[tokkee]

tokkee.org

Code

projects / collectd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ac73c75)
add support for simple authentication
authorMarek Becka <marek.becka@superhosting.cz>
Tue, 16 Jun 2015 20:30:12 +0000 (16:30 -0400)
committerMarek Becka <marek.becka@superhosting.cz>
Tue, 16 Jun 2015 20:30:12 +0000 (16:30 -0400)
src/collectd.conf.pod patch | blob | history
src/openldap.c patch | blob | history

diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod
index f5e9d2786744ad7bc7f2bccd1a2e240bda418163..96efc73c6e40f64e6f40ea3f3f7d3c33894246db 100644 (file)
--- a/src/collectd.conf.pod
+++ b/src/collectd.conf.pod
@@ -4513,6 +4513,16 @@ The following options are accepted within each B<Instance> block:
 Sets the URL to use to connect to the I<OpenLDAP> server. This option is
 I<mandatory>.
 
+=item B<BindDN> I<BindDN>
+
+Name in the form of an LDAP distinguished name intended to be used for 
+authentication. Defaults to empty string to establish an anonymous authorization.
+
+=item B<Password> I<Password>
+
+Password for simple bind authentication. If this option is not set, 
+unauthenticated bind operation is used.
+
 =item B<StartTLS> B<true|false>
 
 Defines whether TLS must be used when connecting to the I<OpenLDAP> server.
diff --git a/src/openldap.c b/src/openldap.c
index bd989e40b3ffc707832a9126e24a478e61af1c0b..d11855a1e4cda556342568c887e096f638163214 100644 (file)
--- a/src/openldap.c
+++ b/src/openldap.c
@@ -38,6 +38,8 @@ struct cldap_s /* {{{ */
 {
        char *name;
 
+       char *binddn;
+       char *password;
        char *cacert;
        char *host;
        int   state;
@@ -56,6 +58,8 @@ static void cldap_free (cldap_t *st) /* {{{ */
        if (st == NULL)
                return;
 
+       sfree (st->binddn);
+       sfree (st->password);
        sfree (st->cacert);
        sfree (st->host);
        sfree (st->name);
@@ -110,10 +114,19 @@ static int cldap_init_host (cldap_t *st) /* {{{ */
        }
 
        struct berval cred;
-       cred.bv_val = "";
-       cred.bv_len = 0;
+       if (st->password != NULL)
+       {
+               cred.bv_val = st->password;
+               cred.bv_len = strlen (st->password);
+       }
+       else
+       {
+               cred.bv_val = "";
+               cred.bv_len = 0;
+       }
 
-       rc = ldap_sasl_bind_s (st->ld, NULL, NULL, &cred, NULL, NULL, NULL);
+       rc = ldap_sasl_bind_s (st->ld, st->binddn, LDAP_SASL_SIMPLE, &cred, 
+                       NULL, NULL, NULL);
        if (rc != LDAP_SUCCESS)
        {
                ERROR ("openldap plugin: Failed to bind to %s: %s",
@@ -559,7 +572,11 @@ static int cldap_config_add (oconfig_item_t *ci) /* {{{ */
        {
                oconfig_item_t *child = ci->children + i;
 
-               if (strcasecmp ("CACert", child->key) == 0)
+               if (strcasecmp ("BindDN", child->key) == 0)
+                       status = cf_util_get_string (child, &st->binddn);
+               else if (strcasecmp ("Password", child->key) == 0)
+                       status = cf_util_get_string (child, &st->password);
+               else if (strcasecmp ("CACert", child->key) == 0)
                        status = cf_util_get_string (child, &st->cacert);
                else if (strcasecmp ("StartTLS", child->key) == 0)
                        status = cf_util_get_boolean (child, &st->starttls);
statistics collection and monitoring daemon (clone)