Project

General

Profile

Actions

Feature #3410

closed

Patch: Add Apple Open Directory memberUid support in group lookup

Added by Daniel Hazelbaker almost 11 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
User Manager / Privileges
Target version:
-
Start date:
01/23/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

This is a patch that adds compatibility to do memberUid style lookups used in Apple's Open Directory. Specifically, when the user record does not contain any "reverse" group information. The ldap_get_groups function is modified to have a dual-search filter, it looks for user account(s) that match as well as group's whose memberUid (or rather the group membership variable defined by the user) has the username.

I have been able to test against OS X Server 10.9 and it works as expected. While the original functionality should still work, I do not have any LDAP servers that are configured that way so I cannot test. If somebody can test that I would love to hear if it is working or not.

Attached is the diff containing the changes.


Files

auth.inc.diff (3.04 KB) auth.inc.diff Daniel Hazelbaker, 01/23/2014 09:29 PM
Actions #1

Updated by Chris Buechler almost 11 years ago

  • Target version set to 2.2
  • Affected Version deleted (2.1)

could you please submit a pull request on github to master?

Actions #3

Updated by Jim Thompson over 10 years ago

  • Assignee set to Jim Pingle

assigned to Pingle. Once a CLA has been signed, we can look at incorporating this.

Actions #4

Updated by Daniel Hazelbaker over 10 years ago

I believe I signed one in the correct place just now (portal.pfsense.org). Please let me know if I need to do anything else.

Actions #5

Updated by Jim Pingle over 10 years ago

The ICLA looks OK, I show that it was signed and submitted. Thanks!

I added some comments on the pull request for potential refinement, or at least some things that need clarified before we can merge the patch.

Actions #6

Updated by Jim Thompson over 10 years ago

I'm going to push this to 2.3 unless something happens in the next week on this request.

Actions #7

Updated by Jim Thompson over 10 years ago

  • Target version changed from 2.2 to 2.3

pushed to post-2.2

Actions #8

Updated by Jim Pingle about 9 years ago

  • Status changed from New to Feedback
  • Target version deleted (2.3)

I suspect this was actually solved by #4923 -- need feedback from OP or someone else with a similar setup.

Actions #9

Updated by Daniel Hazelbaker about 9 years ago

I have sense moved our system to Active Directory so I am unable to test #4923 against an Open Directory setup. I thought I had updated this already to reflect that I no longer needed OD, but maybe it was something else.

Actions #10

Updated by Felix Wolfsteller about 9 years ago

Possible duplicate of issue #5461 .

Actions #11

Updated by Jim Pingle about 8 years ago

  • Status changed from Feedback to Resolved

Closing for lack of feedback.

Actions

Also available in: Atom PDF