int get_connected_ldap_session(char* _lds_name, struct ld_session** _lds)
{
/*
* get ld session
*/
if ((*_lds = get_ld_session(_lds_name)) == NULL)
{
LM_ERR("[%s]: ldap_session not found\n", _lds_name);
return -1;
}
/* try to reconnect if ldap session handle is NULL */
if ((*_lds)->handle == NULL)
{
if (ldap_reconnect(_lds_name) == 0)
{
if ((*_lds = get_ld_session(_lds_name)) == NULL)
{
LM_ERR("[%s]: ldap_session not found\n", _lds_name);
return -1;
}
}
else
{
if (last_ldap_result != NULL)
{
ldap_msgfree(last_ldap_result);
last_ldap_result = NULL;
}
ldap_disconnect(_lds_name);
LM_ERR("[%s]: reconnect failed\n", _lds_name);
return -1;
}
}
/* free old last_ldap_result */
/*
* this is done now in lds_search
*
if (last_ldap_result != NULL) {
ldap_msgfree(last_ldap_result);
last_ldap_result = NULL;
}
*/
return 0;
}
int ldap_disconnect(char* _ld_name)
{
struct ld_session* lds;
/*
* get ld session
*/
if ((lds = get_ld_session(_ld_name)) == NULL)
{
LM_ERR("ld_session [%s] not found\n", _ld_name);
return -1;
}
if (lds->handle == NULL) {
return 0;
}
ldap_unbind_ext(lds->handle, NULL, NULL);
lds->handle = NULL;
return 0;
}
int ldap_connect(char* _ld_name)
{
int rc;
int ldap_bind_result_code;
char *ldap_err_str;
int ldap_proto_version;
int msgid;
LDAPMessage *result;
struct ld_session* lds;
struct berval ldap_cred;
/*
* get ld session and session config parameters
*/
if ((lds = get_ld_session(_ld_name)) == NULL)
{
LM_ERR("ld_session [%s] not found\n", _ld_name);
return -1;
}
/*
* ldap_initialize
*/
rc = ldap_initialize(&lds->handle, lds->host_name);
if (rc != LDAP_SUCCESS)
{
LM_ERR( "[%s]: ldap_initialize (%s) failed: %s\n",
_ld_name,
lds->host_name,
ldap_err2string(rc));
return -1;
}
/*
* set LDAP OPTIONS
*/
/* LDAP_OPT_PROTOCOL_VERSION */
switch (lds->version) {
case 2:
ldap_proto_version = LDAP_VERSION2;
break;
case 3:
ldap_proto_version = LDAP_VERSION3;
break;
default:
LM_ERR( "[%s]: Invalid LDAP protocol version [%d]\n",
_ld_name,
lds->version);
return -1;
}
if (ldap_set_option(lds->handle,
LDAP_OPT_PROTOCOL_VERSION,
&ldap_proto_version)
!= LDAP_OPT_SUCCESS)
{
LM_ERR( "[%s]: Could not set LDAP_OPT_PROTOCOL_VERSION [%d]\n",
_ld_name,
ldap_proto_version);
return -1;
}
/* LDAP_OPT_RESTART */
if (ldap_set_option(lds->handle,
LDAP_OPT_RESTART,
LDAP_OPT_ON)
!= LDAP_OPT_SUCCESS) {
LM_ERR("[%s]: Could not set LDAP_OPT_RESTART to ON\n", _ld_name);
return -1;
}
/* LDAP_OPT_TIMELIMIT */
/*
if (lds->server_search_timeout > 0) {
if (ldap_set_option(lds->handle,
LDAP_OPT_TIMELIMIT,
&lds->server_search_timeout)
!= LDAP_OPT_SUCCESS) {
LM_ERR("[%s]: Could not set LDAP_OPT_TIMELIMIT to [%d]\n",
_ld_name, lds->server_search_timeout);
return -1;
}
}
*/
/* LDAP_OPT_NETWORK_TIMEOUT */
if ((lds->network_timeout.tv_sec > 0) || (lds->network_timeout.tv_usec > 0))
{
if (ldap_set_option(lds->handle,
LDAP_OPT_NETWORK_TIMEOUT,
(const void *)&lds->network_timeout)
!= LDAP_OPT_SUCCESS)
{
LM_ERR( "[%s]: Could not set"
" LDAP_NETWORK_TIMEOUT to [%d.%d]\n",
_ld_name,
(int)lds->network_timeout.tv_sec,
(int)lds->network_timeout.tv_usec);
}
}
/*
* ldap_sasl_bind (LDAP_SASL_SIMPLE)
*/
ldap_cred.bv_val = lds->bind_pwd;
ldap_cred.bv_len = strlen(lds->bind_pwd);
rc = ldap_sasl_bind(
lds->handle,
lds->bind_dn,
LDAP_SASL_SIMPLE,
&ldap_cred,
NULL,
NULL,
&msgid);
if (rc != LDAP_SUCCESS)
{
LM_ERR( "[%s]: ldap bind failed: %s\n",
_ld_name,
ldap_err2string(rc));
return -1;
}
if ((lds->client_bind_timeout.tv_sec == 0)
&& (lds->client_bind_timeout.tv_usec == 0))
{
rc = ldap_result(lds->handle, msgid, 1, NULL, &result);
} else
{
rc = ldap_result(lds->handle, msgid, 1, &lds->client_bind_timeout,
&result);
}
if (rc == -1)
{
ldap_get_option(lds->handle, LDAP_OPT_ERROR_NUMBER, &rc);
ldap_err_str = ldap_err2string(rc);
LM_ERR( "[%s]: ldap_result failed: %s\n",
_ld_name,
ldap_err_str);
return -1;
}
else if (rc == 0)
{
LM_ERR("[%s]: bind operation timed out\n", _ld_name);
return -1;
}
rc = ldap_parse_result(
lds->handle,
result,
&ldap_bind_result_code,
NULL,
NULL,
NULL,
NULL,
1);
if (rc != LDAP_SUCCESS)
{
LM_ERR( "[%s]: ldap_parse_result failed: %s\n",
_ld_name,
ldap_err2string(rc));
return -1;
}
if (ldap_bind_result_code != LDAP_SUCCESS)
{
LM_ERR( "[%s]: ldap bind failed: %s\n",
_ld_name,
ldap_err2string(ldap_bind_result_code));
return -1;
}
/* freeing result leads to segfault ... bind result is probably used by openldap lib */
/* ldap_msgfree(result); */
LM_DBG( "[%s]: LDAP bind successful (ldap_host [%s])\n",
_ld_name,
lds->host_name);
return 0;
}
int ldap_connect(char* _ld_name)
{
int rc;
int ldap_proto_version;
struct ld_session* lds;
struct berval ldap_cred;
struct berval* ldap_credp;
/*
struct berval* serv_cred = (struct berval*)pkg_malloc(sizeof(struct berval));
if(!serv_cred){
LM_ERR("Out of mem\n");
return -1;
}
*/
/*
* get ld session and session config parameters
*/
if ((lds = get_ld_session(_ld_name)) == NULL)
{
LM_ERR("ld_session [%s] not found\n", _ld_name);
return -1;
}
/*
* ldap_initialize
*/
rc = ldap_initialize(&lds->handle, lds->host_name);
if (rc != LDAP_SUCCESS)
{
LM_ERR( "[%s]: ldap_initialize (%s) failed: %s\n",
_ld_name,
lds->host_name,
ldap_err2string(rc));
return -1;
}
/*
* set LDAP OPTIONS
*/
/* LDAP_OPT_PROTOCOL_VERSION */
switch (lds->version) {
case 2:
ldap_proto_version = LDAP_VERSION2;
break;
case 3:
ldap_proto_version = LDAP_VERSION3;
break;
default:
LM_ERR( "[%s]: Invalid LDAP protocol version [%d]\n",
_ld_name,
lds->version);
return -1;
}
if (ldap_set_option(lds->handle,
LDAP_OPT_PROTOCOL_VERSION,
&ldap_proto_version)
!= LDAP_OPT_SUCCESS)
{
LM_ERR( "[%s]: Could not set LDAP_OPT_PROTOCOL_VERSION [%d]\n",
_ld_name,
ldap_proto_version);
return -1;
}
/* LDAP_OPT_RESTART */
if (ldap_set_option(lds->handle,
LDAP_OPT_RESTART,
LDAP_OPT_ON)
!= LDAP_OPT_SUCCESS) {
LM_ERR("[%s]: Could not set LDAP_OPT_RESTART to ON\n", _ld_name);
return -1;
}
/* LDAP_OPT_TIMELIMIT */
/*
if (lds->server_search_timeout > 0) {
if (ldap_set_option(lds->handle,
LDAP_OPT_TIMELIMIT,
&lds->server_search_timeout)
!= LDAP_OPT_SUCCESS) {
LM_ERR("[%s]: Could not set LDAP_OPT_TIMELIMIT to [%d]\n",
_ld_name, lds->server_search_timeout);
return -1;
}
}
*/
/* LDAP_OPT_NETWORK_TIMEOUT */
if ((lds->network_timeout.tv_sec > 0) || (lds->network_timeout.tv_usec > 0))
{
if (ldap_set_option(lds->handle,
LDAP_OPT_NETWORK_TIMEOUT,
(const void *)&lds->network_timeout)
!= LDAP_OPT_SUCCESS)
{
LM_ERR( "[%s]: Could not set"
" LDAP_NETWORK_TIMEOUT to [%d.%d]\n",
_ld_name,
(int)lds->network_timeout.tv_sec,
(int)lds->network_timeout.tv_usec);
}
}
/* if timeout == 0 then use default */
if ((lds->client_bind_timeout.tv_sec == 0)
&& (lds->client_bind_timeout.tv_usec == 0))
{
lds->client_bind_timeout.tv_sec =
CFG_DEF_LDAP_CLIENT_BIND_TIMEOUT / 1000;
lds->client_bind_timeout.tv_usec =
(CFG_DEF_LDAP_CLIENT_BIND_TIMEOUT % 1000) * 1000;
}
rc = ldap_set_option(lds->handle, LDAP_OPT_TIMEOUT, &lds->client_bind_timeout);
if(rc != LDAP_SUCCESS){
LM_ERR("[%s]: ldap set option LDAP_OPT_TIMEOUT failed\n", _ld_name);
return -1;
}
/* if no "ldap_bind_password" then anonymous */
ldap_cred.bv_val = lds->bind_pwd;
ldap_cred.bv_len = strlen(lds->bind_pwd);
if(ldap_cred.bv_len == 0 || ldap_cred.bv_val[0]==0){
ldap_credp = NULL;
}else{
ldap_credp = &ldap_cred;
}
/*
* ldap_sasl_bind (LDAP_SASL_SIMPLE)
*/
rc = ldap_sasl_bind_s(
lds->handle,
lds->bind_dn,
LDAP_SASL_SIMPLE,
ldap_credp,
NULL,
NULL,
NULL /*&serv_cred */
);
if (rc != LDAP_SUCCESS)
{
LM_ERR( "[%s]: ldap bind failed: %s\n",
_ld_name,
ldap_err2string(rc));
return -1;
}
LM_DBG( "[%s]: LDAP bind successful (ldap_host [%s])\n",
_ld_name,
lds->host_name);
return 0;
}
