auth / ldap, add group sync checkbox and help text for https://github.com/opnsense/core/issues/3471

2026-03-14 08:34:39 +00:00 · 2019-05-08 21:25:13 +02:00 · 2019-05-08 21:25:13 +02:00 · ccdd7f6586
commit ccdd7f6586
parent b0b51baefc
1 changed files with 23 additions and 1 deletions
--- a/src/www/system_authservers.php
+++ b/src/www/system_authservers.php
@ -89,6 +89,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                $pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
            }
            $pconfig['ldap_read_properties'] = !empty($a_server[$id]['ldap_read_properties']);
+            $pconfig['ldap_sync_memberof'] = !empty($a_server[$id]['ldap_sync_memberof']);
        } elseif ($pconfig['type'] == "radius") {
            $pconfig['radius_host'] = $a_server[$id]['host'];
            $pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
@ -240,6 +241,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                  }
              }
              $server['ldap_read_properties'] = !empty($pconfig['ldap_read_properties']);
+              $server['ldap_sync_memberof'] = !empty($pconfig['ldap_sync_memberof']);
          } elseif ($server['type'] == "radius") {
              $server['host'] = $pconfig['radius_host'];

@ -310,7 +312,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
 $all_authfields = array(
    'type','name','ldap_caref','ldap_host','ldap_port','ldap_urltype','ldap_protver','ldap_scope',
    'ldap_basedn','ldap_authcn','ldap_extended_query','ldap_binddn','ldap_bindpw','ldap_attr_user',
-    'ldap_read_properties', 'radius_host',
+    'ldap_read_properties', 'ldap_sync_memberof', 'radius_host',
    'radius_auth_port','radius_acct_port','radius_secret','radius_timeout','radius_srvcs'
 );

@ -478,6 +480,14 @@ $( document ).ready(function() {
            }, "json");
        }
    });
+    $("#ldap_read_properties").change(function(){
+        if ($(this).is(":checked")) {
+            $("#ldap_sync_memberof").prop('disabled', false);
+        } else {
+            $("#ldap_sync_memberof").prop('disabled', true);
+        }
+    });
+    $("#ldap_read_properties").change();
 });
 </script>

@ -746,6 +756,18 @@ endif; ?>
                    </div>
                  </td>
                </tr>
+                <tr class="auth_ldap auth_ldap-totp auth_options hidden">
+                  <td><a id="help_for_ldap_sync_memberof" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Synchronize groups'); ?></td>
+                  <td>
+                    <input id="ldap_sync_memberof" name="ldap_sync_memberof" type="checkbox" <?= empty($pconfig['ldap_sync_memberof']) ? '' : 'checked="checked"';?> />
+                    <div class="hidden" data-for="help_for_ldap_sync_memberof">
+                      <?= gettext("Synchronize groups specified by memberOf attribute after login, this option requires to enable read properties. ".
+                                  "Groups will be extracted from the first CN= section and will only be considered when already existing in OPNsense. ".
+                                  "Group memberships will be persisted in OPNsense. ".
+                                  "Use the server test tool to check if memberOf is returned by your LDAP server before enabling.");?>
+                    </div>
+                  </td>
+                </tr>
                <!-- RADIUS -->
                <tr class="auth_radius auth_options hidden">
                  <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Hostname or IP address");?></td>