X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fldap.c;h=f4bffb0aa3240c69ce77c5d614249e89c19bf07e;hb=738d978faebcf47543d9310c9ccd784ba457ee63;hp=53e4816795cb7a457cee53bd1e9fd6904a0f8303;hpb=e50a8a181e1cbd4aa0e8bc032fa8153040e66eea;p=citadel.git diff --git a/citadel/ldap.c b/citadel/ldap.c index 53e481679..f4bffb0aa 100644 --- a/citadel/ldap.c +++ b/citadel/ldap.c @@ -59,7 +59,6 @@ void derive_fullname_from_ldap_result(char *fullname, int fullname_size, LDAP *l ldap_value_free(values); } } - syslog(LOG_DEBUG, "\033[31mldap: display name: <%s> \033[0m", fullname); } @@ -90,13 +89,10 @@ uid_t derive_uid_from_ldap(LDAP *ldserver, LDAPMessage *entry) } } - syslog(LOG_DEBUG, "\033[31mldap: uid: <%d> \033[0m", uid); return(uid); } - - /* * Wrapper function for ldap_initialize() that consistently fills in the correct fields */ @@ -118,25 +114,14 @@ int ctdl_ldap_initialize(LDAP **ld) { /* - * Look up a user in the directory to see if this is an account that can be authenticated + * Bind to the LDAP server and return a working handle */ -int CtdlTryUserLDAP(char *username, - char *found_dn, int found_dn_size, - char *fullname, int fullname_size, - uid_t *uid, int lookup_based_on_username) -{ +LDAP *ctdl_ldap_bind(void) { LDAP *ldserver = NULL; int i; - LDAPMessage *search_result = NULL; - LDAPMessage *entry = NULL; - char searchstring[1024]; - struct timeval tv; - char *user_dn = NULL; - - if (fullname) safestrncpy(fullname, username, fullname_size); if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { - return(errno); + return(NULL); } ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); @@ -151,25 +136,41 @@ int CtdlTryUserLDAP(char *username, ); if (i != LDAP_SUCCESS) { syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); - return(i); + return(NULL); } + return(ldserver); +} + + +/* + * Look up a user in the directory to see if this is an account that can be authenticated + */ +int CtdlTryUserLDAP(char *username, + char *found_dn, int found_dn_size, + char *fullname, int fullname_size, + uid_t *uid) +{ + LDAP *ldserver = NULL; + LDAPMessage *search_result = NULL; + LDAPMessage *entry = NULL; + char searchstring[1024]; + struct timeval tv; + char *user_dn = NULL; + + ldserver = ctdl_ldap_bind(); + if (!ldserver) return(-1); + + if (fullname) safestrncpy(fullname, username, fullname_size); tv.tv_sec = 10; tv.tv_usec = 0; if (CtdlGetConfigInt("c_auth_mode") == AUTHMODE_LDAP_AD) { - if (lookup_based_on_username != 0) - snprintf(searchstring, sizeof(searchstring), "(displayName=%s)",username); - else - snprintf(searchstring, sizeof(searchstring), "(sAMAccountName=%s)", username); + snprintf(searchstring, sizeof(searchstring), "(sAMAccountName=%s)", username); } else { - if (lookup_based_on_username != 0) { - snprintf(searchstring, sizeof(searchstring), "(cn=%s)",username); - } - else { - snprintf(searchstring, sizeof(searchstring), "(&(objectclass=posixAccount)(uid=%s))", username); - } + snprintf(searchstring, sizeof(searchstring), "(&(objectclass=posixAccount)(cn=%s))", username); + // snprintf(searchstring, sizeof(searchstring), "(&(objectclass=posixAccount)(uid=%s))", username); } syslog(LOG_DEBUG, "ldap: search: %s", searchstring); @@ -208,12 +209,7 @@ int CtdlTryUserLDAP(char *username, } derive_fullname_from_ldap_result(fullname, fullname_size, ldserver, search_result); - - /* If we know the username is the CN/displayName, we already set the uid*/ - // FIXME old skool crap , fix this - if (lookup_based_on_username == 0) { - *uid = derive_uid_from_ldap(ldserver, search_result); - } + *uid = derive_uid_from_ldap(ldserver, search_result); } /* free the results */ @@ -309,7 +305,6 @@ int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v) { int changed_something = 0; LDAP *ldserver = NULL; - int i; struct timeval tv; LDAPMessage *search_result = NULL; LDAPMessage *entry = NULL; @@ -340,24 +335,8 @@ int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v) if (!ldap_dn) return(0); if (!v) return(0); - if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { - return(0); - } - - ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); - ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); - - striplt(CtdlGetConfigStr("c_ldap_bind_dn")); - striplt(CtdlGetConfigStr("c_ldap_bind_pw")); - syslog(LOG_DEBUG, "ldap: bind DN: %s", CtdlGetConfigStr("c_ldap_bind_dn")); - i = ldap_simple_bind_s(ldserver, - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_dn")) ? CtdlGetConfigStr("c_ldap_bind_dn") : NULL), - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_pw")) ? CtdlGetConfigStr("c_ldap_bind_pw") : NULL) - ); - if (i != LDAP_SUCCESS) { - syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); - return(0); - } + ldserver = ctdl_ldap_bind(); + if (!ldserver) return(-1); tv.tv_sec = 10; tv.tv_usec = 0; @@ -475,7 +454,6 @@ int Ctdl_LDAP_to_vCard(char *ldap_dn, struct vCard *v) int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) { LDAP *ldserver = NULL; - int i; struct timeval tv; LDAPMessage *search_result = NULL; LDAPMessage *entry = NULL; @@ -485,24 +463,8 @@ int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) if (!ldap_dn) return(1); if (!emailaddrs) return(1); - if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { - return(2); - } - - ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); - ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); - - striplt(CtdlGetConfigStr("c_ldap_bind_dn")); - striplt(CtdlGetConfigStr("c_ldap_bind_pw")); - syslog(LOG_DEBUG, "ldap: bind DN: %s", CtdlGetConfigStr("c_ldap_bind_dn")); - i = ldap_simple_bind_s(ldserver, - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_dn")) ? CtdlGetConfigStr("c_ldap_bind_dn") : NULL), - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_pw")) ? CtdlGetConfigStr("c_ldap_bind_pw") : NULL) - ); - if (i != LDAP_SUCCESS) { - syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); - return(3); - } + ldserver = ctdl_ldap_bind(); + if (!ldserver) return(-1); tv.tv_sec = 10; tv.tv_usec = 0; @@ -538,13 +500,12 @@ int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) entry = ldap_first_entry(ldserver, search_result); if (entry) { syslog(LOG_DEBUG, "ldap: search got user details"); - mail=ldap_get_values(ldserver, search_result, "mail"); + mail = ldap_get_values(ldserver, search_result, "mail"); if (mail) { int q; for (q=0; q 512) { syslog(LOG_ERR, "ldap: can't fit all email addresses into user record"); } @@ -574,7 +535,6 @@ int extract_email_addresses_from_ldap(char *ldap_dn, char *emailaddrs) void CtdlSynchronizeUsersFromLDAP(void) { LDAP *ldserver = NULL; - int i; LDAPMessage *search_result = NULL; LDAPMessage *entry = NULL; char *user_dn = NULL; @@ -587,24 +547,8 @@ void CtdlSynchronizeUsersFromLDAP(void) syslog(LOG_INFO, "ldap: synchronizing Citadel user database from LDAP"); - if (ctdl_ldap_initialize(&ldserver) != LDAP_SUCCESS) { - return; - } - - ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); - ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); - - striplt(CtdlGetConfigStr("c_ldap_bind_dn")); - striplt(CtdlGetConfigStr("c_ldap_bind_pw")); - syslog(LOG_DEBUG, "ldap: bind DN: %s", CtdlGetConfigStr("c_ldap_bind_dn")); - i = ldap_simple_bind_s(ldserver, - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_dn")) ? CtdlGetConfigStr("c_ldap_bind_dn") : NULL), - (!IsEmptyStr(CtdlGetConfigStr("c_ldap_bind_pw")) ? CtdlGetConfigStr("c_ldap_bind_pw") : NULL) - ); - if (i != LDAP_SUCCESS) { - syslog(LOG_ERR, "ldap: Cannot bind: %s (%d)", ldap_err2string(i), i); - return; - } + ldserver = ctdl_ldap_bind(); + if (!ldserver) return; tv.tv_sec = 10; tv.tv_usec = 0; @@ -656,6 +600,16 @@ void CtdlSynchronizeUsersFromLDAP(void) syslog(LOG_DEBUG, "\033[33mldap: display name: <%s> , uid = <%d>\033[0m", fullname, uid); // FIXME now create or update the user + int i; + struct ctdluser usbuf; + + i = getuserbyuid(&usbuf, uid); + if (i == 0) { + syslog(LOG_DEBUG, "\033[32m...and that user EXISTZ0RS!!!\033[0m"); + } + else { + syslog(LOG_DEBUG, "\033[31m...and that user D0EZ N0T EXISTZ0R!!\033[0m"); + } }