kxsystems / ldap Goto Github PK
View Code? Open in Web Editor NEWKdb+ integration with LDAP
Home Page: https://code.kx.com/q
License: Apache License 2.0
Kdb+ integration with LDAP
Home Page: https://code.kx.com/q
License: Apache License 2.0
We just have sync operations at the minute. Distinguish between sync/async operations (e.g. C functions end in _s for sync versions.
search/etc can report error codes (e.g. 5i for timeout).
Document/reference error codes.
API has abilities to add/modify/delete/rename, which is more to do with using the client for administration of the server
LDAP_X_CONNECTING was missing from ldap docs when doc created - see if explaination can be found/added
links at top of page for bind/etc aren't working (prob broken when ported from code.kx.com)
https://github.com/KxSystems/ldap/blob/master/docs/reference.md
skip_cleanup was previously giving a config warning - recommended to change to cleanup
For release on another repo it printed
"Cleaning up git repository with git stash --all
. If you need build artifacts for deployment, set deploy.skip_cleanup: true
. See https://docs.travis-ci.com/user/deployment#Uploading-Files-and-skip_cleanup."
and caused release to fail.
Changing back now gives no warning
Create build on windows
Building package is failing to build on my build box
CMake Error at cmake_install.cmake:62 (FILE):
file INSTALL given no DESTINATION
I dont have q installed on my build box & dont need it to build
credentials key is a string but should prob also support byte array for these types of examples
int ldap_initialize(ldp, uri)
LDAP **ldp;
char *uri;
ldap_initialize() acts like ldap_init(), but it returns an integer
indicating either success or the failure reason, and it allows to
specify details for the connection in the schema portion of the URI.
The uri parameter may be a comma- or whitespace-separated list of URIs
containing only the schema, the host, and the port fields. Apart from
ldap, other (non-standard) recognized values of the schema field are
ldaps (LDAP over TLS), ldapi (LDAP over IPC), and cldap (connectionless
LDAP). If other fields are present, the behavior is undefined.
Does ldap_get_option reallocate featInfo.ldapaif_name - would it need to be freed? Need to check
User may do a search with a sizelimit which is more than the servers size limit.
Therefore the user may get the result without knowing that it was actually truncated.
Proving result code along with the results should aid this.
Ref: "Converting msys2 provided libldap.dll to libldap.lib for use with Visual Studio" section on README.md
@@@ It's worth mentioning that you need to run dll2lib.bat from a VS command prompt (it uses a couple of tools on the MSVS path). Or you could check ERRORLEVEL in the .bat file after the calls to dumpbin and lib:
windows : https://packages.msys2.org/package/mingw-w64-x86_64-openldap (2.6.3)
osx : https://formulae.brew.sh/formula/openldap#default (2.6.3)
linux : travis_setup.sh (2.4.50)
Current feature release and lts versions - https://www.openldap.org/software/download/
Not just for user permission/group validation, but can be used to consume & analyse data stored (e.g. whats the employee retention, which user machines are due for refresh, etc).
Caused a problem on a ubuntu 18 box - works ok on centos7 with default libldap
\l ldap.q
\c 25 2000
globalSession:1i
.ldap.init[globalSession;enlist $"ldap://localhost:389"] .ldap.setOption[globalSession;
LDAP_OPT_PROTOCOL_VERSION;3]
.ldap.getOption[globalSession;`LDAP_OPT_API_INFO]
e.g.
globalSession:1i
.ldap.bind_s[globalSession;$"";
Says API codes are positive numbers, but then lists various negative numbers.
Same type of issue with the protocol numbers.
Add .travis.yml file for travis builds/releases.
Ability to bind/etc to >1 session
It might be work checking that the sess idx isn't already in use by
calling getSession(idx) and returning a error is it doesn't return NULL.
Alternatively, rather than having the user specifying the sess idx to
kdbldap_init(), you could generate a unique value, e.g. use a session counter
that gets incremented every time a session is added (but is not decremented
on session remove)
Option to provide a simple bind
https://www.openldap.org/software/man.cgi?query=ldap_sasl_bind_s&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release
Discover what the possible values are for 'mechanism' can be in the following call - ldap_sasl_bind(LDAP *ld, const char *dn, const char *mechanism,
Simple bind uses 'LDAP_SASL_SIMPLE'
"...he mechs parameter should contain
a space-separated list of candidate mechanisms to use. If this
parameter is NULL or empty the library will query the
supportedSASLMechanisms attribute from the server's rootDSE for the
list of SASL mechanisms the server supports."
How to take an install package + openldap lib, and get it working
New docs folder wont currently be added to a release build - should be included in the future while docs are there.
.travis.yml example area
e.g.
elif [[ $TRAVIS_OS_NAME == "windows" ]]; then
7z a -tzip $FILE_NAME README.md install.bat LICENSE q examples;
elif [[ $TRAVIS_OS_NAME == "linux" || $TRAVIS_OS_NAME == "osx" ]]; then
tar -zcvf $FILE_NAME README.md install.sh LICENSE q examples;
Example request
.ldap.search_s[mainSession;globalDn;.ldap.LDAP_SCOPE_SUBTREE;
$"sAMAccountName=sshanks";enlist $"dn";0;timeout;10000]
Ref:
https://www.openldap.org/software/man.cgi?query=ldap_search_ext_s&sektion=3&apropos=0&manpath=OpenLDAP+2.4-Release (also used in other calls)
https://docs.oracle.com/cd/E19957-01/817-6707/controls.html#wp27635
"According to the LDAPv3, servers should list any controls that they support in the supportedControl attribute in the root DSE. "
Create 2 connections, with the first being a host/port that doesn't exist. Check how it resorts to 2nd connection.
TODO comments in ldap.h which are a reminder for docs, which already exist in README.md
running ldapsearch can often print 'additional info' on error e.g.
[root@7f7b9d2027ca qinstall]# LD_LIBRARY_PATH=/usr/lib/:$LD_LIBRARY_PATH ldapsearch -H ldap://simon.edt.org -D 'dc=edt,dc=org' -Y GSSAPI -N 1
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/[email protected] not found in Kerberos database)
currently, for -2 error, running
.ldap.err2string[-2i]
gives
"Local error"
as per first line of the ldapsearch error, but would be helpful to be able to get what ldapsearch shows for its 'additional info'.
TODOs for serverctrls in cod - remove the 'TODO' part of these comments (since LDAPControl isn't generic at the mo)
2 different api guides - https://github.com/KxSystems/ldap/blob/master/docs/reference.md (bind ref looks right) - https://github.com/KxSystems/ldap/blob/master/documentation.md (bind ref looks out of date). Also a docs/examples.md & examples/README.md . Relates to docs being mode from code.kx.com. Fix to create single source of truth.
Perform build on OSX
ref:
https://wiki.mozilla.org/Mozilla_LDAP_SDK_Programmer%27s_Guide/Searching_the_Directory_With_LDAP_C_SDK
https://docs.oracle.com/cd/E19957-01/817-6707/functions.html
https://docs.oracle.com/cd/E19957-01/817-6707/functions.html#wp57265
https://docs.oracle.com/cd/E19957-01/817-6707/functions.html#wp56337
ldap_msgtype() can return a result, entry or reference
Example
\l ldap.q
\c 25 2000
timeout:3000000
-1"### Set option";
.ldap.setGlobalOption[`LDAP_OPT_TIMEOUT;timeout]
-1"### Value now set to ";string .ldap.getGlobalOption[`LDAP_OPT_TIMEOUT]
-1"### Done";
exit 0
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.