[Date Prev][Date Next] [Chronological] [Thread] [Top]

Preoperation Plugin Questions


I'm writing an preoperation authentication plugin for OpenLDAP, but I
have trouble finding any documentation whatsoever on this. So most of
what I know comes from tutorials like this one from Oracle:

But since this is not official documentation and I find the execution
paths hard to trace, I have two questions stemming from above guide:

1) The guide says that for an authentication preop plugin,

    Your pre-operation plug-in function is responsible for sending the
    result code to the client and for setting the DN and
    authentication method for the connection.

  Okay, so I do that. Like in the code example, I set the connection's
  DN to the value I got from the 'pb' in the first place:

   slapi_pblock_set(pb, SLAPI_CONN_DN, slapi_ch_strdup(dn));

  But setting the authentication type fails:

   slapi_pblock_set(pb, SLAPI_CONN_AUTHTYPE, SLAPD_AUTH_SIMPLE);

  This is no real error though, it's simply not implemented: See

        /* These parameters cannot be set */
        rc = PBLOCK_ERROR;

  (This was noted in 2006 already, with no reply on this list:
  http://www.openldap.org/lists/openldap-software/200601/msg00044.html )

  So basically it boils down to: Do I have to do *any* other stuff
  except for sending back the result code? Like this:

    slapi_send_ldap_result(pb, rc, NULL, NULL, 0, NULL);

2) What is the preferred return value for a plugin function? Most
   (other) documentations and the code hints at this:

        i)  return 0 if you handled the authentication
        ii) return 1 if you want successive plugins/backends/... to
            handle the authentication

   Is this correct? Or should I use the more suggestive



P.S.: What I'm actually trying to achieve is to do RADIUS
authentification via an external library. But I want to send the
client's IP in a Calling-Station-Id attribute, so I cannot simply
write a password check function, right? If you got any ideas that are
better than a preop module, please tell me...