[Patch] small LDAP address book improvements



Hi all,

attached is a patch with a few small improvements for LDAP address book support:

(1) The config GUI asks the user for a host name, but ldap_initialize() actually takes an URI (“ldaps://…”, 
etc.).

(2) Both the server name and the base DN may be NULL to use the values defined in the files 
/etc/ldap/ldap.conf, $HOME/ldaprc, $HOME/.ldaprc or $CWD/ldaprc.  In a scenario where LDAP is used for 
authentication etc., one of these files (typically the first, provided by the admin) is usually present, i.e. 
there is no need to specify the values manually.  For the URI, even more than one server may be specified 
(e.g. master and replica) in the files.  The respective values passed to ldap_initialize(), ldap_search_ext() 
and ldap_search_ext_s() *must* be NULL (and not an empty string) as to use the config files.

(3) The code attempts to perform a ldap_start_tls_s() (STARTTLS) operation if the respective config option is 
set, even if a ldaps uri has been specified, which of course fails.  Thus, we read back the uri via 
ldap_get_option() (we cannot use the configured uri as it may be empty) to check if we use an encrypted 
connection.  There seems to be no other way to tell if the connection is encrypted or not; the option 
LDAP_OPT_X_TLS_SSL_CTX doesn't work for me (always returns NULL for both plain and encrypted connections), 
not sure why.

Note that as ldap_get_option() always returns the full configuration string (which may contain more than one 
uri) instead of the actually used connection, we /may/ have a weird corner case: if the config string in the 
file contains a mixture of ldap and ldaps uri's (which I think is /very/ uncommon), we might guess wrong…

(4) libbalsa/address-book-ldap.c uses a mixture of printf(), g_print() and fprintf() calls for debugging and 
error reporting.  Replace them by the appropriate calls to libbalsa_information() or g_debug() & friends with 
log domain “ab-ldap”.

Opinions?

Best,
Albrecht.

---
Patch details:
- libbalsa/address-book-ldap.c:
  * implement helpers ldap_connection_get_uri(), ldap_connection_is_ldaps() and ldap_use_config_value()
  * libbalsa_address_book_ldap_open_connection(): use ldap_use_config_value() for the server uri; do not 
attempt to run STARTTLS for a ldaps connection (print warning)
  *  libbalsa_address_book_set_status(), libbalsa_address_book_ldap_alias_complete(): use 
ldap_use_config_value() for the base DN
  * use libbalsa_information() or g_debug() & friends with log domain “ab-ldap” for messaging
- src/address-book-config.c: fix misleading label in create_ldap_dialog()

Attachment: ldap-improvements.diff.gz
Description: application/gzip

Attachment: pgp_bMksWF15X.pgp
Description: PGP signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]