1 /**************************************************
2 OpengateM - MAC address authentication system
3 module for Authentication by LDAP
5 Copyright (C) 2007 Opengate Project Team
6 Written by Yoshiaki Watanabe
8 This program is free software; you can redistribute it and/or
9 modify it under the terms of the GNU General Public License
10 as published by the Free Software Foundation; either version 2
11 of the License, or (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 Email: watanaby@is.saga-u.ac.jp
23 **************************************************/
24 #include "opengatemmng.h"
27 #ifndef LDAP_NOT_INSTALLED
32 /*****************************************/
33 /* Authenticate by LDAP */
34 /*****************************************/
35 int authLdap(char *userid, char *passwd)
38 #ifdef LDAP_NOT_INSTALLED
39 err_msg("ERR at %s#%d: No LDAP. Install openldap-client and rebuild OpengateM.",
45 int desiredVersion = LDAP_VERSION3;
46 char *uri; /* ldap server URI */
47 char filter[BUFFMAXLN]="";
53 struct berval cred = { strlen(passwd), passwd };
54 struct berval *msgidp=NULL;
56 /* get LDAP server URI from conf */
57 uri=GetConfValue("AuthServer/Uri");
58 if(isNull(uri)) uri=NULL; /* means ldap://localhost */
60 /* get LDAP search base DN from conf */
61 baseDn=GetConfValue("AuthServer/BaseDN");
62 if(isNull(baseDn)) baseDn=NULL; /* set in uri */
65 if(ldap_initialize(&ld, uri)!=LDAP_SUCCESS) {
66 err_msg("ERR at %s#%d: Can not initialize the LDAP server",
71 /* set LDAP version */
72 if(ldap_set_option(ld,LDAP_OPT_PROTOCOL_VERSION,&desiredVersion)
74 err_msg("ERR at %s#%d: error in LDAP set version",
79 /* set URI such as [ldaps://ldap.saga-u.ac.jp:999] */
80 ret=ldap_set_option(ld, LDAP_OPT_URI, uri);
81 if(ret==LDAP_PARAM_ERROR){
82 err_msg("ERR at %s#%d: parameter error in LDAP set URI",
87 /* set filter '(uid=<userid>)' */
88 strlcpy(filter, "(uid=", BUFFMAXLN);
89 strlcat(filter, userid, BUFFMAXLN);
90 strlcat(filter, ")", BUFFMAXLN);
92 /* search LDAP entry */
93 ret = ldap_search_ext_s(ld,baseDn,LDAP_SCOPE_SUBTREE,
94 filter,NULL,0,NULL,NULL,NULL,0,&result);
95 if (ret !=LDAP_SUCCESS) {
96 err_msg("ERR at %s#%d: error in LDAP search",
101 /* count of matched entry must be one */
102 if(ldap_count_entries(ld,result)!=1){
107 entry=ldap_first_entry(ld,result);
110 dn=ldap_get_dn(ld, entry);
112 /* authenticate by binding */
113 ret=ldap_sasl_bind_s(ld,dn,NULL,&cred,NULL,NULL,&msgidp);
116 ldap_unbind_ext_s(ld,NULL,NULL);
118 /* return the auth result */
119 if(ret==LDAP_SUCCESS){
129 /***********************************
130 **********************************/
131 int AuthLdap(char *userid, char *passwd)
135 if(debug>1) err_msg("DEBUG:=>authLdap(%s,passwd)",userid);
136 ret=authLdap(userid,passwd);
137 if(debug>1) err_msg("DEBUG:(%d)<=authLdap( )",ret);