comparison: src/server/daemon/ldap_auth.h
src/server/daemon/ldap_auth.h
- changeset 467
- 4d038bc6f86e
- parent 415
- d938228c382e
- child 469
- 9a36a6b52e4c
equal
deleted
inserted
replaced
| 466:019c22775f7c | 467:4d038bc6f86e |
|---|---|
| 45 typedef struct ldap_user LDAPUser; | 45 typedef struct ldap_user LDAPUser; |
| 46 typedef struct ldap_group LDAPGroup; | 46 typedef struct ldap_group LDAPGroup; |
| 47 typedef struct ldap_member LDAPMember; | 47 typedef struct ldap_member LDAPMember; |
| 48 typedef struct ldap_group_cache LDAPGroupCache; | 48 typedef struct ldap_group_cache LDAPGroupCache; |
| 49 | 49 |
| 50 /* | |
| 51 | |
| 52 * | |
| 53 * WS_LDAP_GROUP_MEMBER_UID: the member attribute contains the user uid | |
| 54 * e.g. member attribute of posixGroup | |
| 55 * memberUid: user | |
| 56 */ | |
| 57 enum WSLdapGroupMemberType { | |
| 58 /* | |
| 59 * the member attribute contains the full user dn | |
| 60 * for example object class groupOfUniqueNames attribute uniqueMember | |
| 61 * uniqueMember: uid=user,ou=People,dc=example,dc=com | |
| 62 */ | |
| 63 WS_LDAP_GROUP_MEMBER_DN = 0, | |
| 64 | |
| 65 /* | |
| 66 * the member attribute contains the user uid | |
| 67 * for example object class posixGroup attribute memberUid | |
| 68 * memberUid: user | |
| 69 */ | |
| 70 WS_LDAP_GROUP_MEMBER_UID | |
| 71 }; | |
| 72 | |
| 50 struct ldap_config { | 73 struct ldap_config { |
| 51 char *hostname; | 74 /* |
| 52 int port; | 75 * ldap resource pool name |
| 53 int ssl; | 76 */ |
| 54 char *basedn; | 77 const char *resource; |
| 55 char *binddn; | 78 |
| 56 char *bindpw; | 79 /* |
| 57 char *usersearch; | 80 * ldap basedn |
| 58 char *groupsearch; | 81 */ |
| 82 const char *basedn; | |
| 83 | |
| 84 /* | |
| 85 * default bind dn for search operations | |
| 86 */ | |
| 87 const char *binddn; | |
| 88 | |
| 89 /* | |
| 90 * password for default binddn | |
| 91 */ | |
| 92 const char *bindpw; | |
| 93 | |
| 94 /* | |
| 95 * the ldap filter used to resolve user names to DN | |
| 96 * this can be specified in the config file directly or it will | |
| 97 * auto-generated later, so it must always be a non-empty string | |
| 98 */ | |
| 99 const char *userSearchFilter; | |
| 100 | |
| 101 /* | |
| 102 * array of user id attributes | |
| 103 */ | |
| 104 char *uidAttributes[10]; | |
| 105 | |
| 106 /* | |
| 107 * number of uid attributes | |
| 108 */ | |
| 109 size_t numUidAttributes; | |
| 110 | |
| 111 /* | |
| 112 * same as userSearchFilter, but for groups | |
| 113 */ | |
| 114 const char *groupSearchFilter; | |
| 115 | |
| 116 /* | |
| 117 * array of attributes that represent group members | |
| 118 */ | |
| 119 char *memberAttributes[10]; | |
| 120 | |
| 121 /* | |
| 122 * number of group member attributes | |
| 123 */ | |
| 124 size_t numMemberAttributes; | |
| 125 | |
| 126 /* | |
| 127 * value type of the group member attribute | |
| 128 */ | |
| 129 enum WSLdapGroupMemberType groupMemberType; | |
| 130 | |
| 131 /* | |
| 132 * enables/disables support for ldap groups | |
| 133 */ | |
| 134 WSBool enableGroups; | |
| 135 | |
| 136 /* | |
| 137 * use the full DN internally as user name | |
| 138 */ | |
| 139 WSBool userNameIsDN; | |
| 59 }; | 140 }; |
| 60 | 141 |
| 61 struct ldap_group_cache { | 142 struct ldap_group_cache { |
| 62 LDAPGroup *first; | 143 LDAPGroup *first; |
| 63 LDAPGroup *last; | 144 LDAPGroup *last; |
| 72 | 153 |
| 73 struct ldap_user { | 154 struct ldap_user { |
| 74 User user; | 155 User user; |
| 75 LDAPAuthDB *authdb; | 156 LDAPAuthDB *authdb; |
| 76 LDAP *ldap; | 157 LDAP *ldap; |
| 158 Session *sn; | |
| 159 Request *rq; | |
| 77 char *userdn; | 160 char *userdn; |
| 78 int uid; | 161 int uid; |
| 79 int gid; | 162 int gid; |
| 80 }; | 163 }; |
| 81 | 164 |
| 90 size_t nmembers; | 173 size_t nmembers; |
| 91 time_t update; | 174 time_t update; |
| 92 LDAPGroup *next; | 175 LDAPGroup *next; |
| 93 }; | 176 }; |
| 94 | 177 |
| 95 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, LDAPConfig *conf); | 178 /* |
| 96 | 179 * Creates an LDAP AuthDB |
| 97 LDAP* get_ldap_session(LDAPAuthDB *authdb); | 180 * |
| 98 | 181 * Config parameters (from ConfigNode *node): |
| 99 User* ldap_get_user(AuthDB *sb, const char *username); | 182 * Resource ldap resource pool name |
| 100 | 183 * Basedn ldap base dn |
| 101 LDAPGroup* ldap_get_group(LDAPAuthDB *authdb, const char *group); | 184 * Binddn binddn for search operations |
| 185 * Bindpw binddn password | |
| 186 * DirectoryType type of the directory service (ldap|ad) which acts as | |
| 187 * config preset for filter and attribute settings | |
| 188 * UserSearchFilter ldap search filter for user dn resolution | |
| 189 * UidAttributes comma separated list of attributes, that contain the uid | |
| 190 * GroupSearchFilter ldap search filter for group resolution | |
| 191 * MemberAttributes comma separated list of group member attributes | |
| 192 * MemberType member attribute type (dn|uid) | |
| 193 * EnableGroups enable or disable support for groups | |
| 194 * UserNameIsDn should the uid or the dn used internally as user name | |
| 195 * | |
| 196 * | |
| 197 * If no Resource parameter is specified, a resource pool is automatically | |
| 198 * created with the name _<authdbname>_ldap and all parameters from the | |
| 199 * ConfigNode are passed to resourcepool_new(). That means, all ldap | |
| 200 * resource pool parameters can also specified in the AuthDB object. | |
| 201 */ | |
| 202 AuthDB* create_ldap_authdb(ServerConfiguration *cfg, const char *name, ConfigNode *node); | |
| 203 | |
| 204 LDAP* get_ldap_session(Session *sn, Request *rq, LDAPAuthDB *authdb); | |
| 205 | |
| 206 User* ldap_get_user(AuthDB *sb, Session *sn, Request *rq, const char *username); | |
| 207 | |
| 208 LDAPGroup* ldap_get_group(Session *sn, Request *rq, LDAPAuthDB *authdb, const char *group); | |
| 102 | 209 |
| 103 int ldap_user_verify_password(User *user, const char *password); | 210 int ldap_user_verify_password(User *user, const char *password); |
| 104 int ldap_user_check_group(User *user, const char *group); | 211 int ldap_user_check_group(User *user, const char *group); |
| 105 void ldap_user_free(User *user); | 212 void ldap_user_free(User *user); |
| 106 | 213 |
