From: Florian Forster <octo@collectd.org>
Date: Wed, 17 Jun 2015 12:53:11 +0000 (+0200)
Subject: Merge remote-tracking branch 'github/pr/1087'
X-Git-Tag: collectd-5.6.0~680
X-Git-Url: https://git.verplant.org/?a=commitdiff_plain;h=22b1f30eb1bb53e2b6c7fc8d917f222cfc16bae3;hp=a7499fb388e73b2d71f880be054c603fed324a0e;p=collectd.git

Merge remote-tracking branch 'github/pr/1087'
---

diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod
index f5e9d278..96efc73c 100644
--- a/src/collectd.conf.pod
+++ b/src/collectd.conf.pod
@@ -4513,6 +4513,16 @@ The following options are accepted within each B<Instance> block:
 Sets the URL to use to connect to the I<OpenLDAP> server. This option is
 I<mandatory>.
 
+=item B<BindDN> I<BindDN>
+
+Name in the form of an LDAP distinguished name intended to be used for 
+authentication. Defaults to empty string to establish an anonymous authorization.
+
+=item B<Password> I<Password>
+
+Password for simple bind authentication. If this option is not set, 
+unauthenticated bind operation is used.
+
 =item B<StartTLS> B<true|false>
 
 Defines whether TLS must be used when connecting to the I<OpenLDAP> server.
diff --git a/src/openldap.c b/src/openldap.c
index bd989e40..d11855a1 100644
--- a/src/openldap.c
+++ b/src/openldap.c
@@ -38,6 +38,8 @@ struct cldap_s /* {{{ */
 {
 	char *name;
 
+	char *binddn;
+	char *password;
 	char *cacert;
 	char *host;
 	int   state;
@@ -56,6 +58,8 @@ static void cldap_free (cldap_t *st) /* {{{ */
 	if (st == NULL)
 		return;
 
+	sfree (st->binddn);
+	sfree (st->password);
 	sfree (st->cacert);
 	sfree (st->host);
 	sfree (st->name);
@@ -110,10 +114,19 @@ static int cldap_init_host (cldap_t *st) /* {{{ */
 	}
 
 	struct berval cred;
-	cred.bv_val = "";
-	cred.bv_len = 0;
+	if (st->password != NULL)
+	{
+		cred.bv_val = st->password;
+		cred.bv_len = strlen (st->password);
+	}
+	else
+	{
+		cred.bv_val = "";
+		cred.bv_len = 0;
+	}
 
-	rc = ldap_sasl_bind_s (st->ld, NULL, NULL, &cred, NULL, NULL, NULL);
+	rc = ldap_sasl_bind_s (st->ld, st->binddn, LDAP_SASL_SIMPLE, &cred, 
+			NULL, NULL, NULL);
 	if (rc != LDAP_SUCCESS)
 	{
 		ERROR ("openldap plugin: Failed to bind to %s: %s",
@@ -559,7 +572,11 @@ static int cldap_config_add (oconfig_item_t *ci) /* {{{ */
 	{
 		oconfig_item_t *child = ci->children + i;
 
-		if (strcasecmp ("CACert", child->key) == 0)
+		if (strcasecmp ("BindDN", child->key) == 0)
+			status = cf_util_get_string (child, &st->binddn);
+		else if (strcasecmp ("Password", child->key) == 0)
+			status = cf_util_get_string (child, &st->password);
+		else if (strcasecmp ("CACert", child->key) == 0)
 			status = cf_util_get_string (child, &st->cacert);
 		else if (strcasecmp ("StartTLS", child->key) == 0)
 			status = cf_util_get_boolean (child, &st->starttls);