The following example logs the bind authentication method. Refer to install-path/examples/testpreop.c for complete example code.
#include "slapi-plugin.h" int testpreop_bind(Slapi_PBlock * pb) { char * auth; /* Authentication type */ char * dn; /* Target DN */ int method; /* Authentication method */ int connId, opId, rc = 0; long msgId; /* Get target DN for bind and authentication method used. */ rc |= slapi_pblock_get(pb, SLAPI_BIND_TARGET, &dn); rc |= slapi_pblock_get(pb, SLAPI_BIND_METHOD, &method); rc |= slapi_pblock_get(pb, SLAPI_OPERATION_MSGID, &msgId); rc |= slapi_pblock_get(pb, SLAPI_CONN_ID, &connId); rc |= slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opId); if (rc == 0) { switch (method) { case LDAP_AUTH_NONE: auth = "No authentication"; break; case LDAP_AUTH_SIMPLE: auth = "Simple authentication"; break; case LDAP_AUTH_SASL: auth = "SASL authentication"; break; default: auth = "Unknown authentication method"; break; } } else { return (rc); } /* Log target DN and authentication method info. */ slapi_log_info_ex( SLAPI_LOG_INFO_AREA_PLUGIN, SLAPI_LOG_INFO_LEVEL_DEFAULT, msgId, connId, opId, "testpreop_bind in test-preop plug-in", "Target DN: %s\tAuthentication method: %s\n", dn, auth ); return (rc); }
This plug-in function sets the auth message based on the authentication method. The function does nothing to affect the way Directory Server processes the bind.
If you have not already done so, build the example plug-in library and activate both plug-in informational logging and the example plug-in.
Build the plug-in.
Hint Use install-path/examples/Makefile or install-path/examples/Makefile64.
Configure Directory Server to log plug-in informational messages and load the plug-in.
Hint Use the commands specified in the comments at the outset of the plug-in source file.
Restart Directory Server.
$ dsadm restart instance-path |
Bind as Kirsten Vaughan (for example).
$ ldapsearch -h localhost -p 1389 -b "dc=example,dc=com" \ -D "uid=kvaughan,ou=people,dc=example,dc=com" -w bribery "(uid=*)" |
Search instance-path/logs/errors for the resulting message from the testpreop_bind() function.
If you ignore housekeeping information for the entry, output similar to this appears:
Target DN: uid=kvaughan,ou=people,dc=example,dc=com Authentication method: Simple authentication |
For a discussion of less trivial pre-bind plug-in functions, refer to Chapter 7, Handling Authentication Using Plug-Ins.