Enhancing OPNsense plugins by example pt. 1

Welcome to the first series of how to enhance OPNsense plugins by example!

Today we’ll try to add LDAP functionality to the FreeRADIUS plugin.

First of all we have to figure out how to add this feature just for the daemon itself, so we go to /usr/local/etc/raddb/mods-enabled and link ldap from mods-available.

cd /usr/local/etc/raddb/mods-enabled

ln -s ../mods-available/ldap .

 

We stop out existing instance and start radius in debugging mode:

service radiusd stop

radiusd -X

 

Now we got the following:

# Instantiating module „ldap“ from file /usr/local/etc/raddb/mods-enabled/ldap
rlm_ldap: libldap vendor: OpenLDAP, version: 20445
accounting {
reference = „%{tolower:type.%{Acct-Status-Type}}“
}
post-auth {
reference = „.“
}
rlm_ldap (ldap): Initialising connection pool
pool {
start = 5
min = 3
max = 32
spare = 10
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
retry_delay = 30
spread = no
}
rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
rlm_ldap (ldap): Connecting to ldap://localhost:389
rlm_ldap (ldap): Bind with (anonymous) to ldap://localhost:389 failed: Can’t contact LDAP server
rlm_ldap (ldap): Opening connection failed (0)
rlm_ldap (ldap): Removing connection pool
/usr/local/etc/raddb/mods-enabled/ldap[8]: Instantiation failed for module „ldap“

 

Ok, the module got loaded correctly but it can’t connect to an LDAP server. So we have all dependencies met to go on.

Now insert the existing LDAP server and start radiusd again. The daemon should start successfully.

 

It’s time to think about the presentation in the UI. Opening Freeradius shows us sub menues General, Client, User and EAP, so how about adding a sub menu called LDAP?

 

I’m using Github Desktop for Windows or github.com directly, you can use whatever you like.

Go to plugins\net\freeradius\src\opnsense\mvc\app\models\OPNsense\Freeradius\Menu and open Menu.xml. Under EAP add the following line:

<LDAP url=“/ui/freeradius/ldap/index“ order=“50″/>

 

This will add a new entry and bring you to the correct URI (which we will add now). While we are here, go one folder up (to \Freeradius) and make a copy of Eap.xml and Eap.php. Open both files and replace EAP with LDAP (case sensitive) and eap with ldap (case sensitive) and of course Eap to Ldap. Leave the values in Ldap.xml as is, we’ll cover them later.

 

From the model (M) to the controller (C) plugins\net\freeradius\src\opnsense\mvc\app\controllers\OPNsense\Freeradius and again copy EapController.php to LdapController.php and replace Eap with Ldap (case sensitive for all kinds).

Change to subfolder Api and to the same again, copy EapController.php to LdapController.php and replace Eap with Ldap (case sensitive for all kinds).

 

We leave the forms folder for later, change to the view (V) plugins\net\freeradius\src\opnsense\mvc\app\views\OPNsense\Freeradius and copy eap.volt to ldap.volt. I believe you can imagine what to do? Yeah, again, search and replace FTW!

 

Now we have the (M)odel, the (C)ontroller and the (V)iew. In the next part we think about the values we need for the fields, how to name them and what types they are.