45 typedef struct ldap_user LDAPUser; |
45 typedef struct ldap_user LDAPUser; |
46 typedef struct ldap_group LDAPGroup; |
46 typedef struct ldap_group LDAPGroup; |
47 typedef struct ldap_member LDAPMember; |
47 typedef struct ldap_member LDAPMember; |
48 typedef struct ldap_group_cache LDAPGroupCache; |
48 typedef struct ldap_group_cache LDAPGroupCache; |
49 |
49 |
|
50 /* |
|
51 |
|
52 * |
|
53 * WS_LDAP_GROUP_MEMBER_UID: the member attribute contains the user uid |
|
54 * e.g. member attribute of posixGroup |
|
55 * memberUid: user |
|
56 */ |
|
57 enum WSLdapGroupMemberType { |
|
58 /* |
|
59 * the member attribute contains the full user dn |
|
60 * for example object class groupOfUniqueNames attribute uniqueMember |
|
61 * uniqueMember: uid=user,ou=People,dc=example,dc=com |
|
62 */ |
|
63 WS_LDAP_GROUP_MEMBER_DN = 0, |
|
64 |
|
65 /* |
|
66 * the member attribute contains the user uid |
|
67 * for example object class posixGroup attribute memberUid |
|
68 * memberUid: user |
|
69 */ |
|
70 WS_LDAP_GROUP_MEMBER_UID |
|
71 }; |
|
72 |
50 struct ldap_config { |
73 struct ldap_config { |
51 char *hostname; |
74 /* |
52 int port; |
75 * ldap resource pool name |
53 int ssl; |
76 */ |
54 char *basedn; |
77 const char *resource; |
55 char *binddn; |
78 |
56 char *bindpw; |
79 /* |
57 char *usersearch; |
80 * ldap basedn |
58 char *groupsearch; |
81 */ |
|
82 const char *basedn; |
|
83 |
|
84 /* |
|
85 * default bind dn for search operations |
|
86 */ |
|
87 const char *binddn; |
|
88 |
|
89 /* |
|
90 * password for default binddn |
|
91 */ |
|
92 const char *bindpw; |
|
93 |
|
94 /* |
|
95 * the ldap filter used to resolve user names to DN |
|
96 * this can be specified in the config file directly or it will |
|
97 * auto-generated later, so it must always be a non-empty string |
|
98 */ |
|
99 const char *userSearchFilter; |
|
100 |
|
101 /* |
|
102 * array of user id attributes |
|
103 */ |
|
104 char *uidAttributes[10]; |
|
105 |
|
106 /* |
|
107 * number of uid attributes |
|
108 */ |
|
109 size_t numUidAttributes; |
|
110 |
|
111 /* |
|
112 * same as userSearchFilter, but for groups |
|
113 */ |
|
114 const char *groupSearchFilter; |
|
115 |
|
116 /* |
|
117 * array of attributes that represent group members |
|
118 */ |
|
119 char *memberAttributes[10]; |
|
120 |
|
121 /* |
|
122 * number of group member attributes |
|
123 */ |
|
124 size_t numMemberAttributes; |
|
125 |
|
126 /* |
|
127 * value type of the group member attribute |
|
128 */ |
|
129 enum WSLdapGroupMemberType groupMemberType; |
|
130 |
|
131 /* |
|
132 * enables/disables support for ldap groups |
|
133 */ |
|
134 WSBool enableGroups; |
|
135 |
|
136 /* |
|
137 * use the full DN internally as user name |
|
138 */ |
|
139 WSBool userNameIsDN; |
59 }; |
140 }; |
60 |
141 |
61 struct ldap_group_cache { |
142 struct ldap_group_cache { |
62 LDAPGroup *first; |
143 LDAPGroup *first; |
63 LDAPGroup *last; |
144 LDAPGroup *last; |
90 size_t nmembers; |
173 size_t nmembers; |
91 time_t update; |
174 time_t update; |
92 LDAPGroup *next; |
175 LDAPGroup *next; |
93 }; |
176 }; |
94 |
177 |
95 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, LDAPConfig *conf); |
178 /* |
96 |
179 * Creates an LDAP AuthDB |
97 LDAP* get_ldap_session(LDAPAuthDB *authdb); |
180 * |
98 |
181 * Config parameters (from ConfigNode *node): |
99 User* ldap_get_user(AuthDB *sb, const char *username); |
182 * Resource ldap resource pool name |
100 |
183 * Basedn ldap base dn |
101 LDAPGroup* ldap_get_group(LDAPAuthDB *authdb, const char *group); |
184 * Binddn binddn for search operations |
|
185 * Bindpw binddn password |
|
186 * DirectoryType type of the directory service (ldap|ad) which acts as |
|
187 * config preset for filter and attribute settings |
|
188 * UserSearchFilter ldap search filter for user dn resolution |
|
189 * UidAttributes comma separated list of attributes, that contain the uid |
|
190 * GroupSearchFilter ldap search filter for group resolution |
|
191 * MemberAttributes comma separated list of group member attributes |
|
192 * MemberType member attribute type (dn|uid) |
|
193 * EnableGroups enable or disable support for groups |
|
194 * UserNameIsDn should the uid or the dn used internally as user name |
|
195 * |
|
196 * |
|
197 * If no Resource parameter is specified, a resource pool is automatically |
|
198 * created with the name _<authdbname>_ldap and all parameters from the |
|
199 * ConfigNode are passed to resourcepool_new(). That means, all ldap |
|
200 * resource pool parameters can also specified in the AuthDB object. |
|
201 */ |
|
202 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node); |
|
203 |
|
204 LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb); |
|
205 |
|
206 User* ldap_get_user(AuthDB *sb, Session *sn, Request *rq, const char *username); |
|
207 |
|
208 LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group); |
102 |
209 |
103 int ldap_user_verify_password(User *user, const char *password); |
210 int ldap_user_verify_password(User *user, const char *password); |
104 int ldap_user_check_group(User *user, const char *group); |
211 int ldap_user_check_group(User *user, const char *group); |
105 void ldap_user_free(User *user); |
212 void ldap_user_free(User *user); |
106 |
213 |