ALT Linux repos
5.0: | 4.64L-alt5.1 |
4.1: | 4.64L-alt5 |
4.0: | 4.64L-alt4.1 |
3.0: | 4.58L-alt4 |
+backports: | 4.64L-alt0.M30.4 |
Group :: Networking/Mail
RPM: pine
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
Patch: pine-ldap_auth.patch
Download
Download
-------------------------------------------------------------------
Fri Mar 17 12:29:48 CET 2006 - bk@suse.de
- allow connect to LDAP servers which need authentication (#158653)
-------------------------------------------------------------------
From Walter Haidinger:
pine (of pine-4.64-5.1) can use an LDAP server anonymously but cannot
authenticate by binding with an DN and a password.
Luckily I found this post with a patch too:
http://mailman1.u.washington.edu/pipermail/pine-info/2004-October/040796.html
I've applied the patch referenced there to the pine-4.64-5.1 sources of bug
#150076. Have built a RPM under SuSE 10.0 and it works for me!
To use, first configure the LDAP server in Pine's Directory Config as usual.
Then quit pine, edit ~/.pinerc and append /binddn=<DN>/bindpw=<password> to the
LDAP line, e.g.:
# LDAP servers for looking up addresses.
ldap-servers=ldap.example
"/base=ou=abook,dc=EXAMPLE/impl=1/rhs=1/ref=0/nosub=0/ldap_v3_ok=1/type=/srch=/time=/size=/cust=/nick=/matr=/catr=/satr=/gatr="
becomes:
# LDAP servers for looking up addresses.
ldap-servers=ldap.example
"/base=ou=abook,dc=EXAMPLE/impl=1/rhs=1/ref=0/nosub=0/ldap_v3_ok=1/type=/srch=/time=/size=/cust=/nick=/matr=/catr=/satr=/gatr=/binddn=uid=someuser,dc=EXAMPLE/bindpw=very_secret"
After starting pine again, it will authenticate successfully against the LDAP
server (verified with OpenLDAP from the openldap2-2.2.27-6 RPM shipped with
SuSE 10.0).
Please note that your LDAP server password is stored in _cleartext_ in .pinerc,
so I'd suggest that the file is protected by 0600 permissions.
--- pine/bldaddr.c.orig 2005-09-27 23:27:55.000000000 +0200
+++ pine/bldaddr.c 2006-03-16 15:38:50.000000000 +0100
@@ -5425,7 +5425,8 @@
* to tell the server we're v3 if the server supports v3, and if the
* server doesn't support v3 the bind is required.
*/
- if(ldap_simple_bind_s(ld, NULL, NULL) != LDAP_SUCCESS){
+
+ if(ldap_simple_bind_s(ld, info->binddn, info->bindpw) != LDAP_SUCCESS){
wp_err->wp_err_occurred = 1;
ld_errnum = our_ldap_get_lderrno(ld, NULL, &ld_errstr);
@@ -6085,6 +6086,8 @@
info->time = -1;
info->size = -1;
info->scope = -1;
+ info->binddn= NULL;
+ info->bindpw= NULL;
/* copy the whole string to work on */
lserv = cpystr(serv_str);
@@ -6135,6 +6138,14 @@
if((q = srchstr(tail, "/base=")) != NULL)
info->base = remove_backslash_escapes(q+6);
+ /* get the bind dn*/
+ if((q = srchstr(tail, "/binddn=")) != NULL)
+ info->binddn = remove_backslash_escapes(q+8);
+
+ /* get the search base */
+ if((q = srchstr(tail, "/bindpw=")) != NULL)
+ info->bindpw = remove_backslash_escapes(q+8);
+
/* get the implicit parameter */
if((q = srchstr(tail, "/impl=1")) != NULL)
info->impl = 1;
--- pine/pine.h.orig 2005-09-16 02:39:42.000000000 +0200
+++ pine/pine.h 2006-03-16 15:52:40.000000000 +0100
@@ -3114,7 +3114,9 @@
*mailattr, /* "Mail" attribute name */
*snattr, /* "Surname" attribute name */
*gnattr, /* "Givenname" attribute name */
- *cnattr; /* "CommonName" attribute name */
+ *cnattr, /* "CommonName" attribute name */
+ *binddn, /* The dn to bind to the LDAP server as */
+ *bindpw; /* The password for the user to bind to the LDAP server as*/
int port, /* Port number */
time, /* Time limit */
size, /* Size limit */