mirror of https://gitee.com/bigwinds/arangodb
ldap auth
This commit is contained in:
baslr
parent
1de610735f
commit
05e708138b
|
|
@ -405,6 +405,8 @@ target_link_libraries(arangoserver
|
|||
boost_boost
|
||||
boost_system
|
||||
${SYSTEM_LIBRARIES}
|
||||
ldap
|
||||
lber
|
||||
)
|
||||
|
||||
add_executable(${BIN_ARANGOD}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,8 @@
|
|||
/// @author Dr. Frank Celler
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
#define LDAP_DEPRECATED 1
|
||||
|
||||
#include "AuthInfo.h"
|
||||
|
||||
#include "Aql/Query.h"
|
||||
|
|
@ -40,11 +42,19 @@
|
|||
#include <velocypack/Iterator.h>
|
||||
#include <velocypack/velocypack-aliases.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <lber.h>
|
||||
#include <ldap.h>
|
||||
|
||||
|
||||
using namespace arangodb;
|
||||
using namespace arangodb::basics;
|
||||
using namespace arangodb::velocypack;
|
||||
using namespace arangodb::rest;
|
||||
|
||||
|
||||
static AuthEntry CreateAuthEntry(VPackSlice const& slice) {
|
||||
if (slice.isNone() || !slice.isObject()) {
|
||||
return AuthEntry();
|
||||
|
|
@ -371,6 +381,59 @@ AuthLevel AuthInfo::canUseDatabase(std::string const& username,
|
|||
reload();
|
||||
}
|
||||
|
||||
LOG_TOPIC(INFO, arangodb::Logger::FIXME) << "AuthInfo::canUseDatabase(,)";
|
||||
|
||||
// LDAP
|
||||
|
||||
LDAP *ld;
|
||||
int result;
|
||||
int auth_method = LDAP_AUTH_SIMPLE;
|
||||
int desired_version = LDAP_VERSION3;
|
||||
std::string ldap_host = "ldap.forumsys.com";
|
||||
std::string root_dn = "uid=" + username + ",dc=example,dc=com";
|
||||
std::string root_pw = "password";
|
||||
|
||||
/*
|
||||
OPTS = {
|
||||
server: {
|
||||
url: 'ldap://ldap.forumsys.com:389',
|
||||
bindDn: 'cn=read-only-admin,dc=example,dc=com',
|
||||
bindCredentials: 'password',
|
||||
searchBase: 'dc=example,dc=com',
|
||||
searchFilter: '(uid={{username}})'
|
||||
}
|
||||
};
|
||||
*/
|
||||
|
||||
if ((ld = ldap_init(ldap_host.c_str(), LDAP_PORT)) == NULL ) {
|
||||
perror( "ldap_init failed" );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
|
||||
/* set the LDAP version to be 3 */
|
||||
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version) != LDAP_OPT_SUCCESS)
|
||||
{
|
||||
ldap_perror(ld, "ldap_set_option");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if (ldap_bind_s(ld, root_dn.c_str(), root_pw.c_str(), auth_method) != LDAP_SUCCESS ) {
|
||||
ldap_perror( ld, "ldap_bind" );
|
||||
LOG_TOPIC(ERR, arangodb::Logger::FIXME) << "cant auth";
|
||||
// exit( EXIT_FAILURE );
|
||||
}
|
||||
|
||||
result = ldap_unbind_s(ld);
|
||||
|
||||
if (result != 0) {
|
||||
fprintf(stderr, "ldap_unbind_s: %s\n", ldap_err2string(result));
|
||||
// exit( EXIT_FAILURE );
|
||||
LOG_TOPIC(INFO, arangodb:
|
||||
:Logger::FIXME) << "cant unbind";
|
||||
}
|
||||
|
||||
// LDAP
|
||||
|
||||
auto const& it = _authInfo.find(username);
|
||||
|
||||
if (it == _authInfo.end()) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue