[Date Prev][Date Next]
Re: Minimal OpenLDAP server source
<quote who="Joe Flowers">
> Gavin Henry wrote:
>>> The problem is that in many cases, to replace existing systems, I need
>>> to be able to intercept username and password credentials from an LDAP
>>> client, create the local or network account dynamically, perhaps
>>> some other setup functions, and then return a value LDAP return to the
>>> LDAP client that the authentication was successful.
>> So, as well as a normal bind, from say ldapsearch, you need to do other
>> things if the bind was correct?
>> So how would you stop any user/pass binding and an account getting
> I can/will do the the authoritative authentication pieces via Kerberos
> or native calls into NDS or AD or other LDAP calls or etc.
>>> I need a good snippet of LDAP server code to get me started, preferably
>>> in C.
>> If all you are after is interception, I would advise writting an
>> Overlay that captures what you need and does the other things you want.
>> Overlay are meant to be small and light, exactly what you need.
>> This will be easier than pulling out code and will get OpenLDAP Overlays
>> into your head, which is always very handy.
> Thanks Gavin. I'll look into Overlays then. Any experienced pointers
> where to look for example code?
Use the source! ;-)
* Read servers/slapd/overlays/*
* collect.c is an example by Howard.
* Read slapover.txt in that directory too.
* Make sure you copy/reference ones that support dynamic config to work
well with 2.4.x (they'll have schema definitions embedded in them)
Nicely commented overlay at:
auditlog.c is nice and short (as should be all overlays, as that's their
point ;-) )
That should get you going.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
Open Source. Open Solutions(tm).