Dan White wrote:
On 01/23/13 17:00 +0100, Julius Plenz wrote:
Hi,
I'm writing an preoperation authentication plugin for OpenLDAP, but I have trouble finding any documentation whatsoever on this. So most of what I know comes from tutorials like this one from Oracle: http://docs.oracle.com/cd/E19099-01/nscp.dirsvr416/816-6683-10/custauth.htm
P.S.: What I'm actually trying to achieve is to do RADIUS authentification via an external library. But I want to send the client's IP in a Calling-Station-Id attribute, so I cannot simply write a password check function, right? If you got any ideas that are better than a preop module, please tell me...
You should be able to accomplish this via a SASL mechanism (and possibly an existing one), which would not require any code changes within slapd or client libraries. See sasl_server_new(3) and its ipremoteport parameter.
That would require the client to perform a SASL Bind instead of a Simple Bind. Not unreasonable, but it's obvious the OP is doing Simple Bind.
I would just take the current radius.c checker and modify it to stash the Operation pointer somewhere it can be retrieved, then grab it in the password check function and pull the client IP address out of there. The smbk5pwd module already uses this trick so it should be trivial to copy/paste that code into radius.c.