LOCK HER UP

[citadel.git] / citadel / ldap.c

diff --git a/citadel/ldap.c b/citadel/ldap.c
index 8e51087b9550d6c93168139361d35b276ac7ab30..8c60ee508d353adc637f393c12725a90daf987d3 100644 (file)
--- a/citadel/ldap.c
+++ b/citadel/ldap.c
@@ -141,6 +141,7 @@ int CtdlTryUserLDAP(char *username,
                        syslog(LOG_DEBUG, "ldap: dn = %s", user_dn);
                }
 
+/* begin - centralize this */
                if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) {
                        values = ldap_get_values(ldserver, search_result, "displayName");
                        if (values) {
@@ -161,6 +162,8 @@ int CtdlTryUserLDAP(char *username,
                                ldap_value_free(values);
                        }
                }
+/* end - centralize this */
+
                /* If we know the username is the CN/displayName, we already set the uid*/
                if (lookup_based_on_username==0) {
                        if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) {
@@ -542,4 +545,139 @@ int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs)
        return(0);
 }
 
+
+/*
+ * Scan LDAP for users and populate Citadel's user database with everyone
+ */
+void CtdlSynchronizeUsersFromLDAP(void)
+{
+       LDAP *ldserver = NULL;
+       int i;
+       LDAPMessage *search_result = NULL;
+       LDAPMessage *entry = NULL;
+       char *user_dn = NULL;
+       char searchstring[1024];
+       struct timeval tv;
+       char **values;
+
+       if ((CtdlGetConfigInt("c_auth_mode") != AUTHMODE_LDAP) && (CtdlGetConfigInt("c_auth_mode") != AUTHMODE_LDAP_AD)) {
+               return;         // not running LDAP
+       }
+
+       syslog(LOG_INFO, "ldap: synchronizing Citadel user database from LDAP");
+
+       if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) {
+               return;
+       }
+
+       ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version);
+       ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF);
+
+       striplt(CtdlGetConfigStr("c_ldap_bind_dn"));
+       striplt(CtdlGetConfigStr("c_ldap_bind_pw"));
+       syslog(LOG_DEBUG, "ldap: bind DN: %s", CtdlGetConfigStr("c_ldap_bind_dn"));
+       i = ldap_simple_bind_s(ldserver,
+               (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_dn")) ? CtdlGetConfigStr("c_ldap_bind_dn") : NULL),
+               (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_pw")) ? CtdlGetConfigStr("c_ldap_bind_pw") : NULL)
+       );
+       if (i != LDAP_SUCCESS) {
+               syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i);
+               return;
+       }
+
+       tv.tv_sec = 10;
+       tv.tv_usec = 0;
+
+       if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) {
+                       snprintf(searchstring, sizeof(searchstring), "(&(objectClass=user)(objectClass=person)(!(objectClass=computer)))");
+       } else {
+                       snprintf(searchstring, sizeof(searchstring), "(objectClass=inetOrgPerson)");
+       }
+
+       syslog(LOG_DEBUG, "ldap: search: %s", searchstring);
+       (void) ldap_search_ext_s(
+               ldserver,                                       // ld
+               CtdlGetConfigStr("c_ldap_base_dn"),             // base
+               LDAP_SCOPE_SUBTREE,                             // scope
+               searchstring,                                   // filter
+               NULL,                                           // attrs (all attributes)
+               0,                                              // attrsonly (attrs + values)
+               NULL,                                           // serverctrls (none)
+               NULL,                                           // clientctrls (none)
+               &tv,                                            // timeout
+               INT_MAX,                                        // sizelimit (max)
+               &search_result                                  // result
+       );
+
+       /* Ignore the return value of ldap_search_ext_s().  Sometimes it returns an error even when
+        * the search succeeds.  Instead, we check to see whether search_result is still NULL.
+        */
+       if (search_result == NULL) {
+               syslog(LOG_DEBUG, "ldap: zero search results were returned");
+               ldap_unbind(ldserver);
+               return;
+       }
+
+       syslog(LOG_DEBUG, "ldap: %d entries returned", ldap_count_entries(ldserver, search_result));
+       entry = ldap_first_entry(ldserver, search_result);
+       while (entry) {
+
+               user_dn = ldap_get_dn(ldserver, entry);
+               if (user_dn) {
+                       syslog(LOG_DEBUG, "ldap: found %s", user_dn);
+
+                       int fullname_size = 256;
+                       char fullname[256] = { 0 } ;
+                       uid_t uid = (-1);
+
+                       if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) {
+                               values = ldap_get_values(ldserver, entry, "displayName");       // AD schema: fullname = displayName
+                               if (values) {
+                                       if (values[0]) {
+                                               safestrncpy(fullname, values[0], fullname_size);
+                                       }
+                                       ldap_value_free(values);
+                               }
+                               values = ldap_get_values(ldserver, entry, "objectGUID");        // AD schema: uid hashed from objectGUID
+                               if (values) {
+                                       if (values[0]) {
+                                               uid = abs(HashLittle(values[0], strlen(values[0])));
+                                       }
+                                       ldap_value_free(values);
+                               }
+                       }
+                       else {
+                               values = ldap_get_values(ldserver, entry, "cn");                // POSIX schema: fullname = cn
+                               if (values) {
+                                       if (values[0]) {
+                                               safestrncpy(fullname, values[0], fullname_size);
+                                       }
+                                       ldap_value_free(values);
+                               }
+                               values = ldap_get_values(ldserver, entry, "uidNumber");         // POSIX schema: uid = uidNumber
+                               if (values) {
+                                       if (values[0]) {
+                                               uid = atoi(values[0]);
+                                       }
+                                       ldap_value_free(values);
+                               }
+                       }
+
+                       syslog(LOG_DEBUG, "\033[33mldap: display name: <%s> , uid = <%d>\033[0m", fullname, uid);
+
+                       // FIXME now create or update the user
+
+
+               }
+
+               entry = ldap_next_entry(ldserver, entry);
+       }
+
+       /* free the results */
+       ldap_msgfree(search_result);
+
+       /* unbind so we can go back in as the authenticating user */
+       ldap_unbind(ldserver);
+}
+
 #endif /* HAVE_LDAP */