|
|
|
|
@ -50,7 +50,6 @@
|
|
|
|
|
#define LDAP_FILE "/etc/ldap/ldap.conf"
|
|
|
|
|
|
|
|
|
|
int requested_ldap_version = LDAP_VERSION3;
|
|
|
|
|
int requested_ldap_auth_method = LDAP_AUTH_SIMPLE; // Is this safe and secure over an untrusted connection?
|
|
|
|
|
char* ldap_user_and_operational_attributes[2] = {"*", "+"};
|
|
|
|
|
|
|
|
|
|
enum ErrorCauseLocation {
|
|
|
|
|
@ -114,6 +113,12 @@ TQString ldapLikelyErrorCause(int errcode, int location) {
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int sasl_bind_interact_callback(LDAP* ld, unsigned flags, void* defaults, void* sasl_interact) {
|
|
|
|
|
// FIXME
|
|
|
|
|
// This currently does nothing and hopes for the best!
|
|
|
|
|
return LDAP_SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int LDAPManager::bind(TQString* errstr) {
|
|
|
|
|
printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout);
|
|
|
|
|
if (m_ldap) {
|
|
|
|
|
@ -121,6 +126,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool using_ldapi = false;
|
|
|
|
|
bool using_gssapi = false;
|
|
|
|
|
if (m_host.startsWith("ldapi://")) {
|
|
|
|
|
using_ldapi = true;
|
|
|
|
|
}
|
|
|
|
|
@ -129,7 +135,7 @@ printf("[RAJA DEBUG 600.0] In LDAPManager::bind(%p)\n\r", errstr); fflush(stdout
|
|
|
|
|
havepass = true;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout);
|
|
|
|
|
printf("[RAJA DEBUG 660.1]\n\r"); fflush(stdout);
|
|
|
|
|
LDAPPasswordDialog passdlg(0);
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->setEnabled(false);
|
|
|
|
|
passdlg.m_base->ldapAdminRealm->insertItem(m_realm);
|
|
|
|
|
@ -143,6 +149,12 @@ printf("[RAJA DEBUG 660.1] using_ldapi: %d\n\r", using_ldapi); fflush(stdout);
|
|
|
|
|
m_creds->realm = passdlg.m_base->ldapAdminRealm->currentText();
|
|
|
|
|
m_creds->use_tls = passdlg.m_base->ldapUseTLS->isOn();
|
|
|
|
|
}
|
|
|
|
|
if (passdlg.use_gssapi) {
|
|
|
|
|
using_gssapi = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -191,7 +203,7 @@ printf("[RAJA DEBUG 660.0]\n\r"); fflush(stdout);
|
|
|
|
|
cred.bv_val = pass.data();
|
|
|
|
|
cred.bv_len = pass.length();
|
|
|
|
|
printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
|
|
|
|
|
if (!using_ldapi) {
|
|
|
|
|
if ((!using_ldapi && !using_gssapi)) {
|
|
|
|
|
if (!ldap_dn.contains(",")) {
|
|
|
|
|
// Look for a POSIX account with anonymous bind and the specified account name
|
|
|
|
|
TQString uri;
|
|
|
|
|
@ -255,7 +267,12 @@ printf("[RAJA DEBUG 660.2]\n\r"); fflush(stdout);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
|
|
|
|
|
if (using_gssapi) {
|
|
|
|
|
retcode = ldap_sasl_interactive_bind_s(m_ldap, "", "GSSAPI", NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_bind_interact_callback, NULL);
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
retcode = ldap_sasl_bind_s(m_ldap, ldap_dn.ascii(), mechanism, &cred, NULL, NULL, NULL);
|
|
|
|
|
}
|
|
|
|
|
printf("[RAJA DEBUG 600.2] ldap_dn: %s\n\r", ldap_dn.ascii()); fflush(stdout);
|
|
|
|
|
|
|
|
|
|
if (retcode != LDAP_SUCCESS ) {
|
|
|
|
|
|
Timothy Pearson
13 years ago