Sun, 12 Mar 2023 20:27:29 +0100
make ldap auth minimally working again and disable auth caching, because it is currently broken
src/server/daemon/ldap_auth.c | file | annotate | diff | comparison | revisions |
--- a/src/server/daemon/ldap_auth.c Sun Mar 12 20:02:04 2023 +0100 +++ b/src/server/daemon/ldap_auth.c Sun Mar 12 20:27:29 2023 +0100 @@ -101,7 +101,7 @@ return NULL; } authdb->authdb.get_user = ldap_get_user; - authdb->authdb.use_cache = 1; + authdb->authdb.use_cache = 0; // TODO: enable caching when cache actually works // initialize default ldap config cxstring dirtype = serverconfig_object_directive_value(node, cx_str("DirectoryType")); @@ -133,6 +133,13 @@ authdb->config.resource = resource.ptr; } + if(!basedn.ptr) { + log_ereport(LOG_FAILURE, "ldap authdb %s: basedn is required", name); + return NULL; + } + authdb->config.basedn = basedn.ptr; + + // initialize group cache authdb->groups.first = NULL; authdb->groups.last = NULL; @@ -140,6 +147,8 @@ if(!authdb->groups.map) { return NULL; } + + log_ereport(LOG_INFORM, "create authdb name=%s type=ldap resource=%s", name, resource.ptr); return (AuthDB*) authdb; } @@ -180,8 +189,7 @@ // TODO: use config for filter // TODO: use asprintf char filter[128]; - int s = snprintf(filter, 127, "uid=%s", username); - filter[s] = 0; + snprintf(filter, 128, "(uid=%s)", username); LDAPMessage *result; struct timeval timeout; @@ -200,9 +208,9 @@ 1, // size limit &result); if (r != LDAP_SUCCESS) { - ws_ldap_close(ld); + //ws_ldap_close(ld); - fprintf(stderr, "ldap_search_ext_s failed\n"); + log_ereport(LOG_FAILURE, "ldap_get_user: search failed: %s", ldap_err2string(r)); return NULL; } @@ -231,7 +239,7 @@ } } - ws_ldap_close(ld); + //ws_ldap_close(ld); return NULL; } @@ -270,7 +278,7 @@ 1, // size limit &result); if (r != LDAP_SUCCESS) { - ws_ldap_close(ld); + //ws_ldap_close(ld); fprintf(stderr, "ldap_search_ext_s failed\n"); return NULL; @@ -322,7 +330,7 @@ } } - ws_ldap_close(ld); + //ws_ldap_close(ld); return wsgroup; } @@ -374,6 +382,6 @@ LDAPUser *user = (LDAPUser*)u; ldap_memfree(user->userdn); // TODO: use connection pool - ws_ldap_close(user->ldap); + //ws_ldap_close(user->ldap); free(user); }