aboutsummaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2007-03-22 16:29:49 +0000
committerScott Ullrich <sullrich@pfsense.org>2007-03-22 16:29:49 +0000
commite9b9d0ceda7db8fd793b5e397b4bbfc1c5cf0405 (patch)
treefb83dcb1be0c5b5b0073f6e1f4d547929396139b /packages
parent448ba22cf54be545c501604e5bb7a50e5a717637 (diff)
downloadpfsense-packages-e9b9d0ceda7db8fd793b5e397b4bbfc1c5cf0405.tar.gz
pfsense-packages-e9b9d0ceda7db8fd793b5e397b4bbfc1c5cf0405.tar.bz2
pfsense-packages-e9b9d0ceda7db8fd793b5e397b4bbfc1c5cf0405.zip
Fix squid ldap auth
Submitted-by: TDI via Forum
Diffstat (limited to 'packages')
-rw-r--r--packages/squid/squid.inc14
-rw-r--r--packages/squid/squid_auth.xml21
2 files changed, 33 insertions, 2 deletions
diff --git a/packages/squid/squid.inc b/packages/squid/squid.inc
index 5dc644eb..a5b7a8cc 100644
--- a/packages/squid/squid.inc
+++ b/packages/squid/squid.inc
@@ -781,7 +781,7 @@ function squid_resync_auth() {
case 'ldap':
$port = (isset($settings['auth_port']) ? ":{$settings['auth_port']}" : '');
$password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : '');
- $conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"(&(objectClass=person)(cn=%s))\" -u cn -P {$settings['auth_server']}$port\n";
+ $conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u uid -P {$settings['auth_server']}$port\n";
break;
case 'radius':
$port = (isset($settings['auth_port']) ? "-p {$settings['auth_server_port']}" : '');
@@ -891,6 +891,8 @@ function on_auth_method_changed() {
document.iform.auth_server.disabled = 1;
document.iform.auth_server_port.disabled = 1;
document.iform.ldap_user.disabled = 1;
+ document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_filter.disabled = 1;
document.iform.ldap_password.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 1;
@@ -918,6 +920,8 @@ function on_auth_method_changed() {
document.iform.auth_server.disabled = 1;
document.iform.auth_server_port.disabled = 1;
document.iform.ldap_user.disabled = 1;
+ document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_filter.disabled = 1;
document.iform.ldap_password.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 1;
@@ -942,6 +946,8 @@ function on_auth_method_changed() {
document.iform.auth_server_port.disabled = 1;
document.iform.ldap_user.disabled = 1;
document.iform.ldap_password.disabled = 1;
+ document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_filter.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 1;
document.iform.msnt_secondary.disabled = 1;
@@ -951,6 +957,8 @@ function on_auth_method_changed() {
document.iform.auth_server_port.disabled = 0;
document.iform.ldap_user.disabled = 0;
document.iform.ldap_password.disabled = 0;
+ document.iform.ldap_version.disabled = 0;
+ document.iform.ldap_filter.disabled = 0;
document.iform.ldap_basedomain.disabled = 0;
document.iform.radius_secret.disabled = 1;
document.iform.msnt_secondary.disabled = 1;
@@ -960,6 +968,8 @@ function on_auth_method_changed() {
document.iform.auth_server_port.disabled = 0;
document.iform.ldap_user.disabled = 1;
document.iform.ldap_password.disabled = 1;
+ document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_filter.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 0;
document.iform.msnt_secondary.disabled = 1;
@@ -969,6 +979,8 @@ function on_auth_method_changed() {
document.iform.auth_server_port.disabled = 1;
document.iform.ldap_user.disabled = 1;
document.iform.ldap_password.disabled = 1;
+ document.iform.ldap_version.disabled = 1;
+ document.iform.ldap_filter.disabled = 1;
document.iform.ldap_basedomain.disabled = 1;
document.iform.radius_secret.disabled = 1;
document.iform.msnt_secondary.disabled = 0;
diff --git a/packages/squid/squid_auth.xml b/packages/squid/squid_auth.xml
index 2f20d755..50d29343 100644
--- a/packages/squid/squid_auth.xml
+++ b/packages/squid/squid_auth.xml
@@ -52,6 +52,17 @@
<onchange>on_auth_method_changed()</onchange>
</field>
<field>
+ <fieldname>ldap_version</fieldname>
+ <fielddescr>LDAP version</fielddescr>
+ <description>Enter LDAP protocol version (2 or 3).</description>
+ <default_value>2</default_value>
+ <type>select</type>
+ <options>
+ <option><name>2</name><value>2</value></option>
+ <option><name>3</name><value>3</value></option>
+ </options>
+ </field>
+ <field>
<fieldname>auth_server</fieldname>
<fielddescr>Authentication server</fielddescr>
<description>Enter here the IP or hostname of the server that will perform the authentication.</description>
@@ -73,7 +84,7 @@
<size>60</size>
</field>
<field>
- <fieldname>ldap_password</fieldname>
+ <fieldname>ldap_pass</fieldname>
<fielddescr>LDAP password</fielddescr>
<description>Enter here the password to use to connect to the LDAP server.</description>
<type>password</type>
@@ -87,6 +98,14 @@
<size>60</size>
</field>
<field>
+ <fieldname>ldap_filter</fieldname>
+ <fielddescr>LDAP search filter</fielddescr>
+ <default_value>(&amp;(objectClass=person)(uid=%s))</default_value>
+ <description>Enter LDAP search filter.</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
<fieldname>radius_secret</fieldname>
<fielddescr>RADIUS secret</fielddescr>
<description>The RADIUS secret for RADIUS authentication.</description>