summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--usr/local/www/wizards/openvpn_wizard.inc13
-rw-r--r--usr/local/www/wizards/openvpn_wizard.xml49
2 files changed, 48 insertions, 14 deletions
diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc
index cba0d10..c516707 100644
--- a/usr/local/www/wizards/openvpn_wizard.inc
+++ b/usr/local/www/wizards/openvpn_wizard.inc
@@ -76,8 +76,16 @@ function step2_submitphpaction() {
function step3_submitphpaction() {
global $stepid, $savemsg, $config;
- if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['port']) ||
- empty($_POST['transport']) || empty($_POST['scope']) || empty($_POST['authscope']) || empty($_POST['nameattr'])) {
+ /* Default LDAP port is 389 for TCP and 636 for SSL */
+ if (empty($_POST['port'])) {
+ if ($_POST['transport'] == "tcp")
+ $_POST['port'] = 389;
+ elseif ($_POST['transport'] == "ssl")
+ $_POST['port'] = 636;
+ }
+
+ if (empty($_POST['name']) || empty($_POST['ip']) ||empty($_POST['transport']) ||
+ empty($_POST['scope']) || empty($_POST['basedn']) || empty($_POST['authscope']) || empty($_POST['nameattr'])) {
$stepid--;
$savemsg = "Please enter all information for authentication server.";
} else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) {
@@ -358,6 +366,7 @@ function step12_submitphpaction() {
$auth['ldap_urltype'] = 'SSL - Encrypted';
$auth['ldap_protver'] = 3;
$auth['ldap_scope'] = $pconfig['step2']['scope'];
+ $auth['ldap_basedn'] = $pconfig['step2']['basedn'];
$auth['ldap_authcn'] = $pconfig['step2']['authscope'];
$auth['ldap_binddn'] = $pconfig['step2']['userdn'];
$auth['ldap_bindpw'] = $pconfig['step2']['passdn'];
diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml
index 9768ccf..28b7ac7 100644
--- a/usr/local/www/wizards/openvpn_wizard.xml
+++ b/usr/local/www/wizards/openvpn_wizard.xml
@@ -114,12 +114,14 @@
<displayname>Name</displayname>
<type>input</type>
<bindstofield>ovpnserver->step2->authtype</bindstofield>
+ <description>Descriptive server name, for your own reference.</description>
</field>
<field>
<name>ip</name>
<displayname>Hostname or IP address</displayname>
<type>input</type>
<bindstofield>ovpnserver->step2->ip</bindstofield>
+ <description>Address of the LDAP server.</description>
</field>
<field>
<name>port</name>
@@ -127,6 +129,7 @@
<type>input</type>
<size>8</size>
<bindstofield>ovpnserver->step2->port</bindstofield>
+ <description>LDAP Server port, leave blank for the default (389 for TCP, 636 for SSL).</description>
</field>
<field>
<name>transport</name>
@@ -143,53 +146,75 @@
<value>ssl</value>
</option>
</options>
+ <description>&lt;br/&gt;The protocol used by your LDAP server. It can either be standard TCP or SSL encrypted.</description>
</field>
<field>
<name>scope</name>
- <displayname>Search Scope</displayname>
- <type>input</type>
- <size>30</size>
+ <displayname>Search Scope Level</displayname>
+ <type>select</type>
+ <options>
+ <option>
+ <name>One Level</name>
+ <value>one</value>
+ </option>
+ <option>
+ <name>Entire Subtree</name>
+ <value>subtree</value>
+ </option>
+ </options>
<bindstofield>ovpnserver->step2->scope</bindstofield>
</field>
<field>
+ <name>basedn</name>
+ <displayname>Search Scope Base DN</displayname>
+ <type>input</type>
+ <size>40</size>
+ <bindstofield>ovpnserver->step2->basedn</bindstofield>
+ </field>
+ <field>
<name>authscope</name>
<displayname>Authentication Containers</displayname>
<type>input</type>
<size>40</size>
<bindstofield>ovpnserver->step2->authscope</bindstofield>
+ <description>Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path.&lt;br/&gt;EXAMPLE: CN=Users;DC=example&lt;br/&gt;EXAMPLE: CN=Users,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com </description>
</field>
<field>
<name>userdn</name>
- <displayname>User DN</displayname>
+ <displayname>LDAP Bind User DN</displayname>
<type>input</type>
<size>20</size>
- <description>If you leave it blank an anonymous bind will be done.</description>
+ <description>If left blank, an anonymous bind will be done.</description>
<bindstofield>ovpnserver->step2->userdn</bindstofield>
</field>
<field>
<name>passdn</name>
- <displayname>Password</displayname>
+ <displayname>LDAP Bind Password</displayname>
<type>password</type>
<size>20</size>
<bindstofield>ovpnserver->step2->passdn</bindstofield>
+ <description>If a user DN was supplied above, this password will also be used when performing a bind operation.</description>
</field>
<field>
<name>nameattr</name>
<displayname>User naming attribute</displayname>
<type>input</type>
<bindstofield>ovpnserver->step2->nameattr</bindstofield>
- </field>
- <field>
- <name>memberattr</name>
- <displayname>Member naming attribute</displayname>
- <type>input</type>
- <bindstofield>ovpnserver->step2->memberattr</bindstofield>
+ <description>Typically "cn" (OpenLDAP, Novell eDirectory), "samAccountName" (Microsoft AD), </description>
</field>
<field>
<name>groupattr</name>
<displayname>Group naming attribute</displayname>
<type>input</type>
<bindstofield>ovpnserver->step2->groupattr</bindstofield>
+ <description>Typically "cn" (OpenLDAP, Microsoft AD, and Novell eDirectory)</description>
+ </field>
+ <field>
+ <name>memberattr</name>
+ <displayname>Member naming attribute</displayname>
+ <type>input</type>
+ <bindstofield>ovpnserver->step2->memberattr</bindstofield>
+ <description>Typically "member" (OpenLDAP), "memberOf" (Microsoft AD), "uniqueMember" (Novell eDirectory)</description>
</field>
<field>
<type>submit</type>
OpenPOWER on IntegriCloud