The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
rlm_ldap.h
Go to the documentation of this file.
1 #pragma once
2 /**
3  * $Id: 550b3edf7b2e043a1c07c209c78729f015d3af1a $
4  * @file rlm_ldap.h
5  * @brief LDAP authorization and authentication module headers.
6  *
7  * @note Do not rename to ldap.h. This causes configure checks to break
8  * in stupid ways, where the configure script will use the local ldap.h
9  * file, instead of the one from libldap.
10  *
11  * @author Arran Cudbard-Bell (a.cudbardb@freeradius.org)
12  * @copyright 2015 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
13  * @copyright 2013 Network RADIUS SAS (legal@networkradius.com)
14  * @copyright 2013-2015 The FreeRADIUS Server Project.
15  */
16 #include <freeradius-devel/server/base.h>
17 #include <freeradius-devel/server/module_rlm.h>
18 #include <freeradius-devel/ldap/base.h>
19 
20 typedef struct {
21  CONF_SECTION *cs; //!< Section configuration.
22 
23  char const *reference; //!< Configuration reference string.
24 } ldap_acct_section_t;
25 
26 typedef struct {
27  /*
28  * Options
29  */
30 #ifdef LDAP_CONTROL_X_SESSION_TRACKING
31  bool session_tracking; //!< Whether we add session tracking controls, which help
32  //!< identify the autz or acct session the commands were
33  //!< issued for.
34 #endif
35  struct {
36  /*
37  * User object attributes and filters
38  */
39  char const *obj_sort_by; //!< List of attributes to sort by.
40  LDAPControl *obj_sort_ctrl; //!< Server side sort control.
41 
42  int obj_scope; //!< Search scope.
43 
44  char const *obj_access_attr; //!< Attribute to check to see if the user should be locked out.
45  bool access_positive; //!< If true the presence of the attribute will allow access,
46  //!< else it will deny access.
47 
48  char const *access_value_negate; //!< If the value of the access_attr matches this, the result
49  ///< will be negated.
50  char const *access_value_suspend; //!< Value that indicates suspension. Is not affected by
51  ///< access_positive and will always allow access, but will apply
52  ///< a different profile.
53  bool expect_password; //!< Allow the user to forcefully decide if a password should be
54  ///< expected. Controls whether warnings are issued.
55  bool expect_password_is_set; //!< Whether an expect password value was provided.
56  } user;
57 
58  /*
59  * Group object attributes and filters
60  */
61  struct {
62  char const *userobj_membership_attr; //!< Attribute that describes groups the user is a member of.
63 
64  char const *obj_filter; //!< Filter to retrieve only group objects.
65  int obj_scope; //!< Search scope.
66 
67  char const *obj_name_attr; //!< The name of the group.
68  char const *obj_membership_filter; //!< Filter to only retrieve groups which contain
69  //!< the user as a member.
70 
71  bool cacheable_name; //!< If true the server will determine complete set of group
72  //!< memberships for the current user object, and perform any
73  //!< resolution necessary to determine the names of those
74  //!< groups, then right them to the control list (LDAP-Group).
75 
76  bool cacheable_dn; //!< If true the server will determine complete set of group
77  //!< memberships for the current user object, and perform any
78  //!< resolution necessary to determine the DNs of those groups,
79  //!< then right them to the control list (LDAP-GroupDN).
80 
81  char const *cache_attribute; //!< Sets the attribute we use when creating and retrieving
82  //!< cached group memberships.
83 
84  fr_dict_attr_t const *cache_da; //!< The DA associated with this specific instance of the
85  //!< rlm_ldap module.
86 
87  char const *attribute; //!< Sets the attribute we use when comparing group
88  //!< group memberships.
89 
90  fr_dict_attr_t const *da; //!< The DA associated with this specific instance of the
91  //!< rlm_ldap module.
92 
93  bool allow_dangling_refs; //!< Don't error if we fail to resolve a group DN referenced
94  ///< from a user object.
95 
96  bool skip_on_suspend; //!< Don't process groups if the user is suspended.
97  } group;
98 
99  char const *valuepair_attr; //!< Generic dynamic mapping attribute, contains a RADIUS
100  //!< attribute and value.
101 
102  /*
103  * Profiles
104  */
105  int profile_scope; //!< Search scope.
106  char const *profile_attr; //!< Attribute that identifies profiles to apply. May appear
107  //!< in userobj or groupobj.
108  char const *profile_attr_suspend; //!< Attribute that identifies profiles to apply when the user's
109  ///< account is suspended. May appear in userobj or groupobj.
110 
111  /*
112  * Accounting
113  */
114  ldap_acct_section_t *postauth; //!< Modify mappings for post-auth.
115  ldap_acct_section_t *accounting; //!< Modify mappings for accounting.
116 
117 #ifdef WITH_EDIR
118  /*
119  * eDir support
120  */
121  bool edir; //!< If true attempt to retrieve the user's cleartext password
122  //!< using the Universal Password feature of Novell eDirectory.
123  bool edir_autz; //!< If true, and we have the Universal Password, bind with it
124  //!< to perform additional authorisation checks.
125 #endif
126 
127  fr_ldap_config_t handle_config; //!< Connection configuration instance.
128  trunk_conf_t trunk_conf; //!< Trunk configuration
129  trunk_conf_t bind_trunk_conf; //!< Trunk configuration for trunk used for bind auths
130 
131  module_instance_t const *mi; //!< Module instance data for thread lookups.
132 } rlm_ldap_t;
133 
134 /** Call environment used in LDAP authorization
135  *
136  */
137 typedef struct {
138  fr_value_box_t user_base; //!< Base DN in which to search for users.
139  fr_value_box_t user_filter; //!< Filter to use when searching for users.
140  fr_value_box_t group_base; //!< Base DN in which to search for groups.
141  tmpl_t *group_filter; //!< tmpl to expand as group membership filter.
142  fr_value_box_t default_profile; //!< If this is set, we will search for a profile object
143  //!< with this name, and map any attributes it contains.
144  //!< No value should be set if profiles are not being used
145  //!< as there is an associated performance penalty.
146  fr_value_box_t profile_filter; //!< Filter to use when searching for profiles.
147 
148  map_list_t *user_map; //!< Attribute map applied to users and profiles.
149 
150  fr_value_box_t const *expect_password; //!< True if the user_map included a mapping between an LDAP
151  //!< attribute and one of our password reference attributes.
152 } ldap_autz_call_env_t;
153 
154 /** Call environment used in group membership xlat
155  *
156  */
157 typedef struct {
158  fr_value_box_t user_base; //!< Base DN in which to search for users.
159  fr_value_box_t user_filter; //!< Filter to use when searching for users.
160  fr_value_box_t group_base; //!< Base DN in which to search for groups.
161  tmpl_t *group_filter; //!< tmpl to expand as group membership filter.
162 } ldap_xlat_memberof_call_env_t;
163 
164 /** State list for resumption of authorization
165  *
166  */
167 typedef enum {
168  LDAP_AUTZ_FIND = 0,
169  LDAP_AUTZ_GROUP,
170  LDAP_AUTZ_POST_GROUP,
171 #ifdef WITH_EDIR
172  LDAP_AUTZ_EDIR_BIND,
173  LDAP_AUTZ_POST_EDIR,
174 #endif
175  LDAP_AUTZ_MAP,
176  LDAP_AUTZ_DEFAULT_PROFILE,
177  LDAP_AUTZ_POST_DEFAULT_PROFILE,
178  LDAP_AUTZ_USER_PROFILE,
179 } ldap_autz_status_t;
180 
181 /** User's access state
182  *
183  */
184 typedef enum {
185  LDAP_ACCESS_ALLOWED = 0, //!< User is allowed to login.
186  LDAP_ACCESS_DISALLOWED, //!< User it not allow to login (disabled)
187  LDAP_ACCESS_SUSPENDED //!< User account has been suspended.
188 } ldap_access_state_t;
189 
190 /** Holds state of in progress async authorization
191  *
192  */
193 typedef struct {
194  module_instance_t const *dlinst;
195  rlm_ldap_t const *inst;
196  fr_ldap_map_exp_t expanded;
197  fr_ldap_query_t *query;
198  fr_ldap_thread_trunk_t *ttrunk;
199  ldap_autz_call_env_t *call_env;
200  LDAPMessage *entry;
201  ldap_autz_status_t status;
202  struct berval **profile_values;
203  int value_idx;
204  char *profile_value;
205  char const *dn;
206  ldap_access_state_t access_state; //!< What state a user's account is in.
207 } ldap_autz_ctx_t;
208 
209 /** State list for xlat evaluation of LDAP group membership
210  */
211 typedef enum {
212  GROUP_XLAT_FIND_USER = 0,
213  GROUP_XLAT_MEMB_FILTER,
214  GROUP_XLAT_MEMB_ATTR
215 } ldap_group_xlat_status_t;
216 
217 /** Holds state of in progress group membership check xlat
218  *
219  */
220 typedef struct {
221  rlm_ldap_t const *inst;
222  fr_value_box_t *group;
223  ldap_xlat_memberof_call_env_t *env_data;
224  bool group_is_dn;
225  char const *dn;
226  char const *attrs[2];
227  fr_value_box_t *filter;
228  fr_value_box_t *basedn;
229  fr_ldap_thread_trunk_t *ttrunk;
230  fr_ldap_query_t *query;
231  ldap_group_xlat_status_t status;
232  bool found;
233 } ldap_group_xlat_ctx_t;
234 
235 extern HIDDEN fr_dict_attr_t const *attr_password;
236 extern HIDDEN fr_dict_attr_t const *attr_cleartext_password;
237 extern HIDDEN fr_dict_attr_t const *attr_crypt_password;
238 extern HIDDEN fr_dict_attr_t const *attr_ldap_userdn;
239 extern HIDDEN fr_dict_attr_t const *attr_nt_password;
240 extern HIDDEN fr_dict_attr_t const *attr_password_with_header;
241 
242 extern HIDDEN fr_dict_attr_t const *attr_user_password;
243 extern HIDDEN fr_dict_attr_t const *attr_user_name;
244 
245 /*
246  * user.c - User lookup functions
247  */
248 static inline char const *rlm_find_user_dn_cached(request_t *request)
249 {
250  fr_pair_t *vp;
251 
252  vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_ldap_userdn);
253  if (!vp) return NULL;
254 
255  RDEBUG2("Using user DN from request \"%pV\"", &vp->data);
256  return vp->vp_strvalue;
257 }
258 
259 unlang_action_t rlm_ldap_find_user_async(TALLOC_CTX *ctx, rlm_ldap_t const *inst, request_t *request,
260  fr_value_box_t *base, fr_value_box_t *filter_box,
261  fr_ldap_thread_trunk_t *ttrunk, char const *attrs[],
262  fr_ldap_query_t **query_out);
263 
264 ldap_access_state_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAPMessage *entry);
265 
266 void rlm_ldap_check_reply(request_t *request, rlm_ldap_t const *inst, char const *inst_name, bool expect_password, fr_ldap_thread_trunk_t const *ttrunk);
267 
268 /*
269  * groups.c - Group membership functions.
270  */
271 unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx,
272  char const *attr);
273 
274 unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx);
275 
276 unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, request_t *request,
277  ldap_group_xlat_ctx_t *xlat_ctx);
278 
279 unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, request_t *request,
280  ldap_group_xlat_ctx_t *xlat_ctx);
281 
282 unlang_action_t rlm_ldap_check_cached(rlm_rcode_t *p_result,
283  rlm_ldap_t const *inst, request_t *request, fr_value_box_t const *check);
284 
285 unlang_action_t rlm_ldap_map_profile(fr_ldap_result_code_t *ret,
286  rlm_ldap_t const *inst, request_t *request, fr_ldap_thread_trunk_t *ttrunk,
287  char const *dn, int scope, char const *filter, fr_ldap_map_exp_t const *expanded);
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35
HIDDEN
#define HIDDEN
Definition: build.h:312
cf_section
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:101
fr_ldap_result_code_t
fr_ldap_result_code_t
LDAP query result codes.
Definition: base.h:188
fr_ldap_config_t
Connection configuration.
Definition: base.h:221
fr_ldap_map_exp_t
Result of expanding the RHS of a set of maps.
Definition: base.h:370
fr_ldap_query_s
LDAP query structure.
Definition: base.h:422
fr_ldap_thread_trunk_s
Thread LDAP trunk structure.
Definition: base.h:399
fr_dict_attr_t
Definition: merged_model.c:133
fr_value_box_t
Definition: merged_model.c:136
request_t
Definition: merged_model.c:210
tmpl_t
Definition: merged_model.c:225
fr_pair_find_by_da
fr_pair_t * fr_pair_find_by_da(fr_pair_list_t const *list, fr_pair_t const *prev, fr_dict_attr_t const *da)
Find the first pair with a matching da.
Definition: pair.c:693
RDEBUG2
#define RDEBUG2(fmt,...)
Definition: radclient.h:54
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40
ldap_group_xlat_ctx_t::env_data
ldap_xlat_memberof_call_env_t * env_data
Definition: rlm_ldap.h:223
rlm_ldap_t::profile_attr
char const * profile_attr
Attribute that identifies profiles to apply.
Definition: rlm_ldap.h:106
ldap_group_xlat_ctx_t::basedn
fr_value_box_t * basedn
Definition: rlm_ldap.h:228
ldap_autz_ctx_t::expanded
fr_ldap_map_exp_t expanded
Definition: rlm_ldap.h:196
attr_password
HIDDEN fr_dict_attr_t const * attr_password
Definition: rlm_ldap.c:316
ldap_group_xlat_ctx_t::filter
fr_value_box_t * filter
Definition: rlm_ldap.h:227
ldap_autz_ctx_t::call_env
ldap_autz_call_env_t * call_env
Definition: rlm_ldap.h:199
ldap_autz_ctx_t::profile_values
struct berval ** profile_values
Definition: rlm_ldap.h:202
rlm_ldap_map_profile
unlang_action_t rlm_ldap_map_profile(fr_ldap_result_code_t *ret, rlm_ldap_t const *inst, request_t *request, fr_ldap_thread_trunk_t *ttrunk, char const *dn, int scope, char const *filter, fr_ldap_map_exp_t const *expanded)
Search for and apply an LDAP profile.
Definition: profile.c:144
attr_crypt_password
HIDDEN fr_dict_attr_t const * attr_crypt_password
Definition: rlm_ldap.c:318
ldap_access_state_t
ldap_access_state_t
User's access state.
Definition: rlm_ldap.h:184
LDAP_ACCESS_SUSPENDED
@ LDAP_ACCESS_SUSPENDED
User account has been suspended.
Definition: rlm_ldap.h:187
LDAP_ACCESS_ALLOWED
@ LDAP_ACCESS_ALLOWED
User is allowed to login.
Definition: rlm_ldap.h:185
LDAP_ACCESS_DISALLOWED
@ LDAP_ACCESS_DISALLOWED
User it not allow to login (disabled)
Definition: rlm_ldap.h:186
rlm_ldap_cacheable_userobj
unlang_action_t rlm_ldap_cacheable_userobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx, char const *attr)
Convert group membership information into attributes.
Definition: groups.c:443
ldap_autz_ctx_t::ttrunk
fr_ldap_thread_trunk_t * ttrunk
Definition: rlm_ldap.h:198
ldap_autz_ctx_t::value_idx
int value_idx
Definition: rlm_ldap.h:203
attr_user_name
HIDDEN fr_dict_attr_t const * attr_user_name
Definition: base.c:102
ldap_group_xlat_ctx_t::query
fr_ldap_query_t * query
Definition: rlm_ldap.h:230
ldap_autz_ctx_t::inst
rlm_ldap_t const * inst
Definition: rlm_ldap.h:195
ldap_autz_call_env_t::profile_filter
fr_value_box_t profile_filter
Filter to use when searching for profiles.
Definition: rlm_ldap.h:146
ldap_autz_call_env_t::user_filter
fr_value_box_t user_filter
Filter to use when searching for users.
Definition: rlm_ldap.h:139
ldap_autz_call_env_t::group_filter
tmpl_t * group_filter
tmpl to expand as group membership filter.
Definition: rlm_ldap.h:141
rlm_ldap_t::bind_trunk_conf
trunk_conf_t bind_trunk_conf
Trunk configuration for trunk used for bind auths.
Definition: rlm_ldap.h:129
ldap_autz_ctx_t::entry
LDAPMessage * entry
Definition: rlm_ldap.h:200
attr_nt_password
HIDDEN fr_dict_attr_t const * attr_nt_password
Definition: rlm_ldap.c:320
rlm_ldap_t::profile_attr_suspend
char const * profile_attr_suspend
Attribute that identifies profiles to apply when the user's account is suspended.
Definition: rlm_ldap.h:108
ldap_autz_status_t
ldap_autz_status_t
State list for resumption of authorization.
Definition: rlm_ldap.h:167
LDAP_AUTZ_GROUP
@ LDAP_AUTZ_GROUP
Definition: rlm_ldap.h:169
LDAP_AUTZ_FIND
@ LDAP_AUTZ_FIND
Definition: rlm_ldap.h:168
LDAP_AUTZ_DEFAULT_PROFILE
@ LDAP_AUTZ_DEFAULT_PROFILE
Definition: rlm_ldap.h:176
LDAP_AUTZ_USER_PROFILE
@ LDAP_AUTZ_USER_PROFILE
Definition: rlm_ldap.h:178
LDAP_AUTZ_MAP
@ LDAP_AUTZ_MAP
Definition: rlm_ldap.h:175
LDAP_AUTZ_POST_DEFAULT_PROFILE
@ LDAP_AUTZ_POST_DEFAULT_PROFILE
Definition: rlm_ldap.h:177
LDAP_AUTZ_POST_GROUP
@ LDAP_AUTZ_POST_GROUP
Definition: rlm_ldap.h:170
ldap_group_xlat_ctx_t::group
fr_value_box_t * group
Definition: rlm_ldap.h:222
ldap_autz_ctx_t::status
ldap_autz_status_t status
Definition: rlm_ldap.h:201
rlm_ldap_t::valuepair_attr
char const * valuepair_attr
Generic dynamic mapping attribute, contains a RADIUS attribute and value.
Definition: rlm_ldap.h:99
ldap_autz_ctx_t::query
fr_ldap_query_t * query
Definition: rlm_ldap.h:197
ldap_autz_ctx_t::profile_value
char * profile_value
Definition: rlm_ldap.h:204
ldap_xlat_memberof_call_env_t::user_base
fr_value_box_t user_base
Base DN in which to search for users.
Definition: rlm_ldap.h:158
ldap_group_xlat_ctx_t::inst
rlm_ldap_t const * inst
Definition: rlm_ldap.h:221
attr_ldap_userdn
HIDDEN fr_dict_attr_t const * attr_ldap_userdn
Definition: rlm_ldap.c:319
rlm_ldap_t::handle_config
fr_ldap_config_t handle_config
Connection configuration instance.
Definition: rlm_ldap.h:127
attr_user_password
HIDDEN fr_dict_attr_t const * attr_user_password
Definition: rlm_eap_fast.c:107
ldap_group_xlat_ctx_t::status
ldap_group_xlat_status_t status
Definition: rlm_ldap.h:231
rlm_ldap_check_userobj_dynamic
unlang_action_t rlm_ldap_check_userobj_dynamic(rlm_rcode_t *p_result, request_t *request, ldap_group_xlat_ctx_t *xlat_ctx)
Query the LDAP directory to check if a user object is a member of a group.
Definition: groups.c:1117
ldap_xlat_memberof_call_env_t::group_filter
tmpl_t * group_filter
tmpl to expand as group membership filter.
Definition: rlm_ldap.h:161
rlm_ldap_check_cached
unlang_action_t rlm_ldap_check_cached(rlm_rcode_t *p_result, rlm_ldap_t const *inst, request_t *request, fr_value_box_t const *check)
Check group membership attributes to see if a user is a member.
Definition: groups.c:1155
ldap_autz_call_env_t::group_base
fr_value_box_t group_base
Base DN in which to search for groups.
Definition: rlm_ldap.h:140
ldap_autz_ctx_t::access_state
ldap_access_state_t access_state
What state a user's account is in.
Definition: rlm_ldap.h:206
ldap_autz_call_env_t::user_base
fr_value_box_t user_base
Base DN in which to search for users.
Definition: rlm_ldap.h:138
ldap_group_xlat_ctx_t::group_is_dn
bool group_is_dn
Definition: rlm_ldap.h:224
rlm_ldap_t::accounting
ldap_acct_section_t * accounting
Modify mappings for accounting.
Definition: rlm_ldap.h:115
attr_password_with_header
HIDDEN fr_dict_attr_t const * attr_password_with_header
Definition: rlm_ldap.c:321
rlm_ldap_t::profile_scope
int profile_scope
Search scope.
Definition: rlm_ldap.h:105
ldap_group_xlat_ctx_t::ttrunk
fr_ldap_thread_trunk_t * ttrunk
Definition: rlm_ldap.h:229
rlm_ldap_find_user_async
unlang_action_t rlm_ldap_find_user_async(TALLOC_CTX *ctx, rlm_ldap_t const *inst, request_t *request, fr_value_box_t *base, fr_value_box_t *filter_box, fr_ldap_thread_trunk_t *ttrunk, char const *attrs[], fr_ldap_query_t **query_out)
Initiate asynchronous retrieval of the DN of a user object.
Definition: user.c:159
ldap_xlat_memberof_call_env_t::group_base
fr_value_box_t group_base
Base DN in which to search for groups.
Definition: rlm_ldap.h:160
ldap_autz_ctx_t::dn
char const * dn
Definition: rlm_ldap.h:205
ldap_autz_call_env_t::user_map
map_list_t * user_map
Attribute map applied to users and profiles.
Definition: rlm_ldap.h:148
rlm_ldap_cacheable_groupobj
unlang_action_t rlm_ldap_cacheable_groupobj(rlm_rcode_t *p_result, request_t *request, ldap_autz_ctx_t *autz_ctx)
Convert group membership information into attributes.
Definition: groups.c:700
rlm_ldap_t::trunk_conf
trunk_conf_t trunk_conf
Trunk configuration.
Definition: rlm_ldap.h:128
ldap_group_xlat_ctx_t::found
bool found
Definition: rlm_ldap.h:232
rlm_ldap_t::mi
module_instance_t const * mi
Module instance data for thread lookups.
Definition: rlm_ldap.h:131
rlm_ldap_check_reply
void rlm_ldap_check_reply(request_t *request, rlm_ldap_t const *inst, char const *inst_name, bool expect_password, fr_ldap_thread_trunk_t const *ttrunk)
Verify we got a password from the search.
Definition: user.c:251
ldap_autz_call_env_t::expect_password
fr_value_box_t const * expect_password
True if the user_map included a mapping between an LDAP attribute and one of our password reference a...
Definition: rlm_ldap.h:150
rlm_ldap_t::postauth
ldap_acct_section_t * postauth
Modify mappings for post-auth.
Definition: rlm_ldap.h:114
rlm_find_user_dn_cached
static char const * rlm_find_user_dn_cached(request_t *request)
Definition: rlm_ldap.h:248
ldap_acct_section_t::reference
char const * reference
Configuration reference string.
Definition: rlm_ldap.h:23
ldap_acct_section_t::cs
CONF_SECTION * cs
Section configuration.
Definition: rlm_ldap.h:21
ldap_xlat_memberof_call_env_t::user_filter
fr_value_box_t user_filter
Filter to use when searching for users.
Definition: rlm_ldap.h:159
rlm_ldap_check_groupobj_dynamic
unlang_action_t rlm_ldap_check_groupobj_dynamic(rlm_rcode_t *p_result, request_t *request, ldap_group_xlat_ctx_t *xlat_ctx)
Initiate an LDAP search to determine group membership, querying group objects.
Definition: groups.c:786
ldap_autz_call_env_t::default_profile
fr_value_box_t default_profile
If this is set, we will search for a profile object with this name, and map any attributes it contain...
Definition: rlm_ldap.h:142
ldap_group_xlat_status_t
ldap_group_xlat_status_t
State list for xlat evaluation of LDAP group membership.
Definition: rlm_ldap.h:211
GROUP_XLAT_MEMB_FILTER
@ GROUP_XLAT_MEMB_FILTER
Definition: rlm_ldap.h:213
GROUP_XLAT_MEMB_ATTR
@ GROUP_XLAT_MEMB_ATTR
Definition: rlm_ldap.h:214
GROUP_XLAT_FIND_USER
@ GROUP_XLAT_FIND_USER
Definition: rlm_ldap.h:212
attr_cleartext_password
HIDDEN fr_dict_attr_t const * attr_cleartext_password
Definition: rlm_ldap.c:317
ldap_autz_ctx_t::dlinst
module_instance_t const * dlinst
Definition: rlm_ldap.h:194
rlm_ldap_check_access
ldap_access_state_t rlm_ldap_check_access(rlm_ldap_t const *inst, request_t *request, LDAPMessage *entry)
Check for presence of access attribute in result.
Definition: user.c:199
ldap_group_xlat_ctx_t::dn
char const * dn
Definition: rlm_ldap.h:225
ldap_acct_section_t
Definition: rlm_ldap.h:20
ldap_autz_call_env_t
Call environment used in LDAP authorization.
Definition: rlm_ldap.h:137
ldap_autz_ctx_t
Holds state of in progress async authorization.
Definition: rlm_ldap.h:193
ldap_group_xlat_ctx_t
Holds state of in progress group membership check xlat.
Definition: rlm_ldap.h:220
ldap_xlat_memberof_call_env_t
Call environment used in group membership xlat.
Definition: rlm_ldap.h:157
rlm_ldap_t
Definition: rlm_ldap.h:26
check
#define check(_handle, _len_p)
Definition: rlm_radius_udp.c:45
module_instance_s
Module instance data.
Definition: module.h:265
inst
eap_aka_sim_process_conf_t * inst
Definition: state_machine.c:3620
vp
fr_pair_t * vp
Definition: state_machine.c:2262
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition: pair.h:68
trunk_conf_t
Common configuration parameters for a trunk.
Definition: trunk.h:224
xlat_ctx
static TALLOC_CTX * xlat_ctx
Definition: xlat_builtin.c:65
Generated by   doxygen 1.9.1