Index: doc/dovecot-ldap.conf =================================================================== RCS file: /home/cvs/dovecot/doc/dovecot-ldap.conf,v retrieving revision 1.13 diff -c -r1.13 dovecot-ldap.conf *** doc/dovecot-ldap.conf 30 Dec 2005 15:43:38 -0000 1.13 --- doc/dovecot-ldap.conf 3 Jan 2006 01:38:36 -0000 *************** *** 75,77 **** --- 75,83 ---- # If the UID/GID is still found from LDAP reply, it overrides these values. #user_global_uid = #user_global_gid = + + # Use authentication binding for verifying the password. This works by + # logging into LDAP server using the username and password given by client. + # This option does not search. It builds the DN as noted above in user_filter. + # the auth_bind_userdn variable is shown in the following example: + #auth_bind_userdn = cn=%u,ou=people,o=org Index: src/auth/db-ldap.c =================================================================== RCS file: /home/cvs/dovecot/src/auth/db-ldap.c,v retrieving revision 1.34 diff -c -r1.34 db-ldap.c *** src/auth/db-ldap.c 30 Dec 2005 15:43:41 -0000 1.34 --- src/auth/db-ldap.c 3 Jan 2006 01:38:36 -0000 *************** *** 34,39 **** --- 34,40 ---- DEF(SET_STR, dn), DEF(SET_STR, dnpass), DEF(SET_BOOL, auth_bind), + DEF(SET_STR, auth_bind_userdn), DEF(SET_STR, deref), DEF(SET_STR, scope), DEF(SET_STR, base), *************** *** 53,58 **** --- 54,60 ---- MEMBER(dn) NULL, MEMBER(dnpass) NULL, MEMBER(auth_bind) FALSE, + MEMBER(auth_bind_userdn) NULL, MEMBER(deref) "never", MEMBER(scope) "subtree", MEMBER(base) NULL, Index: src/auth/db-ldap.h =================================================================== RCS file: /home/cvs/dovecot/src/auth/db-ldap.h,v retrieving revision 1.17 diff -c -r1.17 db-ldap.h *** src/auth/db-ldap.h 30 Dec 2005 15:43:41 -0000 1.17 --- src/auth/db-ldap.h 3 Jan 2006 01:38:36 -0000 *************** *** 16,21 **** --- 16,22 ---- const char *dn; const char *dnpass; int auth_bind; + const char *auth_bind_userdn; const char *deref; const char *scope; const char *base; Index: src/auth/passdb-ldap.c =================================================================== RCS file: /home/cvs/dovecot/src/auth/passdb-ldap.c,v retrieving revision 1.39 diff -c -r1.39 passdb-ldap.c *** src/auth/passdb-ldap.c 30 Dec 2005 17:55:48 -0000 1.39 --- src/auth/passdb-ldap.c 3 Jan 2006 01:38:36 -0000 *************** *** 292,297 **** --- 292,337 ---- } static void + ldap_verify_plain_auth_bind_userdn(struct auth_request *auth_request, + struct ldap_request *ldap_request) + { + struct passdb_module *_module = auth_request->passdb->passdb; + struct passdb_ldap_request *passdb_ldap_request = + (struct passdb_ldap_request *)ldap_request; + struct ldap_passdb_module *module = + (struct ldap_passdb_module *)_module; + struct ldap_connection *conn = module->conn; + const struct var_expand_table *vars; + string_t *str; + const char *dn; + int msgid; + + vars = auth_request_get_var_expand_table(auth_request, ldap_escape); + + str = t_str_new(512); + var_expand(str, conn->set.auth_bind_userdn, vars); + dn = p_strdup(auth_request->pool, str_c(str)); + + ldap_request->callback = handle_request_authbind; + ldap_request->context = auth_request; + + msgid = ldap_bind(conn->ld, dn, auth_request->mech_password, + LDAP_AUTH_SIMPLE); + + if (msgid == -1) { + i_error("ldap_bind() auth_bind_userdn failed: %s", ldap_get_error(conn)); + passdb_ldap_request->callback. + verify_plain(PASSDB_RESULT_INTERNAL_FAILURE, + auth_request); + return; + } + + /* Bind started */ + auth_request_ref(auth_request); + hash_insert(conn->requests, POINTER_CAST(msgid), ldap_request); + } + + static void ldap_verify_plain_authbind(struct auth_request *auth_request, struct ldap_request *ldap_request) { *************** *** 341,347 **** ldap_request = p_new(request->pool, struct passdb_ldap_request, 1); ldap_request->callback.verify_plain = callback; ! if (conn->set.auth_bind) ldap_verify_plain_authbind(request, &ldap_request->request); else ldap_lookup_pass(request, &ldap_request->request); --- 381,389 ---- ldap_request = p_new(request->pool, struct passdb_ldap_request, 1); ldap_request->callback.verify_plain = callback; ! if (conn->set.auth_bind_userdn != NULL) ! ldap_verify_plain_auth_bind_userdn(request, &ldap_request->request); ! else if (conn->set.auth_bind) ldap_verify_plain_authbind(request, &ldap_request->request); else ldap_lookup_pass(request, &ldap_request->request);