Mon, 13 Mar 2023 20:53:46 +0100
load additional ldap authdb config
src/server/daemon/ldap_auth.c | file | annotate | diff | comparison | revisions | |
src/server/daemon/ldap_auth.h | file | annotate | diff | comparison | revisions |
--- a/src/server/daemon/ldap_auth.c Sun Mar 12 20:27:29 2023 +0100 +++ b/src/server/daemon/ldap_auth.c Mon Mar 13 20:53:46 2023 +0100 @@ -38,9 +38,19 @@ #include <cx/utils.h> #include <cx/hash_map.h> +#include "../util/util.h" + #include "ldap_auth.h" #include "ldap_resource.h" +static cxstring ws_ldap_default_uid_attr[] = { + CX_STR("uid") +}; + +static cxstring ws_ldap_default_member_attr[] = { + CX_STR("member"), + CX_STR("uniqueMember") +}; static LDAPConfig ws_ldap_default_config = { NULL, // resource @@ -48,43 +58,60 @@ NULL, // binddn NULL, // bindpw "(&(objectclass=inetorgperson)(!(cn=%s)(uid=%s)))", // userSearchFilter - {"uid"}, // uidAttributes + ws_ldap_default_uid_attr, // uidAttributes 1, // numUidAttributes "(&(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames))(cn=%s))", // groupSearchFilter - {"member", "uniqueMember"}, // memberAttributes + ws_ldap_default_member_attr, // memberAttributes 2, // numMemberAttributes WS_LDAP_GROUP_MEMBER_DN, // groupMemberType TRUE, // enableGroups FALSE // userNameIsDN }; -// TODO +// TODO: AD +static cxstring ws_ad_default_uid_attr[] = { + CX_STR("uid") +}; + +static cxstring ws_ad_default_member_attr[] = { + CX_STR("member"), + CX_STR("uniqueMember") +}; + static LDAPConfig ws_ldap_ad_config = { NULL, // resource NULL, // basedn NULL, // binddn NULL, // bindpw "(&(objectclass=inetorgperson)(!(cn=%s)(uid=%s)))", // userSearchFilter - {"uid"}, // uidAttributes + ws_ad_default_uid_attr, // uidAttributes 1, // numUidAttributes "", // groupSearchFilter - {"uniqueMember", "member"}, // memberAttributes + ws_ad_default_member_attr, // memberAttributes 2, // numMemberAttributes WS_LDAP_GROUP_MEMBER_DN, // groupMemberType TRUE, // enableGroups FALSE // userNameIsDN }; +static cxstring ws_posix_default_uid_attr[] = { + CX_STR("uid") +}; + +static cxstring ws_posix_default_member_attr[] = { + CX_STR("memberUid") +}; + static LDAPConfig ws_ldap_posix_config = { NULL, // resource NULL, // basedn NULL, // binddn NULL, // bindpw "(&(objectclass=posixAccount)(uid=%s))", // userSearchFilter - {"uid"}, // uidAttributes + ws_posix_default_uid_attr, // uidAttributes 1, // numUidAttributes "(&(objectclass=posixGroup)(cn=%s))", // groupSearchFilter - {"memberUid"}, // memberAttributes + ws_posix_default_member_attr, // memberAttributes 1, // numMemberAttributes WS_LDAP_GROUP_MEMBER_UID, // groupMemberType TRUE, // enableGroups @@ -124,8 +151,13 @@ cxstring basedn = serverconfig_object_directive_value(node, cx_str("Basedn")); cxstring binddn = serverconfig_object_directive_value(node, cx_str("Binddn")); cxstring bindpw = serverconfig_object_directive_value(node, cx_str("Bindpw")); - cxstring usersearchfilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter")); - // TODO ... + cxstring userSearchFilter = serverconfig_object_directive_value(node, cx_str("UserSearchFilter")); + cxstring uidAttributes = serverconfig_object_directive_value(node, cx_str("UidAttributes")); + cxstring groupSearchFilter = serverconfig_object_directive_value(node, cx_str("GroupSearchFilter")); + cxstring memberAttributes = serverconfig_object_directive_value(node, cx_str("MemberAttributes")); + cxstring memberType = serverconfig_object_directive_value(node, cx_str("MemberType")); + cxstring enableGroups = serverconfig_object_directive_value(node, cx_str("EnableGroups")); + cxstring userNameIsDn = serverconfig_object_directive_value(node, cx_str("UserNameIsDn")); if(!resource.ptr) { // TODO: create resource pool @@ -139,6 +171,56 @@ } authdb->config.basedn = basedn.ptr; + // optional config + if(binddn.ptr) { + if(!bindpw.ptr) { + log_ereport(LOG_FAILURE, "ldap authdb %s: binddn specified, but no bindpw", name); + return NULL; + } + + authdb->config.binddn = binddn.ptr; + authdb->config.bindpw = bindpw.ptr; + } + + if(userSearchFilter.ptr) { + authdb->config.userSearchFilter = userSearchFilter.ptr; + } + if(uidAttributes.ptr) { + authdb->config.numUidAttributes = cx_strsplit_a( + cfg->a, + uidAttributes, + cx_str(","), + 1024, + &authdb->config.uidAttributes); + } + if(groupSearchFilter.ptr) { + authdb->config.groupSearchFilter = groupSearchFilter.ptr; + } + if(memberAttributes.ptr) { + authdb->config.numMemberAttributes = cx_strsplit_a( + cfg->a, + memberAttributes, + cx_str(","), + 1024, + &authdb->config.memberAttributes); + } + if(memberType.ptr) { + if(!cx_strcmp(memberType, cx_str("dn"))) { + authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_DN; + } else if(cx_strcmp(memberType, cx_str("uid"))) { + authdb->config.groupMemberType = WS_LDAP_GROUP_MEMBER_UID; + } else { + log_ereport(LOG_FAILURE, "ldap authdb %s: unknown MemberType %s", name, memberType.ptr); + return NULL; + } + } + if(enableGroups.ptr) { + authdb->config.enableGroups = util_getboolean_s(enableGroups, FALSE); + } + if(userNameIsDn.ptr) { + authdb->config.userNameIsDN = util_getboolean_s(userNameIsDn, FALSE); + } + // initialize group cache authdb->groups.first = NULL;
--- a/src/server/daemon/ldap_auth.h Sun Mar 12 20:27:29 2023 +0100 +++ b/src/server/daemon/ldap_auth.h Mon Mar 13 20:53:46 2023 +0100 @@ -101,7 +101,7 @@ /* * array of user id attributes */ - char *uidAttributes[10]; + cxstring *uidAttributes; /* * number of uid attributes @@ -116,7 +116,7 @@ /* * array of attributes that represent group members */ - char *memberAttributes[10]; + cxstring *memberAttributes; /* * number of group member attributes