diff -p -up cyrus-imapd-2.3.16/configure.in.kolab-ldap cyrus-imapd-2.3.16/configure.in --- cyrus-imapd-2.3.16/configure.in.kolab-ldap 2009-12-21 13:09:10.000000000 +0000 +++ cyrus-imapd-2.3.16/configure.in 2010-09-05 17:49:48.436656999 +0000 @@ -1214,7 +1214,7 @@ for flag in ${ldflags} ${default_ldflags done IMAP_COM_ERR_LIBS="${COM_ERR_LIBS}" -IMAP_LIBS="${LIB_SASL} ${LIBS} ${SQL_LIBS}" +IMAP_LIBS="${LIB_SASL} -lldap -llber ${LIBS}" AC_SUBST(LIB_RT) AC_SUBST(IMAP_COM_ERR_LIBS) diff -p -up cyrus-imapd-2.3.16/configure.kolab-ldap cyrus-imapd-2.3.16/configure --- cyrus-imapd-2.3.16/configure.kolab-ldap 2009-12-21 13:17:55.000000000 +0000 +++ cyrus-imapd-2.3.16/configure 2010-09-05 17:49:48.436656999 +0000 @@ -21243,7 +21243,7 @@ for flag in ${ldflags} ${default_ldflags done IMAP_COM_ERR_LIBS="${COM_ERR_LIBS}" -IMAP_LIBS="${LIB_SASL} ${LIBS} ${SQL_LIBS}" +IMAP_LIBS="${LIB_SASL} -lldap -llber ${LIBS}" diff -p -up cyrus-imapd-2.3.16/imap/global.c.kolab-ldap cyrus-imapd-2.3.16/imap/global.c --- cyrus-imapd-2.3.16/imap/global.c.kolab-ldap 2009-10-13 15:10:36.000000000 +0000 +++ cyrus-imapd-2.3.16/imap/global.c 2010-09-05 17:49:48.436656999 +0000 @@ -54,6 +54,9 @@ #include <netinet/in.h> #include <sys/stat.h> +#include <ldap.h> +#include <lber.h> + #if HAVE_UNISTD_H # include <unistd.h> #endif @@ -383,6 +386,18 @@ char *canonify_userid(char *user, char * char *domain = NULL; int len = strlen(user); char buf[81]; + const char *uri; + const char *base; + const char *binddn; + const char *bindpw; + struct timeval timeout; + char filter[255]; + LDAP *handle; + LDAPMessage *res; + LDAPMessage *entry; + char ** vals; + + int rc; /* check for domain */ if (config_virtdomains && @@ -401,6 +416,47 @@ char *canonify_userid(char *user, char * } if (config_virtdomains) { + if (config_virtdomains == IMAP_ENUM_VIRTDOMAINS_LDAP) { + uri = config_getstring(IMAPOPT_LDAP_URI); + base = config_getstring(IMAPOPT_LDAP_BASE); + binddn = config_getstring(IMAPOPT_LDAP_BIND_DN); + bindpw = config_getstring(IMAPOPT_LDAP_PASSWORD); + timeout.tv_sec = config_getint(IMAPOPT_LDAP_TIME_LIMIT); + timeout.tv_usec = 0; + sprintf(filter, "(uid=%s)", user); + rc = ldap_initialize(&handle, uri); + if (rc != LDAP_SUCCESS) { + syslog(LOG_ERR, "ldap_initialize failed (%s)", uri); + } else { + rc = ldap_simple_bind_s(handle, binddn, bindpw); + if (rc != LDAP_SUCCESS) { + syslog(LOG_ERR, "ldap_simple_bind() failed %d (%s)", rc, ldap_err2string(rc)); + } else { + rc = ldap_search_st(handle, base, LDAP_SCOPE_SUBTREE, filter, NULL, 0, &timeout, &res); + if (rc != LDAP_SUCCESS) { + syslog(LOG_ERR, "ldap_search_st failed %d (%s)", rc, ldap_err2string(rc)); + } else { + if ( (entry = ldap_first_entry(handle, res)) != NULL ) { + // read mail attribute from entry + if ( (vals = ldap_get_values(handle, entry, "mail")) ) { + if (strchr(vals[0], '@')) { + static char buf[81]; /* same size as in auth_canonifyid */ + strncpy( buf, vals[0], sizeof(buf) ); + buf[80] = '\0'; /* make sure it's null-terminated */ + ldap_value_free( vals ); + ldap_msgfree( res ); + ldap_unbind_s(handle); /* also frees handle */ + return auth_canonifyid( buf, 0) ; + } + ldap_value_free( vals ); + } + } + ldap_msgfree( res ); + } + } + ldap_unbind_s(handle); /* also frees handle */ + } + } if (domain) { if (config_defdomain && !strcasecmp(config_defdomain, domain+1)) { *domain = '\0'; /* trim the default domain */ @@ -413,7 +469,7 @@ char *canonify_userid(char *user, char * user = buf; } } - else if (config_virtdomains != IMAP_ENUM_VIRTDOMAINS_USERID) { + else if (config_virtdomains != IMAP_ENUM_VIRTDOMAINS_USERID && config_virtdomains != IMAP_ENUM_VIRTDOMAINS_LDAP) { socklen_t salen; int error; struct sockaddr_storage localaddr; diff -p -up cyrus-imapd-2.3.16/lib/imapoptions.kolab-ldap cyrus-imapd-2.3.16/lib/imapoptions --- cyrus-imapd-2.3.16/lib/imapoptions.kolab-ldap 2010-09-05 17:49:48.416657008 +0000 +++ cyrus-imapd-2.3.16/lib/imapoptions 2010-09-05 17:49:48.436656999 +0000 @@ -1266,7 +1266,7 @@ product version in the capabilities */ mailbox hierarchy. The default is to use the netnews separator character '.'. */ -{ "virtdomains", "off", ENUM("off", "userid", "on") } +{ "virtdomains", "off", ENUM("off", "userid", "ldap", "on") } /* Enable virtual domain support. If enabled, the user's domain will be determined by splitting a fully qualified userid at the last '@' or '%' symbol. If the userid is unqualified, and the virtdomains diff -p -up cyrus-imapd-2.3.16/lib/imapopts.c.kolab-ldap cyrus-imapd-2.3.16/lib/imapopts.c --- cyrus-imapd-2.3.16/lib/imapopts.c.kolab-ldap 2009-12-21 13:17:55.000000000 +0000 +++ cyrus-imapd-2.3.16/lib/imapopts.c 2010-09-05 17:59:05.394655956 +0000 @@ -790,6 +790,7 @@ struct imapopt_s imapopts[] = {(void *)(IMAP_ENUM_VIRTDOMAINS_OFF)}, { { "off" , IMAP_ENUM_VIRTDOMAINS_OFF }, { "userid" , IMAP_ENUM_VIRTDOMAINS_USERID }, + { "ldap" , IMAP_ENUM_VIRTDOMAINS_LDAP }, { "on" , IMAP_ENUM_VIRTDOMAINS_ON }, { NULL, IMAP_ENUM_ZERO } } }, diff -p -up cyrus-imapd-2.3.16/lib/imapopts.h.kolab-ldap cyrus-imapd-2.3.16/lib/imapopts.h --- cyrus-imapd-2.3.16/lib/imapopts.h.kolab-ldap 2009-12-21 13:17:55.000000000 +0000 +++ cyrus-imapd-2.3.16/lib/imapopts.h 2010-09-05 17:49:48.436656999 +0000 @@ -275,7 +275,8 @@ enum enum_value { IMAP_ENUM_SIEVE_EXTENSIONS_COPY = (1<<11), IMAP_ENUM_VIRTDOMAINS_OFF = 0, IMAP_ENUM_VIRTDOMAINS_USERID, - IMAP_ENUM_VIRTDOMAINS_ON + IMAP_ENUM_VIRTDOMAINS_ON, + IMAP_ENUM_VIRTDOMAINS_LDAP };