+ if (_connection != 0) {
+ ldap_unbind_ext(_connection, 0, 0);
+ }
+}
+
+
+bool LdapAuthenticator::isAvailable() const
+{
+ // FIXME: probably this should test if we can speak to the LDAP server.
+ return true;
+}
+
+
+QString LdapAuthenticator::backendId() const
+{
+ // We identify the backend to use for the monolithic core by this identifier.
+ // so only change this string if you _really_ have to and make sure the core
+ // setup for the mono client still works ;)
+ return QString("LDAP");
+}
+
+
+QString LdapAuthenticator::displayName() const
+{
+ return tr("LDAP");
+}
+
+
+QString LdapAuthenticator::description() const
+{
+ return tr("Authenticate users using an LDAP server.");
+}
+
+
+QVariantList LdapAuthenticator::setupData() const
+{
+ // The parameters needed for LDAP.
+ QVariantList data;
+ data << "Hostname" << tr("Hostname") << QString{"ldap://localhost"}
+ << "Port" << tr("Port") << DEFAULT_LDAP_PORT
+ << "BindDN" << tr("Bind DN") << QString{}
+ << "BindPassword" << tr("Bind Password") << QString{}
+ << "BaseDN" << tr("Base DN") << QString{}
+ << "Filter" << tr("Filter") << QString{}
+ << "UidAttribute" << tr("UID Attribute") << QString{"uid"}
+ ;
+ return data;
+}
+
+
+void LdapAuthenticator::setAuthProperties(const QVariantMap &properties)
+{
+ _hostName = properties["Hostname"].toString();
+ _port = properties["Port"].toInt();
+ _bindDN = properties["BindDN"].toString();
+ _bindPassword = properties["BindPassword"].toString();
+ _baseDN = properties["BaseDN"].toString();
+ _filter = properties["Filter"].toString();
+ _uidAttribute = properties["UidAttribute"].toString();
+}
+
+// TODO: this code is sufficiently general that in the future, perhaps an abstract
+// class should be created implementing it.
+// i.e. a provider that does its own thing and then pokes at the current storage
+// through the default core method.
+UserId LdapAuthenticator::validateUser(const QString &username, const QString &password)
+{
+ bool result = ldapAuth(username, password);
+ if (!result) {
+ return UserId();
+ }
+
+ // LDAP is case-insensitive, thus we will lowercase the username, in spite of
+ // a better solution :(
+ const QString lUsername = username.toLower();
+
+ // If auth succeeds, but the user has not logged into quassel previously, make
+ // a new user for them and return that ID.
+ // Users created via LDAP have empty passwords, but authenticator column = LDAP.
+ // On the other hand, if auth succeeds and the user already exists, do a final
+ // cross-check to confirm we're using the right auth provider.
+ UserId quasselId = Core::validateUser(lUsername, QString());
+ if (!quasselId.isValid()) {
+ return Core::addUser(lUsername, QString(), backendId());
+ }
+ else if (!(Core::checkAuthProvider(quasselId, backendId()))) {
+ return 0;
+ }
+ return quasselId;
+}
+
+
+bool LdapAuthenticator::setup(const QVariantMap &settings)
+{
+ setAuthProperties(settings);
+ bool status = ldapConnect();
+ return status;
+}
+
+
+Authenticator::State LdapAuthenticator::init(const QVariantMap &settings)
+{
+ setAuthProperties(settings);
+
+ bool status = ldapConnect();
+ if (!status) {
+ quInfo() << qPrintable(backendId()) << "authenticator cannot connect.";
+ return NotAvailable;
+ }
+
+ quInfo() << qPrintable(backendId()) << "authenticator is ready.";
+ return IsReady;
+}
+
+// Method based on abustany LDAP quassel patch.
+bool LdapAuthenticator::ldapConnect()
+{
+ if (_connection != 0) {
+ ldapDisconnect();
+ }
+
+ int res, v = LDAP_VERSION3;
+
+ QString serverURI;
+ QByteArray serverURIArray;
+
+ // Convert info to hostname:port.
+ serverURI = _hostName + ":" + QString::number(_port);
+ serverURIArray = serverURI.toLocal8Bit();
+ res = ldap_initialize(&_connection, serverURIArray);
+
+ quInfo() << "LDAP: Connecting to" << serverURI;
+
+ if (res != LDAP_SUCCESS) {
+ qWarning() << "Could not connect to LDAP server:" << ldap_err2string(res);
+ return false;
+ }
+
+ res = ldap_set_option(_connection, LDAP_OPT_PROTOCOL_VERSION, (void*)&v);
+
+ if (res != LDAP_SUCCESS) {
+ qWarning() << "Could not set LDAP protocol version to v3:" << ldap_err2string(res);
+ ldap_unbind_ext(_connection, 0, 0);
+ _connection = 0;
+ return false;
+ }
+
+ return true;
+}
+
+
+void LdapAuthenticator::ldapDisconnect()
+{
+ if (_connection == 0) {
+ return;
+ }
+
+ ldap_unbind_ext(_connection, 0, 0);
+ _connection = 0;