<quote who="Joe Flowers"> > Gavin Henry wrote: >>> The problem is that in many cases, to replace existing systems, I need >>> to be able to intercept username and password credentials from an LDAP >>> client, create the local or network account dynamically, perhaps >>> perform >>> some other setup functions, and then return a value LDAP return to the >>> LDAP client that the authentication was successful. >>> >> >> So, as well as a normal bind, from say ldapsearch, you need to do other >> things if the bind was correct? >> >> So how would you stop any user/pass binding and an account getting >> created? >> > > > I can/will do the the authoritative authentication pieces via Kerberos > or native calls into NDS or AD or other LDAP calls or etc.
Understood. > > >> >>> I need a good snippet of LDAP server code to get me started, preferably >>> in C. >>> >> >> If all you are after is interception, I would advise writting an >> OpenLDAP >> Overlay that captures what you need and does the other things you want. >> >> Overlay are meant to be small and light, exactly what you need. >> >> This will be easier than pulling out code and will get OpenLDAP Overlays >> into your head, which is always very handy. >> > > Thanks Gavin. I'll look into Overlays then. Any experienced pointers > where to look for example code? Use the source! ;-) Tips: * Read servers/slapd/overlays/* * collect.c is an example by Howard. * Read slapover.txt in that directory too. * Make sure you copy/reference ones that support dynamic config to work well with 2.4.x (they'll have schema definitions embedded in them) Nicely commented overlay at: http://www.openldap.org/its/index.cgi/Contrib?id=4890;page=3 auditlog.c is nice and short (as should be all overlays, as that's their point ;-) ) That should get you going. Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/
