source: auth_ldap.c @ fa1bc1d

Last change on this file since fa1bc1d was 50bb490, checked in by Dennis Kaarsemaker <dennis@…>, at 2016-03-25T18:07:53Z

ldap authentication backend

We only support the openldap scheme for now, with users that are
posixAccounts. Moreover, as the plugin cannot be configured directly,
you must configure libldap correctly in /etc/openldap/ldap.conf

  • Property mode set to 100644
File size: 2.0 KB
RevLine 
[50bb490]1#define BITLBEE_CORE
2#define LDAP_DEPRECATED 1
3#include "bitlbee.h"
4#include <ldap.h>
5
6static storage_status_t ldap_check_pass(const char *nick, const char *password)
7{
8        LDAP *ldap;
9        LDAPMessage *msg, *entry;
10        char *dn = NULL;
11        char *filter;
12        char *attrs[1] = { NULL };
13        int ret, count;
14
15        if((ret = ldap_initialize(&ldap, NULL)) != LDAP_SUCCESS) {
16                log_message(LOGLVL_WARNING, "ldap_initialize failed: %s", ldap_err2string(ret));
17                return STORAGE_OTHER_ERROR;
18        }
19
20        /* First we do an anonymous bind to map uid=$nick to a DN*/
21        if((ret = ldap_simple_bind_s(ldap, NULL, NULL)) != LDAP_SUCCESS) {
22                ldap_unbind_s(ldap);
23                log_message(LOGLVL_WARNING, "Anonymous bind failed: %s", ldap_err2string(ret));
24                return STORAGE_OTHER_ERROR;
25        }
26
27
28        /* We search and process the result */
29        filter = g_strdup_printf("(uid=%s)", nick);
30        ret = ldap_search_ext_s(ldap, NULL, LDAP_SCOPE_SUBTREE, filter, attrs, 0, NULL, NULL, NULL, 1, &msg);
31        g_free(filter);
32
33        if(ret != LDAP_SUCCESS) {
34                ldap_unbind_s(ldap);
35                log_message(LOGLVL_WARNING, "uid search failed: %s", ldap_err2string(ret));
36                return STORAGE_OTHER_ERROR;
37        }
38
39        count = ldap_count_entries(ldap, msg);
40        if (count == -1) {
41                ldap_get_option(ldap, LDAP_OPT_ERROR_NUMBER, &ret);
42                ldap_msgfree(msg);
43                ldap_unbind_s(ldap);
44                log_message(LOGLVL_WARNING, "uid search failed: %s", ldap_err2string(ret));
45                return STORAGE_OTHER_ERROR;
46        }
47
48        if (!count) {
49                ldap_msgfree(msg);
50                ldap_unbind_s(ldap);
51                return STORAGE_NO_SUCH_USER;
52        }
53
54        entry = ldap_first_entry(ldap, msg);
55        dn = ldap_get_dn(ldap, entry);
56        ldap_msgfree(msg);
57
58        /* And now we bind as the user to authenticate */
59        ret = ldap_simple_bind_s(ldap, dn, password);
60        g_free(dn);
61        ldap_unbind_s(ldap);
62
63        switch (ret) {
64                case LDAP_SUCCESS:
65                        return STORAGE_OK;
66                case LDAP_INVALID_CREDENTIALS:
67                        return STORAGE_INVALID_PASSWORD;
68                default:
69                        log_message(LOGLVL_WARNING, "Authenticated bind failed: %s", ldap_err2string(ret));
70                        return STORAGE_OTHER_ERROR;
71        }
72}
73
74auth_backend_t auth_ldap = {
75        .name = "ldap",
76        .check_pass = ldap_check_pass,
77};
Note: See TracBrowser for help on using the repository browser.