Hello folks.
I started to teste Wildfire server this week and I need some help. It is quite easy I think.
Well, I got a Novell eDirectory here at my company. We have lots of containers. To authenticate users, we create for every object able to authenticate an alias in a ou=users,o=root container.
This way, I got a user like this (this data was obtained thru ldapsearch -x -b ou=users,o=root -h ldap cn=abc)
- ABC, USERS, ROOT
dn: cn=ABC,ou=USERS,o=ROOT
objectClass: alias
objectClass: top
cn: ABC
aliasedObjectName: cn=ABC,ou=CONTAINER,o=ROOT
As you can see, this is just an alias. The object in fact, the real object, is at cn=ABC,ou=CONTAINER,o=ROOT.
Finally, my question. I tried to setup wildfire using . But this is bad for me, because only users in that ou=container will be able to use the server.
So, this is a limitation of wildfire or do I need to setup something else?
PS: I have installed version 2.5.0 from rpm package. Thanks a lot!
this may help----
For the time being, I use jabberd2s10 with pipe authenticator. The code listed bellow is the part of code in the authenticator that does the dereference for me. It is written in Perl and is very, very simple. The script calls the function by doing cmdcheck_password(user,password)
part of the perl script----
…
- Compare the given password with the stored password.
sub cmdcheck_password
{
my ($user, $encoded_pass, $realm) = @_;
my $pass = decode_base64($encoded_pass);
return “NO” if not $pass;
my $ldap = Net::LDAPS->new( ‘‘ldap.server’’, port => ‘‘636’’ ) or die “$@”;
my $mesg = $ldap->search(
base => “ou=users,o=root”,
filter => “(cn=$user)”
); # does the search, same as ****
ldapsearch -x -b ou=users,o=root -h ldap.server cn=abc
my $entry = $mesg->entry();
if (!$entry) {
return “NO”; # user does not exist, deny access
}
else {
my $dn = $entry->get_value(’‘aliasedObjectName’’); # get the path of the real object
$mesg = $ldap->bind( “$dn”, password => “$pass”); # here the bind in the real object
if ($mesg->code == 0) {
return “OK”; # user and password are ok, allow the user
}
else {
return “NO”; # wrong password, deny the user
}
}
$mesg = $ldap->unbind;
}