[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: init REALM with backend ldap

To: heimdal-discuss@sics.se
Subject: Re: init REALM with backend ldap
From: Luke Howard <lukeh@PADL.COM>
Date: Mon, 9 Dec 2002 16:45:29 +1100
Organization: PADL Software Pty Ltd
Reply-To: lukeh@PADL.COM
Sender: owner-heimdal-discuss@sics.se
Versions: dmail (bsd44) 2.4c/makemail 2.9d


>Looks like OpenLDAP 2.1 requires that a bind is performed before
>any modifications are. Looks like the Heimdal backend will need
>to be modified to perform a bind first.

The following (untested) patch will do a SASL EXTERNAL bind to the
LDAP server over the ldapi:// domain socket. The latest OpenLDAP
CVS HEAD supports retrieving peer domain socket credentials using
SASL EXTERNAL. 

You can do something like the following:

sasl-regexp uidNumber=0\\\+gidNumber=0,cn=peercred,cn=external,cn=auth cn=manager,dc=sics,dc=se

where cn=manager,dc=sics,dc=se is the rootdn.

-- Luke

Index: hdb-ldap.c
===================================================================
RCS file: /home/project/cvs/heimdal/lib/hdb/hdb-ldap.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 hdb-ldap.c
--- hdb-ldap.c	2002/09/11 03:30:03	1.1.1.2
+++ hdb-ldap.c	2002/12/09 05:42:16
@@ -986,6 +986,12 @@
 	return HDB_ERR_BADVERSION;
     }
 
+    rc = ldap_sasl_bind_s((LDAP *) db->db, NULL, "EXTERNAL", NULL, NULL, NULL, NULL);
+    if (rc != LDAP_SUCCESS) {
+	krb5_set_error_string(context, "ldap_sasl_bind_s: %s", ldap_err2string(rc));
+	return HDB_ERR_NOENTRY;
+    }
+
     return 0;
 }

--
Luke Howard | PADL Software Pty Ltd | www.padl.com

Prev by Date: kadmind.acl question
Next by Date: kpasswdd[1573]: socket: Protocol not supported
Prev by thread: kadmind.acl question
Next by thread: kpasswdd[1573]: socket: Protocol not supported
Index(es):
- Date
- Thread