Merge pull request #288 from chrisch1974/hotfix/ldap

minor LDAP fixes

src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php

@@ -168,6 +168,8 @@ class LDAP
     public function searchUsers($username, $userNameAttribute, $extendedQuery = null)
     {
         if ($this->ldapHandle !== false) {
+            // on Active Directory sAMAccountName is returned as samaccountname
+            $userNameAttribute = strtolower($userNameAttribute);
             // add $userNameAttribute to search results
             $this->addSearchAttribute($userNameAttribute);
             $result = array();
@@ -183,6 +185,7 @@ class LDAP
                     foreach (array($userNameAttribute, "name") as $ldapAttr) {
                         if (isset($searchResults[$i][$ldapAttr]) && $searchResults[$i][$ldapAttr]['count'] > 0) {
                             $result[] = array("name" => $searchResults[$i][$ldapAttr][0]
+                                        , "fullname" => $searchResults[$i]['name'][0]
                                         , "dn" => $searchResults[$i]['dn']);
                             break;
                         }

src/www/system_authservers.php

@@ -629,6 +629,40 @@ endif; ?>
 													</select>
 												</td>
 											</tr>
+											<tr>
+												<td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
+												<td width="78%" class="vtable">
+													<table border="0" cellspacing="0" cellpadding="2" summary="bind credentials">
+														<tr>
+															<td>
+																<input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) {
+                                                                    echo "checked=\"checked\"";
+} ?> onclick="ldap_bindchange()" />
+															</td>
+															<td>
+																<?=gettext("Use anonymous binds to resolve distinguished names");?>
+															</td>
+														</tr>
+													</table>
+													<table border="0" cellspacing="0" cellpadding="2" id="ldap_bind" summary="bind">
+														<tr>
+															<td colspan="2"></td>
+														</tr>
+														<tr>
+															<td><?=gettext("User DN:");?> &nbsp;</td>
+															<td>
+																<input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br />
+															</td>
+														</tr>
+														<tr>
+															<td><?=gettext("Password:");?> &nbsp;</td>
+															<td>
+																<input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br />
+															</td>
+														</tr>
+													</table>
+												</td>
+											</tr>
 											<tr>
 												<td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td>
 												<td width="78%" class="vtable">
@@ -700,40 +734,6 @@ endif; ?>
 													</table>
 												</td>
 											</tr>
-											<tr>
-												<td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
-												<td width="78%" class="vtable">
-													<table border="0" cellspacing="0" cellpadding="2" summary="bind credentials">
-														<tr>
-															<td>
-																<input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) {
-                                                                    echo "checked=\"checked\"";
-} ?> onclick="ldap_bindchange()" />
-															</td>
-															<td>
-																<?=gettext("Use anonymous binds to resolve distinguished names");?>
-															</td>
-														</tr>
-													</table>
-													<table border="0" cellspacing="0" cellpadding="2" id="ldap_bind" summary="bind">
-														<tr>
-															<td colspan="2"></td>
-														</tr>
-														<tr>
-															<td><?=gettext("User DN:");?> &nbsp;</td>
-															<td>
-																<input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br />
-															</td>
-														</tr>
-														<tr>
-															<td><?=gettext("Password:");?> &nbsp;</td>
-															<td>
-																<input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br />
-															</td>
-														</tr>
-													</table>
-												</td>
-											</tr>
 											<?php if (!isset($id)) :
 ?>
 											<tr>

src/www/system_usermanager.php

@@ -464,7 +464,7 @@ function sshkeyClicked(obj) {
 
 function import_ldap_users() {
   url="system_usermanager_import_ldap.php";
-  var oWin = window.open(url,"OPNsense","width=620,height=400,top=150,left=150");
+  var oWin = window.open(url,"OPNsense","width=620,height=400,top=150,left=150,scrollbars=yes");
   if (oWin==null || typeof(oWin)=="undefined") {
     alert("<?=gettext('Popup blocker detected.  Action aborted.');?>");
   }
@@ -515,7 +515,7 @@ function import_ldap_users() {
                     <table class="table table-striped table-sort">
                     <?php
                     $ro = "";
-                    if ($pconfig['utype'] == "system") {
+                    if ($pconfig['utype'] == "system" || !empty($pconfig['user_dn'])) {
                         $ro = "readonly=\"readonly\"";
                     }
                     ?>
@@ -550,7 +550,7 @@ function import_ldap_users() {
                                 <input name="user_dn" type="text" class="formfld user" id="user_dn" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['user_dn']);?>"/ readonly>
                             </td>
                         </tr>
-<?php endif;
+<?php else:
 ?>
                         <tr>
                             <td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td>
@@ -563,6 +563,8 @@ function import_ldap_users() {
                                 <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" />&nbsp;<?= gettext("(confirmation)"); ?>
                             </td>
                         </tr>
+<?php endif;
+?>
                         <tr>
                             <td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td>
                             <td width="78%" class="vtable">

src/www/system_usermanager_import_ldap.php

@@ -29,7 +29,7 @@
 require_once("guiconfig.inc");
 require_once("auth.inc");
 
-function add_local_user($username, $userdn) {
+function add_local_user($username, $userdn, $userfullname) {
   global $config;
   foreach ($config['system']['user'] as &$user) {
       if ($user['name'] == $username && $user['name'] != 'root') {
@@ -43,6 +43,7 @@ function add_local_user($username, $userdn) {
   $new_user['scope'] = 'user';
   $new_user['name'] = $username;
   $new_user['user_dn'] = $userdn;
+  $new_user['descr'] = $userfullname;
   $new_user['uid'] = $config['system']['nextuid']++;
   $config['system']['user'][] = $new_user;
 }
@@ -89,7 +90,7 @@ if ($authcfg['type'] == 'ldap') {
         foreach ($result as $ldap_user ) {
           foreach ($_POST['user_dn'] as $userDN) {
             if ($userDN == $ldap_user['dn'] && !in_array($ldap_user['dn'], $confDNs)) {
-              add_local_user($ldap_user['name'] , $ldap_user['dn']);
+              add_local_user($ldap_user['name'] , $ldap_user['dn'], $ldap_user['fullname']);
               $update_count++;
             }
           }
@@ -106,6 +107,7 @@ if ($authcfg['type'] == 'ldap') {
           $ldap_users[$ldap_user['name']] = $ldap_user['dn'];
         }
       }
+      ksort($ldap_users);
     }
   }
 }