LDAP authentication support

Juve · Dec 30, 2005, 9:46 PM

I saw on the CVS track timeline that compilation wasn't ok. What's up ? what is the problem ? Can we repair it ?

sullrich · Dec 30, 2005, 9:53 PM

Cannot compile LDAP in as static.

Will address after the 1.0 release.

Juve · Dec 30, 2005, 10:01 PM

Ok, contact me as soon as it is available ;-)

Juve · Jan 2, 2006, 11:39 AM

Hi ;-)

I have made a new version of the LDAP authentication function that allow the admin to specify a list of groups (memberOf in LDAP) where the authorized users should be.
In fact I wrote it because of Active Directory, it is easier for the admin to create a group and put authorized users into than creating a whole new OU.

So now, the admin of the Active directory can tell the function that only the "managers" and "business people" groups (of the OU of their dreams) can authenticate through the captive portal.

Tell me if you are interested Scott ;-)

aldo · Jan 2, 2006, 1:43 PM

it sounds great do we think it will be compatable with openldap

hoba · Jan 2, 2006, 1:53 PM

@Juve:

Ok ;-)

So after many tests, LDAP authentication works with :

openLDAP

Fedora Directory Server (FDS=sunone)

Active Directory (W2K3)

I guess you have missed that message ::)

sullrich · Jan 2, 2006, 9:37 PM

@Juve:

Hi ;-)

I have made a new version of the LDAP authentication function that allow the admin to specify a list of groups (memberOf in LDAP) where the authorized users should be.
In fact I wrote it because of Active Directory, it is easier for the admin to create a group and put authorized users into than creating a whole new OU.

So now, the admin of the Active directory can tell the function that only the "managers" and "business people" groups (of the OU of their dreams) can authenticate through the captive portal.

Tell me if you are interested Scott ;-)

Sounds great. When are you going to start integrating with pfSense? :)

Juve · Jan 3, 2006, 6:45 AM

I will start it as soon as possible. First of all, I need to see how pfsense saves settings, then I will do the mfc changes, then I will call on you to build a release with php+ldap :-D

Let's go to work :-D

Juve · Jan 3, 2006, 9:35 AM

That's done ;-)

I've modified the captive_portal page too, in order to use my function. Next step is LDAP support for Php ;-)

Pfsense roxxx !

hoba · Jan 3, 2006, 9:58 AM

Awesome! You rock too ;D

Guest · Jan 4, 2006, 1:28 AM

All of you guys rock. Even billm.

billm · Jan 4, 2006, 1:34 AM

@submicron:

All of you guys rock. Even billm.

Nah, I don't rock, I stone.

–Bill

wjoyce · Jan 8, 2006, 9:44 PM

Curious to know what the time frame is on LDAP support and what will be supported. May I humbly suggest a FAQ just on LDAP support?

sullrich · Jan 8, 2006, 9:45 PM

1.1. Not for a LONNNNNG time.

wjoyce · Jan 8, 2006, 10:09 PM

What are the issues? I would like to help out on this front if I am capable.

billm · Jan 9, 2006, 6:08 AM

@wjoyce:

What are the issues? I would like to help out on this front if I am capable.

Well…1.0 isn't released yet. Can't release 1.1 until that's out. Then comes some amount of time for development of new features (this would be one of them - albeit developed already). Then people test, eventually we get to beta, then release.

Three ways to help. Write code, test and give good bug reports, donate something to help get the devs stuff they want/need for other pfsense work.

--Bill