[libgda] Misc. LDAP provider corrections
- From: Vivien Malerba <vivien src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libgda] Misc. LDAP provider corrections
- Date: Sat, 8 Dec 2012 18:49:34 +0000 (UTC)
commit 5a490bc250b9f204326c2db8d39f2ba236ec015b
Author: Vivien Malerba <malerba gnome-db org>
Date: Sat Dec 8 16:04:31 2012 +0100
Misc. LDAP provider corrections
doc/C/prov-notes.xml | 28 ++++++++++++++++++++++++++++
providers/ldap/gda-ldap-provider.c | 8 +++-----
providers/ldap/gda-ldap-util.c | 17 ++++++++++++++---
providers/ldap/ldap_specs_auth.xml.in | 2 +-
4 files changed, 46 insertions(+), 9 deletions(-)
---
diff --git a/doc/C/prov-notes.xml b/doc/C/prov-notes.xml
index dfca6c7..de2add8 100644
--- a/doc/C/prov-notes.xml
+++ b/doc/C/prov-notes.xml
@@ -279,6 +279,33 @@ DETACH DATABASE plaintext; </programlisting>
</sect1>
<sect1 id="provider_notes_ldap"><title>For LDAP</title>
+ <sect2>
+ <title>Authentication</title>
+ <para>
+ For the LDAP authentification, one can provide the user name as a valid Distinguished Name (DN), or one
+ can provide a user name which correponds to an entry in the LDAP tree; however the LDAP server usually
+ requires a DN to authenticate. Providing a DN is usually
+ inconvenient and people prefer to remember their user name rather than the associated DN. For this
+ reason, if a user name is not provided, the LDAP provider tries the following:
+ <itemizedlist>
+ <listitem><para>do an anonymous bind</para></listitem>
+ <listitem><para>search a DN from the specified user name</para></listitem>
+ <listitem><para>fetch the DN is it exists and is the only result</para></listitem>
+ <listitem><para>close the anonymous connection</para></listitem>
+ <listitem><para>bind using the found DN</para></listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ However for an Active Directory server, this may fail if the server does not allow anonymous binding or
+ searches, and one can use one of the following username syntaxes instead:
+ <itemizedlist>
+ <listitem><para>username DOMAIN</para></listitem>
+ <listitem><para>DOMAIN\username</para></listitem>
+ </itemizedlist>
+ </para>
+ </sect2>
+ <sect2>
+ <title>Mapping to GdaDataModel</title>
<para>
The LDAP provider maps LDAP searches to &LIBGDA;'s data models, with the following design choices:
<itemizedlist>
@@ -299,6 +326,7 @@ DETACH DATABASE plaintext; </programlisting>
For more information, see the <link linkend="GdaDataModelLdap">GdaDataModelLdap</link> and
the <link linkend="GdaLdapConnection">GdaLdapConnection</link> objects.
</para>
+ </sect2>
</sect1>
diff --git a/providers/ldap/gda-ldap-provider.c b/providers/ldap/gda-ldap-provider.c
index f9f6047..2eba344 100644
--- a/providers/ldap/gda-ldap-provider.c
+++ b/providers/ldap/gda-ldap-provider.c
@@ -486,10 +486,8 @@ gda_ldap_provider_open_connection (GdaServerProvider *provider, GdaConnection *c
}
g_string_free (rname, TRUE);
- if (!dnuser) {
- gda_connection_add_event_string (cnc, _("Invalid user name"));
- return FALSE;
- }
+ /* if no DN user has been found, then still use the provided name AS IS
+ * => dnuser can be %NULL here */
}
res = ldap_initialize (&ld, url);
@@ -862,7 +860,7 @@ gda_ldap_provider_statement_execute (GdaServerProvider *provider, GdaConnection
GdaConnectionEvent *event = NULL;
if (cmde) {
if (cmde->other_args) {
- g_set_error (&error, GDA_SQL_PARSER_ERROR,
+ g_set_error (&lerror, GDA_SQL_PARSER_ERROR,
GDA_SQL_PARSER_SYNTAX_ERROR,
"%s",
_("Too many arguments"));
diff --git a/providers/ldap/gda-ldap-util.c b/providers/ldap/gda-ldap-util.c
index 316e2fc..60e9cc1 100644
--- a/providers/ldap/gda-ldap-util.c
+++ b/providers/ldap/gda-ldap-util.c
@@ -402,13 +402,18 @@ gda_ldap_get_attr_info (LdapConnectionData *cdata, const gchar *attribute)
char *schema_attrs[] = {"attributeTypes", NULL};
/* look for subschema */
+ if (! gda_ldap_ensure_bound (cdata, NULL))
+ return NULL;
+
res = ldap_search_ext_s (cdata->handle, "", LDAP_SCOPE_BASE,
"(objectclass=*)",
subschemasubentry, 0,
NULL, NULL, NULL, 0,
&msg);
- if (res != LDAP_SUCCESS)
+ if (res != LDAP_SUCCESS) {
+ gda_ldap_may_unbind (cdata);
return NULL;
+ }
if ((entry = ldap_first_entry (cdata->handle, msg))) {
char *attr;
@@ -426,8 +431,10 @@ gda_ldap_get_attr_info (LdapConnectionData *cdata, const gchar *attribute)
}
ldap_msgfree (msg);
- if (! subschema)
+ if (! subschema) {
+ gda_ldap_may_unbind (cdata);
return NULL;
+ }
/* look for attributeTypes */
res = ldap_search_ext_s (cdata->handle, subschema, LDAP_SCOPE_BASE,
@@ -436,8 +443,10 @@ gda_ldap_get_attr_info (LdapConnectionData *cdata, const gchar *attribute)
NULL, NULL, NULL, 0,
&msg);
g_free (subschema);
- if (res != LDAP_SUCCESS)
+ if (res != LDAP_SUCCESS) {
+ gda_ldap_may_unbind (cdata);
return NULL;
+ }
if (cdata->attributes_cache_file)
string = g_string_new ("# Cache file. This file can safely be removed, in this case\n"
@@ -510,6 +519,7 @@ gda_ldap_get_attr_info (LdapConnectionData *cdata, const gchar *attribute)
g_string_free (string, TRUE);
}
+ gda_ldap_may_unbind (cdata);
retval = g_hash_table_lookup (cdata->attributes_hash, attribute);
return retval;
}
@@ -558,6 +568,7 @@ gdaprov_ldap_get_class_info (GdaLdapConnection *cnc, const gchar *classname)
/* look for subschema */
if (! gda_ldap_ensure_bound (cdata, NULL))
return NULL;
+
res = ldap_search_ext_s (cdata->handle, "", LDAP_SCOPE_BASE,
"(objectclass=*)",
subschemasubentry, 0,
diff --git a/providers/ldap/ldap_specs_auth.xml.in b/providers/ldap/ldap_specs_auth.xml.in
index 60ce8f5..0652976 100644
--- a/providers/ldap/ldap_specs_auth.xml.in
+++ b/providers/ldap/ldap_specs_auth.xml.in
@@ -1,7 +1,7 @@
<?xml version="1.0"?>
<data-set-spec>
<parameters>
- <parameter id="USERNAME" _name="Username" _descr="User name" gdatype="gchararray" nullok="TRUE"/>
+ <parameter id="USERNAME" _name="Username" _descr="User name, as a DN or simple user name, for Active Directory may be username DOMAIN or DOMAIN\username" gdatype="gchararray" nullok="TRUE"/>
<parameter id="PASSWORD" _name="Password" _descr="Password" gdatype="gchararray" nullok="TRUE" plugin="string:HIDDEN=true"/>
</parameters>
</data-set-spec>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]