Hi,

Here is the patch for the LDAP auth scheme to tmda-ofmipd.

The format of the -R option has been extended to support the LDAP dn:

-R ldap://host.com/cn=%s,dc=host,dc=com

Best regards,

David
Index: bin/tmda-ofmipd
===================================================================
RCS file: /cvsroot/tmda/tmda/bin/tmda-ofmipd,v
retrieving revision 1.15
diff -u -r1.15 tmda-ofmipd
--- bin/tmda-ofmipd	4 Sep 2002 03:08:51 -0000	1.15
+++ bin/tmda-ofmipd	4 Sep 2002 14:37:17 -0000
@@ -56,15 +56,18 @@
 	domain name for the local host).
 
     -R proto[://host[:port]]
-    --remoteauth proto[://host[:port]]
+    --remoteauth proto[://host[:port]][/dn]
         Host to connect to to check username and password.
         - proto can be one of the following:
 	  `imap' (IMAP4 server)
 	  'imaps' (IMAP4 server over SSL)
+	  `ldap' (LDAP server)
 	  `pop3' (POP3 server)
 	  `apop' (POP3 server with APOP authentication)
         - host defaults to localhost
         - port defaults to 143 (imap), 993 (imaps) or 110 (pop3/apop)
+        - dn is mandatory for ldap proto and should contain a %s 
+            identifying the username. ie: ldap://localhost/cn=%s,dc=exemple,dc=com
         Example: -R imaps://myimapserver.net
 
     -A <program>
@@ -127,12 +130,14 @@
 remoteauth = { 'proto': None,
                'host':  'localhost',
                'port':  None,
+               'dn':  '',
                'enable': 0,
                }
 defaultauthports = { 'imap':  143,
                      'imaps': 993,
                      'apop': 110,
                      'pop3':  110,
+                     'ldap':  389,
                      #                     'pop3s': 995,
                      }
 connections = 20
@@ -222,6 +227,11 @@
                     '\nPlease pick one of ' + repr(defaultauthports.keys())
         if arg:
             try:
+                arg, dn = arg.split('/', 1)
+                remoteauth['dn'] = dn
+            except ValueError:
+                dn = ''
+            try:
                 authhost, authport = arg.split(':', 1)
             except ValueError:
                 authhost = arg
@@ -230,8 +240,8 @@
                 remoteauth['host'] = authhost
             if authport:
                 remoteauth['port'] = authport
-        print >> DEBUGSTREAM, "auth method: %s://%s:%s" % \
-              (remoteauth['proto'], remoteauth['host'], remoteauth['port'])
+        print >> DEBUGSTREAM, "auth method: %s://%s:%s/%s" % \
+              (remoteauth['proto'], remoteauth['host'], remoteauth['port'], remoteauth['dn'])
         remoteauth['enable'] = 1
     elif opt in ('-A', '--authprog'):
 	authprog = arg
@@ -344,6 +354,23 @@
     else:
         IMAP4_SSL = imaplib.IMAP4_SSL
 
+if remoteauth['proto'] == 'ldap':
+    try:
+        import ldap
+    except:
+        print >> DEBUGSTREAM, "Error: ldap scheme not supported\n" + \
+            "You should install python-ldap available at:\n" + \
+            "http://python-ldap.sourceforge.net/\n";
+        raise ImportError
+    if remoteauth['dn'] == '':
+        print >> DEBUGSTREAM, "Error: Missing ldap dn\n"
+        raise ValueError
+    try:
+        remoteauth['dn'].index('%s')
+    except:
+        print >> DEBUGSTREAM, "Error: Invalid ldap dn\n"
+        raise ValueError
+
 
 def run_remoteauth(username, password):
     print >> DEBUGSTREAM, "trying %s connection to %s@%s:%s" % \
@@ -395,6 +422,20 @@
             print >> DEBUGSTREAM, "pop3 connection to %s@%s failed" % \
                   (username, remoteauth['host'])
             return 0
+    elif remoteauth['proto'] == 'ldap':
+        import ldap
+        if remoteauth['port']:
+            port = int(remoteauth['port'])
+        try:
+            M = ldap.initialize("ldap://%s:%s"; % (remoteauth['host'], remoteauth['port']))
+            M.simple_bind_s(remoteauth['dn'] % username, password)
+            M.unbind_s()
+            return 1
+        except:
+            print >> DEBUGSTREAM, "ldap connection to %s@%s failed" % \
+                  (username, remoteauth['host'])
+            return 0
+
     # proto not implemented
     print >> DEBUGSTREAM, "Error: protocole %s not implemented" % \
             remoteauth['proto']

Reply via email to