Hello,
I have a little with this very simple program :
#include <iostream>
#include <stdlib.h>
#define LDAP_DEPRECATED 1
#include <ldap.h>
using namespace std;
const char* server = "ldap://ldap.xxxx.fr";;
const char* cacert_file = "cacert.pem";
const char* root_dn = "cn=replicator,ou=DSA,dc=xxxx,dc=fr";
const char* root_pw = "xxxx";
const char* aliased_people_dn ="ou=AliasedPeople,dc=xxxx,dc=fr";
int main(int argc, char *argv[])
{
if (argc != 3) {
cerr << "Usage: " << argv[0] << " username password" << endl;
return 1;
}
LDAP *ld;
int version = LDAP_VERSION3;
int rc;
if ((rc = ldap_initialize(&ld, server)) != LDAP_SUCCESS) {
cerr << "ldap_initialize: " << server << endl;
return EXIT_FAILURE;
}
if ((rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version))
!= LDAP_OPT_SUCCESS) {
cerr << "ldap_set_option error: " << ldap_err2string(rc) << endl;
return EXIT_FAILURE;
}
if ((rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE,
cacert_file)) != LDAP_OPT_SUCCESS )
{
cerr << "ldap_set_option error: " << ldap_err2string(rc) << endl;
return EXIT_FAILURE;
}
if ((rc = ldap_start_tls_s(ld, NULL, NULL)) != LDAP_SUCCESS)
{
cerr << "ldap_start_tls_s error: " << ldap_err2string(rc) << endl;
return EXIT_FAILURE;
}
if ((rc = ldap_bind_s(ld, root_dn, root_pw, LDAP_AUTH_SIMPLE)) !=
LDAP_SUCCESS) {
cerr << "ldap_bind_s: " << ldap_err2string(rc) << endl;
return EXIT_FAILURE;
}
cout << "user replicator authenticated :)." << endl;
LDAPMessage *pResult;
struct berval cred;
char *pDN;
std::string filter("uid=" + string(argv[1]));
rc = ldap_search_ext_s(ld, aliased_people_dn, LDAP_SCOPE_SUBTREE,
filter.c_str(), NULL, 0, NULL, NULL,
NULL, LDAP_NO_LIMIT, &pResult);
if (rc != LDAP_SUCCESS)
{
cerr << "ldap_search_ext_s error: " << ldap_err2string(rc) <<
endl;
ldap_unbind_s(ld);
return EXIT_FAILURE;
}
struct berval **vals;
LDAPMessage *pEntry;
string user_dn;
if (ldap_count_entries(ld, pResult) == 1) {
pEntry = ldap_first_entry(ld, pResult);
pDN = ldap_get_dn(ld, pEntry);
vals = ldap_get_values_len(ld, pEntry, "aliasedObjectName");
if (vals) {
user_dn = vals[0]->bv_val;
ldap_value_free_len(vals);
}
ldap_memfree(pDN);
}
else {
cout << "aliasedObjectName attribute not found" << endl;
ldap_unbind_s(ld);
return EXIT_FAILURE;
}
ldap_memfree(pResult);
if ((rc = ldap_bind_s(ld, user_dn.c_str(), argv[2],
LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {
cerr << "user " << argv[1] << " not authenticated" << endl;
ldap_unbind_s(ld);
return EXIT_FAILURE;
}
cout << "user " << argv[1] << " (" << user_dn << ") authenticated"
<< endl;
ldap_unbind_s(ld);
return EXIT_SUCCESS;
}
My program works fine but, if I use valgrind, I have memory leaks :
==13616== LEAK SUMMARY:
==13616== definitely lost: 136 bytes in 2 blocks
==13616== indirectly lost: 284 bytes in 3 blocks
==13616== possibly lost: 0 bytes in 0 blocks
==13616== still reachable: 260,033 bytes in 1,152 blocks
==13616== suppressed: 0 bytes in 0 blocks
==13616== Reachable blocks (those to which a pointer was found) are not
shown.
==13616== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==13616==
==13616== For counts of detected and suppressed errors, rerun with: -v
==13616== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
I don't understand why. Do you have a idea ?
I work on Ubuntu 14.04. The OpenLDAP version is 2.4.31.
Thanks,
Jean-Marc.