[tpop3d-discuss] ldap virtual auth plugin : near release
Prune
prune at lecentre.net
Thu, 21 Feb 2002 10:28:54 +0100
--------------070602060501020901090903
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
re,
I've just found some strange behaviour. :
/* we try to bind 3 times, reconnect if needed */
for ( i=0 ; i<3; i++) {
...
I bind as administrator 3 times for every querry :))))
I'll change this in the first patch, after the first pre-release.
Cheers,
Prune
(too much work, too few sleeping)
Prune wrote:
> hi,
>
> Chris Lightfoot wrote:
>
>>On Mon, Feb 18, 2002 at 05:08:52PM +0100, Prune wrote:
>> [ auth-ldap stuff ]
>>
>>I've been workin on integrating this-- there are a couple
>>of things I'm not happy with in the existing code, for
>>instance the use of fixed-length buffers, which I'm
>>changing, but in the meantime, I have a couple of
>>questions:
>>
>> - Firstly, can you give me some example data against
>> which the plugin should be able to authenticate (in
>> LDIF format or whatever). I'm not very familiar with
>> LDAP and it's not quite clear to me what the code is
>> expecting to find in the directory.
>>
> my test user is :
>
> more ~/ldapbrowser/toto.ldif
> dn: uid=toto, ou=users, ou=copain2000.com, dc=lecentre, dc=net
> sn: totoo
> userPassword:: dG90bw==
> uidNumber: 10000
> gidNumber: 6
> mail: toto@ici
> objectClass: inetOrgPerson
> objectClass: mailRecipient
> uid: toto
> cn: toto
> maildrop: /var/mail/test1/
>
>>
>>
>>>/* auth_mysql_new_user_pass */
>>>
>>>authcontext auth_mysql_new_user_pass(const char *user, const char *pass, const char *host /* unused */) {
>>> authcontext a = NULL;
>>> char *local_part = NULL;
>>> const char *domain;
>>> char *filter = NULL;
>>>
>> [...]
>>
>>> /* we split the login and the domain from the email style login given by the user */
>>> domain = user + strcspn(user, "@%!");
>>> if (domain == user || !*domain) return NULL;
>>> ++domain;
>>> local_part = xmalloc(domain - user);
>>> if (!local_part) return NULL;
>>> memset(local_part, 0, domain - user);
>>> strncpy(local_part, user, domain - user - 1);
>>>
>>
>> - Secondly, you never use the domain in constructing the
>> query against the directory. How do you specify the
>> existence of accounts in more than one domain?
>>
> you're right.
> I search for the email address (unique, containing the domain). I use
> 'user' to build ldap filter. 'user' is the mail+domain or whatever is
> typed by the user.
> Maybe my search is not what people may want.
> In the config file you can choose which attribut to search against.
> the 'login' given by the user is stored in 'user'.
> Ldap does not work as a DB do. you don't search for 'user=foo AND
> domain=bar.com'. The domain is contained in the DN, and can't really
> be searched. but instead we use unique attributs like email, or uid.
>
>
> My problem, by now, is that you have to give a login with a '@', or
> you'll be treated as a 'lier!' :)
> maybe some people would like to have logins as 'toto%domain' or
> "toto_domain_com". This is not actually possible... (old netscape does
> not allow @ in usernames, for example).
> I think it's the same problem with other plugins ?
>
> Release the new tpop3d, and I'll work on this. it's simple to change.
> Maybe you would like to have access to my test ldap server ?
>
>>
>>
>>
>>I think I understand broadly what your code does, though,
>>so I should be able to finish integrating it and do
>>another pre-release within the next few days.
>>
> Fine. I'll then modify some few things, and it will be ready.
>
> Cheers,
> Prune
--------------070602060501020901090903
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html>
<head>
</head>
<body>
re,<br>
<br>
I've just found some strange behaviour. :<br>
<br>
/* we try to bind 3 times, reconnect if needed */<br>
for ( i=0 ; i<3; i++) {<br>
...<br>
<br>
I bind as administrator 3 times for every querry :))))<br>
I'll change this in the first patch, after the first pre-release.<br>
<br>
Cheers,<br>
<br>
Prune<br>
(too much work, too few sleeping)<br>
<br>
Prune wrote:<br>
<blockquote type="cite" cite="mid:3C74B40C.6070607@lecentre.net"> hi,<br>
<br>
Chris Lightfoot wrote:<br>
<blockquote type="cite" cite="mid:20020221002022.GA14064@caesious.cold.local">
<pre wrap="">On Mon, Feb 18, 2002 at 05:08:52PM +0100, Prune wrote:<br> [ auth-ldap stuff ]<br><br>I've been workin on integrating this-- there are a couple<br>of things I'm not happy with in the existing code, for<br>instance the use of fixed-length buffers, which I'm<br>changing, but in the meantime, I have a couple of<br>questions:<br><br> - Firstly, can you give me some example data against<br> which the plugin should be able to authenticate (in<br> LDIF format or whatever). I'm not very familiar with<br> LDAP and it's not quite clear to me what the code is<br> expecting to find in the directory.</pre>
</blockquote>
my test user is :<br>
<br>
more ~/ldapbrowser/toto.ldif<br>
dn: uid=toto, ou=users, ou=copain2000.com, dc=lecentre, dc=net<br>
sn: totoo<br>
userPassword:: dG90bw==<br>
uidNumber: 10000<br>
gidNumber: 6<br>
mail: toto@ici<br>
objectClass: inetOrgPerson<br>
objectClass: mailRecipient<br>
uid: toto<br>
cn: toto<br>
maildrop: /var/mail/test1/<br>
<blockquote type="cite" cite="mid:20020221002022.GA14064@caesious.cold.local">
<pre wrap=""><br><br></pre>
<blockquote type="cite">
<pre wrap="">/* auth_mysql_new_user_pass */<br><br>authcontext auth_mysql_new_user_pass(const char *user, const char *pass, const char *host /* unused */) {<br> authcontext a = NULL;<br> char *local_part = NULL;<br> const char *domain;<br> char *filter = NULL;<br></pre>
</blockquote>
<pre wrap=""><!----> [...]<br></pre>
<blockquote type="cite">
<pre wrap=""> /* we split the login and the domain from the email style login given by the user */<br> domain = user + strcspn(user, "@%!");<br> if (domain == user || !*domain) return NULL;<br> ++domain;<br> local_part = xmalloc(domain - user);<br> if (!local_part) return NULL;<br> memset(local_part, 0, domain - user);<br> strncpy(local_part, user, domain - user - 1);<br></pre>
</blockquote>
<pre wrap=""><!----><br> - Secondly, you never use the domain in constructing the<br> query against the directory. How do you specify the<br> existence of accounts in more than one domain?</pre>
</blockquote>
you're right.<br>
I search for the email address (unique, containing the domain). I use 'user'
to build ldap filter. 'user' is the mail+domain or whatever is typed by the
user.<br>
Maybe my search is not what people may want.<br>
In the config file you can choose which attribut to search against. the
'login' given by the user is stored in 'user'.<br>
Ldap does not work as a DB do. you don't search for 'user=foo AND domain=bar.com'.
The domain is contained in the DN, and can't really be searched. but instead
we use unique attributs like email, or uid.<br>
<br>
<br>
My problem, by now, is that you have to give a login with a '@', or you'll
be treated as a 'lier!' :)<br>
maybe some people would like to have logins as 'toto%domain' or "toto_domain_com".
This is not actually possible... (old netscape does not allow @ in usernames,
for example).<br>
I think it's the same problem with other plugins ?<br>
<br>
Release the new tpop3d, and I'll work on this. it's simple to change.<br>
Maybe you would like to have access to my test ldap server ?<br>
<blockquote type="cite" cite="mid:20020221002022.GA14064@caesious.cold.local">
<pre wrap=""><br><br><br>I think I understand broadly what your code does, though,<br>so I should be able to finish integrating it and do<br>another pre-release within the next few days.<br><br></pre>
</blockquote>
Fine. I'll then modify some few things, and it will be ready.<br>
<br>
Cheers,<br>
Prune<br>
</blockquote>
<br>
</body>
</html>
--------------070602060501020901090903--