tac_plus-ng: Multiple External Authentication Sources ceased working since commit 193d7513a352ae7c70650fbdcba1002b982f9e2d
beranf opened this issue · 1 comments
beranf commented
Multiple external module sources ceased working since the commit:
commit 193d7513a352ae7c70650fbdcba1002b982f9e2d (HEAD -> master)
Author: Marc Huber <Marc.Huber@web.de>
Date: Mon Apr 17 18:01:40 2023 +0200
mavis/tac_plus-ng/tac_plus: de-duplicate more script-related code
I have tested and used sucessfully multisource external module configuration (2x LDAP servers, PAM) till this problematic commit. Using multiple external sources with tac_plus-ng I have discussed with you here: tac_plus-ng: Multiple External Authentication Sources
My tested and worked configuration before applied the problematic commit:
mavis module = external {
script in {
### pass only specific usernames
if ( $USER !~ /@fbe-test.local$/ ) {
skip
}
}
setenv LDAP_SERVER_TYPE = "microsoft"
setenv LDAP_HOSTS = "test-ms-as.test:389"
setenv LDAP_BASE = "dc=fbe-test,dc=local"
setenv LDAP_USER = "tac@fbe-test.local"
setenv LDAP_PASSWD = *****
setenv LDAP_FILTER = "(&(objectclass=user)(UserPrincipalName=%s))"
setenv AD_GROUP_PREFIX = "tacacs_[-,a-z,A-Z,0-9]*_"
setenv UNLIMIT_AD_GROUP_MEMBERSHIP = 1
exec = /usr/local/lib/mavis/mavis_tacplus_ldap.pl
}
mavis module = external {
script in {
### pass only specific usernames
if ( $USER !~ /@netw$/ ) {
skip
}
}
setenv LDAP_SERVER_TYPE = "generic"
setenv LDAP_HOSTS = "test-openldap:389"
setenv LDAP_BASE = "dc=netw"
setenv LDAP_USER = "cn=manager,dc=netw"
setenv LDAP_PASSWD = *****
setenv LDAP_FILTER = "(&(uid=%s))"
setenv UNLIMIT_AD_GROUP_MEMBERSHIP = 1
setenv FLAG_USE_MEMBEROF = 1
exec = /usr/local/lib/mavis/mavis_tacplus_ldap.pl
}
mavis module = external {
exec = /usr/local/sbin/pammavis pammavis -s sshd
}
MarcJHuber commented
Hi,
thanks, I've noticed and fixed that mess-up yesterday evening but it was too late for testing. I'll push a commit in a couple of minutes (unless my tests fail). Please report back.
Thanks,
Marc