4 files changed, 54 insertions, 26 deletions

diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index 8906d56..b7966d4 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -134,9 +134,9 @@ $ldap_templates = array(
 
 	'msad' => array(
 				'desc' => "Microsoft AD",
-				'attr_user' => "samAccountNAme",
+				'attr_user' => "samAccountName",
 				'attr_group' => "cn",
-				'attr_member' => "member"),
+				'attr_member' => "memberOf"),
 
 	'edir' => array(
 				'desc' => "Novell eDirectory",
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php
index edf2e0a..461328a 100644
--- a/usr/local/www/system_authservers.php
+++ b/usr/local/www/system_authservers.php
@@ -81,6 +81,7 @@ if ($act == "edit") {
 			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
 			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
 			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
+			$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
 			$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
 			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
 			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
@@ -135,11 +136,11 @@ if ($_POST) {
 	if ($pconfig['type'] == "ldap") {
 		$reqdfields = explode(" ", "name type ldap_host ldap_port ".
 						"ldap_urltype ldap_protver ldap_scope ldap_basedn ".
-						"ldap_attr_user ldap_attr_group ldap_attr_member");
+						"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
 		$reqdfieldsn = explode(",", "Descriptive name,Type,Hostname or IP,".
 						"Port value,Transport,Protocol version,Search level,".
 						"Search Base DN,User naming Attribute,".
-						"Group naming Attribute,Group member attribute");
+						"Group naming Attribute,Group member attribute,Authentication container");
 
 		if (!$pconfig['ldap_anon']) {
 			$reqdfields[] = "ldap_binddn";
@@ -200,6 +201,7 @@ if ($_POST) {
 			$server['ldap_protver'] = $pconfig['ldap_protver'];
 			$server['ldap_scope'] = $pconfig['ldap_scope'];
 			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
+			$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
 			$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
 			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
 			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
@@ -469,6 +471,24 @@ function radius_srvcschange(){
 							</td>
 						</tr>
 						<tr>
+                                                        <td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication containers");?></td>
+                                                        <td width="78%" class="vtable">
+                                                                <table border="0" cellspacing="0" cellpadding="2">
+                                                                        <tr>
+                                                                                <td>Containers: &nbsp;</td>
+                                                                                <td>
+                                                                                        <input name="ldapauthcontainers" type="text" class="formfld unknown" id="ldapauthcontainers" size="40" value="<?=htmlspecialchars($pconfig['ldap_authcn']);?>"/>
+											<input type="button" onClick="javascript:if(openwindow('system_usermanager_settings_ldapacpicker.php') == false) alert('Popup blocker detected.  Action aborted.');" value="Select">
+											<br />NOTE: Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path.
+											<br />EXAMPLE: CN=Users;DC=example
+											<br />EXAMPLE: CN=Users,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com 
+                                                                                </td>
+                                                                        </tr>
+                                                                </table>
+
+                                                        </td>
+                                                </tr>
+						<tr>
 							<td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
 							<td width="78%" class="vtable">
 								<table border="0" cellspacing="0" cellpadding="2">
@@ -658,6 +678,13 @@ function radius_srvcschange(){
 <?php include("fend.inc");?>
 <script type="text/javascript">
 <!--
+function openwindow(url) {
+	var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150");
+	if (oWin==null || typeof(oWin)=="undefined")
+		return false;
+	else
+		return true;
+}
 server_typechange('<?=$pconfig['type'];?>');
 <?php if (!isset($id) || $pconfig['type'] == "ldap"): ?>
 ldap_bindchange();
diff --git a/usr/local/www/system_usermanager_settings_ldapacpicker.php b/usr/local/www/system_usermanager_settings_ldapacpicker.php
index 52953b0..891b146 100644
--- a/usr/local/www/system_usermanager_settings_ldapacpicker.php
+++ b/usr/local/www/system_usermanager_settings_ldapacpicker.php
@@ -36,24 +36,23 @@ require("priv.defs.inc");
 require("priv.inc");
 
 if($_POST) {
-		print_r($_POST);
-		$ous = ldap_get_user_ous(true);
-		$values = "";
-		$isfirst = true;
-		foreach($ous as $ou) {		
-			if(in_array($ou, $_POST['ou'])) {
-				if($isfirst == false) 
-					$values .= ";";
-				$isfirst = false;
-				$values .= $ou;
-			}	
-		}
-		echo "<script language=\"JavaScript\">\n";
-		echo "<!--\n";
-		echo "	opener.document.forms[0].ldapauthcontainers.value='$values'\n";
-		echo "	this.close();\n";
-		echo "-->\n";
-		echo "</script>\n";
+	$ous = ldap_get_user_ous(true);
+	$values = "";
+	$isfirst = true;
+	foreach($ous as $ou) {		
+		if(in_array($ou, $_POST['ou'])) {
+			if($isfirst == false) 
+				$values .= ";";
+			$isfirst = false;
+			$values .= $ou;
+		}	
+	}
+	echo "<script language=\"JavaScript\">\n";
+	echo "<!--\n";
+	echo "	opener.document.forms[0].ldapauthcontainers.value='$values'\n";
+	echo "	this.close();\n";
+	echo "-->\n";
+	echo "</script>\n";
 }
 
 ?>
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php
index c58942f..87328e0 100644
--- a/usr/local/www/vpn_openvpn_server.php
+++ b/usr/local/www/vpn_openvpn_server.php
@@ -265,7 +265,7 @@ if ($_POST) {
 		if ($_POST['disable'] == "yes")
 			$server['disable'] = true;
 		$server['mode'] = $pconfig['mode'];
-		$server['authmode'] = $pconfig['authmode'];
+		$server['authmode'] = implode(",", $pconfig['authmode']);
 		$server['protocol'] = $pconfig['protocol'];
 		list($server['interface'], $server['ipaddr']) = explode ("|",$pconfig['interface']);
 		$server['local_port'] = $pconfig['local_port'];
@@ -338,6 +338,7 @@ if ($_POST) {
 		header("Location: vpn_openvpn_server.php");
 		exit;
 	}
+	$pconfig['authmode'] = implode(",", $pconfig['authmode']);
 }
 
 include("head.inc");
@@ -545,12 +546,13 @@ function netbios_change() {
 					<tr id="authmodetr" style="display:none">
                                                 <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td>
                                                         <td width="78%" class="vtable">
-                                                        <select name='authmode' id='authmode' class="formselect">
-                                                                <option value="local" <?php if ($pconfig['authmode'] == "local") echo "selected";?>>Local authentication database</option>
+                                                        <select name='authmode[]' id='authmode' class="formselect" multiple="true" size="<?php echo count($auth_servers) + 1; ?>">
+							<?php $authmodes = explode(",", $pconfig['authmode']); ?>
+                                                                <option value="local" <?php if (in_array("local", $authmodes)) echo "selected";?>>Local authentication database</option>
                                                         <?php
                                                                 foreach ($auth_servers as $auth_server):
                                                                         $selected = "";
-                                                                        if ($pconfig['authmode'] == $auth_server['name'])
+                                                                        if (in_array($auth_server['name'], $authmodes))
                                                                                 $selected = "selected";
                                                         ?>
                                                                 <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option>