add ldap filter

Makefile

@@ -6,7 +6,7 @@ OBJ=	$(SRC:.cpp=.o)
 
 NAME=	ldap-auth.so
 
-CXXFLAGS+=-O2 -I/usr/include/mysql/server -fPIC -DMYSQL_DYNAMIC_PLUGIN
+CXXFLAGS+=-O2 -I/usr/include/mysql/server -fPIC -DMYSQL_DYNAMIC_PLUGIN -std=c++11
 
 LDFLAGS=	-lldap
 

interfaces.h

@@ -5,6 +5,7 @@
 #define LDAP_URI "ldap://localhost:389"
 #define LDAP_ATTRIBUTE "uid"
 #define LDAP_BASEDN "ou=users,dc=example,dc=org"
+#define LDAP_FILTER ""
 
 class IMySQLLDAPAuthModule
 {

ldap-auth.cpp

@@ -47,7 +47,7 @@ static struct st_mysql_auth auth_ldap_handler =
 
 int initModule(void*)
 {
-    _module = new LDAPReader(LDAP_URI, LDAP_ATTRIBUTE, LDAP_BASEDN);
+    _module = new LDAPReader(LDAP_URI, LDAP_ATTRIBUTE, LDAP_BASEDN, LDAP_FILTER);
     return 0;
 }
 

ldapReader.cpp

@@ -3,14 +3,15 @@
 #include <ldap.h>
 #include "ldapReader.h"
 
-LDAPReader::LDAPReader(const std::string& _uri, const std::string& _attribute, const std::string& _base):
-    uri(_uri), attribute(_attribute), baseDn(_base)
+LDAPReader::LDAPReader(const std::string& _uri, const std::string& _attribute,
+        const std::string& _base, const std::string& _filter):
+    uri(_uri), attribute(_attribute), baseDn(_base), filter(_filter)
 {}
 
 LDAPReader::~LDAPReader()
 {}
 
-void* LDAPReader::InitConnection()
+LDAP* LDAPReader::InitConnection()
 {
     LDAP* ldapHandler;
     int protoVersion = LDAP_VERSION3;
@@ -32,9 +33,34 @@ void* LDAPReader::InitConnection()
     return ldapHandler;
 }
 
+bool LDAPReader::CheckFilter(LDAP* ldapHandler, const std::string& queryBase)
+{
+    LDAPMessage* msg;
+    struct timeval timeo;
+    timeo.tv_sec = 5;
+    timeo.tv_usec = 0;
+
+    char attrCstr[attribute.length()];
+    strcpy(attrCstr, attribute.c_str());
+    char* attrs[] = { attrCstr, nullptr };
+
+    int err = ldap_search_ext_s(ldapHandler, queryBase.c_str(), LDAP_SCOPE_BASE, filter.c_str(), attrs, false, nullptr, nullptr, &timeo, 1, &msg);
+    if (err != LDAP_SUCCESS)
+    {
+        std::cerr << "LDAP Search Error: (" << err << ") " << ldap_err2string(err) << std::endl;
+        return false;
+    }
+    if (!msg)
+        return false;
+
+    bool result = nullptr != ldap_first_entry(ldapHandler, msg);
+    ldap_msgfree(msg);
+    return result;
+}
+
 bool LDAPReader::Authenticate(const std::string& username, const std::string& password)
 {
-    LDAP* ldapHandler = reinterpret_cast<LDAP*>(InitConnection());
+    LDAP* ldapHandler = InitConnection();
     if (!ldapHandler)
         return false;
 
@@ -48,9 +74,13 @@ bool LDAPReader::Authenticate(const std::string& username, const std::string& pa
     bindPw.bv_val = passwordCstr;
 
     int err = ldap_sasl_bind_s(ldapHandler, bindDn.str().c_str(), LDAP_SASL_SIMPLE, &bindPw, nullptr, nullptr, nullptr);
-    if (err != LDAP_SUCCESS)
+    bool success = err == LDAP_SUCCESS;
+
+    if (!success)
         std::cerr << "LDAP Bind Error: (" << err << ") " << ldap_err2string(err) << std::endl;
+    else if (!filter.empty())
+        success &= CheckFilter(ldapHandler, bindDn.str());
     ldap_unbind_ext(ldapHandler, nullptr, nullptr);
-    return err == LDAP_SUCCESS;
+    return success;
 }
 

ldapReader.h

@@ -1,18 +1,22 @@
 
 #include "interfaces.h"
 
+struct ldap;
+
 class LDAPReader: public IMySQLLDAPAuthModule
 {
     public:
-        LDAPReader(const std::string& uri, const std::string& attribute, const std::string& baseDn);
+        LDAPReader(const std::string& uri, const std::string& attribute, const std::string& baseDn, const std::string& filter="");
         ~LDAPReader();
         bool Authenticate(const std::string& username, const std::string& password) override;
 
     private:
-        void* InitConnection();
+        struct ldap* InitConnection();
+        bool CheckFilter(struct ldap* ldapHandler, const std::string& base);
 
         const std::string uri;
         const std::string attribute;
         const std::string baseDn;
+        const std::string filter;
 };
 

test.cpp

@@ -7,7 +7,7 @@
 
 int main()
 {
-    LDAPReader reader(LDAP_URI, LDAP_ATTRIBUTE, LDAP_BASEDN);
+    LDAPReader reader(LDAP_URI, LDAP_ATTRIBUTE, LDAP_BASEDN, LDAP_FILTER);
     std::cout << reader.Authenticate(LDAP_TEST_USERID, LDAP_TEST_PASSWD) << std::endl;
 }