[Dovecot] dovecot ldap auth bind and different directories
Andrew Bates
abates at omeganetserv.com
Mon May 15 20:57:12 EEST 2006
I have recently begun playing with Dovecot (1.0.beta8) and have run into
an interesting scenario.
The way my email system is set up is that users of different domains
have completely different base dn's. For instance, if a user is part of
test.com the bind dn would be uid=user,ou=People,dc=test,dc=com. The
bind dn for user at domain.com would be uid=user,ou=People,dc=domain,dc=com.
I could not seem to figure out a way to have the binddn adjusted based
on a user's @domain so I modified auth-request.c and var-expand.c to
include a new variable expansion concept. In the configuration I'm now
able to include the following:
auth_bind_userdn = uid=%n,ou=People,dc=%c2,dc=%c1
and %c1 will be expanded to the tld, %c2 will be expanded to the next
level domain (domain or test in the above example). This will work up
to 9 levels of subdomain (1-9). This is very similar in how postfix
expands variables with ldap.
I'm a bit rusty with my C, so I'd love some feedback on the patch. If
this idea isn't included in the main code, that's fine, but I thought
I'd contribute my experiences!
Thanks for a great product everyone!
Andrew
===================================================================
--- dovecot-1.0.beta8/src/auth/auth-request.c 2006-04-12
22:00:06.000000000 -0400
+++ dovecot-1.0.beta8.new/src/auth/auth-request.c 2006-05-15
12:37:06.000000000 -0400
@@ -852,6 +852,7 @@
auth_request_get_var_expand_table(const struct auth_request *auth_request,
const char *(*escape_func)(const char *))
{
+ char *str;
static struct var_expand_table static_tab[] = {
{ 'u', NULL },
{ 'n', NULL },
@@ -869,7 +870,27 @@
if (escape_func == NULL)
escape_func = escape_none;
- tab = t_malloc(sizeof(static_tab));
+ /* count the number of domain components
+ in the given auth_request->user string
+ so we can allocate the correct sized
+ array
+ */
+ int dc_count = 0;
+ str = strchr(auth_request->user, '@');
+ while (str != NULL && *str != '\0' && str++) {
+ if (*str == '.')
+ dc_count++;
+ if (dc_count == 9)
+ break;
+ }
+
+ /* allocate memory big enough for the static
+ tab plus each domain compononet. Since we
+ can only use 1-9 as identifiers, there is
+ no point in allocating more then 9
+ */
+ dc_count = (dc_count < 9 ? dc_count : 9);
+ tab = t_malloc(sizeof(static_tab) + (dc_count*(sizeof(char) +
sizeof(char *))));
memcpy(tab, static_tab, sizeof(static_tab));
tab[0].value = escape_func(auth_request->user);
@@ -886,6 +907,27 @@
tab[7].value = dec2str(auth_request->client_pid);
if (auth_request->mech_password != NULL)
tab[8].value = escape_func(auth_request->mech_password);
+
+ char *domain = p_strdup(auth_request->pool,
strchr(auth_request->user, '@'));
+ if (domain != NULL) {
+ int count = 0;
+ str = domain + strlen(domain);
+ do {
+ str--;
+ if (*str == '.' || *str == '@') {
+ *str = '\0';
+ count++;
+ tab[count + 8].key = (char)(48+count);
+ tab[count + 8].value = escape_func(str+1);
+ }
+ if (*str == '@') {
+ count++;
+ tab[count + 8].key = '\0';
+ tab[count + 8].value = NULL;
+ break;
+ }
+ } while (str != domain && count < 9);
+ }
return tab;
}
===================================================================
--- dovecot-1.0.beta8/src/lib/var-expand.c 2006-04-12
22:00:06.000000000 -0400
+++ dovecot-1.0.beta8.new/src/lib/var-expand.c 2006-05-12
17:06:42.000000000 -0400
@@ -162,6 +162,11 @@
break;
var = NULL;
+
+ /* domain component expansion */
+ if (*str == 'c')
+ str++;
+
for (t = table; t->key != '\0'; t++) {
if (t->key == *str) {
var = t->value != NULL ?
t->value : "";
More information about the dovecot
mailing list