Adding Proxy Authorization Control as described by RFC 4370 support to eldap.erl

[ghenry]

What version of ejabberd are you using?

18.06

What operating system (version) are you using?

Fedora 28 64bit from processone packages

How did you install ejabberd (source, package, distribution)?

https://www.process-one.net/downloads/downloads-action.php?file=/ejabberd/18.06/ejabberd-18.06-0.x86_64.rpm

Hi,

For all LDAP functions I would like to add support for RFC 4370 so that when a shared ldap vcard search is done or any other search, it's proxied as this for example:

authzID => 'dn:cn=%u,ou=people,o=myorg.com'

I see controls are not supported in http://erlang.org/doc/man/eldap.html either. It's similar to:

https://metacpan.org/pod/Net::LDAP::Control::ProxyAuth here:

https://metacpan.org/release/perl-ldap

This would allow you to use an unprivileged search user for auth and then proxy auth for actual searches to the jid user.

What the best place to start, client then config?

Thanks.

[Neustradamus]

@ghenry: Have you looked the current version?

[ghenry]

Hi @Neustradamus

Thanks for the reply. Not in a good while as my business was acquired - https://telcoswitch.com/blog/press-release-telcoswitch-acquires-surevoip-to-enhance-sme-presence-and-network-capabilities/

Is it there now?

[Neustradamus]

@ghenry: Yes, I know several years already.

I do not know, maybe good to look? There were LDAP improvements several months ago...

About Erlang, I see improvements here:

• https://www.erlang.org/doc/man/eldap.html

A request can be done here:

• https://github.com/erlang/otp