From e9b9d0ceda7db8fd793b5e397b4bbfc1c5cf0405 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Thu, 22 Mar 2007 16:29:49 +0000
Subject: Fix squid ldap auth

Submitted-by: TDI via Forum
---
 packages/squid/squid.inc      | 14 +++++++++++++-
 packages/squid/squid_auth.xml | 21 ++++++++++++++++++++-
 2 files changed, 33 insertions(+), 2 deletions(-)

(limited to 'packages/squid')

diff --git a/packages/squid/squid.inc b/packages/squid/squid.inc
index 5dc644eb..a5b7a8cc 100644
--- a/packages/squid/squid.inc
+++ b/packages/squid/squid.inc
@@ -781,7 +781,7 @@ function squid_resync_auth() {
 			case 'ldap':
 				$port = (isset($settings['auth_port']) ? ":{$settings['auth_port']}" : '');
 				$password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : '');
-				$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"(&(objectClass=person)(cn=%s))\" -u cn -P {$settings['auth_server']}$port\n";
+				$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u uid -P {$settings['auth_server']}$port\n";
 				break;
 			case 'radius':
 				$port = (isset($settings['auth_port']) ? "-p {$settings['auth_server_port']}" : '');
@@ -891,6 +891,8 @@ function on_auth_method_changed() {
 	document.iform.auth_server.disabled = 1;
 	document.iform.auth_server_port.disabled = 1;
 	document.iform.ldap_user.disabled = 1;
+	document.iform.ldap_version.disabled = 1;
+	document.iform.ldap_filter.disabled = 1;
 	document.iform.ldap_password.disabled = 1;
 	document.iform.ldap_basedomain.disabled = 1;
 	document.iform.radius_secret.disabled = 1;
@@ -918,6 +920,8 @@ function on_auth_method_changed() {
 		document.iform.auth_server.disabled = 1;
 		document.iform.auth_server_port.disabled = 1;
 		document.iform.ldap_user.disabled = 1;
+		document.iform.ldap_version.disabled = 1;
+		document.iform.ldap_filter.disabled = 1;
 		document.iform.ldap_password.disabled = 1;
 		document.iform.ldap_basedomain.disabled = 1;
 		document.iform.radius_secret.disabled = 1;
@@ -942,6 +946,8 @@ function on_auth_method_changed() {
 			document.iform.auth_server_port.disabled = 1;
 			document.iform.ldap_user.disabled = 1;
 			document.iform.ldap_password.disabled = 1;
+			document.iform.ldap_version.disabled = 1;
+			document.iform.ldap_filter.disabled = 1;
 			document.iform.ldap_basedomain.disabled = 1;
 			document.iform.radius_secret.disabled = 1;
 			document.iform.msnt_secondary.disabled = 1;
@@ -951,6 +957,8 @@ function on_auth_method_changed() {
 			document.iform.auth_server_port.disabled = 0;
 			document.iform.ldap_user.disabled = 0;
 			document.iform.ldap_password.disabled = 0;
+			document.iform.ldap_version.disabled = 0;
+			document.iform.ldap_filter.disabled = 0;
 			document.iform.ldap_basedomain.disabled = 0;
 			document.iform.radius_secret.disabled = 1;
 			document.iform.msnt_secondary.disabled = 1;
@@ -960,6 +968,8 @@ function on_auth_method_changed() {
 			document.iform.auth_server_port.disabled = 0;
 			document.iform.ldap_user.disabled = 1;
 			document.iform.ldap_password.disabled = 1;
+			document.iform.ldap_version.disabled = 1;
+			document.iform.ldap_filter.disabled = 1;
 			document.iform.ldap_basedomain.disabled = 1;
 			document.iform.radius_secret.disabled = 0;
 			document.iform.msnt_secondary.disabled = 1;
@@ -969,6 +979,8 @@ function on_auth_method_changed() {
 			document.iform.auth_server_port.disabled = 1;
 			document.iform.ldap_user.disabled = 1;
 			document.iform.ldap_password.disabled = 1;
+			document.iform.ldap_version.disabled = 1;
+			document.iform.ldap_filter.disabled = 1;
 			document.iform.ldap_basedomain.disabled = 1;
 			document.iform.radius_secret.disabled = 1;
 			document.iform.msnt_secondary.disabled = 0;
diff --git a/packages/squid/squid_auth.xml b/packages/squid/squid_auth.xml
index 2f20d755..50d29343 100644
--- a/packages/squid/squid_auth.xml
+++ b/packages/squid/squid_auth.xml
@@ -51,6 +51,17 @@
 			</options>
 			<onchange>on_auth_method_changed()</onchange>
 		</field>
+		<field>
+			<fieldname>ldap_version</fieldname>
+			<fielddescr>LDAP version</fielddescr>
+			<description>Enter LDAP protocol version (2 or 3).</description>
+			<default_value>2</default_value>
+			<type>select</type>
+			<options>
+			<option><name>2</name><value>2</value></option>
+			<option><name>3</name><value>3</value></option>
+			</options>
+		</field>
 		<field>
 			<fieldname>auth_server</fieldname>
 			<fielddescr>Authentication server</fielddescr>
@@ -73,7 +84,7 @@
 			<size>60</size>
 		</field>
 		<field>
-			<fieldname>ldap_password</fieldname>
+			<fieldname>ldap_pass</fieldname>
 			<fielddescr>LDAP password</fielddescr>
 			<description>Enter here the password to use to connect to the LDAP server.</description>
 			<type>password</type>
@@ -86,6 +97,14 @@
 			<type>input</type>
 			<size>60</size>
 		</field>
+		<field>
+			<fieldname>ldap_filter</fieldname>
+			<fielddescr>LDAP search filter</fielddescr>
+			<default_value>(&amp;(objectClass=person)(uid=%s))</default_value>
+			<description>Enter LDAP search filter.</description>
+			<type>input</type>
+			<size>60</size>
+		</field>
 		<field>
 			<fieldname>radius_secret</fieldname>
 			<fielddescr>RADIUS secret</fielddescr>
-- 
cgit v1.2.3