Hi,
Here is the patch for the LDAP auth scheme to tmda-ofmipd.
The format of the -R option has been extended to support the LDAP dn:
-R ldap://host.com/cn=%s,dc=host,dc=com
Best regards,
David
Index: bin/tmda-ofmipd
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/tmda-ofmipd,v
retrieving revision 1.15
diff -u -r1.15 tmda-ofmipd
--- bin/tmda-ofmipd 4 Sep 2002 03:08:51 -0000 1.15
+++ bin/tmda-ofmipd 4 Sep 2002 14:37:17 -0000
@@ -56,15 +56,18 @@
domain name for the local host).
-R proto[://host[:port]]
- --remoteauth proto[://host[:port]]
+ --remoteauth proto[://host[:port]][/dn]
Host to connect to to check username and password.
- proto can be one of the following:
`imap' (IMAP4 server)
'imaps' (IMAP4 server over SSL)
+ `ldap' (LDAP server)
`pop3' (POP3 server)
`apop' (POP3 server with APOP authentication)
- host defaults to localhost
- port defaults to 143 (imap), 993 (imaps) or 110 (pop3/apop)
+ - dn is mandatory for ldap proto and should contain a %s
+ identifying the username. ie: ldap://localhost/cn=%s,dc=exemple,dc=com
Example: -R imaps://myimapserver.net
-A <program>
@@ -127,12 +130,14 @@
remoteauth = { 'proto': None,
'host': 'localhost',
'port': None,
+ 'dn': '',
'enable': 0,
}
defaultauthports = { 'imap': 143,
'imaps': 993,
'apop': 110,
'pop3': 110,
+ 'ldap': 389,
# 'pop3s': 995,
}
connections = 20
@@ -222,6 +227,11 @@
'\nPlease pick one of ' + repr(defaultauthports.keys())
if arg:
try:
+ arg, dn = arg.split('/', 1)
+ remoteauth['dn'] = dn
+ except ValueError:
+ dn = ''
+ try:
authhost, authport = arg.split(':', 1)
except ValueError:
authhost = arg
@@ -230,8 +240,8 @@
remoteauth['host'] = authhost
if authport:
remoteauth['port'] = authport
- print >> DEBUGSTREAM, "auth method: %s://%s:%s" % \
- (remoteauth['proto'], remoteauth['host'], remoteauth['port'])
+ print >> DEBUGSTREAM, "auth method: %s://%s:%s/%s" % \
+ (remoteauth['proto'], remoteauth['host'], remoteauth['port'], remoteauth['dn'])
remoteauth['enable'] = 1
elif opt in ('-A', '--authprog'):
authprog = arg
@@ -344,6 +354,23 @@
else:
IMAP4_SSL = imaplib.IMAP4_SSL
+if remoteauth['proto'] == 'ldap':
+ try:
+ import ldap
+ except:
+ print >> DEBUGSTREAM, "Error: ldap scheme not supported\n" + \
+ "You should install python-ldap available at:\n" + \
+ "http://python-ldap.sourceforge.net/\n";
+ raise ImportError
+ if remoteauth['dn'] == '':
+ print >> DEBUGSTREAM, "Error: Missing ldap dn\n"
+ raise ValueError
+ try:
+ remoteauth['dn'].index('%s')
+ except:
+ print >> DEBUGSTREAM, "Error: Invalid ldap dn\n"
+ raise ValueError
+
def run_remoteauth(username, password):
print >> DEBUGSTREAM, "trying %s connection to %s@%s:%s" % \
@@ -395,6 +422,20 @@
print >> DEBUGSTREAM, "pop3 connection to %s@%s failed" % \
(username, remoteauth['host'])
return 0
+ elif remoteauth['proto'] == 'ldap':
+ import ldap
+ if remoteauth['port']:
+ port = int(remoteauth['port'])
+ try:
+ M = ldap.initialize("ldap://%s:%s"; % (remoteauth['host'], remoteauth['port']))
+ M.simple_bind_s(remoteauth['dn'] % username, password)
+ M.unbind_s()
+ return 1
+ except:
+ print >> DEBUGSTREAM, "ldap connection to %s@%s failed" % \
+ (username, remoteauth['host'])
+ return 0
+
# proto not implemented
print >> DEBUGSTREAM, "Error: protocole %s not implemented" % \
remoteauth['proto']
