X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fldap.c;h=385498443839cc8c4d3754652da535bbdad03f59;hb=aa7365c86de8e26e796d3aa3fd605c85d8c26220;hp=75bbb976a5fe17d85021700c76ddb190afff23ea;hpb=56d69e5d8434e98835a2582c59b771ba69475431;p=citadel.git diff --git a/citadel/ldap.c b/citadel/ldap.c index 75bbb976a..385498443 100644 --- a/citadel/ldap.c +++ b/citadel/ldap.c @@ -2,21 +2,15 @@ * These functions implement the portions of AUTHMODE_LDAP and AUTHMODE_LDAP_AD which * actually speak to the LDAP server. * - * Copyright (c) 2010 by Art Cancro and the citadel.org development team. + * Copyright (c) 2011 by Art Cancro and the citadel.org development team. * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. + * This program is open source software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License, version 3. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ int ctdl_require_ldap_version = 3; @@ -91,7 +85,7 @@ int CtdlTryUserLDAP(char *username, ldserver = ldap_init(config.c_ldap_host, config.c_ldap_port); if (ldserver == NULL) { - CtdlLogPrintf(CTDL_ALERT, "LDAP: Could not connect to %s:%d : %s\n", + syslog(LOG_ALERT, "LDAP: Could not connect to %s:%d : %s\n", config.c_ldap_host, config.c_ldap_port, strerror(errno) ); @@ -99,16 +93,17 @@ int CtdlTryUserLDAP(char *username, } ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); + ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); striplt(config.c_ldap_bind_dn); striplt(config.c_ldap_bind_pw); - CtdlLogPrintf(CTDL_DEBUG, "LDAP bind DN: %s\n", config.c_ldap_bind_dn); + syslog(LOG_DEBUG, "LDAP bind DN: %s\n", config.c_ldap_bind_dn); i = ldap_simple_bind_s(ldserver, (!IsEmptyStr(config.c_ldap_bind_dn) ? config.c_ldap_bind_dn : NULL), (!IsEmptyStr(config.c_ldap_bind_pw) ? config.c_ldap_bind_pw : NULL) ); if (i != LDAP_SUCCESS) { - CtdlLogPrintf(CTDL_ALERT, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i); + syslog(LOG_ALERT, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i); return(i); } @@ -122,8 +117,9 @@ int CtdlTryUserLDAP(char *username, sprintf(searchstring, "(&(objectclass=posixAccount)(uid=%s))", username); } - CtdlLogPrintf(CTDL_DEBUG, "LDAP search: %s\n", searchstring); - i = ldap_search_ext_s(ldserver, /* ld */ + syslog(LOG_DEBUG, "LDAP search: %s\n", searchstring); + (void) ldap_search_ext_s( + ldserver, /* ld */ config.c_ldap_base_dn, /* base */ LDAP_SCOPE_SUBTREE, /* scope */ searchstring, /* filter */ @@ -140,7 +136,7 @@ int CtdlTryUserLDAP(char *username, * the search succeeds. Instead, we check to see whether search_result is still NULL. */ if (search_result == NULL) { - CtdlLogPrintf(CTDL_DEBUG, "LDAP search: zero results were returned\n"); + syslog(LOG_DEBUG, "LDAP search: zero results were returned\n"); ldap_unbind(ldserver); return(2); } @@ -153,7 +149,7 @@ int CtdlTryUserLDAP(char *username, user_dn = ldap_get_dn(ldserver, entry); if (user_dn) { - CtdlLogPrintf(CTDL_DEBUG, "dn = %s\n", user_dn); + syslog(LOG_DEBUG, "dn = %s\n", user_dn); } if (config.c_auth_mode == AUTHMODE_LDAP_AD) { @@ -161,7 +157,7 @@ int CtdlTryUserLDAP(char *username, if (values) { if (values[0]) { if (fullname) safestrncpy(fullname, values[0], fullname_size); - CtdlLogPrintf(CTDL_DEBUG, "displayName = %s\n", values[0]); + syslog(LOG_DEBUG, "displayName = %s\n", values[0]); } ldap_value_free(values); } @@ -171,7 +167,7 @@ int CtdlTryUserLDAP(char *username, if (values) { if (values[0]) { if (fullname) safestrncpy(fullname, values[0], fullname_size); - CtdlLogPrintf(CTDL_DEBUG, "cn = %s\n", values[0]); + syslog(LOG_DEBUG, "cn = %s\n", values[0]); } ldap_value_free(values); } @@ -183,7 +179,7 @@ int CtdlTryUserLDAP(char *username, if (values[0]) { if (uid != NULL) { *uid = abs(HashLittle(values[0], strlen(values[0]))); - CtdlLogPrintf(CTDL_DEBUG, "uid hashed from objectGUID = %d\n", *uid); + syslog(LOG_DEBUG, "uid hashed from objectGUID = %d\n", *uid); } } ldap_value_free(values); @@ -193,7 +189,7 @@ int CtdlTryUserLDAP(char *username, values = ldap_get_values(ldserver, search_result, "uidNumber"); if (values) { if (values[0]) { - CtdlLogPrintf(CTDL_DEBUG, "uidNumber = %s\n", values[0]); + syslog(LOG_DEBUG, "uidNumber = %s\n", values[0]); if (uid != NULL) { *uid = atoi(values[0]); } @@ -211,7 +207,7 @@ int CtdlTryUserLDAP(char *username, ldap_unbind(ldserver); if (!user_dn) { - CtdlLogPrintf(CTDL_DEBUG, "No such user was found.\n"); + syslog(LOG_DEBUG, "No such user was found.\n"); return(4); } @@ -227,21 +223,22 @@ int CtdlTryPasswordLDAP(char *user_dn, const char *password) int i = (-1); if (IsEmptyStr(password)) { - CtdlLogPrintf(CTDL_DEBUG, "LDAP: empty passwords are not permitted\n"); + syslog(LOG_DEBUG, "LDAP: empty passwords are not permitted\n"); return(1); } - CtdlLogPrintf(CTDL_DEBUG, "LDAP: trying to bind as %s\n", user_dn); + syslog(LOG_DEBUG, "LDAP: trying to bind as %s\n", user_dn); ldserver = ldap_init(config.c_ldap_host, config.c_ldap_port); if (ldserver) { ldap_set_option(ldserver, LDAP_OPT_PROTOCOL_VERSION, &ctdl_require_ldap_version); i = ldap_simple_bind_s(ldserver, user_dn, password); if (i == LDAP_SUCCESS) { - CtdlLogPrintf(CTDL_DEBUG, "LDAP: bind succeeded\n"); + syslog(LOG_DEBUG, "LDAP: bind succeeded\n"); } else { - CtdlLogPrintf(CTDL_DEBUG, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i); + syslog(LOG_DEBUG, "LDAP: Cannot bind: %s (%d)\n", ldap_err2string(i), i); } + ldap_set_option(ldserver, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); ldap_unbind(ldserver); }