[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Minimal OpenLDAP server source

<quote who="Joe Flowers">
> Gavin Henry wrote:
>>> The problem is that in many cases, to replace existing systems, I need
>>> to be able to intercept username and password credentials from an LDAP
>>> client, create the local or network account dynamically, perhaps
>>> perform
>>> some other setup functions, and then return a value LDAP return to the
>>> LDAP client that the authentication was successful.
>> So, as well as a normal bind, from say ldapsearch,  you need to do other
>> things if the bind was correct?
>> So how would you stop any user/pass binding and an account getting
>> created?
> I can/will do the the authoritative authentication pieces via Kerberos
> or native calls into NDS or AD or other LDAP calls or etc.


>>> I need a good snippet of LDAP server code to get me started, preferably
>>> in C.
>> If all you are after is interception, I would advise writting an
>> OpenLDAP
>> Overlay that captures what you need and does the other things you want.
>> Overlay are meant to be small and light, exactly what you need.
>> This will be easier than pulling out code and will get OpenLDAP Overlays
>> into your head, which is always very handy.
> Thanks Gavin. I'll look into Overlays then. Any experienced pointers
> where to look for example code?

Use the source! ;-)


* Read servers/slapd/overlays/*
* collect.c is an example by Howard.
* Read slapover.txt in that directory too.
* Make sure you copy/reference ones that support dynamic config to work
well with 2.4.x (they'll have schema definitions embedded in them)

Nicely commented overlay at:


auditlog.c is nice and short (as should be all overlays, as that's their
point ;-) )

That should get you going.


Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).