2 Copyright (C) 2000-2005 SKYRIX Software AG
4 This file is part of SOPE.
6 SOPE is free software; you can redistribute it and/or modify it under
7 the terms of the GNU Lesser General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
11 SOPE is distributed in the hope that it will be useful, but WITHOUT ANY
12 WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
14 License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with SOPE; see the file COPYING. If not, write to the
18 Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
21 /* pwcheck_ldap.c -- check passwords using LDAP
23 * Author: Clayton Donley <donley@cig.mot.com>
24 * http://www.wwa.com/~donley/
27 * Note: This works by finding a DN that matches an entered UID and
28 * binding to the LDAP server using this UID. This uses clear-text
29 * passwords. A better approach with servers that support SSL and
30 * new LDAPv3 servers that support SASL bind methods like CRAM-MD5
33 * This version should work with both University of Michigan and Netscape
34 * LDAP libraries. It also gets rid of the requirement for userPassword
35 * attribute readability.
41 #include <sys/types.h>
46 /* Set These to your Local Environment */
48 #define MY_LDAP_SERVER "imap.mdlink.de"
49 #define MY_LDAP_BASEDN "ou=people,o=mdlink.de"
50 #define MY_LDAP_UIDATTR "uid"
52 char *pwcheck(char *userid, char *password) {
62 /* If the password is NULL, reject the login...Otherwise the bind will
63 succeed as a reference bind. Not good... */
65 if (strcmp(password,"") == 0)
67 return "Null Password";
70 /* Open the LDAP connection. Change the second argument if your LDAP
71 server is not on port 389. */
73 if ((ld = ldap_open(MY_LDAP_SERVER,LDAP_PORT)) == NULL)
78 /* Bind anonymously so that you can find the DN of the appropriate user. */
80 if (ldap_simple_bind_s(ld,"","") != LDAP_SUCCESS)
86 /* Generate a filter that will return the entry with a matching UID */
88 sprintf(filter,"(%s=%s)",MY_LDAP_UIDATTR,userid);
90 /* Just return country...This doesn't actually matter, since we will
91 not read the attributes and values, only the DN */
96 /* Perform the search... */
98 if (ldap_search_s(ld,MY_LDAP_BASEDN,LDAP_SCOPE_SUBTREE,filter,attrs,1,&result)
102 return "Search Failed";
105 /* If the entry count is not equal to one, either the UID was not unique or
106 there was no match */
108 if ((ldap_count_entries(ld,result)) != 1)
111 return "UserID Unknown";
114 /* Get the first entry */
116 if ((entry = ldap_first_entry(ld,result)) == NULL)
119 return "UserID Unknown";
122 /* Get the DN of the entry */
124 if ((dn = ldap_get_dn(ld,entry)) == NULL)
127 return "DN Not Found";
130 /* Now bind as the DN with the password supplied earlier...
131 Successful bind means the password was correct, otherwise the
132 password is invalid. */
134 printf("dn: %s\npassword: %s\n", dn, password);
136 if (ldap_simple_bind_s(ld,dn,password) != LDAP_SUCCESS)
139 return "Invalid Login or Password";
146 #include <Foundation/Foundation.h>
147 #include "NGLdapConnection.h"
149 int main(int argc, char **argv, char **env) {
154 #if LIB_FOUNDATION_LIBRARY
155 [NSProcessInfo initializeWithArguments:argv count:argc environment:env];
158 args = [[NSProcessInfo processInfo] arguments];
159 ud = [NSUserDefaults standardUserDefaults];
168 printf("pwcheck('%s', '%s'): %s\n", uid, pwd,
172 if ([NGLdapConnection checkPassword:[ud stringForKey:@"LDAPPassword"]
173 ofLogin:[ud stringForKey:@"LDAPBindDN"]
174 atBaseDN:[ud stringForKey:@"LDAPRootDN"]
175 onHost:[ud stringForKey:@"LDAPHost"]
177 NSLog(@"OK: user %@ is authorized.", [ud stringForKey:@"LDAPBindDN"]);
180 NSLog(@"FAIL: user %@ is not authorized.", [ud stringForKey:@"LDAPBindDN"]);