Feature #3410: Patch: Add Apple Open Directory memberUid support in group lookup - pfSense - pfSense bugtracker

Actions

Feature #3410

closed

Patch: Add Apple Open Directory memberUid support in group lookup

Added by Daniel Hazelbaker over 10 years ago. Updated over 7 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

User Manager / Privileges

Target version:

-

Start date:

01/23/2014

Due date:

% Done:

0%

Estimated time:

Plus Target Version:

Release Notes:

Description

This is a patch that adds compatibility to do memberUid style lookups used in Apple's Open Directory. Specifically, when the user record does not contain any "reverse" group information. The ldap_get_groups function is modified to have a dual-search filter, it looks for user account(s) that match as well as group's whose memberUid (or rather the group membership variable defined by the user) has the username.

I have been able to test against OS X Server 10.9 and it works as expected. While the original functionality should still work, I do not have any LDAP servers that are configured that way so I cannot test. If somebody can test that I would love to hear if it is working or not.

Attached is the diff containing the changes.

Files

auth.inc.diff (3.04 KB) auth.inc.diff

Daniel Hazelbaker, 01/23/2014 09:29 PM

Actions

#1

Updated by Chris Buechler over 10 years ago

Target version set to 2.2
Affected Version deleted (~~2.1~~)

could you please submit a pull request on github to master?

Actions

#2

Updated by Daniel Hazelbaker about 10 years ago

Pull request added: https://github.com/pfsense/pfsense/pull/892

Actions

#3

Updated by Jim Thompson almost 10 years ago

Assignee set to Jim Pingle

assigned to Pingle. Once a CLA has been signed, we can look at incorporating this.

Actions

#4

Updated by Daniel Hazelbaker almost 10 years ago

I believe I signed one in the correct place just now (portal.pfsense.org). Please let me know if I need to do anything else.

Actions

#5

Updated by Jim Pingle almost 10 years ago

The ICLA looks OK, I show that it was signed and submitted. Thanks!

I added some comments on the pull request for potential refinement, or at least some things that need clarified before we can merge the patch.

Actions

#6

Updated by Jim Thompson over 9 years ago

I'm going to push this to 2.3 unless something happens in the next week on this request.

Actions

#7

Updated by Jim Thompson over 9 years ago

Target version changed from 2.2 to 2.3

pushed to post-2.2

Actions

#8

Updated by Jim Pingle over 8 years ago

Status changed from New to Feedback
Target version deleted (~~2.3~~)

I suspect this was actually solved by #4923 -- need feedback from OP or someone else with a similar setup.

Actions

#9

Updated by Daniel Hazelbaker over 8 years ago

I have sense moved our system to Active Directory so I am unable to test #4923 against an Open Directory setup. I thought I had updated this already to reflect that I no longer needed OD, but maybe it was something else.

Actions

#10

Updated by Felix Wolfsteller over 8 years ago

Possible duplicate of issue #5461 .

Actions

#11

Updated by Jim Pingle over 7 years ago

Status changed from Feedback to Resolved

Closing for lack of feedback.

Actions

Also available in: Atom PDF