LDAP + nnrpd

Dan Foster dsf at gblx.net
Sun Nov 26 10:32:20 UTC 2000


Hot Diggety! Katsuhiro Kondou was rumored to have wrote:
> 
> In article <3A1D1B01.B88907D4 at citec.es>,
> 	Jorge Moratilla <jmoratilla at spain.sunedu.com> wrote;
> 
> } I would like to know if is posible to use LDAP to authenticate users in
> } nnrpd instead using RADIUS.  If so, what changes I need to make.  I
> 
> Current inn does not provide ldap auth, but if someone
> writes it, it can easily be incorporated.

It's not much more than building INN with perl support, and then ripping out
the CDB stuff from nnrpd_auth.pl (in ~news/bin/filter/nnrpd_auth.pl) and
then adding stuff like:

use Mozilla::LDAP::Conn;

near the top, and adding a few lines of PerLDAP code to connect/bind to
LDAP server as the user, with the given password. If it works, we've at least
verified user exists with right password.

It's not hard to also extend the LDAP schema to keep track of group subs
as well as originating IPs, and then to add a few more lines of code to
nnrpd_auth.pl to check those.

I hacked up an nnrpd_auth.pl a short time ago, but one more buglet I have
to squash before I can even consider dumping that thing here for informal
review/as a proof of concept thing.

Perhaps 15-20 lines of simple perl needed. Also, obviously, one has to have
the LDAP C SDK libs and Mozilla PerLDAP installed on the reader machine.

-Dan



More information about the inn-workers mailing list