[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Minimal OpenLDAP server source

To: "Joe Flowers" <flowers@social.chass.ncsu.edu>
Subject: Re: Minimal OpenLDAP server source
From: "Gavin Henry" <ghenry@suretecsystems.com>
Date: Fri, 11 May 2007 14:36:08 +0100 (BST)
Cc: openldap-software@openldap.org
Importance: Normal
In-reply-to: <46445A6B.1020700@social.chass.ncsu.edu>
References: <4641DFEE.7040100@social.chass.ncsu.edu> <37170.212.159.59.85.1178828621.squirrel@webmail.suretecsystems.com> <464392E2.3070905@social.chass.ncsu.edu> <33910.212.159.59.85.1178871476.squirrel@webmail.suretecsystems.com> <46445A6B.1020700@social.chass.ncsu.edu>
User-agent: SquirrelMail/1.4.8-4.fc6

<quote who="Joe Flowers">
> Gavin Henry wrote:
>>> The problem is that in many cases, to replace existing systems, I need
>>> to be able to intercept username and password credentials from an LDAP
>>> client, create the local or network account dynamically, perhaps
>>> perform
>>> some other setup functions, and then return a value LDAP return to the
>>> LDAP client that the authentication was successful.
>>>
>>
>> So, as well as a normal bind, from say ldapsearch,  you need to do other
>> things if the bind was correct?
>>
>> So how would you stop any user/pass binding and an account getting
>> created?
>>
>
>
> I can/will do the the authoritative authentication pieces via Kerberos
> or native calls into NDS or AD or other LDAP calls or etc.

Understood.

>
>
>>
>>> I need a good snippet of LDAP server code to get me started, preferably
>>> in C.
>>>
>>
>> If all you are after is interception, I would advise writting an
>> OpenLDAP
>> Overlay that captures what you need and does the other things you want.
>>
>> Overlay are meant to be small and light, exactly what you need.
>>
>> This will be easier than pulling out code and will get OpenLDAP Overlays
>> into your head, which is always very handy.
>>
>
> Thanks Gavin. I'll look into Overlays then. Any experienced pointers
> where to look for example code?

Use the source! ;-)

Tips:

* Read servers/slapd/overlays/*
* collect.c is an example by Howard.
* Read slapover.txt in that directory too.
* Make sure you copy/reference ones that support dynamic config to work
well with 2.4.x (they'll have schema definitions embedded in them)

Nicely commented overlay at:

http://www.openldap.org/its/index.cgi/Contrib?id=4890;page=3

auditlog.c is nice and short (as should be all overlays, as that's their
point ;-) )

That should get you going.

Gavin.

-- 
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Follow-Ups:
- Re: Minimal OpenLDAP server source
  - From: Joe Flowers <flowers@social.chass.ncsu.edu>

References:
- Minimal OpenLDAP server source
  - From: Joe Flowers <flowers@social.chass.ncsu.edu>
- Re: Minimal OpenLDAP server source
  - From: "Gavin Henry" <ghenry@suretecsystems.com>
- Re: Minimal OpenLDAP server source
  - From: Joe Flowers <flowers@social.chass.ncsu.edu>
- Re: Minimal OpenLDAP server source
  - From: "Gavin Henry" <ghenry@suretecsystems.com>
- Re: Minimal OpenLDAP server source
  - From: Joe Flowers <flowers@social.chass.ncsu.edu>

Prev by Date: Re: Minimal OpenLDAP server source
Next by Date: ldap rwm-rewriteMap binddn
Index(es):
- Chronological
- Thread