On Fri, May 11, 2007 at 11:25:57AM +0200, Jan Willamowius wrote:
> Jerome Alet wrote:
> > PS : if anyone is interested in the code I wrote, or if you want to
> > include it as an example in GNU Gk, please tell and I'll send it to
> > you tomorrow.
>
> Yes, please send in your code once you have it all working and we'll
> include it as an example. maybe you can also send in a patch to clarify
> the manual what kind of passwords to use. ;-)
Here it is.
This is currently untested from GNU GK, so the examples may
be incorrect or need some tweaking.
The code could be improved to return only the attribute we want
instead of all the LDAP attributes (None).
NB : you must first create the plpythonu language in PostgreSQL
as the postgres user.
bye
Jerome Alet
CREATE OR REPLACE FUNCTION fromldap(text, text, text, text, text, text)
RETURNS text
AS '
"""Transparent LDAP support for GNU Gatekeeper through PostgreSQL
written by Jerome Alet and hereby placed into the Public Domain.
Use it this way for example :
SELECT fromldap(ldapuri,
bindingDN,
password,
base,
filter,
attributename);
This will return the value for attribute attributename
for the first LDAP entry matching the given filter when
searched from base once connected as bindingDN/password
to the LDAP server defined by ldapuri.
For example (UNTESTED) :
[SQLPasswordAuth]
Query=SELECT fromldap(\'ldap://ldap.example.com:389\',
\'cn=admin,dc=example,dc=com\',
\'hackme\',
\'ou=people,dc=example,dc=com\',
\'(h235IdentityEndpointID=%1)\',
\'h235IdentityPassword\')
AS h235password;
[SQLAuth]
RegQuery=SELECT True, fromldap(\'ldap://ldap.example.com:389\',
\'cn=admin,dc=example,dc=com\',
\'hackme\',
\'ou=people,dc=example,dc=com\',
\'(uid=%u)\',
\'h235IdentityEndpointID\')
AS aliases;
"""
import ldap
from ldap.cidict import cidict
server = args[0]
username = args[1]
password = args[2]
base = args[3]
ldapfilter = args[4]
attributename = args[5]
try :
ldapserver = ldap.initialize(server)
ldapserver.simple_bind_s(username, password)
except ldap.LDAPError, msg :
plpy.error("Impossible to connect to LDAP server %(server)s with username %(username)s : %(msg)s" % locals())
else :
try :
try :
result = ldapserver.search_s(base,
ldap.SCOPE_SUBTREE,
ldapfilter,
None)
except ldap.LDAPError, msg :
plpy.error("Impossible to retrieve anything with filter %(ldapfilter)s from %(base)s : %(msg)s" % locals())
else :
if not result :
return None
else :
if len(result) > 1 :
plpy.error("More than one LDAP entry found with filter %(ldapfilter)s from %(base)s : %(msg)s" % locals())
else :
(dn, attributes) = result[0]
attributes = cidict(attributes)
try :
value = attributes[attributename]
try :
value[1] # Just to see if we have a multivalued attribute or not
except IndexError :
return value[0] # usual case : monovalued
else :
return str(value) # multivalued, we return it as a string, maybe unneeded...
except KeyError, msg :
plpy.error("No attribute named %(attributename)s (could be a permission problem) : %(msg)s" % locals())
finally :
ldapserver.unbind_s()
'
LANGUAGE 'plpythonu';
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________________
Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/
