Download
http://sourceforge.net/projects/fzldap
Works for me
FILES:
- Filezilla server.exe
With support for LDAP
- oldapcheck.exe
Command line utility only for testing pourposes
- oldapcheck.ini
Configuration file
- a) server=ldap.2uclm.es
The ldap server to connect. I have tested with AD
b) domain=@2uclm.es
For autentification with @ character
c) TLS=N
If set TLS=Y for security, you must create the file C:\OpenLdap\sysconf\ldap.conf with this:
TLS_REQCERT never
TLS_CACERT C:\OpenLdap\sysconf\certs\my_ldap_cert.pem
A good explication in: http://www.novell.com/coolsolutions/tip/5838.html
Installation.
1) Stop Filezilla Server.exe daemon
2) Copy Filezilla Server.exe, oldapcheck.exe and oldapcheck.ini files in application directory, for example: c:\Program Files\Filezilla Server
3) Start Filezilla Server daemon.
4) In oldapcheck.ini set the correct values. If you want a security connection set TLS=Y in oldapcheck.ini
HOWTO:
- if my user in AD is Rodolfo.Martinez@2uclm.es, in Filezilla must be Rodolfo.Martinez
- The application, firstly check for local password, and secondly check for ldap password
I'm spanish, sorry for my english
mail: jcarlos # albacete.org
The source code (sorry, I'm newbie in c++):
Code: Select all
==========================================================
ADD In Permissions.cpp
==========================================================
#include <ldap.h>
#include <string.h>
int check_openldapint(int bssl,const char *server,const char *domain,const char *user,const char *passwd){
LDAP* ld;
char usr[100];
strcpy(usr,"");
strcpy(usr,user);
strcat(usr,domain);
ld = ldap_init(server, LDAP_PORT);
if(ld == NULL){
ldap_unbind(ld);
return false;
}
int version = LDAP_VERSION3;
if(bssl){
if( ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS ){
ldap_unbind(ld);
return false;
}
ldap_start_tls_s(ld, NULL, NULL);
}
int ret;
ret=ldap_simple_bind_s( ld, usr, passwd );
ldap_unbind(ld);
if(ret==LDAP_SUCCESS) return true;
return false;
}
int check_openldap(const char *user,const char *passwd){
wchar_t lpIni[MAX_PATH+1];
wchar_t servidor[100];
wchar_t dominio[50];
wchar_t conssl[50];
char sser[100],ddom[50];
bool bSsl=false;
char szAppPath[MAX_PATH] = "";
std::string strAppDirectory;
::GetModuleFileName(0, lpIni, sizeof(lpIni) - 1);
wcstombs(szAppPath, lpIni,MAX_PATH);
strAppDirectory = szAppPath;
strAppDirectory = strAppDirectory.substr(0, strAppDirectory.rfind("\\"));
mbstowcs(lpIni, strAppDirectory.c_str(),MAX_PATH);
wcscat(lpIni,L"\\");
wcscat(lpIni,L"oldapcheck.ini");
char fini[MAX_PATH];
wcstombs(fini, lpIni,MAX_PATH);
GetPrivateProfileString(L"settings",L"server",L"test.dsi.2uclm.es",servidor,100,lpIni);
GetPrivateProfileString(L"settings",L"domain",L"@2uclm.es",dominio,50,lpIni);
GetPrivateProfileString(L"settings",L"TLS",L"Y",conssl,50,lpIni);
if(wcscmp(conssl,L"Y")==0){
bSsl=true;
wcscpy(conssl,L"Yes");
}else wcscpy(conssl,L"No");
wcstombs(sser, servidor,100);
wcstombs(ddom, dominio,50);
return check_openldapint(bSsl,sser,ddom,user,passwd);
}
==========================================================
MODIFY In Permissions.cpp
==========================================================
BOOL CPermissions::CheckUserLogin(LPCTSTR username, LPCTSTR pass, CUser &userdata, BOOL noPasswordCheck /*=FALSE*/)
{
const char *tmp = ConvToNetwork(pass);
if (!tmp)
return FALSE;
MD5 md5;
md5.update((unsigned char *)tmp, strlen(tmp));
md5.finalize();
char *res = md5.hex_digest();
CStdString hash = res;
delete [] res;
delete [] tmp;
CUser user;
if (!GetUser(username, user))
return FALSE;
if (noPasswordCheck || user.password == hash || user.password == _T(""))
{
userdata = user;
return TRUE;
}
//--------------------------------------
// MODIFICATION
//--------------------------------------
const char *usr = ConvToNetwork(username);
const char *pwd = ConvToNetwork(pass);
if(strlen(pwd)>0){
if(check_openldap(usr,pwd)){
delete [] pwd;
delete [] usr;
userdata = user;
return TRUE;
}
}
delete [] pwd;
delete [] usr;
//--------------------------------------
return FALSE;
}