From 99a00640c02745680b44994cbe194a577490ed2c Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 12 Apr 2010 15:03:43 -0400 Subject: Fixup OpenVPN wizard LDAP settings. Ticket #500. --- usr/local/www/wizards/openvpn_wizard.inc | 13 +++++++-- usr/local/www/wizards/openvpn_wizard.xml | 49 ++++++++++++++++++++++++-------- 2 files changed, 48 insertions(+), 14 deletions(-) (limited to 'usr/local') diff --git a/usr/local/www/wizards/openvpn_wizard.inc b/usr/local/www/wizards/openvpn_wizard.inc index cba0d10..c516707 100644 --- a/usr/local/www/wizards/openvpn_wizard.inc +++ b/usr/local/www/wizards/openvpn_wizard.inc @@ -76,8 +76,16 @@ function step2_submitphpaction() { function step3_submitphpaction() { global $stepid, $savemsg, $config; - if (empty($_POST['name']) || empty($_POST['ip']) || empty($_POST['port']) || - empty($_POST['transport']) || empty($_POST['scope']) || empty($_POST['authscope']) || empty($_POST['nameattr'])) { + /* Default LDAP port is 389 for TCP and 636 for SSL */ + if (empty($_POST['port'])) { + if ($_POST['transport'] == "tcp") + $_POST['port'] = 389; + elseif ($_POST['transport'] == "ssl") + $_POST['port'] = 636; + } + + if (empty($_POST['name']) || empty($_POST['ip']) ||empty($_POST['transport']) || + empty($_POST['scope']) || empty($_POST['basedn']) || empty($_POST['authscope']) || empty($_POST['nameattr'])) { $stepid--; $savemsg = "Please enter all information for authentication server."; } else if (count(($authcfg = auth_get_authserver($_POST['name']))) > 0) { @@ -358,6 +366,7 @@ function step12_submitphpaction() { $auth['ldap_urltype'] = 'SSL - Encrypted'; $auth['ldap_protver'] = 3; $auth['ldap_scope'] = $pconfig['step2']['scope']; + $auth['ldap_basedn'] = $pconfig['step2']['basedn']; $auth['ldap_authcn'] = $pconfig['step2']['authscope']; $auth['ldap_binddn'] = $pconfig['step2']['userdn']; $auth['ldap_bindpw'] = $pconfig['step2']['passdn']; diff --git a/usr/local/www/wizards/openvpn_wizard.xml b/usr/local/www/wizards/openvpn_wizard.xml index 9768ccf..28b7ac7 100644 --- a/usr/local/www/wizards/openvpn_wizard.xml +++ b/usr/local/www/wizards/openvpn_wizard.xml @@ -114,12 +114,14 @@ Name input ovpnserver->step2->authtype + Descriptive server name, for your own reference. ip Hostname or IP address input ovpnserver->step2->ip + Address of the LDAP server. port @@ -127,6 +129,7 @@ input 8 ovpnserver->step2->port + LDAP Server port, leave blank for the default (389 for TCP, 636 for SSL). transport @@ -143,53 +146,75 @@ ssl + <br/>The protocol used by your LDAP server. It can either be standard TCP or SSL encrypted. scope - Search Scope - input - 30 + Search Scope Level + select + + + + ovpnserver->step2->scope + basedn + Search Scope Base DN + input + 40 + ovpnserver->step2->basedn + + authscope Authentication Containers input 40 ovpnserver->step2->authscope + Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path.<br/>EXAMPLE: CN=Users;DC=example<br/>EXAMPLE: CN=Users,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com userdn - User DN + LDAP Bind User DN input 20 - If you leave it blank an anonymous bind will be done. + If left blank, an anonymous bind will be done. ovpnserver->step2->userdn passdn - Password + LDAP Bind Password password 20 ovpnserver->step2->passdn + If a user DN was supplied above, this password will also be used when performing a bind operation. nameattr User naming attribute input ovpnserver->step2->nameattr - - - memberattr - Member naming attribute - input - ovpnserver->step2->memberattr + Typically "cn" (OpenLDAP, Novell eDirectory), "samAccountName" (Microsoft AD), groupattr Group naming attribute input ovpnserver->step2->groupattr + Typically "cn" (OpenLDAP, Microsoft AD, and Novell eDirectory) + + + memberattr + Member naming attribute + input + ovpnserver->step2->memberattr + Typically "member" (OpenLDAP), "memberOf" (Microsoft AD), "uniqueMember" (Novell eDirectory) submit -- cgit v1.1