Commit 0fb3fd78 authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner

(ldap) re-enable ldap_scope and legacy auth containers.

(cherry picked from commit 0f881bc4)
(cherry picked from commit 28ea1d73)
(cherry picked from commit b234d36f)
(cherry picked from commit ae4e38bc)
(cherry picked from commit d0f13284)
(cherry picked from commit f783f5c4)
parent 67f48b89
......@@ -80,6 +80,17 @@ class LDAP implements IAuthConnector
*/
private $ldapExtendedQuery = null;
/**
* @var auth containers
*/
private $ldapAuthcontainers = null;
/**
* @var ldap scope
*/
private $ldapScope = 'subtree';
/**
* @var array list of already known usernames vs distinguished names
*/
......@@ -109,19 +120,21 @@ class LDAP implements IAuthConnector
/**
* search ldap tree
* @param string $filter ldap filter string to use
* @param string $ldap_scope scope either one or tree
* @return array|bool result list or false on errors
*/
private function search($filter, $ldap_scope = "tree")
private function search($filter)
{
$result = false;
if ($this->ldapHandle != null) {
// if we're looking at multple dn's, split and combine output
foreach (explode(";", $this->baseSearchDN) as $baseDN) {
if ($ldap_scope == "one") {
$sr=@ldap_list($this->ldapHandle, $baseDN, $filter, $this->ldapSearchAttr);
$searchpaths = array($this->baseSearchDN);
if (!empty($this->ldapAuthcontainers)) {
$searchpaths = explode(';', $this->ldapAuthcontainers);
}
foreach ($searchpaths as $baseDN) {
if ($this->ldapScope == 'one') {
$sr = @ldap_list($this->ldapHandle, $baseDN, $filter, $this->ldapSearchAttr);
} else {
$sr=@ldap_search($this->ldapHandle, $baseDN, $filter, $this->ldapSearchAttr);
$sr = @ldap_search($this->ldapHandle, $baseDN, $filter, $this->ldapSearchAttr);
}
if ($sr !== false) {
$info = @ldap_get_entries($this->ldapHandle, $sr);
......@@ -185,6 +198,8 @@ class LDAP implements IAuthConnector
"ldap_bindpw" => "ldapBindPassword",
"ldap_attr_user" => "ldapAttributeUser",
"ldap_extended_query" => "ldapExtendedQuery",
"ldap_authcn" => "ldapAuthcontainers",
"ldap_scope" => "ldapScope",
"local_users" => "userDNmap"
);
......
......@@ -205,7 +205,7 @@
<displayname>User Naming Attribute</displayname>
<type>input</type>
<bindstofield>ovpnserver->step2->nameattr</bindstofield>
<description>Typically "cn" (OpenLDAP, Novell eDirectory), "samAccountName" (Microsoft AD)</description>
<description>Typically "cn" (OpenLDAP, Novell eDirectory), "sAMAccountName" (Microsoft AD)</description>
</field>
<field>
<name>groupattr</name>
......
......@@ -333,7 +333,7 @@ $( document ).ready(function() {
$("#ldap_attr_user").val('cn');
break;
case 'msad':
$("#ldap_attr_user").val('samAccountName');
$("#ldap_attr_user").val('sAMAccountName');
break;
}
});
......@@ -548,21 +548,20 @@ endif; ?>
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Search scope");?></td>
<td>
<div>
<?=gettext("Level:");?><br/>
<select name='ldap_scope' id='ldap_scope' class="formselect selectpicker" data-style="btn-default">
<option value="one" <?=$pconfig['ldap_scope'] == 'one' ? "selected=\"selected\"" : "";?>>
<?=gettext('One Level');?>
</option>
<option value="subtree" <?=$pconfig['ldap_scope'] == 'subtree' ? "selected=\"selected\"" : "";?>>
<?=gettext('Entire Subtree');?>
</option>
</select>
</div>
<div>
<?=gettext("Base DN:");?><br/>
<input name="ldap_basedn" type="text" id="ldap_basedn" size="40" value="<?=$pconfig['ldap_basedn'];?>"/>
</div>
<select name='ldap_scope' id='ldap_scope' class="formselect selectpicker" data-style="btn-default">
<option value="one" <?=$pconfig['ldap_scope'] == 'one' ? "selected=\"selected\"" : "";?>>
<?=gettext('One Level');?>
</option>
<option value="subtree" <?=$pconfig['ldap_scope'] == 'subtree' ? "selected=\"selected\"" : "";?>>
<?=gettext('Entire Subtree');?>
</option>
</select>
</td>
</tr>
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Base DN");?></td>
<td>
<input name="ldap_basedn" type="text" id="ldap_basedn" size="40" value="<?=$pconfig['ldap_basedn'];?>"/>
</td>
</tr>
<tr class="auth_ldap auth_options hidden">
......@@ -574,9 +573,8 @@ endif; ?>
</ul>
<br/>
<div class="hidden" for="help_for_ldapauthcontainers">
<br/><?=gettext("Semicolon separated. This will be prepended to the search base DN above or you can specify full container path containing a DC= component.");?>
<br /><?=gettext("Example:");?> CN=Users;DC=example,DC=com
<br /><?=gettext("Example:");?> OU=Staff;OU=Freelancers
<br/><?= gettext('Semicolon-separated list of distinguished names optionally containing DC= components.') ?>
<br/><?=gettext("Example:");?> OU=Freelancers,O=Company,DC=example,DC=com;CN=Users,OU=Staff,O=Company
</div>
</td>
</tr>
......@@ -604,9 +602,12 @@ endif; ?>
<?php
endif; ?>
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("User naming attribute");?></td>
<td><a id="help_for_ldap_attr_user" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("User naming attribute");?></td>
<td>
<input name="ldap_attr_user" type="text" id="ldap_attr_user" size="20" value="<?=$pconfig['ldap_attr_user'];?>"/>
<div class="hidden" for="help_for_ldap_attr_user">
<?= gettext('Typically "cn" (OpenLDAP, Novell eDirectory), "sAMAccountName" (Microsoft AD)') ?>
</div>
</td>
</tr>
<!-- RADIUS -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment