<quote who="Joe Flowers">
Gavin Henry wrote:
The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
So, as well as a normal bind, from say ldapsearch, you need to do other things if the bind was correct?
So how would you stop any user/pass binding and an account getting created?
I can/will do the the authoritative authentication pieces via Kerberos or native calls into NDS or AD or other LDAP calls or etc.
Understood.
I need a good snippet of LDAP server code to get me started, preferably in C.
If all you are after is interception, I would advise writting an OpenLDAP Overlay that captures what you need and does the other things you want.
Overlay are meant to be small and light, exactly what you need.
This will be easier than pulling out code and will get OpenLDAP Overlays into your head, which is always very handy.
Thanks Gavin. I'll look into Overlays then. Any experienced pointers where to look for example code?
Use the source! ;-)
Tips:
* Read servers/slapd/overlays/* * collect.c is an example by Howard. * Read slapover.txt in that directory too. * Make sure you copy/reference ones that support dynamic config to work well with 2.4.x (they'll have schema definitions embedded in them)
Nicely commented overlay at:
http://www.openldap.org/its/index.cgi/Contrib?id=4890;page=3
auditlog.c is nice and short (as should be all overlays, as that's their point ;-) )
That should get you going.
Gavin.