diff -r 9b20b8f3582b -r 72848970541a src/server/daemon/ldap_resource.c --- a/src/server/daemon/ldap_resource.c Sat Mar 11 11:56:55 2023 +0100 +++ b/src/server/daemon/ldap_resource.c Sat Mar 11 12:37:48 2023 +0100 @@ -120,6 +120,9 @@ char *ldap_uri = pblock_findval("Uri", pb); char *host = pblock_findval("Host", pb); char *port = pblock_findval("Port", pb); + char *binddn = pblock_findval("Binddn", pb); + char *bindpw = pblock_findval("Bindpw", pb); + char *bind = pblock_findval("Bind", pb); if(!ldap_uri || !host) { log_ereport(LOG_MISCONFIG, "Resource pool %s: No host or ldap uri specified", rpname); @@ -155,6 +158,9 @@ ldap_pool->ldap_uri = ldap_uri; ldap_pool->host = host; ldap_pool->port = (int)port_i; + ldap_pool->binddn = binddn; + ldap_pool->bindpw = bindpw; + ldap_pool->bind = util_getboolean(bind, ldap_pool->binddn != NULL); return ldap_pool; } @@ -180,6 +186,15 @@ return NULL; } + if(respool->bind) { + struct berval *server_cred; + if(ldap_resource_bind(respool, ldap, &server_cred) != LDAP_SUCCESS) { + log_ereport(LOG_FAILURE, "Resource pool %s: bind failed", respool->name); + ws_ldap_close(ldap); + return NULL; + } + } + LDAPResource *res = pool_malloc(respool->pool, sizeof(LDAPResource)); if(!res) { ws_ldap_close(ldap); @@ -187,6 +202,7 @@ return NULL; } res->ldap = ldap; + res->res_pool = respool; return res; } @@ -211,3 +227,22 @@ void * ldap_resourcepool_getresourcedata(LDAPResource *res) { return res->ldap; } + + +int ldap_resource_bind(LDAPResourcePool *respool, LDAP *ldap, struct berval **server_cred) { + if(!respool->binddn) { + return -1; + } + + struct berval cred; + cred.bv_val = respool->bindpw; + cred.bv_len = strlen(cred.bv_val); + return ldap_sasl_bind_s( + ldap, + respool->binddn, + LDAP_SASL_SIMPLE, + &cred, + NULL, + NULL, + server_cred); +}