Hi,
I had to change code to authenticate users in my organization's LDAP directory. Indeed, accounts are distributed under several organizational units in my LDAP directory.
The current version of the code can't authenticate accounts when these are in different organizational units. Hence my contribution.
I Use a read account to request LDAP to locate the account that has logged in (with e-mail address in the search filter).
I get the number of LDAP entries. If I have one entry then I call ldap_get_dn function to get the DN account and then I call ldap_simple_bind_s using the account's DN and password to perform LDAP authentication.
I changed configuration file elogd.cfg. I added two parameters:
LDAP DN user = <DN read account>
LDAP PW user = <password read account>
I changed code auth.c too (see attached file)
I had to change Makefile. I added a call to lber library
ifdef USE_LDAP
ifneq ($(USE_LDAP),0)
CFLAGS += -DHAVE_LDAP
LIBS += -lldap -llber
endif
endif
Have good day
|