Re: ldap plugin to authenticate users for directories that do not allow anonymous bind.

Thu, 29 Oct 2009 14:37:34 -0700 

> Hi friends,
>
> I have made the necessary changes in auth_ldap_bind plugin. The plugin
> will now bind to a ldap directory that does not allow anonymous bind using
> a binddn and password, if it is provided. It will first check if a binddn
> and password is provided in the "ldap" config file. If it is then it will
> bind to the ldap directory using it and then search for the user who is
> logged in and then rebind using that user. If binddn is not provided then
> it assumes that anonymous binding is allowed and searches the ldap
> directory for the user and then binds using that user to check the
> credentials of the user who is logged in.
>
> Please review the patch and tell me how I can improve it.

Well I was just looking into rcpt_ldap plugin and it seems that it takes
the bind user and password from 'ldap' config file and in its code it
looks for 'ldap_password' configuration item in the config file. Hence I
have changed my code to do the same and I am attaching the new patch with
mail. Please ignore the previous patch.

Waiting for the reviews.


-- 
Regards, Vignesh.
http://www.deeproot.in
Ph: +91 (80) 4089 0000



43c43,45
<   my ($ldhost, $ldport, $ldwait, $ldbase, $ldmattr, $lduserdn, $ldh, $mesg);
---
>   my ( $ldhost, $ldport, $ldwait, $ldbase, $ldbinduser, $ldbindpass, 
> $ldmattr, $lduserdn, $ldh, $mesg );
> 
> 
48a51,52
>   $ldbinduser = $self->{"ldconf"}->{"ldap_user"};
>   $ldbindpass = $self->{"ldconf"}->{"ldap_password"};
63a68,77
>  
>   # Check if a ldap_user is provided in config. If yes, then bind with that 
> username and password
>   
>   if ( defined($ldbinduser) ) {
>     if ( not defined($ldbindpass) ) {
>       $self->log(LOGALERT, "authldap/$method - ldap_pass is not initialized" 
> );
>       return ( DECLINED, "authldap/$method - temporary auth error" );
>     }
>     
>     $mesg = $ldh->bind($ldbinduser, password=>$ldbindpass, timeout=>$ldwait);
64a79,88
>     # report errors, if any
>     if ( $mesg->code ) {
>       $self->log(LOGALERT, "authldap/$method - error in user bind" );
>       return ( DECLINED, "authldap/$method - wrong username or password" );
>     } else {
>       $self->log( LOGINFO, "authldap/$method - $user bind success" );
>       $self->log( LOGDEBUG, "authldap/$method - user: $ldbinduser, pass: 
> $ldbindpass" );
>     }
>   } 
>   
75a100
> 
104d128
< 
146a171,173
> If the Directory server does not allow anonymous bind, then you need to 
> provide 
> 'ldap_user' and 'ldap_password' to bind to the server.
> 
173,174d199
< A configurable bind DN, for Directories that do not allow anonymous bind.
<

Reply via email to