From b0ed07d189f24b43c51c4399ebcdc58ec8a1dccc Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Thu, 31 Jan 2008 18:16:40 +0000 Subject: Latest eDir / Active Directory tweaks from Mark Batchelor. Thanks again for him helping us with this project! --- usr/local/www/system_usermanager_settings.php | 521 ++++++++++++++------------ 1 file changed, 277 insertions(+), 244 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index b637475..d406de4 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -1,244 +1,277 @@ - - All rights reserved. - - Copyright (C) 2007 Bill Marquette - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -if($_POST['savetest']) - $save_and_test = true; - -require("guiconfig.inc"); - -$pconfig['session_timeout'] = &$config['system']['webgui']['session_timeout']; -$pconfig['ldapserver'] = &$config['system']['webgui']['ldapserver']; -$pconfig['backend'] = &$config['system']['webgui']['backend']; -$pconfig['ldapbindun'] = &$config['system']['webgui']['ldapbindun']; -$pconfig['ldapbindpw'] = &$config['system']['webgui']['ldapbindpw']; -$pconfig['ldapfilter'] = &$config['system']['webgui']['ldapfilter']; -$pconfig['ldapsearchbase'] = &$config['system']['webgui']['ldapsearchbase']; -$pconfig['ldapauthcontainers'] = &$config['system']['webgui']['ldapauthcontainers']; - -// Page title for main admin -$pgtitle = array("System","User manager settings"); - -if ($_POST) { - unset($input_errors); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if($_POST['session_timeout']) { - $timeout = intval($_POST['session_timeout']); - if ($timeout != "" && !is_numeric($timeout)) - $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); - - if ($timeout < 1) - $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); - - if ($timeout > 999) - $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); - } - - if (!$input_errors) { - - if($_POST['session_timeout'] && $_POST['session_timeout'] != "0") - $pconfig['session_timeout'] = intval($_POST['session_timeout']); - else - unset($config['system']['webgui']['session_timeout']); - - if($_POST['ldapserver']) - $pconfig['ldapserver'] = $_POST['ldapserver']; - else - unset($pconfig['ldapserver']); - - if($_POST['backend']) - $pconfig['backend'] = $_POST['backend']; - else - unset($pconfig['backend']); - - if($_POST['ldapbindun']) - $pconfig['ldapbindun'] = $_POST['ldapbindun']; - else - unset($pconfig['ldapbindun']); - - if($_POST['ldapbindpw']) - $pconfig['ldapbindpw'] = $_POST['ldapbindpw']; - else - unset($pconfig['ldapbindpw']); - - if($_POST['ldapfilter']) - $pconfig['ldapfilter'] = $_POST['ldapfilter']; - else - unset($pconfig['ldapfilter']); - - if($_POST['ldapsearchbase']) - $pconfig['ldapsearchbase'] = $_POST['ldapsearchbase']; - else - unset($pconfig['ldapsearchbase']); - - if($_POST['ldapauthcontainers']) - $pconfig['ldapauthcontainers'] = $_POST['ldapauthcontainers']; - else - unset($pconfig['ldapauthcontainers']); - - write_config(); - - $retval = system_password_configure(); - sync_webgui_passwords(); - - } -} - -include("head.inc"); -?> - -"> - - - - -\n"; - echo "myRef = window.open('system_usermanager_settings_test.php','mywin', "; - echo "'left=20,top=20,width=700,height=550,toolbar=1,resizable=0');\n"; - echo "\n"; - } -?> - - - - - - - -
- -
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Session Timeout - -
-
-
Authentication primary backend - -
NOTE: login failures or server not available issues will fall back to pfSense internal users/group authentication. -
LDAP Server:port - -
Example: ldaps://ldap.example.org:389 or ldap://ldap.example.org:389 -
LDAP Binding username - -
This account must have read access to the user objects and be able to retrieve groups. -
Example: For Active Directory you would want to use format DOMAIN\username -
LDAP Binding password - -
LDAP Filter - -
Example: For Active Directory you would want to use (samaccountname=$username) -
LDAP Search base - -
Example: DC=pfsense,DC=com -
LDAP Authentication containers - - Select -
NOTE: Comma separated. -
EXAMPLE: CN=Users,DC=pfsense,DC=com;CN=OtherUsers,DC=pfsense,DC=com -
  - " /> - " /> -
-
-
-
- - - - - + + All rights reserved. + + Copyright (C) 2007 Bill Marquette + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +if($_POST['savetest']) + $save_and_test = true; + +require("guiconfig.inc"); + +$pconfig['session_timeout'] = &$config['system']['webgui']['session_timeout']; +$pconfig['ldapserver'] = &$config['system']['webgui']['ldapserver']; +$pconfig['backend'] = &$config['system']['webgui']['backend']; +$pconfig['ldapbindun'] = &$config['system']['webgui']['ldapbindun']; +$pconfig['ldapbindpw'] = &$config['system']['webgui']['ldapbindpw']; +$pconfig['ldapfilter'] = &$config['system']['webgui']['ldapfilter']; +$pconfig['ldapsearchbase'] = &$config['system']['webgui']['ldapsearchbase']; +$pconfig['ldapauthcontainers'] = &$config['system']['webgui']['ldapauthcontainers']; +$pconfig['ldapgroupattribute'] = &$config['system']['webgui']['ldapgroupattribute']; +$pconfig['ldapnameattribute'] = &$config['system']['webgui']['ldapnameattribute']; + +// Page title for main admin +$pgtitle = array("System","User manager settings"); + +if ($_POST) { + unset($input_errors); + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if($_POST['session_timeout']) { + $timeout = intval($_POST['session_timeout']); + if ($timeout != "" && !is_numeric($timeout)) + $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); + + if ($timeout < 1) + $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); + + if ($timeout > 999) + $input_errors[] = gettext("Session timeout must be an integer with value 1 or greater."); + } + + if (!$input_errors) { + + if($_POST['session_timeout'] && $_POST['session_timeout'] != "0") + $pconfig['session_timeout'] = intval($_POST['session_timeout']); + else + unset($config['system']['webgui']['session_timeout']); + + if($_POST['ldapserver']) + $pconfig['ldapserver'] = $_POST['ldapserver']; + else + unset($pconfig['ldapserver']); + + if($_POST['backend']) + $pconfig['backend'] = $_POST['backend']; + else + unset($pconfig['backend']); + + if($_POST['ldapbindun']) + $pconfig['ldapbindun'] = $_POST['ldapbindun']; + else + unset($pconfig['ldapbindun']); + + if($_POST['ldapbindpw']) + $pconfig['ldapbindpw'] = $_POST['ldapbindpw']; + else + unset($pconfig['ldapbindpw']); + + if($_POST['ldapfilter']) + $pconfig['ldapfilter'] = $_POST['ldapfilter']; + else + unset($pconfig['ldapfilter']); + + if($_POST['ldapsearchbase']) + $pconfig['ldapsearchbase'] = $_POST['ldapsearchbase']; + else + unset($pconfig['ldapsearchbase']); + + if($_POST['ldapauthcontainers']) + $pconfig['ldapauthcontainers'] = $_POST['ldapauthcontainers']; + else + unset($pconfig['ldapauthcontainers']); + + if($_POST['ldapgroupattribute']) + $pconfig['ldapgroupattribute'] = $_POST['ldapgroupattribute']; + else + unset($pconfig['ldapgroupattribute']); + if($_POST['ldapnameattribute']) + $pconfig['ldapnameattribute'] = $_POST['ldapnameattribute']; + else + unset($pconfig['ldapgroupattribute']); + + + write_config(); + + $retval = system_password_configure(); + sync_webgui_passwords(); + + } +} + +include("head.inc"); +?> + +"> + + + + +\n"; + echo "myRef = window.open('system_usermanager_settings_test.php','mywin', "; + echo "'left=20,top=20,width=700,height=550,toolbar=1,resizable=0');\n"; + echo "\n"; + } +?> + + + + + + + +
+ +
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Session Timeout + +
+
+
Authentication primary backend + +
NOTE: login failures or server not available issues will fall back to pfSense internal users/group authentication. +
LDAP Server:port + +
Example: ldaps://ldap.example.org:389 or ldap://ldap.example.org:389 +
LDAP Binding username + +
This account must have read access to the user objects and be able to retrieve groups. +
Example: For Active Directory you would want to use format DOMAIN\username or username@domain. +
Example: eDirectory you would want to use format cn=username,ou=orgunit,o=org. +
LDAP Binding password + +
LDAP Filter + +
Example: For Active Directory you would want to use (samaccountname=$username) +
Example: For eDirectory you would want to use (cn=$username) +
LDAP Naming Attribute + +
Example: For Active Directory you would want to use samaccountname. +
Example: For eDirectory you would want to use CN. +
Group Membership Attribute Name + +
Example: For Active Directory you would want to use memberOf. +
Example: For eDirectory you would want to use groupMembership. +
LDAP Search base + +
Example: DC=pfsense,DC=com +
LDAP Authentication container + + Select +
NOTE: Semi-Colon separated. +
Only Supports one Container Currently!!! +
EXAMPLE: CN=Users,DC=pfsense,DC=com;CN=OtherUsers,DC=pfsense,DC=com +
  + " /> + " /> +
+
+
+
+ + + + + -- cgit v1.1