From: Marek Becka Date: Tue, 16 Jun 2015 20:30:12 +0000 (-0400) Subject: add support for simple authentication X-Git-Tag: collectd-5.6.0~680^2 X-Git-Url: https://git.verplant.org/?a=commitdiff_plain;h=571337a90afbf3bb7e00937bb64a189b15c2b7cf;p=collectd.git add support for simple authentication --- diff --git a/src/collectd.conf.pod b/src/collectd.conf.pod index f5e9d278..96efc73c 100644 --- a/src/collectd.conf.pod +++ b/src/collectd.conf.pod @@ -4513,6 +4513,16 @@ The following options are accepted within each B block: Sets the URL to use to connect to the I server. This option is I. +=item B I + +Name in the form of an LDAP distinguished name intended to be used for +authentication. Defaults to empty string to establish an anonymous authorization. + +=item B I + +Password for simple bind authentication. If this option is not set, +unauthenticated bind operation is used. + =item B B Defines whether TLS must be used when connecting to the I server. diff --git a/src/openldap.c b/src/openldap.c index bd989e40..d11855a1 100644 --- a/src/openldap.c +++ b/src/openldap.c @@ -38,6 +38,8 @@ struct cldap_s /* {{{ */ { char *name; + char *binddn; + char *password; char *cacert; char *host; int state; @@ -56,6 +58,8 @@ static void cldap_free (cldap_t *st) /* {{{ */ if (st == NULL) return; + sfree (st->binddn); + sfree (st->password); sfree (st->cacert); sfree (st->host); sfree (st->name); @@ -110,10 +114,19 @@ static int cldap_init_host (cldap_t *st) /* {{{ */ } struct berval cred; - cred.bv_val = ""; - cred.bv_len = 0; + if (st->password != NULL) + { + cred.bv_val = st->password; + cred.bv_len = strlen (st->password); + } + else + { + cred.bv_val = ""; + cred.bv_len = 0; + } - rc = ldap_sasl_bind_s (st->ld, NULL, NULL, &cred, NULL, NULL, NULL); + rc = ldap_sasl_bind_s (st->ld, st->binddn, LDAP_SASL_SIMPLE, &cred, + NULL, NULL, NULL); if (rc != LDAP_SUCCESS) { ERROR ("openldap plugin: Failed to bind to %s: %s", @@ -559,7 +572,11 @@ static int cldap_config_add (oconfig_item_t *ci) /* {{{ */ { oconfig_item_t *child = ci->children + i; - if (strcasecmp ("CACert", child->key) == 0) + if (strcasecmp ("BindDN", child->key) == 0) + status = cf_util_get_string (child, &st->binddn); + else if (strcasecmp ("Password", child->key) == 0) + status = cf_util_get_string (child, &st->password); + else if (strcasecmp ("CACert", child->key) == 0) status = cf_util_get_string (child, &st->cacert); else if (strcasecmp ("StartTLS", child->key) == 0) status = cf_util_get_boolean (child, &st->starttls);