18 #include <sys/types.h>
20 #ifdef HAVE_SYS_STAT_H
24 #if TIME_WITH_SYS_TIME
25 # include <sys/time.h>
29 # include <sys/time.h>
37 #include <libcitadel.h>
43 #include "sysdep_decls.h"
50 #include "citserver.h"
51 #include "citadel_dirs.h"
54 #include "citadel_ldap.h"
58 #define LDAP_DEPRECATED 1 /* Needed to suppress misleading warnings */
62 int CtdlTryUserLDAP(char *username,
63 char *found_dn, int found_dn_size,
64 char *fullname, int fullname_size,
67 LDAP *ldserver = NULL;
69 LDAPMessage *search_result = NULL;
70 LDAPMessage *entry = NULL;
71 char searchstring[1024];
76 if (fullname) safestrncpy(fullname, username, fullname_size);
78 ldserver = ldap_init(config.c_ldap_host, config.c_ldap_port);
79 if (ldserver == NULL) {
80 CtdlLogPrintf(CTDL_ALERT, "LDAP: Could not connect to %s:%d : %s\n",
81 config.c_ldap_host, config.c_ldap_port,
86 ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
88 striplt(config.c_ldap_bind_dn);
89 striplt(config.c_ldap_bind_pw);
90 i = ldap_simple_bind_s(ldserver,
91 (!IsEmptyStr(config.c_ldap_bind_dn) ? config.c_ldap_bind_dn : NULL),
92 (!IsEmptyStr(config.c_ldap_bind_pw) ? config.c_ldap_bind_pw : NULL)
94 if (i != LDAP_SUCCESS) {
95 CtdlLogPrintf(CTDL_ALERT, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i);
102 if (config.c_auth_mode == AUTHMODE_LDAP_AD) {
103 sprintf(searchstring, "(sAMAccountName=%s)", username);
106 sprintf(searchstring, "(&(objectclass=posixAccount)(uid=%s))", username);
109 i = ldap_search_st(ldserver,
110 config.c_ldap_base_dn,
113 NULL, // return all attributes
114 0, // attributes + values
118 if (i != LDAP_SUCCESS) {
119 CtdlLogPrintf(CTDL_DEBUG,
120 "Couldn't find what I was looking for: %s (%d)\n", ldap_err2string(i), i);
121 ldap_unbind(ldserver);
125 if (search_result == NULL) {
126 CtdlLogPrintf(CTDL_DEBUG, "No results were returned\n");
127 ldap_unbind(ldserver);
131 /* At this point we've got at least one result from our query. If there are multiple
132 * results, we still only look at the first one.
134 entry = ldap_first_entry(ldserver, search_result);
137 user_dn = ldap_get_dn(ldserver, entry);
139 CtdlLogPrintf(CTDL_DEBUG, "dn = %s\n", user_dn);
142 if (config.c_auth_mode == AUTHMODE_LDAP_AD) {
143 values = ldap_get_values(ldserver, search_result, "displayName");
146 if (fullname) safestrncpy(fullname, values[0], fullname_size);
147 CtdlLogPrintf(CTDL_DEBUG, "displayName = %s\n", values[0]);
149 ldap_value_free(values);
153 values = ldap_get_values(ldserver, search_result, "cn");
156 if (fullname) safestrncpy(fullname, values[0], fullname_size);
157 CtdlLogPrintf(CTDL_DEBUG, "cn = %s\n", values[0]);
159 ldap_value_free(values);
163 if (config.c_auth_mode == AUTHMODE_LDAP_AD) {
164 values = ldap_get_values(ldserver, search_result, "objectGUID");
168 *uid = abs(HashLittle(values[0], strlen(values[0])));
169 CtdlLogPrintf(CTDL_DEBUG, "uid hashed from objectGUID = %d\n", *uid);
172 ldap_value_free(values);
176 values = ldap_get_values(ldserver, search_result, "uidNumber");
179 CtdlLogPrintf(CTDL_DEBUG, "uidNumber = %s\n", values[0]);
181 *uid = atoi(values[0]);
184 ldap_value_free(values);
190 /* free the results */
191 ldap_msgfree(search_result);
193 /* unbind so we can go back in as the authenticating user */
194 ldap_unbind(ldserver);
197 CtdlLogPrintf(CTDL_DEBUG, "No such user was found.\n");
201 if (found_dn) safestrncpy(found_dn, user_dn, found_dn_size);
202 ldap_memfree(user_dn);
207 int CtdlTryPasswordLDAP(char *user_dn, char *password)
209 LDAP *ldserver = NULL;
212 ldserver = ldap_init(config.c_ldap_host, config.c_ldap_port);
214 ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
215 i = ldap_simple_bind_s(ldserver, user_dn, password);
216 if (i == LDAP_SUCCESS) {
217 CtdlLogPrintf(CTDL_DEBUG, "LDAP: bind succeeded\n");
220 CtdlLogPrintf(CTDL_DEBUG, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i);
222 ldap_unbind(ldserver);
225 if (i == LDAP_SUCCESS) {
235 #endif /* HAVE_LDAP */