[SCM] Samba Shared Repository - branch master updated

Karolin Seeger kseeger at samba.org
Mon Oct 12 04:54:26 MDT 2009 

The branch, master has been updated
       via  8def289... s3/proto.h: Add lp_ldap_ref_follow prototype.
       via  c5d5969... s3/smbldap: add option to disable following LDAP refs
      from  fa05abc... Allow (and ignore) distinguishedName on special records

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8def289c8e19fc516ddcf67a117a8e8250baf1c2
Author: Karolin Seeger <kseeger at samba.org>
Date:   Mon Oct 12 12:52:29 2009 +0200

    s3/proto.h: Add lp_ldap_ref_follow prototype.
    
    Fix build of smbldap.
    
    Karolin

commit c5d5969e24913ea544590dd16378f7e071b07c4b
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Mon Oct 12 11:34:58 2009 +0200

    s3/smbldap: add option to disable following LDAP refs
    
    Fix bug #6717.

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/ldap/ldapreffollow.xml |   21 +++++++++++++++++++++
 source3/include/proto.h                    |    1 +
 source3/lib/smbldap.c                      |   12 ++++++++++--
 source3/param/loadparm.c                   |   11 +++++++++++
 4 files changed, 43 insertions(+), 2 deletions(-)
 create mode 100644 docs-xml/smbdotconf/ldap/ldapreffollow.xml


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/ldap/ldapreffollow.xml b/docs-xml/smbdotconf/ldap/ldapreffollow.xml
new file mode 100644
index 0000000..f059f15
--- /dev/null
+++ b/docs-xml/smbdotconf/ldap/ldapreffollow.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="ldap ref follow" context="G" type="enum"
+	advanced="1" developer="1"
+	xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+
+<description>
+
+	<para>This option controls whether to follow LDAP referrals or not when
+	searching for entries in the LDAP database. Possible values are
+	<emphasis>on</emphasis> to enable following referrals,
+	<emphasis>off</emphasis> to disable this, and
+	<emphasis>auto</emphasis>, to use the libldap default settings.
+	libldap's choice of following referrals or not is set in
+	/etc/openldap/ldap.conf with the REFERRALS parameter as documented in
+	ldap.conf(5).</para>
+
+</description>
+
+<value type="default">auto</value>
+<value type="example">off</value>
+
+</samba:parameter>
diff --git a/source3/include/proto.h b/source3/include/proto.h
index dd46bdd..a759042 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3976,6 +3976,7 @@ char *lp_ldap_suffix(void);
 char *lp_ldap_admin_dn(void);
 int lp_ldap_ssl(void);
 bool lp_ldap_ssl_ads(void);
+int lp_ldap_ref_follow(void);
 int lp_ldap_passwd_sync(void);
 bool lp_ldap_delete_dn(void);
 int lp_ldap_replication_sleep(void);
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index c96801a..47b2208 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -721,9 +721,18 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
 	rc = ldap_initialize(ldap_struct, uri);
 	if (rc) {
 		DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
+		return rc;
 	}
 
-	return rc;
+	if (lp_ldap_ref_follow() != Auto) {
+		rc = ldap_set_option(*ldap_struct, LDAP_OPT_REFERRALS,
+		     lp_ldap_ref_follow() ? LDAP_OPT_ON : LDAP_OPT_OFF);
+		if (rc != LDAP_SUCCESS)
+			DEBUG(0, ("Failed to set LDAP_OPT_REFERRALS: %s\n",
+				ldap_err2string(rc)));
+	}
+
+	return LDAP_SUCCESS;
 #else 
 
 	/* Parse the string manually */
@@ -774,7 +783,6 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
 	}
 #endif /* HAVE_LDAP_INITIALIZE */
 
-
 	/* now set connection timeout */
 #ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
 	{
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b1f2a4a..7bac72e 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -260,6 +260,7 @@ struct global {
 	char *szLdapGroupSuffix;
 	int ldap_ssl;
 	bool ldap_ssl_ads;
+	int ldap_ref_follow;
 	char *szLdapSuffix;
 	char *szLdapAdminDn;
 	int ldap_debug_level;
@@ -3667,6 +3668,14 @@ static struct parm_struct parm_table[] = {
 		.flags		= FLAG_ADVANCED,
 	},
 	{
+		.label		= "ldap ref follow",
+		.type		= P_ENUM,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.ldap_ref_follow,
+		.enum_list	= enum_bool_auto,
+		.flags		= FLAG_ADVANCED,
+	},
+	{
 		.label		= "ldap timeout",
 		.type		= P_INTEGER,
 		.p_class	= P_GLOBAL,
@@ -5038,6 +5047,7 @@ static void init_globals(bool first_time_only)
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
+	Globals.ldap_ref_follow = Auto;
 	Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
 	Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
 	Globals.ldap_page_size = LDAP_PAGE_SIZE;
@@ -5387,6 +5397,7 @@ FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
 FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
 FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
 FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads)
+FN_GLOBAL_INTEGER(lp_ldap_ref_follow, &Globals.ldap_ref_follow)
 FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
 FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
 FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)


-- 
Samba Shared Repository

More information about the samba-cvs mailing list