X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fldap.c;h=63f9efa8930dc95d63bf9a0adbbf3d44e4111a42;hb=fc3a2bdd1082832c5889be65c2849d300e2985e2;hp=8e51087b9550d6c93168139361d35b276ac7ab30;hpb=56e1a9496ac3e2445f44c5cdfee4b3b28134c65e;p=citadel.git diff --git a/citadel/ldap.c b/citadel/ldap.c index 8e51087b9..63f9efa89 100644 --- a/citadel/ldap.c +++ b/citadel/ldap.c @@ -542,4 +542,96 @@ int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) return(0); } + +/* + * Scan LDAP for users and populate Citadel's user database with everyone + */ +void CtdlPopulateUsersFromLDAP(void) +{ + LDAP *ldserver = NULL; + int i; + LDAPMessage *search_result = NULL; + LDAPMessage *entry = NULL; + char *user_dn = NULL; + char searchstring[1024]; + struct timeval tv; + // char **values; + + if ((CtdlGetConfigInt("c_auth_mode") != AUTHMODE_LDAP) && (CtdlGetConfigInt("c_auth_mode") != AUTHMODE_LDAP_AD)) { + return; // not running LDAP + } + + syslog(LOG_INFO, "ldap: populating Citadel user database from LDAP"); + + if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { + return; + } + + ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); + ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); + + striplt(CtdlGetConfigStr("c_ldap_bind_dn")); + striplt(CtdlGetConfigStr("c_ldap_bind_pw")); + syslog(LOG_DEBUG, "ldap: bind DN: %s", CtdlGetConfigStr("c_ldap_bind_dn")); + i = ldap_simple_bind_s(ldserver, + (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_dn")) ? CtdlGetConfigStr("c_ldap_bind_dn") : NULL), + (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_pw")) ? CtdlGetConfigStr("c_ldap_bind_pw") : NULL) + ); + if (i != LDAP_SUCCESS) { + syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); + return; + } + + tv.tv_sec = 10; + tv.tv_usec = 0; + + if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) { + snprintf(searchstring, sizeof(searchstring), "(&(objectClass=user)(objectClass=person)(!(objectClass=computer)))"); + } else { + snprintf(searchstring, sizeof(searchstring), "(objectClass: inetOrgPerson)"); + } + + syslog(LOG_DEBUG, "ldap: search: %s", searchstring); + (void) ldap_search_ext_s( + ldserver, // ld + CtdlGetConfigStr("c_ldap_base_dn"), // base + LDAP_SCOPE_SUBTREE, // scope + searchstring, // filter + NULL, // attrs (all attributes) + 0, // attrsonly (attrs + values) + NULL, // serverctrls (none) + NULL, // clientctrls (none) + &tv, // timeout + INT_MAX, // sizelimit (max) + &search_result // result + ); + + /* Ignore the return value of ldap_search_ext_s(). Sometimes it returns an error even when + * the search succeeds. Instead, we check to see whether search_result is still NULL. + */ + if (search_result == NULL) { + syslog(LOG_DEBUG, "ldap: zero search results were returned"); + ldap_unbind(ldserver); + return; + } + + syslog(LOG_DEBUG, "ldap: %d entries returned", ldap_count_entries(ldserver, search_result)); + entry = ldap_first_entry(ldserver, search_result); + while (entry) { + + user_dn = ldap_get_dn(ldserver, entry); + if (user_dn) { + syslog(LOG_DEBUG, "ldap: found %s", user_dn); + } + + entry = ldap_next_entry(ldserver, entry); + } + + /* free the results */ + ldap_msgfree(search_result); + + /* unbind so we can go back in as the authenticating user */ + ldap_unbind(ldserver); +} + #endif /* HAVE_LDAP */