In 6f76b5f the displayName attribute was added as the first camel case
attribute being read from the search result. As various[^1] comments[^2]
for `ldap_search` mention the attribute names must be lower case, even
though the LDAP server might return them differently.
Using all lower case to access the returned attribute results in the
value of displayName actually being used as the full name of the user.
[^1]: https://www.php.net/manual/en/function.ldap-search.php#37317
[^2]: https://www.php.net/manual/en/function.ldap-search.php#28991
The associated nat rules remain a terrible construct, ideally we would make sure the automated rule matches a regular one, but if they do, the firewall_rules_edit.php page has to handle all sorts of corner cases leading to other unexpected behaviour.
This fixes a bug, cleaning this up would either need proper validations in the filter page or no extra validations at all (create/update, only note the relation, but don't try to enforce anything when associated-rule-id is set.
Eventually some of the functionality in user/group management maybe moved to this hook, but to ensure a fast path to production, we'll keep duplicate work for now.
for https://github.com/opnsense/core/issues/4411
o in order for this to work properly we need to change when a config backup is made, previously we performed a backup before the fact, now we backup afterwards. which means the top level always represents the current change (and can thus be signaled to an event handler). After upgrade one might lose a single backup file due to this change, but that should be a small price to pay for progress.
o config backup count was defined incorrect (60 instead of 100 according to the gui)
o the syslog-ng event structure is using the existing configd handler and filters relevant events within a small time frame (which prevents flooding configd)
Since the event is loosely coupled, the risk for releasing this into an existing environment should be rather low.
For https://github.com/opnsense/core/issues/4388
sponsored by : Modirum (https://www.modirum.com/)
o move all templates into one standard ini file containing all required info for the blacklists
o add syslog output (in unbound log view) about processing and error handling
o validate "whitelist" regexp entries before usage
o lock process while performing download task
o don't try to download in parallel, the gain is relatively small and adds complexity.
o remove last unboundplus action, migrate cron jobs if they exist
This should be replaced with something more clever so for now
use this to keep an eye on the change until a strategy is clear.
We could remove the default and store unlimited backups although
that might hit a directory file limit sooner or later.
Just as a POC shuffle known service controllers into the
page making sure to correctly translate their names.
Can't be the final state but it's a start. Should probably
move all service monitoring to a separate API under the
"correct" (well, "matching" anyway) name.
While here remove too much of implementation magic that is
expected from the system but may change subtly over time
when requirements in the software change. Such things are
better suited for the documentation.
