From mboxrd@z Thu Jan 1 00:00:00 1970 From: Frank =?utf-8?q?Sch=C3=BCtte?= To: development@lists.ipfire.org Subject: [PATCH v2] LDAP Auth: add parameter "-R" to not follow referrals. Date: Wed, 20 May 2020 19:21:07 +0200 Message-ID: <20200520172107.20223-1-fschuett@gymhim.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7790674143842402223==" List-Id: --===============7790674143842402223== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable --- html/cgi-bin/proxy.cgi | 11 +++++++++++ langs/de/cgi-bin/de.pl | 1 + langs/en/cgi-bin/en.pl | 1 + 3 files changed, 13 insertions(+) diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 73646a5ae..23377c42e 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -253,6 +253,7 @@ $proxysettings{'LDAP_PORT'} =3D '389'; $proxysettings{'LDAP_BINDDN_USER'} =3D ''; $proxysettings{'LDAP_BINDDN_PASS'} =3D ''; $proxysettings{'LDAP_GROUP'} =3D ''; +$proxysettings{'LDAP_REFERRALS'} =3D 'on'; $proxysettings{'NTLM_AUTH_GROUP'} =3D ''; $proxysettings{'NTLM_AUTH_BASIC'} =3D 'off'; $proxysettings{'NTLM_DOMAIN'} =3D ''; @@ -826,6 +827,10 @@ $selected{'NCSA_GROUP'}{$proxysettings{'NCSA_GROUP'}} = =3D "selected=3D'selected'"; =20 $selected{'LDAP_TYPE'}{$proxysettings{'LDAP_TYPE'}} =3D "selected=3D'selecte= d'"; =20 +$checked{'LDAP_REFERRALS'}{'off'} =3D ''; +$checked{'LDAP_REFERRALS'}{'on'} =3D ''; +$checked{'LDAP_REFERRALS'}{$proxysettings{'LDAP_REFERRALS'}} =3D "checked=3D= 'checked'"; + $proxysettings{'NTLM_ENABLE_INT_AUTH'} =3D 'on' unless exists $proxysettings= {'NTLM_ENABLE_INT_AUTH'}; =20 $checked{'NTLM_ENABLE_INT_AUTH'}{'off'} =3D ''; @@ -1932,6 +1937,10 @@ print <$Lang::tr{'advproxy LDAP port'}: + + $Lang::tr{'advproxy LDAP follow referrals'= }: + +
@@ -2081,6 +2090,7 @@ print < + END ; } =20 @@ -3283,6 +3293,7 @@ END print FILE "auth_param basic program $authdir/basic_ldap_auth -b \"$proxy= settings{'LDAP_BASEDN'}\""; if (!($proxysettings{'LDAP_BINDDN_USER'} eq '')) { print FILE " -D \"$pro= xysettings{'LDAP_BINDDN_USER'}\""; } if (!($proxysettings{'LDAP_BINDDN_PASS'} eq '')) { print FILE " -w $proxy= settings{'LDAP_BINDDN_PASS'}"; } + if (!($proxysettings{'LDAP_REFERRALS'} eq 'on')) { print FILE " -R"; } if ($proxysettings{'LDAP_TYPE'} eq 'ADS') { if ($proxysettings{'LDAP_GROUP'} eq '') diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 216d49d7c..050c30a3d 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -203,6 +203,7 @@ 'advproxy LDAP common settings' =3D> 'Allgemeine LDAP-Einstellungen', 'advproxy LDAP group access control' =3D> 'Gruppenbasierte Zugriffskontrolle= ', 'advproxy LDAP group required' =3D> 'Erforderliche Gruppe', +'advproxy LDAP referrals' =3D> 'Folge Referrals', 'advproxy LDAP port' =3D> 'Port', 'advproxy LDAP server' =3D> 'LDAP-Server', 'advproxy LDAP type' =3D> 'LDAP-Typ', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index ff08bce0c..9d1d2be81 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -200,6 +200,7 @@ 'advproxy LDAP common settings' =3D> 'Common LDAP settings', 'advproxy LDAP group access control' =3D> 'Group based access control', 'advproxy LDAP group required' =3D> 'Required group', +'advproxy LDAP referrals' =3D> 'follow referrals', 'advproxy LDAP port' =3D> 'Port', 'advproxy LDAP server' =3D> 'LDAP Server', 'advproxy LDAP type' =3D> 'LDAP type', --=20 2.26.1 --===============7790674143842402223==--