/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision 1dfc6c56

Added by Scott Ullrich over 17 years ago

ID 1dfc6c56fb2e0bd20b2809172d3387f3b0025e6d
Parent 1c7e3ec6
Child 0882c6d2

Changes to allow Novell eDir to authenticate via LDAP.

Thanks to Mark Batchelor for all of his help with these changes.

     	$ldapfilter = $config['system']['webgui']['ldapfilter'];
     	$ldapsearchbase = "{$config['system']['webgui']['ldapsearchbase']}";
     	$ldapfilter = str_replace("\$username", $username, $ldapfilter);
     	$ldapauthcontainers = $config['system']['webgui']['ldapauthcontainers'];
     	if (!($ldap = ldap_connect($ldapserver))) {
-...
     		return $status;
+    	}
     	$search = ldap_search($ldap, $ou . "," . $ldapsearchbase, $ldapfilter, array('memberOf'));
     	$search = ldap_search($ldap, $ldapauthcontainers, $ldapfilter, array('groupmembership'));
     	$info = ldap_get_entries($ldap, $search);
             $countem = $info["count"];
     	$memberof = array();
     	if(is_array($info[0]['memberof'])) {
         	foreach($info[0]['memberof'] as $member) {
                 	if(strstr($member, "CN=") !== false) {
             log_error("USER HAS {$countem} LDAP Groups it is {$info[0]['groupmembership'][0]}");
     	if(is_array($info[0]['groupmembership'])) {
         	foreach($info[0]['groupmembership'] as $member) {
                 	if(strstr($member, "cn=") !== false) {
                         	$membersplit = split(",", $member);
                         	$memberof[] = str_replace("CN=", "", $membersplit[0]);
                         	$memberof[] = str_replace("cn=", "", $membersplit[0]);
+                	}
+        	}
+    	}
-...
     	$ldapserver = $config['system']['webgui']['ldapserver'];
     	$ldapbindun = $config['system']['webgui']['ldapbindun'];
     	$ldapbindpw = $config['system']['webgui']['ldapbindpw'];
             $ldapauthcont = $config['system']['webgui']['ldapauthcontainers'];
     	if(!$ldapserver) {
     		log_error("ERROR!  ldap_backed() backed selected with no LDAP authentication server defined.  Defaulting to built-in htpasswd_backed().     Visit System -> User Manager -> Settings.");
     		$status = htpasswd_backed($username, $passwd);
-...
     		$status = htpasswd_backed($username, $passwd);
     		return $status;
+    	}
     	if (!($res = @ldap_bind($ldap, $username, $passwd))) {
            /* HARD CODED - need to have a uid or something here */
     	$binduser = 'cn='.$username.','.$ldapauthcont;
             log_error("BINDUSER ==== {$binduser}");
     	if (!($res = @ldap_bind($ldap, $binduser, $passwd))) {
     	    log_error("ERROR!  ldap_backed() could not bind to {$ldapserver} - {$username} - {$passwd}.  Defaulting to built-in htpasswd_backed().    Visit System -> User Manager -> Settings.");
     		$status = htpasswd_backed($username, $passwd);
     		return $status;
+    	}
     	log_error("$username logged in via LDAP.");
     	log_error("$binduser ldap name logged in via LDAP.");
     	/* At this point we are binded to LDAP so the user was auth'd okay. */
     	return true;
+    }

Also available in: Unified diff

Project

General

Profile

pfSense

Revision 1dfc6c56

Added by Scott Ullrich over 17 years ago