[Pkg-Cyrus-imapd-Debian-devel] Bug#347659: please discuss patch for
ldap authentification (Kolab)
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Jan 11 22:04:36 UTC 2006
Package: cyrus22-imapd
Severity: wishlist
Tags: patch
Hi
This is the ldap authentification patch for cyrus.
As far as I know it enables the ldap authentification.
Kolab uses ldap for all user information.
Patch:
--- kolab-cyrus-imapd-2.2.12/configure.orig 2006-01-11 21:42:59.000000000 +0100
+++ kolab-cyrus-imapd-2.2.12/configure 2006-01-11 21:43:50.000000000 +0100
@@ -14395,7 +14395,7 @@
done
IMAP_COM_ERR_LIBS="${COM_ERR_LIBS}"
-IMAP_LIBS="${LIB_SASL} ${LIBS}"
+IMAP_LIBS="${LIB_SASL} -lldpap -llber ${LIBS}"
--- kolab-cyrus-imapd-2.2.12/imap/global.c.orig 2006-01-11 21:45:29.000000000 +0100
+++ kolab-cyrus-imapd-2.2.12/imap/global.c 2006-01-11 22:16:05.000000000 +0100
@@ -52,6 +52,9 @@
#include <netinet/in.h>
#include <sys/stat.h>
+#include <ldap.h>
+#include <lber.h>
+
#if HAVE_UNISTD_H
# include <unistd.h>
#endif
@@ -349,6 +352,18 @@
char *domain = NULL;
int len = strlen(user);
char buf[81];
+ const char *uri;
+ const char *base;
+ const char *binddn;
+ const char *bindpw;
+ struct timeval timeout;
+ char filter[255];
+ LDAP *handle;
+ LDAPMessage *res;
+ LDAPMessage *entry;
+ char ** vals;
+
+ int rc;
/* check for domain */
if (config_virtdomains &&
@@ -367,6 +382,47 @@
}
if (config_virtdomains) {
+if (config_virtdomains == IMAP_ENUM_VIRTDOMAINS_LDAP) {
+ uri = config_getstring(IMAPOPT_LDAP_URI);
+ base = config_getstring(IMAPOPT_LDAP_BASE);
+ binddn = config_getstring(IMAPOPT_LDAP_BIND_DN);
+ bindpw = config_getstring(IMAPOPT_LDAP_PASSWORD);
+ timeout.tv_sec = config_getint(IMAPOPT_LDAP_TIME_LIMIT);
+ timeout.tv_usec = 0;
+ sprintf(filter, "(uid=%s)", user);
+ rc = ldap_initialize(&handle, uri);
+ if (rc != LDAP_SUCCESS) {
+ syslog(LOG_ERR, "ldap_initialize failed (%s)", uri);
+ } else {
+ rc = ldap_simple_bind_s(handle, binddn, bindpw);
+ if (rc != LDAP_SUCCESS) {
+ syslog(LOG_ERR, "ldap_simple_bind() failed %d (%s)", rc, ldap_err2string(rc));
+ } else {
+ rc = ldap_search_st(handle, base, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &timeout, &res);
+ if (rc != LDAP_SUCCESS) {
+ syslog(LOG_ERR, "ldap_search_st failed %d (%s)", rc, ldap_err2string(rc));
+ } else {
+ if ( (entry = ldap_first_entry(handle, res)) != NULL ) {
+ // read mail attribute from entry
+ if ( (vals = ldap_get_values(handle, entry, "mail")) ) {
+ if (strchr(vals[0], '@')) {
+ static char buf[81]; /* same size as in auth_canonifyid */
+ strncpy( buf, vals[0], sizeof(buf) );
+ buf[80] = '\0'; /* make sure it's null-terminated */
+ ldap_value_free( vals );
+ ldap_msgfree( res );
+ ldap_unbind_s(handle); /* also frees handle */
+ return auth_canonifyid( buf, 0) ;
+ }
+ ldap_value_free( vals );
+ }
+ }
+ ldap_msgfree( res );
+ }
+ }
+ ldap_unbind_s(handle); /* also frees handle */
+ }
+ }
if (domain) {
if (config_defdomain && !strcasecmp(config_defdomain, domain+1)) {
*domain = '\0'; /* trim the default domain */
@@ -379,7 +435,7 @@
user = buf;
}
}
- else if (config_virtdomains != IMAP_ENUM_VIRTDOMAINS_USERID) {
+ else if (config_virtdomains != IMAP_ENUM_VIRTDOMAINS_USERID && config_virtdomains != IMAP_ENUM_VIRTDOMAINS_LDAP) {
socklen_t salen;
int error;
struct sockaddr_storage localaddr;
--- kolab-cyrus-imapd-2.2.12/lib/imapoptions.orig 2006-01-11 22:19:35.000000000 +0100
+++ kolab-cyrus-imapd-2.2.12/lib/imapoptions 2006-01-11 22:20:00.000000000 +0100
@@ -839,7 +839,7 @@
mailbox hierarchy. The default is to use the netnews separator
character '.'. */
-{ "virtdomains", "off", ENUM("off", "userid", "on") }
+{ "virtdomains", "off", ENUM("off", "userid", "ldap", "on") }
/* Enable virtual domain support. If enabled, the user's domain will
be determined by splitting a fully qualified userid at the last '@'
or '%' symbol. If the userid is unqualified, and the virtdomains
--- kolab-cyrus-imapd-2.2.12/lib/imapopts.c.orig 2006-01-11 22:26:25.000000000 +0100
+++ kolab-cyrus-imapd-2.2.12/lib/imapopts.c 2006-01-11 22:27:37.000000000 +0100
@@ -186,7 +186,7 @@
{ IMAPOPT_USERPREFIX, "userprefix", 0, {(void *)("Other Users")}, OPT_STRING, { { NULL, IMAP_ENUM_ZERO } } },
{ IMAPOPT_UNIX_GROUP_ENABLE, "unix_group_enable", 0, {(void*)1}, OPT_SWITCH, { { NULL, IMAP_ENUM_ZERO } } },
{ IMAPOPT_UNIXHIERARCHYSEP, "unixhierarchysep", 0, {(void*)0}, OPT_SWITCH, { { NULL, IMAP_ENUM_ZERO } } },
- { IMAPOPT_VIRTDOMAINS, "virtdomains", 0, {(void *)(IMAP_ENUM_VIRTDOMAINS_OFF)}, OPT_ENUM, { { "off" , IMAP_ENUM_VIRTDOMAINS_OFF }, { "userid" , IMAP_ENUM_VIRTDOMAINS_USERID }, { "on" , IMAP_ENUM_VIRTDOMAINS_ON }, { NULL, IMAP_ENUM_ZERO } } },
+ { IMAPOPT_VIRTDOMAINS, "virtdomains", 0, {(void *)(IMAP_ENUM_VIRTDOMAINS_OFF)}, OPT_ENUM, { { "off" , IMAP_ENUM_VIRTDOMAINS_OFF }, { "userid" , IMAP_ENUM_VIRTDOMAINS_USERID }, { "ldap" , IMAP_ENUM_VIRTDOMAINS_LDAP }, { "on" , IMAP_ENUM_VIRTDOMAINS_ON }, { NULL, IMAP_ENUM_ZERO } } },
{ IMAPOPT_LAST, NULL, 0, { NULL }, OPT_NOTOPT, { { NULL, IMAP_ENUM_ZERO } } }
--- kolab-cyrus-imapd-2.2.12/lib/imapopts.h.orig 2006-01-11 22:29:39.000000000 +0100
+++ kolab-cyrus-imapd-2.2.12/lib/imapopts.h 2006-01-11 22:30:11.000000000 +0100
@@ -188,6 +188,7 @@
IMAP_ENUM_VIRTDOMAINS_ON,
IMAP_ENUM_VIRTDOMAINS_USERID,
+ IMAP_ENUM_VIRTDOMAINS_LDAP,
IMAP_ENUM_VIRTDOMAINS_OFF = 0
};
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list