Sorry for the OpenLDAP noob question:
Analogous to the OpenSSL "minimal ssleay server" (minimal SSL server) at /openssl-0.9.8e.tar/openssl-0.9.8e/demos/ssl/serv.cpp, is there a "minimal" OpenLDAP server source code snippet as well?
Thank you!
Joe
<quote who="Joe Flowers">
Sorry for the OpenLDAP noob question:
Analogous to the OpenSSL "minimal ssleay server" (minimal SSL server) at /openssl-0.9.8e.tar/openssl-0.9.8e/demos/ssl/serv.cpp, is there a "minimal" OpenLDAP server source code snippet as well?
Thank you!
What feature/s are you after?
Thanks Gavin.
One current/relevant/important example: The authentication from some of our important systems is moving toward LDAP *only*. The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
I need a good snippet of LDAP server code to get me started, preferably in C.
Thanks,
Joe
Gavin Henry wrote:
<quote who="Joe Flowers"> > Sorry for the OpenLDAP noob question: > > Analogous to the OpenSSL "minimal ssleay server" (minimal SSL server) at > /openssl-0.9.8e.tar/openssl-0.9.8e/demos/ssl/serv.cpp, is there a > "minimal" OpenLDAP server source code snippet as well? > > Thank you!
What feature/s are you after?
<quote who="Joe Flowers">
Thanks Gavin.
One current/relevant/important example: The authentication from some of our important systems is moving toward LDAP *only*.
Understood.
The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
So, as well as a normal bind, from say ldapsearch, you need to do other things if the bind was correct?
So how would you stop any user/pass binding and an account getting created?
I need a good snippet of LDAP server code to get me started, preferably in C.
If all you are after is interception, I would advise writting an OpenLDAP Overlay that captures what you need and does the other things you want.
Overlay are meant to be small and light, exactly what you need.
This will be easier than pulling out code and will get OpenLDAP Overlays into your head, which is always very handy.
Thanks,
Joe
Gavin Henry wrote:
The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
So, as well as a normal bind, from say ldapsearch, you need to do other things if the bind was correct?
So how would you stop any user/pass binding and an account getting created?
I can/will do the the authoritative authentication pieces via Kerberos or native calls into NDS or AD or other LDAP calls or etc.
I need a good snippet of LDAP server code to get me started, preferably in C.
If all you are after is interception, I would advise writting an OpenLDAP Overlay that captures what you need and does the other things you want.
Overlay are meant to be small and light, exactly what you need.
This will be easier than pulling out code and will get OpenLDAP Overlays into your head, which is always very handy.
Thanks Gavin. I'll look into Overlays then. Any experienced pointers where to look for example code?
Thanks again,
Joe
<quote who="Joe Flowers">
Gavin Henry wrote:
The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
So, as well as a normal bind, from say ldapsearch, you need to do other things if the bind was correct?
So how would you stop any user/pass binding and an account getting created?
I can/will do the the authoritative authentication pieces via Kerberos or native calls into NDS or AD or other LDAP calls or etc.
Understood.
I need a good snippet of LDAP server code to get me started, preferably in C.
If all you are after is interception, I would advise writting an OpenLDAP Overlay that captures what you need and does the other things you want.
Overlay are meant to be small and light, exactly what you need.
This will be easier than pulling out code and will get OpenLDAP Overlays into your head, which is always very handy.
Thanks Gavin. I'll look into Overlays then. Any experienced pointers where to look for example code?
Use the source! ;-)
Tips:
* Read servers/slapd/overlays/* * collect.c is an example by Howard. * Read slapover.txt in that directory too. * Make sure you copy/reference ones that support dynamic config to work well with 2.4.x (they'll have schema definitions embedded in them)
Nicely commented overlay at:
http://www.openldap.org/its/index.cgi/Contrib?id=4890;page=3
auditlog.c is nice and short (as should be all overlays, as that's their point ;-) )
That should get you going.
Gavin.
Thanks a million Gavin, really! That's exactly what I need - getting pointed in the right direction by someone who knows.
Most appreciated!
Joe
Gavin Henry wrote:
Thanks Gavin. I'll look into Overlays then. Any experienced pointers where to look for example code?
Use the source! ;-)
Tips:
- Read servers/slapd/overlays/*
- collect.c is an example by Howard.
- Read slapover.txt in that directory too.
- Make sure you copy/reference ones that support dynamic config to work
well with 2.4.x (they'll have schema definitions embedded in them)
Nicely commented overlay at:
http://www.openldap.org/its/index.cgi/Contrib?id=4890;page=3
auditlog.c is nice and short (as should be all overlays, as that's their point ;-) )
That should get you going.
Gavin.
<quote who="Joe Flowers">
Thanks a million Gavin, really! That's exactly what I need - getting pointed in the right direction by someone who knows.
Most appreciated!
No probs. Just make sure you submit your overlay back into contrib via ITS! ;-)
Joe
Gavin Henry wrote:
Thanks Gavin. I'll look into Overlays then. Any experienced pointers where to look for example code?
Use the source! ;-)
Tips:
- Read servers/slapd/overlays/*
- collect.c is an example by Howard.
- Read slapover.txt in that directory too.
- Make sure you copy/reference ones that support dynamic config to work
well with 2.4.x (they'll have schema definitions embedded in them)
Nicely commented overlay at:
http://www.openldap.org/its/index.cgi/Contrib?id=4890;page=3
auditlog.c is nice and short (as should be all overlays, as that's their point ;-) )
That should get you going.
Gavin.
On 5/11/07, Joe Flowers flowers@social.chass.ncsu.edu wrote:
Gavin Henry wrote:
The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
So, as well as a normal bind, from say ldapsearch, you need to do other things if the bind was correct?
So how would you stop any user/pass binding and an account getting created?
I can/will do the the authoritative authentication pieces via Kerberos or native calls into NDS or AD or other LDAP calls or etc.
You might want to check out this thread: http://www.openldap.org/lists/openldap-software/200702/msg00126.html
It sounds like you're doing something similar to manu@netbsd.org
_Matt
Joe-
Although OT for this list, I recently stumbled upon this Perl module that implements an LDAP server: http://search.cpan.org/~aar/Net-LDAP-Server-0.3/lib/Net/LDAP/Server.pm
Implementing your own "bind()" handler is very simple using this module.
HTH, -Matt
On Thu, 2007-05-10 at 17:47 -0400, Joe Flowers wrote:
Thanks Gavin.
One current/relevant/important example: The authentication from some of our important systems is moving toward LDAP *only*. The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
I need a good snippet of LDAP server code to get me started, preferably in C.
Thanks,
Joe
Gavin Henry wrote:
<quote who="Joe Flowers"> > Sorry for the OpenLDAP noob question: > > Analogous to the OpenSSL "minimal ssleay server" (minimal SSL server) at > /openssl-0.9.8e.tar/openssl-0.9.8e/demos/ssl/serv.cpp, is there a > "minimal" OpenLDAP server source code snippet as well? > > Thank you!
What feature/s are you after?
Thanks Matt. If all else fails, I'll be forced to take a look at it. Thanks for the specific URL! I really want to stick with OpenLDAP if at all possible.
Joe
Smith, Matt wrote:
Joe-
Although OT for this list, I recently stumbled upon this Perl module that implements an LDAP server: http://search.cpan.org/~aar/Net-LDAP-Server-0.3/lib/Net/LDAP/Server.pm
Implementing your own "bind()" handler is very simple using this module.
HTH, -Matt
On Thu, 2007-05-10 at 17:47 -0400, Joe Flowers wrote:
Thanks Gavin.
One current/relevant/important example: The authentication from some of our important systems is moving toward LDAP *only*. The problem is that in many cases, to replace existing systems, I need to be able to intercept username and password credentials from an LDAP client, create the local or network account dynamically, perhaps perform some other setup functions, and then return a value LDAP return to the LDAP client that the authentication was successful.
I need a good snippet of LDAP server code to get me started, preferably in C.
Thanks,
Joe
Gavin Henry wrote:
<quote who="Joe Flowers">
Sorry for the OpenLDAP noob question:
Analogous to the OpenSSL "minimal ssleay server" (minimal SSL server) at /openssl-0.9.8e.tar/openssl-0.9.8e/demos/ssl/serv.cpp, is there a "minimal" OpenLDAP server source code snippet as well?
Thank you!
What feature/s are you after?
openldap-software@openldap.org
-
Gavin Henry -
Joe Flowers -
matthew sporleder -
Smith, Matt