LDAP authentication support
-
I'm done with it ;D
So I wrote a function that handle the LDAP authentication (errors and all that stuff).
The ldap authentication need 7 parameters to handle anonymous and/or authenticated searches.I've tested it with an openldap server and also an FDS server. I'm installing a 2K3 system to test it ;-)
I could not test it on my pfsens test box since it has php 4.4 without ldap support :-(
I'll try to get in touch with you Scott, on IRC or by pm on this forum.
-
Great news and good job! ;D
-
Get in touch with me on freenode, handle is GeekGod.
Good work!
-
Ok ;-)
So after many tests, LDAP authentication works with :
- openLDAP
- Fedora Directory Server (FDS=sunone)
- Active Directory (W2K3)
-
Next step is to integrate Auth for the web interface, then move on to captive portal, pppoe and such. It actually should be pretty easy to do these portions.
-
Yes, and also to have php compiled with the ldap support on the next pfsense release ;-)
-
No problem.
-
I saw on the CVS track timeline that compilation wasn't ok. What's up ? what is the problem ? Can we repair it ?
-
Cannot compile LDAP in as static.
Will address after the 1.0 release.
-
Ok, contact me as soon as it is available ;-)
-
Hi ;-)
I have made a new version of the LDAP authentication function that allow the admin to specify a list of groups (memberOf in LDAP) where the authorized users should be.
In fact I wrote it because of Active Directory, it is easier for the admin to create a group and put authorized users into than creating a whole new OU.So now, the admin of the Active directory can tell the function that only the "managers" and "business people" groups (of the OU of their dreams) can authenticate through the captive portal.
Tell me if you are interested Scott ;-)
-
it sounds great do we think it will be compatable with openldap
-
Ok ;-)
So after many tests, LDAP authentication works with :
- openLDAP
- Fedora Directory Server (FDS=sunone)
- Active Directory (W2K3)
I guess you have missed that message ::)
-
Hi ;-)
I have made a new version of the LDAP authentication function that allow the admin to specify a list of groups (memberOf in LDAP) where the authorized users should be.
In fact I wrote it because of Active Directory, it is easier for the admin to create a group and put authorized users into than creating a whole new OU.So now, the admin of the Active directory can tell the function that only the "managers" and "business people" groups (of the OU of their dreams) can authenticate through the captive portal.
Tell me if you are interested Scott ;-)
Sounds great. When are you going to start integrating with pfSense? :)
-
I will start it as soon as possible. First of all, I need to see how pfsense saves settings, then I will do the mfc changes, then I will call on you to build a release with php+ldap :-D
Let's go to work :-D
-
That's done ;-)
I've modified the captive_portal page too, in order to use my function. Next step is LDAP support for Php ;-)
Pfsense roxxx !
-
Awesome! You rock too ;D
-
All of you guys rock. Even billm.
-
@submicron:
All of you guys rock. Even billm.
Nah, I don't rock, I stone.
–Bill
-
Curious to know what the time frame is on LDAP support and what will be supported. May I humbly suggest a FAQ just on LDAP support?