From 9500537d51b481086e8a685b70e825688c0526e1 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 6 Sep 2012 08:22:15 -0400
Subject: Don't add ldapcfg to racoon.conf since we're not using racoon's
 built-in LDAP support now. Moving to external script-based auth, see ticket
 #1112

---
 etc/inc/vpn.inc | 51 +++++++++++++++++++++++++++------------------------
 1 file changed, 27 insertions(+), 24 deletions(-)

diff --git a/etc/inc/vpn.inc b/etc/inc/vpn.inc
index b087a87..618dec3 100644
--- a/etc/inc/vpn.inc
+++ b/etc/inc/vpn.inc
@@ -417,30 +417,33 @@ function vpn_ipsec_configure($ipchg = false)
 			}
 			/* end mode_cfg section */
 			
-			if ($a_client['user_source'] != "system") {
-				if (is_array($config['system']['authserver'])) {
-					foreach ($config['system']['authserver'] as $authcfg) {
-						if ($authcfg['type'] == 'ldap' and $authcfg['name'] == $a_client['user_source']) 
-							$thisauthcfg = $authcfg;
-					}
-
-					/* begin ldapcfg */                        
-					$racoonconf .= "ldapcfg {\n";
-					$racoonconf .= "\tversion 3;\n";
-					$racoonconf .= "\thost \"".$thisauthcfg['host']."\";\n";
-					$lport = "389";
-					if ($authcfg['port'] != "")
-						$lport = $authcfg['port'];
-					$racoonconf .= "\tport ".$lport.";\n";
-					$racoonconf .= "\tbase \"".$thisauthcfg['ldap_basedn']."\";\n";
-					$racoonconf .= "\tsubtree on;\n";
-					$racoonconf .= "\tbind_dn \"".$thisauthcfg['ldap_binddn']."\";\n";
-					$racoonconf .= "\tbind_pw \"".$thisauthcfg['ldap_bindpw']."\";\n";
-					$racoonconf .= "\tattr_user \"".$thisauthcfg['ldap_attr_user']."\";\n";
-					$racoonconf .= "}\n\n";
-					/* end ldapcfg */
-				}
-			}
+// Disable this for now, when LDAP support returns it will be via external script auth, 
+//    since we no longer build racoon with LDAP integrated. This is only preventing racoon from running.
+//
+//			if ($a_client['user_source'] != "system") {
+//				if (is_array($config['system']['authserver'])) {
+//					foreach ($config['system']['authserver'] as $authcfg) {
+//						if ($authcfg['type'] == 'ldap' and $authcfg['name'] == $a_client['user_source']) 
+//							$thisauthcfg = $authcfg;
+//					}
+//
+//					/* begin ldapcfg */
+//					$racoonconf .= "ldapcfg {\n";
+//					$racoonconf .= "\tversion 3;\n";
+//					$racoonconf .= "\thost \"".$thisauthcfg['host']."\";\n";
+//					$lport = "389";
+//					if ($authcfg['port'] != "")
+//						$lport = $authcfg['port'];
+//					$racoonconf .= "\tport ".$lport.";\n";
+//					$racoonconf .= "\tbase \"".$thisauthcfg['ldap_basedn']."\";\n";
+//					$racoonconf .= "\tsubtree on;\n";
+//					$racoonconf .= "\tbind_dn \"".$thisauthcfg['ldap_binddn']."\";\n";
+//					$racoonconf .= "\tbind_pw \"".$thisauthcfg['ldap_bindpw']."\";\n";
+//					$racoonconf .= "\tattr_user \"".$thisauthcfg['ldap_attr_user']."\";\n";
+//					$racoonconf .= "}\n\n";
+//					/* end ldapcfg */
+//				}
+//			}
 
 			/* begin remote sections */
 			if (is_array($a_phase1) && count($a_phase1)) {
-- 
cgit v1.1