From: "Frank Schütte" <fschuett@gymhim.de>
To: development@lists.ipfire.org
Subject: [PATCH v2] LDAP Auth: add parameter "-R" to not follow referrals.
Date: Wed, 20 May 2020 19:21:07 +0200 [thread overview]
Message-ID: <20200520172107.20223-1-fschuett@gymhim.de> (raw)
[-- Attachment #1: Type: text/plain, Size: 3705 bytes --]
---
html/cgi-bin/proxy.cgi | 11 +++++++++++
langs/de/cgi-bin/de.pl | 1 +
langs/en/cgi-bin/en.pl | 1 +
3 files changed, 13 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index 73646a5ae..23377c42e 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -253,6 +253,7 @@ $proxysettings{'LDAP_PORT'} = '389';
$proxysettings{'LDAP_BINDDN_USER'} = '';
$proxysettings{'LDAP_BINDDN_PASS'} = '';
$proxysettings{'LDAP_GROUP'} = '';
+$proxysettings{'LDAP_REFERRALS'} = 'on';
$proxysettings{'NTLM_AUTH_GROUP'} = '';
$proxysettings{'NTLM_AUTH_BASIC'} = 'off';
$proxysettings{'NTLM_DOMAIN'} = '';
@@ -826,6 +827,10 @@ $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = "selected='selected'";
$selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} = "selected='selected'";
+$checked{'LDAP_REFERRALS'}{'off'} = '';
+$checked{'LDAP_REFERRALS'}{'on'} = '';
+$checked{'LDAP_REFERRALS'}{$proxysettings{'LDAP_REFERRALS'}} = "checked='checked'";
+
$proxysettings{'NTLM_ENABLE_INT_AUTH'} = 'on' unless exists $proxysettings{'NTLM_ENABLE_INT_AUTH'};
$checked{'NTLM_ENABLE_INT_AUTH'}{'off'} = '';
@@ -1932,6 +1937,10 @@ print <<END
<td width='20%' class='base'>$Lang::tr{'advproxy LDAP port'}:</td>
<td><input type='text' name='LDAP_PORT' value='$proxysettings{'LDAP_PORT'}' size='3' /></td>
</tr>
+<tr>
+ <td width='20%' class='base'>$Lang::tr{'advproxy LDAP follow referrals'}:</td>
+ <td width='80%'><input type='checkbox' name='LDAP_REFERRALS' $checked{'LDAP_REFERRALS'}{'on'} /></td>
+</tr>
</table>
<hr size ='1'>
<table width='100%'>
@@ -2081,6 +2090,7 @@ print <<END
<td><input type='hidden' name='LDAP_BINDDN_USER' value='$proxysettings{'LDAP_BINDDN_USER'}'></td>
<td><input type='hidden' name='LDAP_BINDDN_PASS' value='$proxysettings{'LDAP_BINDDN_PASS'}'></td>
<td><input type='hidden' name='LDAP_GROUP' value='$proxysettings{'LDAP_GROUP'}'></td>
+<td><input type='hidden' name='LDAP_REFERRALS' value='$proxysettings{'LDAP_REFERRALS'}'></td>
END
; }
@@ -3283,6 +3293,7 @@ END
print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxysettings{'LDAP_BASEDN'}\"";
if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$proxysettings{'LDAP_BINDDN_USER'}\""; }
if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxysettings{'LDAP_BINDDN_PASS'}"; }
+ if (!($proxysettings{'LDAP_REFERRALS'} eq 'on')) { print FILE " -R"; }
if ($proxysettings{'LDAP_TYPE'} eq 'ADS')
{
if ($proxysettings{'LDAP_GROUP'} eq '')
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 216d49d7c..050c30a3d 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -203,6 +203,7 @@
'advproxy LDAP common settings' => 'Allgemeine LDAP-Einstellungen',
'advproxy LDAP group access control' => 'Gruppenbasierte Zugriffskontrolle',
'advproxy LDAP group required' => 'Erforderliche Gruppe',
+'advproxy LDAP referrals' => 'Folge Referrals',
'advproxy LDAP port' => 'Port',
'advproxy LDAP server' => 'LDAP-Server',
'advproxy LDAP type' => 'LDAP-Typ',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index ff08bce0c..9d1d2be81 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -200,6 +200,7 @@
'advproxy LDAP common settings' => 'Common LDAP settings',
'advproxy LDAP group access control' => 'Group based access control',
'advproxy LDAP group required' => 'Required group',
+'advproxy LDAP referrals' => 'follow referrals',
'advproxy LDAP port' => 'Port',
'advproxy LDAP server' => 'LDAP Server',
'advproxy LDAP type' => 'LDAP type',
--
2.26.1
reply other threads:[~2020-05-20 17:21 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200520172107.20223-1-fschuett@gymhim.de \
--to=fschuett@gymhim.de \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox