Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ldap auth

This commit is contained in:
baslr 2017-03-13 00:49:57 +01:00
parent 1de610735f
commit 05e708138b
2 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
arangod/CMakeLists.txt
View File

@ -405,6 +405,8 @@ target_link_libraries(arangoserver
boost_boost boost_boost
boost_system boost_system
${SYSTEM_LIBRARIES} ${SYSTEM_LIBRARIES}
ldap
lber
) )
add_executable(${BIN_ARANGOD} add_executable(${BIN_ARANGOD}

63
arangod/VocBase/AuthInfo.cpp
View File

@ -21,6 +21,8 @@
/// @author Dr. Frank Celler /// @author Dr. Frank Celler
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
#define LDAP_DEPRECATED 1
#include "AuthInfo.h" #include "AuthInfo.h"
#include "Aql/Query.h" #include "Aql/Query.h"
@ -40,11 +42,19 @@
#include <velocypack/Iterator.h> #include <velocypack/Iterator.h>
#include <velocypack/velocypack-aliases.h> #include <velocypack/velocypack-aliases.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <lber.h>
#include <ldap.h>
using namespace arangodb; using namespace arangodb;
using namespace arangodb::basics; using namespace arangodb::basics;
using namespace arangodb::velocypack; using namespace arangodb::velocypack;
using namespace arangodb::rest; using namespace arangodb::rest;
static AuthEntry CreateAuthEntry(VPackSlice const& slice) { static AuthEntry CreateAuthEntry(VPackSlice const& slice) {
if (slice.isNone() || !slice.isObject()) { if (slice.isNone() || !slice.isObject()) {
return AuthEntry(); return AuthEntry();
@ -371,6 +381,59 @@ AuthLevel AuthInfo::canUseDatabase(std::string const& username,
reload(); reload();
} }
LOG_TOPIC(INFO, arangodb::Logger::FIXME) << "AuthInfo::canUseDatabase(,)";
// LDAP
LDAP *ld;
int result;
int auth_method = LDAP_AUTH_SIMPLE;
int desired_version = LDAP_VERSION3;
std::string ldap_host = "ldap.forumsys.com";
std::string root_dn = "uid=" + username + ",dc=example,dc=com";
std::string root_pw = "password";
/*
OPTS = {
server: {
url: 'ldap://ldap.forumsys.com:389',
bindDn: 'cn=read-only-admin,dc=example,dc=com',
bindCredentials: 'password',
searchBase: 'dc=example,dc=com',
searchFilter: '(uid={{username}})'
}
};
*/
if ((ld = ldap_init(ldap_host.c_str(), LDAP_PORT)) == NULL ) {
perror( "ldap_init failed" );
exit( EXIT_FAILURE );
}
/* set the LDAP version to be 3 */
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &desired_version) != LDAP_OPT_SUCCESS)
{
ldap_perror(ld, "ldap_set_option");
exit(EXIT_FAILURE);
}
if (ldap_bind_s(ld, root_dn.c_str(), root_pw.c_str(), auth_method) != LDAP_SUCCESS ) {
ldap_perror( ld, "ldap_bind" );
LOG_TOPIC(ERR, arangodb::Logger::FIXME) << "cant auth";
// exit( EXIT_FAILURE );
}
result = ldap_unbind_s(ld);
if (result != 0) {
fprintf(stderr, "ldap_unbind_s: %s\n", ldap_err2string(result));
// exit( EXIT_FAILURE );
LOG_TOPIC(INFO, arangodb:
:Logger::FIXME) << "cant unbind";
}
// LDAP
auto const& it = _authInfo.find(username); auto const& it = _authInfo.find(username);
if (it == _authInfo.end()) { if (it == _authInfo.end()) {