Feature #3410
closedPatch: Add Apple Open Directory memberUid support in group lookup
0%
Description
This is a patch that adds compatibility to do memberUid style lookups used in Apple's Open Directory. Specifically, when the user record does not contain any "reverse" group information. The ldap_get_groups function is modified to have a dual-search filter, it looks for user account(s) that match as well as group's whose memberUid (or rather the group membership variable defined by the user) has the username.
I have been able to test against OS X Server 10.9 and it works as expected. While the original functionality should still work, I do not have any LDAP servers that are configured that way so I cannot test. If somebody can test that I would love to hear if it is working or not.
Attached is the diff containing the changes.
Files
Updated by Chris Buechler over 10 years ago
- Target version set to 2.2
- Affected Version deleted (
2.1)
could you please submit a pull request on github to master?
Updated by Daniel Hazelbaker about 10 years ago
Pull request added: https://github.com/pfsense/pfsense/pull/892
Updated by Jim Thompson almost 10 years ago
- Assignee set to Jim Pingle
assigned to Pingle. Once a CLA has been signed, we can look at incorporating this.
Updated by Daniel Hazelbaker almost 10 years ago
I believe I signed one in the correct place just now (portal.pfsense.org). Please let me know if I need to do anything else.
Updated by Jim Pingle almost 10 years ago
The ICLA looks OK, I show that it was signed and submitted. Thanks!
I added some comments on the pull request for potential refinement, or at least some things that need clarified before we can merge the patch.
Updated by Jim Thompson over 9 years ago
I'm going to push this to 2.3 unless something happens in the next week on this request.
Updated by Jim Pingle over 8 years ago
- Status changed from New to Feedback
- Target version deleted (
2.3)
I suspect this was actually solved by #4923 -- need feedback from OP or someone else with a similar setup.
Updated by Daniel Hazelbaker over 8 years ago
I have sense moved our system to Active Directory so I am unable to test #4923 against an Open Directory setup. I thought I had updated this already to reflect that I no longer needed OD, but maybe it was something else.
Updated by Felix Wolfsteller over 8 years ago
Possible duplicate of issue #5461 .
Updated by Jim Pingle over 7 years ago
- Status changed from Feedback to Resolved
Closing for lack of feedback.