make ldap auth minimally working again and disable auth caching, because it is currently broken

Sun, 12 Mar 2023 20:27:29 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 12 Mar 2023 20:27:29 +0100
changeset 468
73e80eb953f5
parent 467
4d038bc6f86e
child 469
9a36a6b52e4c

make ldap auth minimally working again and disable auth caching, because it is currently broken

src/server/daemon/ldap_auth.c file | annotate | diff | comparison | revisions
--- a/src/server/daemon/ldap_auth.c	Sun Mar 12 20:02:04 2023 +0100
+++ b/src/server/daemon/ldap_auth.c	Sun Mar 12 20:27:29 2023 +0100
@@ -101,7 +101,7 @@
         return NULL;
     }
     authdb->authdb.get_user = ldap_get_user;
-    authdb->authdb.use_cache = 1;
+    authdb->authdb.use_cache = 0; // TODO: enable caching when cache actually works
     
     // initialize default ldap config
     cxstring dirtype = serverconfig_object_directive_value(node, cx_str("DirectoryType"));
@@ -133,6 +133,13 @@
         authdb->config.resource = resource.ptr;
     }
     
+    if(!basedn.ptr) {
+        log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name);
+        return NULL;
+    }
+    authdb->config.basedn = basedn.ptr;
+    
+    
     // initialize group cache
     authdb->groups.first = NULL;
     authdb->groups.last = NULL;
@@ -140,6 +147,8 @@
     if(!authdb->groups.map) {
         return NULL;
     }
+    
+    log_ereport(LOG_INFORM, "create authdb name=%s type=ldap resource=%s", name, resource.ptr);
 
     return (AuthDB*) authdb;
 }
@@ -180,8 +189,7 @@
     // TODO: use config for filter
     // TODO: use asprintf
     char filter[128];
-    int s = snprintf(filter, 127, "uid=%s", username);
-    filter[s] = 0;
+    snprintf(filter, 128, "(uid=%s)", username);
 
     LDAPMessage *result;
     struct timeval timeout;
@@ -200,9 +208,9 @@
             1,           // size limit
             &result);
     if (r != LDAP_SUCCESS) {
-        ws_ldap_close(ld);
+        //ws_ldap_close(ld);
         
-        fprintf(stderr, "ldap_search_ext_s failed\n");
+        log_ereport(LOG_FAILURE, "ldap_get_user: search failed: %s", ldap_err2string(r));
         return NULL;
     }
 
@@ -231,7 +239,7 @@
         }
     }
 
-    ws_ldap_close(ld);
+    //ws_ldap_close(ld);
     return NULL;
 }
 
@@ -270,7 +278,7 @@
             1,           // size limit
             &result);
     if (r != LDAP_SUCCESS) {
-        ws_ldap_close(ld);
+        //ws_ldap_close(ld);
         
         fprintf(stderr, "ldap_search_ext_s failed\n");
         return NULL;
@@ -322,7 +330,7 @@
         }
     }
     
-    ws_ldap_close(ld);
+    //ws_ldap_close(ld);
     return wsgroup;
 }
 
@@ -374,6 +382,6 @@
     LDAPUser *user = (LDAPUser*)u;
     ldap_memfree(user->userdn);
     // TODO: use connection pool
-    ws_ldap_close(user->ldap);
+    //ws_ldap_close(user->ldap);
     free(user);
 }

mercurial