Feature #3410
closed
Patch: Add Apple Open Directory memberUid support in group lookup
0%
Description
This is a patch that adds compatibility to do memberUid style lookups used in Apple's Open Directory. Specifically, when the user record does not contain any "reverse" group information. The ldap_get_groups function is modified to have a dual-search filter, it looks for user account(s) that match as well as group's whose memberUid (or rather the group membership variable defined by the user) has the username.
I have been able to test against OS X Server 10.9 and it works as expected. While the original functionality should still work, I do not have any LDAP servers that are configured that way so I cannot test. If somebody can test that I would love to hear if it is working or not.
Attached is the diff containing the changes.
Files
Updated by Chris Buechler almost 11 years ago
- Target version set to 2.2
- Affected Version deleted (
2.1)
could you please submit a pull request on github to master?
Updated by Daniel Hazelbaker almost 11 years ago
Pull request added: https://github.com/pfsense/pfsense/pull/892
Updated by Jim Thompson over 10 years ago
- Assignee set to Jim Pingle
assigned to Pingle. Once a CLA has been signed, we can look at incorporating this.
Updated by Daniel Hazelbaker over 10 years ago
I believe I signed one in the correct place just now (portal.pfsense.org). Please let me know if I need to do anything else.
Updated by Jim Pingle over 10 years ago
The ICLA looks OK, I show that it was signed and submitted. Thanks!
I added some comments on the pull request for potential refinement, or at least some things that need clarified before we can merge the patch.
Updated by Jim Thompson over 10 years ago
I'm going to push this to 2.3 unless something happens in the next week on this request.
Updated by Jim Thompson about 10 years ago
- Target version changed from 2.2 to 2.3
pushed to post-2.2
Updated by Jim Pingle about 9 years ago
- Status changed from New to Feedback
- Target version deleted (
2.3)
I suspect this was actually solved by #4923 -- need feedback from OP or someone else with a similar setup.
Updated by Daniel Hazelbaker about 9 years ago
I have sense moved our system to Active Directory so I am unable to test #4923 against an Open Directory setup. I thought I had updated this already to reflect that I no longer needed OD, but maybe it was something else.
Updated by Felix Wolfsteller about 9 years ago
Possible duplicate of issue #5461 .
Updated by Jim Pingle about 8 years ago
- Status changed from Feedback to Resolved
Closing for lack of feedback.