/* * authldap_connect() * * initializes the connection for authentication. * * returns 0 on success, -1 on failure */ static int authldap_connect(void) { int version = 0; LDAP *_ldap_conn = NULL; int ret; if (! g_thread_supported()) g_thread_init(NULL); g_once(&ldap_conn_once, authldap_once, NULL); switch (_ldap_cfg.version_int) { case 3: version = LDAP_VERSION3; if (strlen(_ldap_cfg.uri)) { TRACE(TRACE_DEBUG, "connecting to ldap server on [%s] version [%d]", _ldap_cfg.uri, _ldap_cfg.version_int); if ((ret = ldap_initialize(&_ldap_conn, _ldap_cfg.uri) != LDAP_SUCCESS)) TRACE(TRACE_WARNING, "ldap_initialize() failed %d", ret); } else { char *uri = g_strdup_printf("ldap://%s:%d", _ldap_cfg.hostname, _ldap_cfg.port_int); TRACE(TRACE_DEBUG, "connecting to ldap server on [%s] version [%d]", uri, _ldap_cfg.version_int); if ((ret = ldap_initialize(&_ldap_conn, uri)) != LDAP_SUCCESS) TRACE(TRACE_EMERG, "ldap_initialize() failed [%d]", ret); g_free(uri); } break; case 2: version = LDAP_VERSION2; /* fall through... */ default: if (!version) { TRACE(TRACE_WARNING, "Unsupported LDAP version [%d] requested." " Default to LDAP version 3.", _ldap_cfg.version_int); version = LDAP_VERSION3; } TRACE(TRACE_DEBUG, "connecting to ldap server on [%s] : [%d] version [%d]", _ldap_cfg.hostname, _ldap_cfg.port_int, _ldap_cfg.version_int); _ldap_conn = ldap_init(_ldap_cfg.hostname, _ldap_cfg.port_int); break; } ldap_set_option(_ldap_conn, LDAP_OPT_PROTOCOL_VERSION, &version); /* Turn off referrals */ if (strncasecmp(_ldap_cfg.referrals, "no", 2) == 0) ldap_set_option(_ldap_conn, LDAP_OPT_REFERRALS, 0); g_static_private_set(&ldap_conn_key, _ldap_conn, (GDestroyNotify)authldap_free); return auth_ldap_bind(); }
/** connect to the ldap host */ static int _ldapfull_connect(moddata_t data) { int ldapversion = LDAP_VERSION3; int rc; if(data->ld != NULL) ldap_unbind_s(data->ld); data->binded=0; rc = ldap_initialize(&(data->ld), data->uri); if( rc != LDAP_SUCCESS ) { log_write(data->ar->c2s->log, LOG_ERR, "ldap: ldap_initialize failed, uri=%s (%d): %s", data->uri, rc, ldap_err2string(rc)); return 1; } if (ldap_set_option(data->ld, LDAP_OPT_PROTOCOL_VERSION, &ldapversion) != LDAP_SUCCESS) { log_write(data->ar->c2s->log, LOG_ERR, "ldap: couldn't set v3 protocol"); return 1; } if (ldap_set_option(data->ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON) != LDAP_SUCCESS) { log_write(data->ar->c2s->log, LOG_ERR, "ldap: couldn't set LDAP_OPT_REFERRALS"); } log_debug(ZONE, "connected to ldap server"); return 0; }
/** * @name init_mysql * @description Starts and returns a connected MySQL instance * return MYSQL *mysql */ LDAP * init_ldap(void) { LDAP *ldap; int err; int v3 = LDAP_VERSION3; /* initialize */ if((ldap_initialize(&ldap, cfg.ldap_uri) != LDAP_SUCCESS)) { perror("ldap_init error"); free(ldap); exit(-1); } ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &v3); /* connect */ if(err = ldap_simple_bind_s(ldap, cfg.ldap_bind_dn, cfg.ldap_bind_pw) != LDAP_SUCCESS){ printf("%s\n", ldap_err2string(err)); /* freed memory */ free(ldap); exit(-1); } return ldap; }
void Ldaplogin::ldapBind(std::string user, std::string password) { ldap_initialize(&ld, this->ldap_host.c_str()); if (ld == NULL) /*LDAP-Initialisierung*/ { std::cout << "ldap_init failed" << std::endl; exit(1); } struct berval *servercredp; struct berval cred; cred.bv_val = const_cast<char*>(password.c_str()); // my password cred.bv_len = strlen(cred.bv_val) * sizeof(char); ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version); int rc = ldap_sasl_bind_s(ld, user.c_str(), LDAP_SASL_SIMPLE, &cred, NULL, NULL, &servercredp); if (rc != LDAP_SUCCESS) { std::cout << "LDAP error:" << ldap_err2string(rc) << std::endl; exit(1); } else { std::cout << "LDAP connected" << std::endl; } }
void Connect() { std::string server = config->getString("server"); int i = ldap_initialize(&this->con, server.c_str()); if (i != LDAP_SUCCESS) throw LDAPException("Unable to connect to LDAP service " + this->name + ": " + ldap_err2string(i)); const int version = LDAP_VERSION3; i = ldap_set_option(this->con, LDAP_OPT_PROTOCOL_VERSION, &version); if (i != LDAP_OPT_SUCCESS) { ldap_unbind_ext(this->con, NULL, NULL); this->con = NULL; throw LDAPException("Unable to set protocol version for " + this->name + ": " + ldap_err2string(i)); } const struct timeval tv = { 0, 0 }; i = ldap_set_option(this->con, LDAP_OPT_NETWORK_TIMEOUT, &tv); if (i != LDAP_OPT_SUCCESS) { ldap_unbind_ext(this->con, NULL, NULL); this->con = NULL; throw LDAPException("Unable to set timeout for " + this->name + ": " + ldap_err2string(i)); } }
/// connects and binds to LDAP server /// @param[in] cnf reference to common configuration struct LDAP * ldaputils_initialize(LdapUtilsConfig * cnf) { int err; LDAP * ld; char uribuff[256]; BerValue cred; BerValue * servercredp; const char * mechanism; const char * uri; if (cnf->debug) if ((LDAP_OPT_SUCCESS != ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, (void *)&cnf->debug))) fprintf(stderr, _("%s: could not set LDAP_OPT_DEBUG_LEVEL\n"), PROGRAM_NAME); uri = cnf->uri; if ( (!(uri)) && ((cnf->host)) ) { if (cnf->port) snprintf(uribuff, 256, "ldap://%s:%i", cnf->host, cnf->port); else snprintf(uribuff, 256, "ldap://%s", cnf->host); uri = uribuff; }; ld = NULL; if (ldap_initialize(&ld, uri)) { fprintf(stderr, "%s: ldaputils_initialize(): %s\n", PROGRAM_NAME, strerror(errno)); return(NULL); }; cnf->version = 3; if (cnf->version) if ((LDAP_OPT_SUCCESS != ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &cnf->version))) fprintf(stderr, _("%s: could not set LDAP_OPT_PROTOCOL_VERSION\n"), PROGRAM_NAME); if (cnf->referrals) if ((LDAP_OPT_SUCCESS != ldap_set_option(ld, LDAP_OPT_REFERRALS, &cnf->sizelimit))) fprintf(stderr, _("%s: could not set LDAP_OPT_REFERRALS\n"), PROGRAM_NAME); if (cnf->sizelimit) if ((LDAP_OPT_SUCCESS != ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &cnf->sizelimit))) fprintf(stderr, _("%s: could not set LDAP_OPT_SIZELIMIT\n"), PROGRAM_NAME); if (cnf->timelimit) if ((LDAP_OPT_SUCCESS != ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &cnf->timelimit))) fprintf(stderr, _("%s: could not set LDAP_OPT_TIMELIMIT\n"), PROGRAM_NAME); //mechanism = (const char *)LDAP_AUTH_SIMPLE; mechanism = (const char *)LDAP_SASL_SIMPLE; cred.bv_val = cnf->bindpw; cred.bv_len = (size_t) strlen(cnf->bindpw); servercredp = NULL; if ((err = ldap_sasl_bind_s(ld, cnf->binddn, mechanism, &cred, NULL, NULL, &servercredp)) != LDAP_SUCCESS) { fprintf(stderr, "%s: ldap_sasl_bind_s(): %s\n", PROGRAM_NAME, ldap_err2string(err)); ldap_unbind_ext_s(ld, NULL, NULL); return(NULL); }; return(ld); }
static LDAP *ldap_init_and_bind (const char *host, const char *user_dn, const char *password) { LDAP *ld; int res; int desired_version = LDAP_VERSION3; res = ldap_initialize (&ld, host); if (res != LDAP_SUCCESS) { ccnet_warning ("ldap_initialize failed: %s.\n", ldap_err2string(res)); return NULL; } /* set the LDAP version to be 3 */ res = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version); if (res != LDAP_OPT_SUCCESS) { ccnet_warning ("ldap_set_option failed: %s.\n", ldap_err2string(res)); return NULL; } if (user_dn) { res = ldap_bind_s (ld, user_dn, password, LDAP_AUTH_SIMPLE); if (res != LDAP_SUCCESS ) { ccnet_warning ("ldap_bind failed: %s.\n", ldap_err2string(res)); ldap_unbind_s (ld); return NULL; } } return ld; }
static krb5_error_code initialize_server(krb5_ldap_context *ldap_context, krb5_ldap_server_info *info) { krb5_ldap_server_handle *server; krb5_error_code ret; int st; server = calloc(1, sizeof(krb5_ldap_server_handle)); if (server == NULL) return ENOMEM; server->server_info = info; st = ldap_initialize(&server->ldap_handle, info->server_name); if (st) { free(server); k5_setmsg(ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, _("Cannot create LDAP handle for '%s': %s"), info->server_name, ldap_err2string(st)); return KRB5_KDB_ACCESS_ERROR; } ret = authenticate(ldap_context, server); if (ret) { info->server_status = OFF; time(&info->downtime); free(server); return ret; } server->next = info->ldap_server_handles; info->ldap_server_handles = server; info->num_conns++; info->server_status = ON; return 0; }
static int ipa_ldap_init(LDAP **ld, const char *ldap_uri) { int rc = 0; rc = ldap_initialize(ld, ldap_uri); return rc; }
int tsps_ldap_initialize(void) { int res; int val; struct berval passwd; res = ldap_initialize(&ldp, server.ldap_uri); if (res != LDAP_SUCCESS) { fprintf(stderr, "LDAP initialization error: %s\n", ldap_err2string(res)); return -1; } val = LDAP_VERSION3; res = ldap_set_option(ldp, LDAP_OPT_PROTOCOL_VERSION, &val); if (res != LDAP_SUCCESS) { fprintf(stderr, "LDAP set_option error: %s\n", ldap_err2string(res)); return -1; } /* * do an anoymous bind */ memset(&passwd, 0, sizeof(passwd)); res = ldap_sasl_bind_s(ldp, NULL, LDAP_SASL_SIMPLE, &passwd, NULL, NULL, NULL); if (res != LDAP_SUCCESS) { fprintf(stderr, "LDAP anonymous bind error: %s\n", ldap_err2string(res)); return -1; } return 0; }
static LDAP *pw_ldap_connect(const char *dn, const char *password) { LDAP *ld; # ifdef LDAP_OPT_PROTOCOL_VERSION int version = ldap_version; # endif if (ldap_uri == NULL) { return NULL; } if (ldap_initialize(&ld, ldap_uri) != LDAP_SUCCESS) { return NULL; } # ifdef LDAP_OPT_PROTOCOL_VERSION if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_SUCCESS) { return NULL; } # endif if (use_tls > 0 && ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) { return NULL; } if (ldap_bind_s(ld, dn, password, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { return NULL; } return ld; }
static int init_ldap_connection(LD_session *session) { /* Init LDAP */ #ifdef LDAP_API_FEATURE_X_OPENLDAP if (ldap_authorization_host != NULL && strchr(ldap_authorization_host, '/')) { if(ldap_initialize(&session->sess, ldap_authorization_host)!=LDAP_SUCCESS) { ldap_log(LOG_ERR, "Ldap connection initialize return fail status"); return RETURN_FALSE; } } else { #if LDAP_API_VERSION>3000 ldap_log(LOG_ERR, "Ldap connection initialize return fail status"); return RETURN_FALSE; #else session->sess = ldap_init(ldap_authorization_host, &ldap_authorization_port); #endif } #else session->sess = ldap_open(ldap_authorization_host, ldap_authorization_port); #endif if (session->sess == NULL) { ldap_log(LOG_ERR, "Final check: Ldap connection initialize return fail status"); return RETURN_FALSE; } return RETURN_TRUE; }
static DWORD KtLdapBind( LDAP **ppLd, PCSTR pszDc ) { const int version = LDAP_VERSION3; DWORD dwError = ERROR_SUCCESS; int lderr = 0; PSTR pszUrl = NULL; LDAP *pLd = NULL; dwError = LwAllocateStringPrintf(&pszUrl, "ldap://%s", pszDc); BAIL_ON_LSA_ERROR(dwError); lderr = ldap_initialize(&pLd, pszUrl); BAIL_ON_LDAP_ERROR(lderr); lderr = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &version); BAIL_ON_LDAP_ERROR(lderr); lderr = ldap_set_option(pLd, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); BAIL_ON_LDAP_ERROR(lderr); dwError = LwLdapBindDirectorySasl(pLd, pszDc, FALSE); BAIL_ON_LSA_ERROR(dwError); *ppLd = pLd; cleanup: LW_SAFE_FREE_MEMORY(pszUrl); if (dwError == ERROR_SUCCESS && lderr != LDAP_SUCCESS) { dwError = LwMapLdapErrorToLwError(lderr); } return dwError; error: if (pLd) { ldap_memfree(pLd); } *ppLd = NULL; goto cleanup; }
DWORD VmCASASLSRPBind( LDAP** ppLd, PCSTR pszURI, PCSTR pszUPN, PCSTR pszPass ) { DWORD dwError = 0; PSTR pszLowerCaseUPN = NULL; LDAP* pLd = NULL; const int ldapVer = LDAP_VERSION3; VMCA_SASL_INTERACTIVE_DEFAULT srpDefault = {0}; if ( ppLd == NULL || pszURI == NULL || pszUPN == NULL || pszPass == NULL ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_ERROR(dwError); } dwError = VMCAStringToLower( (PSTR)pszUPN, &pszLowerCaseUPN ); BAIL_ON_ERROR(dwError); srpDefault.pszAuthName = pszLowerCaseUPN; srpDefault.pszPass = pszPass; dwError = ldap_initialize( &pLd, pszURI); BAIL_ON_ERROR(dwError); dwError = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer); BAIL_ON_ERROR(dwError); dwError = ldap_sasl_interactive_bind_s( pLd, NULL, "SRP", NULL, NULL, LDAP_SASL_QUIET, _VMCASASLSRPInteraction, &srpDefault); BAIL_ON_ERROR(dwError); *ppLd = pLd; cleanup: VMCA_SAFE_FREE_STRINGA(pszLowerCaseUPN); return dwError; error: if ( pLd ) { ldap_unbind_ext_s( pLd, NULL, NULL); } goto cleanup; }
static void once_resolved_start_connect (SeahorseLDAPSource *self, GSimpleAsyncResult *res, const gchar *address) { source_connect_closure *closure = g_simple_async_result_get_op_res_gpointer (res); gchar *server = NULL; GError *error = NULL; gint port = LDAP_PORT; struct berval cred; int ldap_op; gchar *url; gchar *text; int rc; /* Now that we've resolved our address, connect via IP */ g_object_get (self, "key-server", &server, NULL); g_return_if_fail (server && server[0]); if ((text = strchr (server, ':')) != NULL) { *text = 0; text++; port = atoi (text); if (port <= 0 || port >= G_MAXUINT16) { g_warning ("invalid port number: %s (using default)", text); port = LDAP_PORT; } } url = g_strdup_printf ("ldap://%s:%u", address, port); rc = ldap_initialize (&closure->ldap, url); g_free (url); if (seahorse_ldap_source_propagate_error (self, rc, &error)) { g_simple_async_result_take_error (res, error); g_simple_async_result_complete_in_idle (res); /* Start the bind operation */ } else { cred.bv_val = ""; cred.bv_len = 0; rc = ldap_sasl_bind (closure->ldap, NULL, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &ldap_op); if (seahorse_ldap_source_propagate_error (self, rc, &error)) { g_simple_async_result_take_error (res, error); g_simple_async_result_complete_in_idle (res); } else { GSource *gsource = seahorse_ldap_gsource_new (closure->ldap, ldap_op, closure->cancellable); g_source_set_callback (gsource, (GSourceFunc)on_connect_bind_completed, g_object_ref (res), g_object_unref); g_source_attach (gsource, g_main_context_default ()); g_source_unref (gsource); } } }
static int ldap_connection_setup(struct ldap_connection *conn, const char **error_r) { int ret, opt; ret = ldap_initialize(&(conn->conn), conn->set.uri); if (ret != LDAP_SUCCESS) { *error_r = t_strdup_printf("ldap_initialize(uri=%s) failed: %s", conn->set.uri, ldap_err2string(ret)); return -1; } if (conn->ssl_set.verify_remote_cert) { opt = LDAP_OPT_X_TLS_HARD; } else { opt = LDAP_OPT_X_TLS_ALLOW; } ldap_set_option(conn->conn, LDAP_OPT_X_TLS, &opt); ldap_set_option(conn->conn, LDAP_OPT_X_TLS_REQUIRE_CERT, &opt); #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN /* refuse to connect to SSLv2 as it's completely insecure */ opt = LDAP_OPT_X_TLS_PROTOCOL_SSL3; ldap_set_option(conn->conn, LDAP_OPT_X_TLS_PROTOCOL_MIN, &opt); #endif opt = conn->set.timeout_secs; /* default timeout */ ldap_set_option(conn->conn, LDAP_OPT_TIMEOUT, &opt); ldap_set_option(conn->conn, LDAP_OPT_NETWORK_TIMEOUT, &opt); /* timelimit */ ldap_set_option(conn->conn, LDAP_OPT_TIMELIMIT, &opt); if (conn->ssl_set.ca_file != NULL) ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CACERTFILE, conn->ssl_set.ca_file); if (conn->ssl_set.ca_dir != NULL) ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CACERTDIR, conn->ssl_set.ca_dir); if (conn->ssl_set.cert != NULL) ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CERTFILE, conn->ssl_set.cert); if (conn->ssl_set.key != NULL) ldap_set_option(conn->conn, LDAP_OPT_X_TLS_KEYFILE, conn->ssl_set.key); opt = conn->set.debug; ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &opt); opt = LDAP_VERSION3; ldap_set_option(conn->conn, LDAP_OPT_PROTOCOL_VERSION, &opt); ldap_set_option(conn->conn, LDAP_OPT_REFERRALS, 0); #ifdef LDAP_OPT_X_TLS_NEWCTX opt = 0; ldap_set_option(conn->conn, LDAP_OPT_X_TLS_NEWCTX, &opt); #endif return 0; }
DWORD VmDirSASLGSSAPIBind( LDAP** ppLd, PCSTR pszURI ) { DWORD dwError = 0; int retVal = 0; LDAP* pLd = NULL; const int ldapVer = LDAP_VERSION3; if ( ppLd == NULL || pszURI == NULL ) { dwError = VMDIR_ERROR_INVALID_PARAMETER; BAIL_ON_VMDIR_ERROR(dwError); } retVal = ldap_initialize( &pLd, pszURI); BAIL_ON_SIMPLE_LDAP_ERROR(retVal); retVal = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer); BAIL_ON_SIMPLE_LDAP_ERROR(retVal); retVal = ldap_sasl_interactive_bind_s( pLd, NULL, "GSSAPI", NULL, NULL, LDAP_SASL_QUIET, _VmDirSASLGSSAPIInteraction, NULL); BAIL_ON_SIMPLE_LDAP_ERROR(retVal); *ppLd = pLd; cleanup: return dwError; ldaperror: VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLGSSBind failed. (%d)(%s)", retVal, ldap_err2string(retVal) ); dwError = VmDirMapLdapError(retVal); error: if (retVal == 0) { VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLGSSBind failed. (%u)", dwError); } if ( pLd ) { ldap_unbind_ext_s( pLd, NULL, NULL); } goto cleanup; }
struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, const char *uri, struct sockaddr_storage *addr, int addr_len, int timeout) { int ret = EOK; struct tevent_req *req; struct sss_ldap_init_state *state; req = tevent_req_create(mem_ctx, &state, struct sss_ldap_init_state); if (req == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); return NULL; } talloc_set_destructor((TALLOC_CTX *)state, sss_ldap_init_state_destructor); state->ldap = NULL; state->sd = -1; state->uri = uri; #ifdef HAVE_LDAP_INIT_FD struct tevent_req *subreq; subreq = sssd_async_socket_init_send(state, ev, addr, addr_len, timeout); if (subreq == NULL) { ret = ENOMEM; DEBUG(SSSDBG_CRIT_FAILURE, "sssd_async_socket_init_send failed.\n"); goto fail; } tevent_req_set_callback(subreq, sss_ldap_init_sys_connect_done, req); return req; fail: tevent_req_error(req, ret); #else DEBUG(SSSDBG_MINOR_FAILURE, "ldap_init_fd not available, " "will use ldap_initialize with uri [%s].\n", uri); ret = ldap_initialize(&state->ldap, uri); if (ret == LDAP_SUCCESS) { tevent_req_done(req); } else { DEBUG(SSSDBG_CRIT_FAILURE, "ldap_initialize failed [%s].\n", sss_ldap_err2string(ret)); if (ret == LDAP_SERVER_DOWN) { tevent_req_error(req, ETIMEDOUT); } else { tevent_req_error(req, EIO); } } #endif tevent_req_post(req, ev); return req; }
/* * \brief Load the cokebank database */ int Bank_Initialise(const char *Argument) { #if USE_LDAP int rv; #endif // Open Cokebank gBank_File = fopen(Argument, "rb+"); if( !gBank_File ) gBank_File = fopen(Argument, "wb+"); if( !gBank_File ) { perror("Opening coke bank"); return -1; } Bank_int_ReadDatabase(); // Open log file // TODO: Do I need this? gBank_LogFile = fopen("cokebank.log", "a"); if( !gBank_LogFile ) gBank_LogFile = stdout; #if USE_LDAP // Connect to LDAP rv = ldap_create(&gpLDAP); if(rv) { fprintf(stderr, "ldap_create: %s\n", ldap_err2string(rv)); return 1; } rv = ldap_initialize(&gpLDAP, gsLDAPPath); if(rv) { fprintf(stderr, "ldap_initialize: %s\n", ldap_err2string(rv)); return 1; } { int ver = LDAP_VERSION3; ldap_set_option(gpLDAP, LDAP_OPT_PROTOCOL_VERSION, &ver); } # if 0 rv = ldap_start_tls_s(gpLDAP, NULL, NULL); if(rv) { fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv)); return 1; } # endif { struct berval cred; struct berval *servcred; cred.bv_val = "secret"; cred.bv_len = 6; rv = ldap_sasl_bind_s(gpLDAP, "cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au", "", &cred, NULL, NULL, &servcred); if(rv) { fprintf(stderr, "ldap_start_tls_s: %s\n", ldap_err2string(rv)); return 1; } } #endif return 0; }
static LDAP *ldap_init_and_bind (const char *host, #ifdef WIN32 gboolean use_ssl, #endif const char *user_dn, const char *password) { LDAP *ld; int res; int desired_version = LDAP_VERSION3; #ifndef WIN32 res = ldap_initialize (&ld, host); if (res != LDAP_SUCCESS) { ccnet_warning ("ldap_initialize failed: %s.\n", ldap_err2string(res)); return NULL; } #else char *host_copy = g_strdup (host); if (!use_ssl) ld = ldap_init (host_copy, LDAP_PORT); else ld = ldap_sslinit (host_copy, LDAP_SSL_PORT, 1); g_free (host_copy); if (!ld) { ccnet_warning ("ldap_init failed: %ul.\n", LdapGetLastError()); return NULL; } #endif /* set the LDAP version to be 3 */ res = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version); if (res != LDAP_OPT_SUCCESS) { ccnet_warning ("ldap_set_option failed: %s.\n", ldap_err2string(res)); return NULL; } if (user_dn) { #ifndef WIN32 res = ldap_bind_s (ld, user_dn, password, LDAP_AUTH_SIMPLE); #else char *dn_copy = g_strdup(user_dn); char *password_copy = g_strdup(password); res = ldap_bind_s (ld, dn_copy, password_copy, LDAP_AUTH_SIMPLE); g_free (dn_copy); g_free (password_copy); #endif if (res != LDAP_SUCCESS ) { ccnet_warning ("ldap_bind failed: %s.\n", ldap_err2string(res)); ldap_unbind_s (ld); return NULL; } } return ld; }
struct ldapsearch *l_search_alloc(const char *host, int port, const char *userid, const char *password, const char *base) { char *buf; struct ldapsearch *p=(struct ldapsearch *) malloc(sizeof(struct ldapsearch)); if (!p) return NULL; if ((p->base=strdup(base)) == NULL) { free(p); return NULL; } if ((buf=malloc(strlen(host)+100)) == NULL) { free(p->base); free(p); return NULL; } sprintf(buf, "ldap://%s:%d", host, port); if (ldap_initialize(&p->handle, buf) != LDAP_SUCCESS) { free(buf); free(p->base); free(p); return NULL; } free(buf); if (userid && *userid) { struct berval cred; cred.bv_len=password && *password ? strlen(password):0; cred.bv_val=password && *password ? (char *)password:NULL; if (ldap_sasl_bind_s(p->handle, userid, NULL, &cred, NULL, NULL, NULL)) { l_search_free(p); errno=EPERM; return NULL; } } return p; }
static int ldap_initialize_wrapper(LDAP** ldp, char *uri) { #ifdef AUTH_LDAP_TEST_API return (ldap_initialize(ldp, uri)); #else return ((*ldap_initialize_p)(ldp, uri)); #endif }
static void do_conn( char *uri, char *manager, struct berval *passwd, LDAP **ldp, int nobind, int maxretries, int conn_num ) { LDAP *ld = NULL; int version = LDAP_VERSION3; int i = 0, do_retry = maxretries; int rc = LDAP_SUCCESS; char thrstr[BUFSIZ]; retry:; ldap_initialize( &ld, uri ); if ( ld == NULL ) { snprintf( thrstr, BUFSIZ, "connection: %d", conn_num ); tester_error( thrstr ); tester_perror( "ldap_initialize", NULL ); exit( EXIT_FAILURE ); } (void) ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version ); (void) ldap_set_option( ld, LDAP_OPT_REFERRALS, chaserefs ? LDAP_OPT_ON : LDAP_OPT_OFF ); if ( do_retry == maxretries ) { snprintf( thrstr, BUFSIZ, "do_conn #%d\n", conn_num ); thread_verbose( -1, thrstr ); } if ( nobind == 0 ) { rc = ldap_sasl_bind_s( ld, manager, LDAP_SASL_SIMPLE, passwd, NULL, NULL, NULL ); if ( rc != LDAP_SUCCESS ) { snprintf( thrstr, BUFSIZ, "connection: %d", conn_num ); tester_error( thrstr ); tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); switch ( rc ) { case LDAP_BUSY: case LDAP_UNAVAILABLE: if ( do_retry > 0 ) { ldap_unbind_ext( ld, NULL, NULL ); ld = NULL; do_retry--; if ( delay != 0 ) { sleep( delay ); } goto retry; } /* fallthru */ default: break; } exit( EXIT_FAILURE ); } } *ldp = ld; }
static krb5_error_code LDAP__connect(krb5_context context, HDB * db) { int rc, version = LDAP_VERSION3; /* * Empty credentials to do a SASL bind with LDAP. Note that empty * different from NULL credentials. If you provide NULL * credentials instead of empty credentials you will get a SASL * bind in progress message. */ struct berval bv = { 0, "" }; if (HDB2LDAP(db)) { /* connection has been opened. ping server. */ struct sockaddr_un addr; socklen_t len = sizeof(addr); int sd; if (ldap_get_option(HDB2LDAP(db), LDAP_OPT_DESC, &sd) == 0 && getpeername(sd, (struct sockaddr *) &addr, &len) < 0) { /* the other end has died. reopen. */ LDAP_close(context, db); } } if (HDB2LDAP(db) != NULL) /* server is UP */ return 0; rc = ldap_initialize(&((struct hdbldapdb *)db->hdb_db)->h_lp, "ldapi:///"); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_initialize: %s", ldap_err2string(rc)); return HDB_ERR_NOENTRY; } rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_PROTOCOL_VERSION, (const void *)&version); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc)); LDAP_close(context, db); return HDB_ERR_BADVERSION; } rc = ldap_sasl_bind_s(HDB2LDAP(db), NULL, "EXTERNAL", &bv, NULL, NULL, NULL); if (rc != LDAP_SUCCESS) { krb5_set_error_string(context, "ldap_sasl_bind_s: %s", ldap_err2string(rc)); LDAP_close(context, db); return HDB_ERR_BADVERSION; } return 0; }
bool BindTheDemon(const char * username, const char * passwd) { static LDAP * ld = NULL; static int auth_method = LDAP_AUTH_SIMPLE; static int version = LDAP_VERSION3; static char uri[] = "ldaps://ldap.pheme.uwa.edu.au"; char dn[BUFSIZ]; // The "dn" is essentially the username plus a bunch of cruft that for some (presumably good) reason LDAP requires if (ld == NULL) { ldap_initialize(&ld, uri); // This is deprecated. if (ld == NULL) { fprintf(stderr, "ldap_init failed - %s\n", strerror(errno)); return false; } printf("ldap_init succeeded\n"); if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_OPT_SUCCESS) // This is also deprecated. { fprintf(stderr, "ldap_set_option failed - %s\n", strerror(errno)); return false; } printf("ldap_set_option succeeded\n"); } char * user_type = "Students"; if (username[0] == '0') user_type = "Staff"; if (sprintf(dn, "cn=%s,ou=%s,ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au", username, user_type) >= BUFSIZ) { fprintf(stderr, "LDAP DN string too long!\n"); return false; } printf("ldap_bind_s ...\n"); //printf("dn = %s\npasswd = %s\n", dn, passwd); struct berval creds; creds.bv_val = (char*)passwd; if (ldap_simple_bind_s(ld, dn, passwd) != LDAP_SUCCESS) // Yep. Deprecated. //if (ldap_sasl_bind_s(ld, dn, LDAP_SASL_SIMPLE , &creds, NULL, NULL, NULL) != LDAP_SUCCESS) // Doesn't work { fprintf(stderr,"ldap_bind_s failed - %s", strerror(errno)); return false; } return true; }
krb5_error_code krb5_ldap_rebind(krb5_ldap_context *ldap_context, krb5_ldap_server_handle **ldap_server_handle) { krb5_ldap_server_handle *handle = *ldap_server_handle; ldap_unbind_ext_s(handle->ldap_handle, NULL, NULL); if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); return LDAP_SUCCESS; }
/** * Load the ldap modules, passing in any arguments * given initially, which are to be used in the * ldap module. */ int load_ldap_module( arguments *args ) { syslog(LOG_INFO, "LDAP Module initalizing"); /* Sets the protocol version based on ldap.version */ config_lookup_int(&config, "ldap.version", &version); switch(version) { case 1: ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version); syslog(LOG_INFO, "LDAP Protocol Version: 1"); break; case 2: ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version); syslog(LOG_INFO, "LDAP Protocol Version: 2"); break; case 3: ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version); syslog(LOG_INFO, "LDAP Protocol Version: 3"); break; default: version = 3; ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version); syslog(LOG_INFO, "Invalid value, setting LDAP Protocol\ Version to 3"); break; } config_lookup_string(&config, "ldap.uri", &uri); syslog(LOG_INFO, "LDAP URI: %s\n", uri); config_lookup_string(&config, "ldap.binddn", &binddn); syslog(LOG_INFO, "LDAP BINDDN: %s\n", binddn); config_lookup_string(&config, "ldap.password", &password); // Removed displaying password syslog(LOG_INFO, "Initializing LDAP Connection...%s\n", ldap_err2string(ldap_initialize(&ldap, uri))); syslog(LOG_INFO, "Binding to URI...%s\n", ldap_err2string(ldap_simple_bind_s(ldap, binddn, password))); syslog(LOG_INFO, "Building LDAP query tree..."); head = build_query_tree(); log_query_tree(&head); timeout.tv_sec = 10; timeout.tv_usec = 0; slack_ldap_search("slackwill"); return 0; }
int init_ldap(char * host, int port) { int status = ldap_initialize(&LDAP_handle,host); if(status != LDAP_SUCCESS) { LOG(PURGER_LOG_ERR,"Error: unable to create LDAP handle."); return -1; } int version = LDAP_VERSION3; ldap_set_option(LDAP_handle, LDAP_OPT_PROTOCOL_VERSION, (void*)&version); }
int main(int argc, char *argv[]) { LDAP *ld; int rc; uxds_bind_t sflag; uxds_authz_t auth; uxds_data_t mdata; char *bin = argv[0]; sflag = parse_args(argc, argv, USER, MOD, 6, &auth, &mdata, bin); #ifdef HAVE_LDAP_SASL_GSSAPI if ((auth.pkcert) && (argc < 8)) { #else if (argc < 6) { #endif /* HAVE_LDAP_SASL_GSSAPI */ if ((!mdata.exp) || (!mdata.cpw)) { fprintf(stderr, "At least ONE attribute must be selected to use lusermod.\n"); fprintf(stderr, "parse_args failed.\n"); exit(EXIT_FAILURE); } } /* initialize LDAP context */ rc = ldap_initialize(&ld, auth.uri); if (rc != LDAP_SUCCESS) { fprintf(stderr, "Could not create LDAP session handle (%d): %s\n", rc, ldap_err2string(rc)); exit(EXIT_FAILURE); } /* authenticate to directory service */ if (uxds_user_authz(sflag, auth, ld) != 0) { fprintf(stderr, "uxds_user_authz failed.\n"); exit(EXIT_FAILURE); } /* modify operation */ if (uxds_acct_mod(USER, mdata, ld) != 0) { fprintf(stderr, "uxds_acct_mod USER MODIFY failed.\n"); exit(EXIT_FAILURE); } /* unbind from ds - commented out due to weird bug between ldap_unbind_ext_s and openssl */ #if 0 if (uxds_ldap_unbind(ld) != 0) { fprintf(stderr, "uxds_ldap_unbind failed.\n"); exit(EXIT_FAILURE); } #endif exit(EXIT_SUCCESS); }
/* connect to the database */ static int lldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[], struct ldb_module **_module) { struct ldb_module *module; struct lldb_private *lldb; int version = 3; int ret; module = ldb_module_new(ldb, ldb, "ldb_ldap backend", &lldb_ops); if (!module) return LDB_ERR_OPERATIONS_ERROR; lldb = talloc_zero(module, struct lldb_private); if (!lldb) { ldb_oom(ldb); goto failed; } ldb_module_set_private(module, lldb); ret = ldap_initialize(&lldb->ldap, url); if (ret != LDAP_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_initialize failed for URL '%s' - %s", url, ldap_err2string(ret)); goto failed; } talloc_set_destructor(lldb, lldb_destructor); ret = ldap_set_option(lldb->ldap, LDAP_OPT_PROTOCOL_VERSION, &version); if (ret != LDAP_SUCCESS) { ldb_debug(ldb, LDB_DEBUG_FATAL, "ldap_set_option failed - %s", ldap_err2string(ret)); goto failed; } *_module = module; ret = lldb_bind(module, options); if (ret != LDB_SUCCESS) { goto failed; } return LDB_SUCCESS; failed: talloc_free(module); return LDB_ERR_OPERATIONS_ERROR; }