldap_get_groups($username) { } $info = ldap_get_entries($ldap, $search); + + /* find home container */ + foreach($info as $inf) { + $inf_split = split(",", $inf['dn']); + $ou = $inf_split[1]; + } + + if(!$ou) { + log_error("Could not resolve users home container for {$username}"); + return false; + } + + $search = ldap_search($ldap, $ou . "," . $ldapsearchbase, $ldapfilter, array('memberOf')); + $info = ldap_get_entries($ldap, $search); $memberof = array(); @@ -761,7 +774,9 @@ function ldap_get_groups($username) { /* Time to close LDAP connection */ ldap_close($ldap); - log_error("Returning groups " . print_r($memberof,true) . " for user $username"); + $groups = print_r($memberof,true); + + log_error("Returning groups " . $groups . " for user $username"); return $memberof; } diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 8ebfad5..2aabec3 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -43,7 +43,6 @@ $pconfig['ldapbindun'] = &$config['system']['webgui']['ldapbindun']; $pconfig['ldapbindpw'] = &$config['system']['webgui']['ldapbindpw']; $pconfig['ldapfilter'] = &$config['system']['webgui']['ldapfilter']; $pconfig['ldapsearchbase'] = &$config['system']['webgui']['ldapsearchbase']; -$pconfig['ldapauthcontainers'] = &$config['system']['webgui']['ldapauthcontainers']; // Page title for main admin $pgtitle = array("System","User manager settings"); @@ -105,11 +104,6 @@ if ($_POST) { else unset($pconfig['ldapsearchbase']); - if($_POST['ldapauthcontainers']) - $pconfig['ldapauthcontainers'] = $_POST['ldapauthcontainers']; - else - unset($pconfig['ldapauthcontainers']); - write_config(); $retval = system_password_configure(); @@ -209,15 +203,6 @@ if(!$pconfig['backend']) <br/>Example: DC=pfsense,DC=com </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Authentication containers</td> - <td width="78%" class="vtable"> - <input name="ldapauthcontainers" size="65" value="<?=htmlspecialchars($pconfig['ldapauthcontainers']);?>"> - <a href="javascript:if(openwindow('system_usermanager_settings_ldapacpicker.php') == false) alert('Popup blocker detected. Action aborted.');" >Select</a> - <br/>NOTE: Comma separated. - <br/>EXAMPLE: CN=Users,DC=pfsense,DC=com;CN=OtherUsers,DC=pfsense,DC=com - </td> - </tr> <tr> <td width="22%" valign="top"> </td> <td width="78%"> |