Project

General

Profile

Feature #3410

Patch: Add Apple Open Directory memberUid support in group lookup

Added by Daniel Hazelbaker over 5 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
User manager
Target version:
-
Start date:
01/23/2014
Due date:
% Done:

0%

Estimated time:

Description

This is a patch that adds compatibility to do memberUid style lookups used in Apple's Open Directory. Specifically, when the user record does not contain any "reverse" group information. The ldap_get_groups function is modified to have a dual-search filter, it looks for user account(s) that match as well as group's whose memberUid (or rather the group membership variable defined by the user) has the username.

I have been able to test against OS X Server 10.9 and it works as expected. While the original functionality should still work, I do not have any LDAP servers that are configured that way so I cannot test. If somebody can test that I would love to hear if it is working or not.

Attached is the diff containing the changes.

auth.inc.diff (3.04 KB) auth.inc.diff Daniel Hazelbaker, 01/23/2014 09:29 PM

History

#1 Updated by Chris Buechler over 5 years ago

  • Target version set to 2.2
  • Affected Version deleted (2.1)

could you please submit a pull request on github to master?

#3 Updated by Jim Thompson almost 5 years ago

  • Assignee set to Jim Pingle

assigned to Pingle. Once a CLA has been signed, we can look at incorporating this.

#4 Updated by Daniel Hazelbaker almost 5 years ago

I believe I signed one in the correct place just now (portal.pfsense.org). Please let me know if I need to do anything else.

#5 Updated by Jim Pingle almost 5 years ago

The ICLA looks OK, I show that it was signed and submitted. Thanks!

I added some comments on the pull request for potential refinement, or at least some things that need clarified before we can merge the patch.

#6 Updated by Jim Thompson almost 5 years ago

I'm going to push this to 2.3 unless something happens in the next week on this request.

#7 Updated by Jim Thompson over 4 years ago

  • Target version changed from 2.2 to 2.3

pushed to post-2.2

#8 Updated by Jim Pingle over 3 years ago

  • Status changed from New to Feedback
  • Target version deleted (2.3)

I suspect this was actually solved by #4923 -- need feedback from OP or someone else with a similar setup.

#9 Updated by Daniel Hazelbaker over 3 years ago

I have sense moved our system to Active Directory so I am unable to test #4923 against an Open Directory setup. I thought I had updated this already to reflect that I no longer needed OD, but maybe it was something else.

#10 Updated by Felix Wolfsteller over 3 years ago

Possible duplicate of issue #5461 .

#11 Updated by Jim Pingle over 2 years ago

  • Status changed from Feedback to Resolved

Closing for lack of feedback.

Also available in: Atom PDF