Index: /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libexauth/auth_ext_cli.h =================================================================== --- /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libexauth/auth_ext_cli.h (revision 38004) +++ /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libexauth/auth_ext_cli.h (working copy) @@ -87,9 +87,6 @@ /*configure radius server*/ int exauth_server(char *id, char *host, unsigned short port, char *secret, char *cipher_flag); -/*configure ldap server*/ -int exauth_ldap_server(char *id, char *ldap_host, unsigned short ldap_port); - /*delete a radius server*/ int no_exauth_server(char *id); Index: /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libexauth/auth_ext_cli.c =================================================================== --- /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libexauth/auth_ext_cli.c (revision 38004) +++ /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libexauth/auth_ext_cli.c (working copy) @@ -172,7 +172,7 @@ char *str_num = NULL, *ep = NULL; - if (id == NULL || host == NULL || secret == NULL) + if (id == NULL || host == NULL) { printf ("%s failed\n",CLI_EXAUTH_SERVER); return -1; @@ -181,9 +181,9 @@ get_auth_conf(&shm_p, &g_exauth_conf); /*invalid server id, should be "es01" or "es02"*/ - if (strcmp(id, EXAUTH_SERVER_ID1) && strcmp(id, EXAUTH_SERVER_ID2)) + if (strcmp(id, EXAUTH_SERVER_ID1) && strcmp(id, EXAUTH_SERVER_ID2) && strcmp(id, EXAUTH_SERVER_ID3)) { - printf ("%s | %s\n", EXAUTH_SERVER_ID1, EXAUTH_SERVER_ID2); + printf ("%s | %s |%s\n", EXAUTH_SERVER_ID1, EXAUTH_SERVER_ID2, EXAUTH_SERVER_ID3); return 0; } @@ -201,6 +201,11 @@ strcpy(g_exauth_conf.exauth_servers[id_num].id, EXAUTH_SERVER_ID2); } + if (id_num == 2) + { + strcpy(g_exauth_conf.exauth_servers[id_num].id, EXAUTH_SERVER_ID3); + } + /*assign host*/ /*the libradius and libtacplus can resolve host name to either ipv4 or ipv6 address*/ strncpy(g_exauth_conf.exauth_servers[id_num].host, host, HOST_LEN); @@ -209,13 +214,20 @@ /*if port == 0, the default value in libradius is 1812 for radius authen and in libtacplus is 49 for tacacs+ authen*/ g_exauth_conf.exauth_servers[id_num].port = port; - /*assign secret*/ - if (strncmp(cipher_flag, AAA_SECRET_ENCRYPTED, sizeof(AAA_SECRET_ENCRYPTED)) == 0) { - decrypt_secret((unsigned char *)secret, (unsigned char *)secret); - } - strncpy(g_exauth_conf.exauth_servers[id_num].secret, secret, SECRET_LEN - 1); - g_exauth_conf.exauth_servers[id_num].secret[SECRET_LEN - 1] = '\0'; - + /* assign secret only if it's not LDAP */ + if (secret != NULL && secret[0] != '\0') { + if (g_exauth_conf.exau_method == METHOD_LDAP) { + printf("Warning: Secret is not applicable for LDAP configuration.\n"); + return -1; + } + else { + if (strncmp(cipher_flag, AAA_SECRET_ENCRYPTED, sizeof(AAA_SECRET_ENCRYPTED)) == 0) { + decrypt_secret((unsigned char *)secret, (unsigned char *)secret); + } + strncpy(g_exauth_conf.exauth_servers[id_num].secret, secret, SECRET_LEN - 1); + g_exauth_conf.exauth_servers[id_num].secret[SECRET_LEN - 1] = '\0'; + } + } /*assign timeout and maxretyr*/ if (g_exauth_conf.exau_method == METHOD_RADIUS) @@ -240,49 +252,6 @@ return 0; } -/*configure an exauth server*/ -int -exauth_ldap_server(char *id, char *host, uint16_t port) -{ - int id_num = -1; - char *str_num = NULL, *ep = NULL; - - - if (id == NULL || host == NULL) - { - printf ("%s failed\n",CLI_EXAUTH_SERVER); - return -1; - } - - get_auth_conf(&shm_p, &g_exauth_conf); - - /*invalid server id, should be "es03"*/ - if (strcmp(id, EXAUTH_SERVER_ID3)) - { - printf ("%s\n", EXAUTH_SERVER_ID3); - return 0; - } - - /*assign id*/ - str_num = id + 3; - id_num = (int)strtol(str_num, &ep,10) - 1; - - if (id_num == 2) - { - strcpy(g_exauth_conf.exauth_servers[id_num].id, EXAUTH_SERVER_ID3); - } - - strncpy(g_exauth_conf.exauth_servers[id_num].host, host, HOST_LEN); - - /*assign port*/ - g_exauth_conf.exauth_servers[id_num].port = port; - - /*update conf to shared mem*/ - set_auth_conf(&shm_p, &g_exauth_conf); - - return 0; -} - /*delete an exauth server*/ int no_exauth_server(char *id) Index: /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libparser/commands.pm =================================================================== --- /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libparser/commands.pm (revision 38004) +++ /branches/rel_apv_10_4_0_112_sbi/usr/click/lib/libparser/commands.pm (working copy) @@ -45514,15 +45514,15 @@ }, { obj_type => "ITEM", - name => "rad_server", - menu => "root_admin_aaa_server", + name => "server", + menu => "root_admin_aaa", help_string => "Configure external authentication server", cmd_attribute => "CMD_ARRAYOS|CMD_NORMAL|CMD_GLOBAL|CMD_SPECIAL_LOG", user_level => "CLI_LEVEL_CONFIG", function_name => "exauth_server", function_args => [{ type => "STRING", - help_string => "id, es01 or es02(if server es01 is down, request will be sent to server es02)", + help_string => "id, es01 or es02 or es03(if server es01 is down, request will be sent to server es02 or eso3)", optional => "NO", }, { @@ -45537,7 +45537,7 @@ }, { type => "STRING", - help_string => "Secret", + help_string => "Secret (Secret used for Radius or Tacacs,not applicable for ldap)", optional => "YES", default_value => "\"\"", }, @@ -45549,31 +45549,6 @@ }, ], }, - { - obj_type => "ITEM", - name => "ldap_server", - menu => "root_admin_aaa_server", - help_string => "Configure external authentication server", - cmd_attribute => "CMD_ARRAYOS|CMD_NORMAL|CMD_GLOBAL|CMD_SPECIAL_LOG", - user_level => "CLI_LEVEL_CONFIG", - function_name => "exauth_ldap_server", - function_args => [{ - type => "STRING", - help_string => "id, es03", - optional => "NO", - }, - { - type => "STRING", - help_string => "LDAP Server ip", - optional => "NO", - }, - { - type => "U16", - help_string => "LDAP Server Port", - optional => "NO", - }, - ], - }, { obj_type => "MENU", name => "authorize",