Quick guide:
- download "midgard-lib-1.4.3.tar.bz2", "mod_midgard-1.4.3.tar.bz2",
"midgard-php4-1.4.3.tar.bz2" and "midgard-data-1.4.3.tar.bz2" from
http://www.midgard-project.org/download/
- get the extra header-files "lber.h" and "ldap.h" from the openldap-libary (for
example libopenldap-dev for debian)
- unpack packeges with tar -xvjf filename
- copy "lber.h" and "ldap.h" into directory "src/"
- edit the file "src/midgard.c" in package "midgard-lib-1.4.3" and add following lines
(old lines are marked with ">"):
1.) Include for extra header-files
> #include <unistd.h>
> #include <netdb.h>
> #include <signal.h>
#include <lber.h>
#include <ldap.h>
>
> gchar *repligard_magic_string;
> static FILE *_log_file = NULL;
2.) variables-declaration
> static int mgd_auth_su(midgard * mgd, const char *username,
> const char *password, int su, int setuid)
> {
/* BEGIN LDAP MODIFY */
char *userclean;
LDAP *ld;
char base[100];
int scope;
char filter[100], *attrs[2];
int attrsonly = 1;
LDAPMessage *result, *entry;
char *dn;
int rc, bc;
char who[MGD_USERNAME_MAXLEN + 45];
/* END LDAP MODIFY */
>
>
> midgard_res *res;
> mgd_parser *parser;
> int i;
> const char *cipher, *passwd;
3.) removes sitegroup from username and test password with ldap; user "admin" will
always tested with midgard-DB, not with ldap
> while (mgd->current_user->id == 0 && mgd_fetch(res)) {
> passwd = mgd_colvalue(res, 1);
>
> if (passwd[0] == '*' && passwd[1] == '*') {
> passwd += 2;
> cipher = password;
> }
> else
> cipher = (const char *)crypt(password, passwd);
>
/* BEGIN LDAP MODIFY */
userclean = strtok(username,"!*+");
if (strcmp(userclean,"admin") != 0) {
strcpy(base,"o=example GmbH, c=COM"); # insert your dn here
strcpy(filter,"uid=");
strcat(filter,userclean);
scope=(LDAP_SCOPE_SUBTREE);
attrs[0] = (char *) malloc(20*(sizeof(char)));
strcpy (attrs[0] ,"cn");
attrs[1] = NULL;
ld = ldap_open("ldap-server",389); # insert ldap-servername and port here
rc = ldap_search_s(ld, base, scope, filter, attrs, attrsonly, &result);
free(attrs[0]);
entry = ldap_first_entry(ld, result);
dn = ldap_get_dn(ld, entry);
strcpy(who, dn);
free(dn);
rc = 12;
if(strcmp(password,"")) {
rc = ldap_simple_bind_s(ld,who,password);
if(rc == 0){
bc = ldap_unbind_s(ld);
}
}
} else ,{
rc = 12;
}
/* END LDAP MODIFY */
>
> if (
> #if HAVE_MIDGARD_SITEGROUPS
4.) if ldap-password-check successfull, do not test password with ldap-db
> if (
> #if HAVE_MIDGARD_SITEGROUPS
> su ||
> #endif
> !strcmp(cipher, passwd)
>
/* BEGIN LDAP MODIFY */
|| (rc == 0))
/* END LDAP MODIFY */
>
> mgd->current_user->id = mgd_sql2id(res, 0);
> }
- do not forget to add your dn and servername in Part 3.)
- compile all packages und install it
- note: if authentification an ldap fails (for example wrong password), password will
be tested on midgard-db too
- note: user admin is never authentificated against ldap, for this user the midgard-db
is always used
Mirko Wyschkon
-----Original Message-----
From: Vincent Stoessel [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 09, 2002 4:22 PM
To: [EMAIL PROTECTED]
Subject: Re: [midgard-user] ldap auth
Yes, I agree, please share that modification.
Thanks.
Henri Bergius wrote:
> On Thu, 2002-08-08 at 10:48, Wyschkon Mirko wrote:
>
>>Yes, you can use LDAP-authentication with Midgard, but you have to modify the
>sourcecode and recompile it. We use LDAP-authentication in our development- and
>production-environments. If you need more details post a message to this mailinglist.
>
>
> I think a simple HOWTO document would be of interest to many
> people here.
>
>
>>Mirko Wyschkon
>
>
> /Bergie
>
--
Vincent Stoessel
Linux Systems Developer
vincent xaymaca.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
