Authentication / LDAP (+TOTP), for consistency reasons keep ldap_sync_create_local_users on static system_authservers.php page, we currently don't have an option to manage dependancies in automatic fields. ref https://github.com/opnsense/core/issues/5116

2026-03-17 01:54:49 +00:00 · 2021-08-17 20:09:15 +02:00 · 2021-08-17 20:09:15 +02:00 · 146166cc25
commit 146166cc25
parent 4414ffd81b
2 changed files with 17 additions and 12 deletions
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
@ -312,17 +312,6 @@ class LDAP extends Base implements IAuthConnector
        $options["caseInSensitiveUsernames"]["validate"] = function ($value) {
            return array();
        };
-        $options["ldap_sync_create_local_users"] = array();
-        $options["ldap_sync_create_local_users"]["name"] = gettext("Automatic user creation");
-        $options["ldap_sync_create_local_users"]["help"] = gettext(
-          "To be used in combination with synchronize groups, allow the authenticator to create new local users after ".
-          "successful login with group memberships returned for the user."
-        );
-        $options["ldap_sync_create_local_users"]["type"] = "checkbox";
-        $options["ldap_sync_create_local_users"]["validate"] = function ($value) {
-            return array();
-        };
-
        return $options;
    }

--- a/src/www/system_authservers.php
+++ b/src/www/system_authservers.php
@ -90,6 +90,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
            }
            $pconfig['ldap_read_properties'] = !empty($a_server[$id]['ldap_read_properties']);
            $pconfig['ldap_sync_memberof'] = !empty($a_server[$id]['ldap_sync_memberof']);
+            $pconfig['ldap_sync_create_local_users'] = !empty($a_server[$id]['ldap_sync_create_local_users']);
            if (!empty($a_server[$id]['ldap_sync_memberof_groups'])) {
                $pconfig['ldap_sync_memberof_groups'] = explode(",", $a_server[$id]['ldap_sync_memberof_groups']);
            }
@ -243,6 +244,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
              $server['ldap_read_properties'] = !empty($pconfig['ldap_read_properties']);
              $server['ldap_sync_memberof'] = !empty($pconfig['ldap_sync_memberof']);
              $server['ldap_sync_memberof_groups'] = !empty($pconfig['ldap_sync_memberof_groups']) ? implode(",", $pconfig['ldap_sync_memberof_groups']) : array();
+              $server['ldap_sync_create_local_users'] = !empty($pconfig['ldap_sync_create_local_users']);
          } elseif ($server['type'] == "radius") {
              $server['host'] = $pconfig['radius_host'];

@ -313,7 +315,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
 $all_authfields = array(
    'type','name','ldap_host','ldap_port','ldap_urltype','ldap_protver','ldap_scope',
    'ldap_basedn','ldap_authcn','ldap_extended_query','ldap_binddn','ldap_bindpw','ldap_attr_user',
-    'ldap_read_properties', 'ldap_sync_memberof', 'radius_host',
+    'ldap_read_properties', 'ldap_sync_memberof', 'ldap_sync_create_local_users', 'radius_host',
    'radius_auth_port','radius_acct_port','radius_secret','radius_timeout','radius_srvcs'
 );

@ -485,9 +487,11 @@ $( document ).ready(function() {
        if ($(this).is(":checked")) {
            $("#ldap_sync_memberof").prop('disabled', false);
            $("#ldap_sync_memberof_groups").prop('disabled', false);
+            $("#ldap_sync_create_local_users").prop('disabled', false);
        } else {
            $("#ldap_sync_memberof").prop('disabled', true);
            $("#ldap_sync_memberof_groups").prop('disabled', true);
+            $("#ldap_sync_create_local_users").prop('disabled', true);
        }
    });
    $("#ldap_read_properties").change();
@ -767,6 +771,18 @@ endif; ?>
                    </div>
                  </td>
                </tr>
+                <tr class="auth_ldap auth_ldap-totp auth_options hidden">
+                  <td><a id="help_for_ldap_sync_create_local_users" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Automatic user creation"); ?></td>
+                  <td>
+                    <input id="ldap_sync_create_local_users" name="ldap_sync_create_local_users" type="checkbox" <?= empty($pconfig['ldap_sync_create_local_users']) ? '' : 'checked="checked"';?> />
+                    <div class="hidden" data-for="help_for_ldap_sync_create_local_users">
+                      <?= gettext(
+                        "To be used in combination with synchronize groups, allow the authenticator to create new local users after ".
+                        "successful login with group memberships returned for the user."
+                      );?>
+                    </div>
+                  </td>
+                </tr>
                <!-- RADIUS -->
                <tr class="auth_radius auth_options hidden">
                  <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Hostname or IP address");?></td>