[libgda] Misc. LDAP provider corrections

From: Vivien Malerba <vivien src gnome org>
To: commits-list gnome org
Cc:
Subject: [libgda] Misc. LDAP provider corrections
Date: Sat, 8 Dec 2012 18:49:34 +0000 (UTC)
commit 5a490bc250b9f204326c2db8d39f2ba236ec015b
Author: Vivien Malerba <malerba gnome-db org>
Date:   Sat Dec 8 16:04:31 2012 +0100

    Misc. LDAP provider corrections

 doc/C/prov-notes.xml                  |   28 ++++++++++++++++++++++++++++
 providers/ldap/gda-ldap-provider.c    |    8 +++-----
 providers/ldap/gda-ldap-util.c        |   17 ++++++++++++++---
 providers/ldap/ldap_specs_auth.xml.in |    2 +-
 4 files changed, 46 insertions(+), 9 deletions(-)
---
diff --git a/doc/C/prov-notes.xml b/doc/C/prov-notes.xml
index dfca6c7..de2add8 100644
--- a/doc/C/prov-notes.xml
+++ b/doc/C/prov-notes.xml
@@ -279,6 +279,33 @@ DETACH DATABASE plaintext; </programlisting>
   </sect1>
 
   <sect1 id="provider_notes_ldap"><title>For LDAP</title>
+  <sect2>
+    <title>Authentication</title>
+    <para>
+      For the LDAP authentification, one can provide the user name as a valid Distinguished Name (DN), or one
+      can provide a user name which correponds to an entry in the LDAP tree; however the LDAP server usually
+      requires a DN to authenticate. Providing a DN is usually
+      inconvenient and people prefer to remember their user name rather than the associated DN. For this
+      reason, if a user name is not provided, the LDAP provider tries the following:
+      <itemizedlist>
+	<listitem><para>do an anonymous bind</para></listitem>
+	<listitem><para>search a DN from the specified user name</para></listitem>
+	<listitem><para>fetch the DN is it exists and is the only result</para></listitem>
+	<listitem><para>close the anonymous connection</para></listitem>
+	<listitem><para>bind using the found DN</para></listitem>
+      </itemizedlist>
+    </para>
+    <para>
+      However for an Active Directory server, this may fail if the server does not allow anonymous binding or
+      searches, and one can use one of the following username syntaxes instead:
+      <itemizedlist>
+	<listitem><para>username DOMAIN</para></listitem>
+	<listitem><para>DOMAIN\username</para></listitem>
+      </itemizedlist>
+    </para>
+  </sect2>
+  <sect2>
+    <title>Mapping to GdaDataModel</title>
     <para>
       The LDAP provider maps LDAP searches to &LIBGDA;'s data models, with the following design choices:
       <itemizedlist>
@@ -299,6 +326,7 @@ DETACH DATABASE plaintext; </programlisting>
       For more information, see the <link linkend="GdaDataModelLdap">GdaDataModelLdap</link> and
       the <link linkend="GdaLdapConnection">GdaLdapConnection</link> objects.
     </para>
+  </sect2>
   </sect1>
 
   
diff --git a/providers/ldap/gda-ldap-provider.c b/providers/ldap/gda-ldap-provider.c
index f9f6047..2eba344 100644
--- a/providers/ldap/gda-ldap-provider.c
+++ b/providers/ldap/gda-ldap-provider.c
@@ -486,10 +486,8 @@ gda_ldap_provider_open_connection (GdaServerProvider *provider, GdaConnection *c
 		}
 		g_string_free (rname, TRUE);
 
-		if (!dnuser) {
-			gda_connection_add_event_string (cnc, _("Invalid user name"));
-			return FALSE;
-		}
+		/* if no DN user has been found, then still use the provided name AS IS
+		 * => dnuser can be %NULL here */
 	}
 
 	res = ldap_initialize (&ld, url);
@@ -862,7 +860,7 @@ gda_ldap_provider_statement_execute (GdaServerProvider *provider, GdaConnection
 				GdaConnectionEvent *event = NULL;
 				if (cmde) {
 					if (cmde->other_args) {
-						g_set_error (&error, GDA_SQL_PARSER_ERROR,
+						g_set_error (&lerror, GDA_SQL_PARSER_ERROR,
 							     GDA_SQL_PARSER_SYNTAX_ERROR,
 							     "%s",
 							     _("Too many arguments"));
diff --git a/providers/ldap/gda-ldap-util.c b/providers/ldap/gda-ldap-util.c
index 316e2fc..60e9cc1 100644
--- a/providers/ldap/gda-ldap-util.c
+++ b/providers/ldap/gda-ldap-util.c
@@ -402,13 +402,18 @@ gda_ldap_get_attr_info (LdapConnectionData *cdata, const gchar *attribute)
 	char *schema_attrs[] = {"attributeTypes", NULL};
 	
 	/* look for subschema */
+	if (! gda_ldap_ensure_bound (cdata, NULL))
+		return NULL;
+
 	res = ldap_search_ext_s (cdata->handle, "", LDAP_SCOPE_BASE,
 				 "(objectclass=*)",
 				 subschemasubentry, 0,
 				 NULL, NULL, NULL, 0,
 				 &msg);
-	if (res != LDAP_SUCCESS)
+	if (res != LDAP_SUCCESS) {
+		gda_ldap_may_unbind (cdata);
 		return NULL;
+	}
 
 	if ((entry = ldap_first_entry (cdata->handle, msg))) {
 		char *attr;
@@ -426,8 +431,10 @@ gda_ldap_get_attr_info (LdapConnectionData *cdata, const gchar *attribute)
 	}
 	ldap_msgfree (msg);
 
-	if (! subschema)
+	if (! subschema) {
+		gda_ldap_may_unbind (cdata);
 		return NULL;
+	}
 
 	/* look for attributeTypes */
 	res = ldap_search_ext_s (cdata->handle, subschema, LDAP_SCOPE_BASE,
@@ -436,8 +443,10 @@ gda_ldap_get_attr_info (LdapConnectionData *cdata, const gchar *attribute)
 				 NULL, NULL, NULL, 0,
 				 &msg);
 	g_free (subschema);
-	if (res != LDAP_SUCCESS)
+	if (res != LDAP_SUCCESS) {
+		gda_ldap_may_unbind (cdata);
 		return NULL;
+	}
 
 	if (cdata->attributes_cache_file)
 		string = g_string_new ("# Cache file. This file can safely be removed, in this case\n"
@@ -510,6 +519,7 @@ gda_ldap_get_attr_info (LdapConnectionData *cdata, const gchar *attribute)
 		g_string_free (string, TRUE);
 	}
 
+	gda_ldap_may_unbind (cdata);
 	retval = g_hash_table_lookup (cdata->attributes_hash, attribute);
 	return retval;
 }
@@ -558,6 +568,7 @@ gdaprov_ldap_get_class_info (GdaLdapConnection *cnc, const gchar *classname)
 	/* look for subschema */
 	if (! gda_ldap_ensure_bound (cdata, NULL))
 		return NULL;
+
 	res = ldap_search_ext_s (cdata->handle, "", LDAP_SCOPE_BASE,
 				 "(objectclass=*)",
 				 subschemasubentry, 0,
diff --git a/providers/ldap/ldap_specs_auth.xml.in b/providers/ldap/ldap_specs_auth.xml.in
index 60ce8f5..0652976 100644
--- a/providers/ldap/ldap_specs_auth.xml.in
+++ b/providers/ldap/ldap_specs_auth.xml.in
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <data-set-spec>
   <parameters>
-    <parameter id="USERNAME" _name="Username" _descr="User name" gdatype="gchararray" nullok="TRUE"/>
+    <parameter id="USERNAME" _name="Username" _descr="User name, as a DN or simple user name, for Active Directory may be username DOMAIN or DOMAIN\username" gdatype="gchararray" nullok="TRUE"/>
     <parameter id="PASSWORD" _name="Password" _descr="Password" gdatype="gchararray" nullok="TRUE" plugin="string:HIDDEN=true"/>
   </parameters>
 </data-set-spec>
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]