Hi all, attached is a patch with a few small improvements for LDAP address book support: (1) The config GUI asks the user for a host name, but ldap_initialize() actually takes an URI (“ldaps://…”, etc.). (2) Both the server name and the base DN may be NULL to use the values defined in the files /etc/ldap/ldap.conf, $HOME/ldaprc, $HOME/.ldaprc or $CWD/ldaprc. In a scenario where LDAP is used for authentication etc., one of these files (typically the first, provided by the admin) is usually present, i.e. there is no need to specify the values manually. For the URI, even more than one server may be specified (e.g. master and replica) in the files. The respective values passed to ldap_initialize(), ldap_search_ext() and ldap_search_ext_s() *must* be NULL (and not an empty string) as to use the config files. (3) The code attempts to perform a ldap_start_tls_s() (STARTTLS) operation if the respective config option is set, even if a ldaps uri has been specified, which of course fails. Thus, we read back the uri via ldap_get_option() (we cannot use the configured uri as it may be empty) to check if we use an encrypted connection. There seems to be no other way to tell if the connection is encrypted or not; the option LDAP_OPT_X_TLS_SSL_CTX doesn't work for me (always returns NULL for both plain and encrypted connections), not sure why. Note that as ldap_get_option() always returns the full configuration string (which may contain more than one uri) instead of the actually used connection, we /may/ have a weird corner case: if the config string in the file contains a mixture of ldap and ldaps uri's (which I think is /very/ uncommon), we might guess wrong… (4) libbalsa/address-book-ldap.c uses a mixture of printf(), g_print() and fprintf() calls for debugging and error reporting. Replace them by the appropriate calls to libbalsa_information() or g_debug() & friends with log domain “ab-ldap”. Opinions? Best, Albrecht. --- Patch details: - libbalsa/address-book-ldap.c: * implement helpers ldap_connection_get_uri(), ldap_connection_is_ldaps() and ldap_use_config_value() * libbalsa_address_book_ldap_open_connection(): use ldap_use_config_value() for the server uri; do not attempt to run STARTTLS for a ldaps connection (print warning) * libbalsa_address_book_set_status(), libbalsa_address_book_ldap_alias_complete(): use ldap_use_config_value() for the base DN * use libbalsa_information() or g_debug() & friends with log domain “ab-ldap” for messaging - src/address-book-config.c: fix misleading label in create_ldap_dialog()
Attachment:
ldap-improvements.diff.gz
Description: application/gzip
Attachment:
pgp_bMksWF15X.pgp
Description: PGP signature