#define BIND_PW NULL /* put pw here for authenticated bind */
#define SEARCH_STRING "(&(objectclass=posixAccount)(uid=%s))"
-int CtdlTryUserLDAP(char *username, char *found_dn, int found_dn_size, char *fullname, int fullname_size);
+int CtdlTryUserLDAP(char *username, char *found_dn, int found_dn_size, char *fullname, int fullname_size, int *found_uid);
int CtdlTryPasswordLDAP(char *user_dn, char *password);
int ldap_version = 3;
-#ifdef HAVE_LDAP
#include "sysdep.h"
#include <errno.h>
#include "threads.h"
#include "citadel_ldap.h"
+#ifdef HAVE_LDAP
+
#define LDAP_DEPRECATED 1 /* Needed to suppress misleading warnings */
#include <ldap.h>
-int CtdlTryUserLDAP(char *username, char *found_dn, int found_dn_size, char *fullname, int fullname_size)
+int CtdlTryUserLDAP(char *username,
+ char *found_dn, int found_dn_size,
+ char *fullname, int fullname_size,
+ int *uid)
{
LDAP *ldserver = NULL;
int i;
if (values) {
if (values[0]) {
CtdlLogPrintf(CTDL_DEBUG, "uidNumber = %s\n", values[0]);
+ if (uid != NULL) {
+ *uid = atoi(values[0]);
+ }
}
ldap_value_free(values);
}
int CtdlTryPasswordLDAP(char *user_dn, char *password)
{
LDAP *ldserver = NULL;
- int i;
+ int i = (-1);
ldserver = ldap_init(CTDL_LDAP_HOST, CTDL_LDAP_PORT);
if (ldserver) {
ldap_unbind(ldserver);
}
- return((i == LDAP_SUCCESS) ? 0 : 1);
+ if (i == LDAP_SUCCESS) {
+ return(0);
+ }
+
+ return(1);
}
#ifdef HAVE_LDAP
else if (config.c_auth_mode == AUTHMODE_LDAP) {
+
+ /* LDAP auth mode */
+
+ int ldap_uid;
+ char ldap_cn[256];
+ char ldap_dn[256];
+
+ found_user = CtdlTryUserLDAP(username, ldap_dn, sizeof ldap_dn, ldap_cn, sizeof ldap_cn, &ldap_uid);
+ if (found_user != 0) {
+ return login_not_found;
+ }
+
+ found_user = getuserbyuid(&CC->user, ldap_uid);
+ if (found_user != 0) {
+ create_user(ldap_cn, 0);
+ found_user = getuserbyuid(&CC->user, ldap_uid);
+ }
+
+ if (found_user == 0) {
+ if (CC->ldap_dn != NULL) free(CC->ldap_dn);
+ CC->ldap_dn = strdup(ldap_dn);
+ }
- /* LDAP auth mode FIXME_LDAP */
}
#endif
#ifdef HAVE_LDAP
else if (config.c_auth_mode == AUTHMODE_LDAP) {
- /* LDAP auth mode FIXME_LDAP */
+ /* LDAP auth mode */
+
+ if ((CC->ldap_dn) && (!CtdlTryPasswordLDAP(CC->ldap_dn, password))) {
+ code = 0;
+ }
+ else {
+ code = (-1);
+ }
}
#endif