> Hi friends, > > I have made the necessary changes in auth_ldap_bind plugin. The plugin > will now bind to a ldap directory that does not allow anonymous bind using > a binddn and password, if it is provided. It will first check if a binddn > and password is provided in the "ldap" config file. If it is then it will > bind to the ldap directory using it and then search for the user who is > logged in and then rebind using that user. If binddn is not provided then > it assumes that anonymous binding is allowed and searches the ldap > directory for the user and then binds using that user to check the > credentials of the user who is logged in. > > Please review the patch and tell me how I can improve it.
Well I was just looking into rcpt_ldap plugin and it seems that it takes the bind user and password from 'ldap' config file and in its code it looks for 'ldap_password' configuration item in the config file. Hence I have changed my code to do the same and I am attaching the new patch with mail. Please ignore the previous patch. Waiting for the reviews. -- Regards, Vignesh. http://www.deeproot.in Ph: +91 (80) 4089 0000
43c43,45 < my ($ldhost, $ldport, $ldwait, $ldbase, $ldmattr, $lduserdn, $ldh, $mesg); --- > my ( $ldhost, $ldport, $ldwait, $ldbase, $ldbinduser, $ldbindpass, > $ldmattr, $lduserdn, $ldh, $mesg ); > > 48a51,52 > $ldbinduser = $self->{"ldconf"}->{"ldap_user"}; > $ldbindpass = $self->{"ldconf"}->{"ldap_password"}; 63a68,77 > > # Check if a ldap_user is provided in config. If yes, then bind with that > username and password > > if ( defined($ldbinduser) ) { > if ( not defined($ldbindpass) ) { > $self->log(LOGALERT, "authldap/$method - ldap_pass is not initialized" > ); > return ( DECLINED, "authldap/$method - temporary auth error" ); > } > > $mesg = $ldh->bind($ldbinduser, password=>$ldbindpass, timeout=>$ldwait); 64a79,88 > # report errors, if any > if ( $mesg->code ) { > $self->log(LOGALERT, "authldap/$method - error in user bind" ); > return ( DECLINED, "authldap/$method - wrong username or password" ); > } else { > $self->log( LOGINFO, "authldap/$method - $user bind success" ); > $self->log( LOGDEBUG, "authldap/$method - user: $ldbinduser, pass: > $ldbindpass" ); > } > } > 75a100 > 104d128 < 146a171,173 > If the Directory server does not allow anonymous bind, then you need to > provide > 'ldap_user' and 'ldap_password' to bind to the server. > 173,174d199 < A configurable bind DN, for Directories that do not allow anonymous bind. <