{"id":420,"date":"2012-03-05T16:36:31","date_gmt":"2012-03-05T08:36:31","guid":{"rendered":"http:\/\/cowman-chiang.no-ip.org\/wordpress\/?p=420"},"modified":"2023-10-31T15:52:05","modified_gmt":"2023-10-31T07:52:05","slug":"openwebmails-ldap-%e6%94%af%e6%8f%b4%e5%a4%9aou%e7%99%bb%e5%85%a5","status":"publish","type":"post","link":"https:\/\/cowmanchiang.me\/wp\/?p=420","title":{"rendered":"OpenWebmail&#8217;s LDAP \u652f\u63f4\u591aOU\u767b\u5165"},"content":{"rendered":"<p>\u4e00\u822c\u5728\u8a2d\u5b9aLDAP\u7684\u6642\u5019\u6703\u5229\u7528\u591a\u500bou\u4f86\u5340\u5206\u4f7f\u7528\u8005<br \/>\n\u4f8b\u5982\u5b9c\u5927\u5c31\u5340\u5206\u4e86admin\u3001policy\u3001club\u3001teacher\u3001unit\u3001stu90&#8230;&#8230;..\u7b49\u591a\u500b\u7fa4\u7d44<br \/>\n\u53ef\u662f\u767c\u73fe\u5728openwebmail\u7684auth_ldap.conf\u4e2d\u53ea\u80fd\u8a2d\u5b9a\u55ae\u4e00\u7fa4\u7d44<br \/>\n\u4e5f\u5c31\u662f\u8aaa\u975e\u8a2d\u5b9a\u7684ou\u5c31\u7121\u6cd5\u4f7f\u7528\u4e86&#8230;.<!--more--><\/p>\n<p>\u9019\u6642\u5019\u5927\u6982\u89e3\u8aaa\u4e00\u4e0bopenwebmail\u4f7f\u7528ldap\u8a8d\u8b49\u7684\u5e7e\u500b\u6b65\u9a5f<br \/>\n1. get_userinfo \u78ba\u8a8d\u6709\u6c92\u6709\u9019\u500b\u4f7f\u7528\u8005<br \/>\n2. get_userlist \u53d6\u5f97\u4f7f\u7528\u8005\u7684\u4e9b\u8a31\u8cc7\u6599<br \/>\n3. check_userpassword \u4f7f\u7528\u8005\u767b\u5165\u4e4b\u5bc6\u78bc\u6aa2\u67e5<br \/>\n\u5176\u5be6\u6703\u611f\u89ba2\u6709\u9ede\u591a\u9918\uff0c\u4f46\u662f\u56e0\u70ba\u9019\u662fopensource\u7684code\uff0c\u8981\u6539\u4e5f\u8981\u82b1\u4e0a\u5f88\u591a\u6642\u9593<br \/>\n\u6240\u4ee5\u5c31\u4ee5\u589e\u52a0\u4e00\u4e9b\u5fae\u8abf\u9054\u6210\u6211\u5011\u7684\u76ee\u7684\u5c31\u53ef\u4ee5\u4e86<\/p>\n<p>\u6211\u5011\u5148\u5728\u4f7f\u7528\u8005\u7684\u5c6c\u6027\u4e2d\u6dfb\u52a0\u4e00\u7b46\u8cc7\u8a0aou\uff0c\u5176\u503c\u70ba\u5b83\u7684ou\u8cc7\u8a0a<br \/>\n\u4ee5\u5be6\u9a57\u7684\u4f8b\u5b50r9643004\u4f86\u8aaa\uff0c\u5176ou\u5c31\u662fstu96<\/p>\n<p>\u7136\u5f8c\u6211\u5011\u5c07get_userlist\u7684\u8cc7\u8a0a\u8cbc\u5230check_userpassword\u5167<br \/>\n\u4e26\u4e14\u5728\u5168\u57df\u5ba3\u544a\u7684\u6642\u5019\u52a0\u5165\u4e00\u884c\u5ba3\u544a\u8cc7\u8a0a<br \/>\n<code>my $unit ;<\/code><\/p>\n<p>\u7136\u5f8ccheck_userpassword\u7684\u5167\u5bb9\u6703\u8b8a\u6210\u9019\u6a23<br \/>\n<code><br \/>\n   my $ldap1 = Net::LDAP->new($ldapHost) or return(-3, \"LDAP error $@\");<br \/>\n   $ldap->bind (dn=>\"$cn, $dc1, $dc2, $dc3\", password =>$pwd) or  return(-3, \"LDAP error $@\");<\/code><br \/>\n<code><br \/>\n   my $list = $ldap1->search (<br \/>\n                            base    => $ldapBase,<br \/>\n                            filter  => \"(uid=$user)\",<br \/>\n                            <strong>attrs   => ['ou']<\/strong><br \/>\n                            ) or return(-8, \"LDAP error $@\");<br \/>\n   undef($ldap1); # disconnect<\/code><br \/>\n<code><br \/>\n   if ($list->count eq 0) {<br \/>\n      return (-7, \"User $user doesn't exist\");<br \/>\n   } else {<br \/>\n      my $entry = $list->entry(0);<br \/>\n     <strong> $unit  = $entry->get_value(\"ou\");<\/strong><br \/>\n   }<\/code><br \/>\n<code><br \/>\n   my $mesg = $ldap->bind (<br \/>\n                          dn       => \"uid=$user, <strong>ou=$unit,<\/strong> $dc1, $dc2, $dc3\",<br \/>\n                          password => $password<br \/>\n                          );<\/code><\/p>\n<p>\u4e4b\u5f8c\u5bc6\u78bc\u9a57\u8b49\u7684\u6b65\u9a5f\u5c31\u6703\u5148\u53bb\u6293\u53d6\u4f7f\u7528\u8005\u7684ou\uff0c\u518d\u5e36\u5165bind\u8cc7\u8a0a\u4e2d<br \/>\n\u4e0d\u904e\u9019\u4e00\u5207\u7684\u4e00\u5207\u90fd\u662f\u5148\u6709\u8a2d\u5b9a\u7684\u5e33\u865f\u5148\u767b\u5165\u67e5\u8a62\u8cc7\u8a0a (\u9019\u908a\u90fd\u662f\u7528Manager\u9032\u884c)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4e00\u822c\u5728\u8a2d\u5b9aLDAP\u7684\u6642\u5019\u6703\u5229\u7528\u591a\u500bou\u4f86\u5340\u5206\u4f7f\u7528\u8005 \u4f8b\u5982\u5b9c\u5927\u5c31\u5340\u5206\u4e86admin\u3001policy\u3001club\u3001teacher\u3001unit\u3001stu90&#8230;&#8230;..\u7b49\u591a\u500b\u7fa4\u7d44 \u53ef\u662f\u767c\u73fe\u5728openwebmail\u7684auth_ldap.conf\u4e2d\u53ea\u80fd\u8a2d\u5b9a\u55ae\u4e00\u7fa4\u7d44 \u4e5f\u5c31\u662f\u8aaa\u975e\u8a2d\u5b9a\u7684ou\u5c31\u7121\u6cd5\u4f7f\u7528\u4e86&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58,68],"tags":[],"class_list":["post-420","post","type-post","status-publish","format-standard","hentry","category-linux","category-openldap"],"_links":{"self":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/420","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=420"}],"version-history":[{"count":1,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/420\/revisions"}],"predecessor-version":[{"id":2147,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=\/wp\/v2\/posts\/420\/revisions\/2147"}],"wp:attachment":[{"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=420"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=420"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cowmanchiang.me\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}