#define REV_LEVEL 760 /* This version */
#define REV_MIN 591 /* Oldest compatible database */
#define EXPORT_REV_MIN 760 /* Oldest compatible export files */
-#define LIBCITADEL_MIN 744 /* Minimum required version of libcitadel */
+#define LIBCITADEL_MIN 760 /* Minimum required version of libcitadel */
#define SERVER_TYPE 0 /* zero for stock Citadel; other developers please
obtain SERVER_TYPE codes for your implementations */
*/
#define AUTHMODE_NATIVE 0 /* Native (self-contained or "black box") */
#define AUTHMODE_HOST 1 /* Authenticate against the host OS user database */
-#define AUTHMODE_LDAP 2 /* Authenticate against an LDAP server */
+#define AUTHMODE_LDAP 2 /* Authenticate against an LDAP server with RFC 2307 schema */
+#define AUTHMODE_LDAP_AD 3 /* Authenticate against non-standard MS Active Directory LDAP */
#ifdef __cplusplus
}
tv.tv_sec = 10;
tv.tv_usec = 0;
- sprintf(searchstring, SEARCH_STRING, username);
+ if (config.c_auth_mode == AUTHMODE_LDAP_AD) {
+ sprintf(searchstring, "(sAMAccountName=%s)", username);
+ }
+ else {
+ sprintf(searchstring, "(&(objectclass=posixAccount)(uid=%s))", username);
+ }
i = ldap_search_st(ldserver,
config.c_ldap_base_dn,
CtdlLogPrintf(CTDL_DEBUG, "dn = %s\n", user_dn);
}
- values = ldap_get_values(ldserver, search_result, "cn");
- if (values) {
- if (values[0]) {
- if (fullname) safestrncpy(fullname, values[0], fullname_size);
- CtdlLogPrintf(CTDL_DEBUG, "cn = %s\n", values[0]);
+ if (config.c_auth_mode == AUTHMODE_LDAP_AD) {
+ values = ldap_get_values(ldserver, search_result, "displayName");
+ if (values) {
+ if (values[0]) {
+ if (fullname) safestrncpy(fullname, values[0], fullname_size);
+ CtdlLogPrintf(CTDL_DEBUG, "displayName = %s\n", values[0]);
+ }
+ ldap_value_free(values);
}
- ldap_value_free(values);
}
-
- values = ldap_get_values(ldserver, search_result, "uidNumber");
- if (values) {
- if (values[0]) {
- CtdlLogPrintf(CTDL_DEBUG, "uidNumber = %s\n", values[0]);
- if (uid != NULL) {
- *uid = atoi(values[0]);
+ else {
+ values = ldap_get_values(ldserver, search_result, "cn");
+ if (values) {
+ if (values[0]) {
+ if (fullname) safestrncpy(fullname, values[0], fullname_size);
+ CtdlLogPrintf(CTDL_DEBUG, "cn = %s\n", values[0]);
}
+ ldap_value_free(values);
}
- ldap_value_free(values);
}
- values = ldap_get_values(ldserver, search_result, "objectGUID");
- if (values) {
- if (values[0]) {
- CtdlLogPrintf(CTDL_DEBUG, "objectGUID = (%d characers)\n", strlen(values[0]));
+ if (config.c_auth_mode == AUTHMODE_LDAP_AD) {
+ values = ldap_get_values(ldserver, search_result, "objectGUID");
+ if (values) {
+ if (values[0]) {
+ if (uid != NULL) {
+ *uid = abs(HashLittle(values[0], strlen(values[0])));
+ CtdlLogPrintf(CTDL_DEBUG, "uid hashed from objectGUID = %d\n", *uid);
+ }
+ }
+ ldap_value_free(values);
+ }
+ }
+ else {
+ values = ldap_get_values(ldserver, search_result, "uidNumber");
+ if (values) {
+ if (values[0]) {
+ CtdlLogPrintf(CTDL_DEBUG, "uidNumber = %s\n", values[0]);
+ if (uid != NULL) {
+ *uid = atoi(values[0]);
+ }
+ }
+ ldap_value_free(values);
}
- ldap_value_free(values);
}
}
"\n"
" 1. Authenticate users against the host system (unix or linux accounts)\n"
"\n"
-" 2. Authenticate users against an external LDAP directory\n"
+" 2. Authenticate users against an external LDAP directory (RFC 2307 compliant)\n"
+"\n"
+" 3. Authenticate users against nonstandard MS Active Directory LDAP\n"
"\n"
"WARNING: do *not* change this setting once your system is installed.\n"
"\n"
/* Go through a series of dialogs prompting for config info */
for (curr = 1; curr <= MAXSETUP; ++curr) {
edit_value(curr);
- if ((curr == 6) && (config.c_auth_mode != AUTHMODE_LDAP)) curr += 5; /* skip LDAP questions */
+ if ((curr == 6) && (config.c_auth_mode != AUTHMODE_LDAP) && (config.c_auth_mode != AUTHMODE_LDAP_AD)) {
+ curr += 5; /* skip LDAP questions if we're not authenticating against LDAP */
+ }
}
/***** begin version update section ***** */
}
#ifdef HAVE_LDAP
- else if (config.c_auth_mode == AUTHMODE_LDAP) {
+ else if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) {
/* LDAP auth mode */
}
#ifdef HAVE_LDAP
- else if (config.c_auth_mode == AUTHMODE_LDAP) {
+ else if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) {
/* LDAP auth mode */
}
#ifdef HAVE_LDAP
- if (config.c_auth_mode == AUTHMODE_LDAP) {
+ if ((config.c_auth_mode == AUTHMODE_LDAP) || (config.c_auth_mode == AUTHMODE_LDAP_AD)) {
if (CtdlTryUserLDAP(username, NULL, 0, username, sizeof username, &uid) != 0) {
return(ERROR + NO_SUCH_USER);
}