Skip to content

O
OpnSense
Commit 1e46db3c authored by chrisch1974's avatar chrisch1974
Browse files
Options

ldap: fixed a bug on Active Directory where the name attribute isn't handled correctly 

ldap: add describtion (full name) during import of a user
parent 46040480
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 2 deletions
src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
View file @ 1e46db3c
...@@ -168,6 +168,8 @@ class LDAP ...@@ -168,6 +168,8 @@ class LDAP
public function searchUsers($username, $userNameAttribute, $extendedQuery = null) public function searchUsers($username, $userNameAttribute, $extendedQuery = null)
{ {
if ($this->ldapHandle !== false) { if ($this->ldapHandle !== false) {
// on Active Directory sAMAccountName is returned as samaccountname
$userNameAttribute = strtolower($userNameAttribute);
// add $userNameAttribute to search results // add $userNameAttribute to search results
$this->addSearchAttribute($userNameAttribute); $this->addSearchAttribute($userNameAttribute);
$result = array(); $result = array();
...@@ -183,6 +185,7 @@ class LDAP ...@@ -183,6 +185,7 @@ class LDAP
foreach (array($userNameAttribute, "name") as $ldapAttr) { foreach (array($userNameAttribute, "name") as $ldapAttr) {
if (isset($searchResults[$i][$ldapAttr]) && $searchResults[$i][$ldapAttr]['count'] > 0) { if (isset($searchResults[$i][$ldapAttr]) && $searchResults[$i][$ldapAttr]['count'] > 0) {
$result[] = array("name" => $searchResults[$i][$ldapAttr][0] $result[] = array("name" => $searchResults[$i][$ldapAttr][0]
, "fullname" => $searchResults[$i]['name'][0]
, "dn" => $searchResults[$i]['dn']); , "dn" => $searchResults[$i]['dn']);
break; break;
} }
......
src/www/system_usermanager_import_ldap.php
View file @ 1e46db3c
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
require_once("guiconfig.inc"); require_once("guiconfig.inc");
require_once("auth.inc"); require_once("auth.inc");
function add_local_user($username, $userdn) { function add_local_user($username, $userdn, $userfullname) {
global $config; global $config;
foreach ($config['system']['user'] as &$user) { foreach ($config['system']['user'] as &$user) {
if ($user['name'] == $username && $user['name'] != 'root') { if ($user['name'] == $username && $user['name'] != 'root') {
...@@ -43,6 +43,7 @@ function add_local_user($username, $userdn) { ...@@ -43,6 +43,7 @@ function add_local_user($username, $userdn) {
$new_user['scope'] = 'user'; $new_user['scope'] = 'user';
$new_user['name'] = $username; $new_user['name'] = $username;
$new_user['user_dn'] = $userdn; $new_user['user_dn'] = $userdn;
$new_user['descr'] = $userfullname;
$new_user['uid'] = $config['system']['nextuid']++; $new_user['uid'] = $config['system']['nextuid']++;
$config['system']['user'][] = $new_user; $config['system']['user'][] = $new_user;
} }
...@@ -89,7 +90,7 @@ if ($authcfg['type'] == 'ldap') { ...@@ -89,7 +90,7 @@ if ($authcfg['type'] == 'ldap') {
foreach ($result as $ldap_user ) { foreach ($result as $ldap_user ) {
foreach ($_POST['user_dn'] as $userDN) { foreach ($_POST['user_dn'] as $userDN) {
if ($userDN == $ldap_user['dn'] && !in_array($ldap_user['dn'], $confDNs)) { if ($userDN == $ldap_user['dn'] && !in_array($ldap_user['dn'], $confDNs)) {
add_local_user($ldap_user['name'] , $ldap_user['dn']); add_local_user($ldap_user['name'] , $ldap_user['dn'], $ldap_user['fullname']);
$update_count++; $update_count++;
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023