Mercurial > hg > webserver / changeset

changeset

add bind parameters to ldap resource pool

Sat, 11 Mar 2023 12:37:48 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sat, 11 Mar 2023 12:37:48 +0100
changeset 462
72848970541a
parent 461
9b20b8f3582b
child 463
4fd523fff13b

add bind parameters to ldap resource pool

src/server/daemon/ldap_resource.c file | annotate | diff | comparison | revisions
src/server/daemon/ldap_resource.h file | annotate | diff | comparison | revisions 
--- a/src/server/daemon/ldap_resource.c	Sat Mar 11 11:56:55 2023 +0100
+++ b/src/server/daemon/ldap_resource.c	Sat Mar 11 12:37:48 2023 +0100
@@ -120,6 +120,9 @@
     char *ldap_uri = pblock_findval("Uri", pb);
     char *host = pblock_findval("Host", pb);
     char *port = pblock_findval("Port", pb);
+    char *binddn = pblock_findval("Binddn", pb);
+    char *bindpw = pblock_findval("Bindpw", pb);
+    char *bind = pblock_findval("Bind", pb);
     
     if(!ldap_uri || !host) {
         log_ereport(LOG_MISCONFIG, "Resource pool %s: No host or ldap uri specified", rpname);
@@ -155,6 +158,9 @@
     ldap_pool->ldap_uri = ldap_uri;
     ldap_pool->host = host;
     ldap_pool->port = (int)port_i;
+    ldap_pool->binddn = binddn;
+    ldap_pool->bindpw = bindpw;
+    ldap_pool->bind = util_getboolean(bind, ldap_pool->binddn != NULL);
     
     return ldap_pool;
 }
@@ -180,6 +186,15 @@
         return NULL;
     }
     
+    if(respool->bind) {
+        struct berval *server_cred;
+        if(ldap_resource_bind(respool, ldap, &server_cred) != LDAP_SUCCESS) {
+            log_ereport(LOG_FAILURE, "Resource pool %s: bind failed", respool->name);
+            ws_ldap_close(ldap);
+            return NULL;
+        }
+    }
+    
     LDAPResource *res = pool_malloc(respool->pool, sizeof(LDAPResource));
     if(!res) {
         ws_ldap_close(ldap);
@@ -187,6 +202,7 @@
         return NULL;
     }
     res->ldap = ldap;
+    res->res_pool = respool;
     
     return res;
 }
@@ -211,3 +227,22 @@
 void * ldap_resourcepool_getresourcedata(LDAPResource *res) {
     return res->ldap;
 }
+
+
+int ldap_resource_bind(LDAPResourcePool *respool, LDAP *ldap, struct berval **server_cred) {
+    if(!respool->binddn) {
+        return -1;
+    }
+    
+    struct berval cred;
+    cred.bv_val = respool->bindpw;
+    cred.bv_len = strlen(cred.bv_val);
+    return ldap_sasl_bind_s(
+            ldap,
+            respool->binddn,
+            LDAP_SASL_SIMPLE,
+            &cred,
+            NULL,
+            NULL,
+            server_cred);
+}
--- a/src/server/daemon/ldap_resource.h	Sat Mar 11 11:56:55 2023 +0100
+++ b/src/server/daemon/ldap_resource.h	Sat Mar 11 12:37:48 2023 +0100
@@ -77,11 +77,27 @@
      */
     int port;
     
+    /*
+     * admin binddn
+     */
+    char *binddn;
+    
+    /*
+     * admin bindpw
+     */
+    char *bindpw;
+    
+    /*
+     * bind every LDAP session to binddn
+     */
+    WSBool bind;
+    
     
 } LDAPResourcePool;
 
 typedef struct LDAPResource {
     LDAP *ldap;
+    LDAPResourcePool *res_pool;
 } LDAPResource;
 
 ResourceType* ldap_get_resource_type(void);
@@ -110,6 +126,9 @@
 void * ldap_resourcepool_getresourcedata(LDAPResource *res);
 
 
+int ldap_resource_bind(LDAPResourcePool *respool, LDAP *ldap, struct berval **server_cred);
+
+
 
 #ifdef __cplusplus
 }

Mercurial Repository: webserver

mercurial