Samba 2.2.7a and LDAP Rebind for Slave enviroment ...

C.Lee Taylor leet at leenx.co.za
Wed Jan 8 17:56:01 GMT 2003 

>>     Standard Samba 2.2.7 does not rebind to do updates.  This is a 
>>problem when using LDAP and a replicated directory.
>>
>>I did try this on the normal mail-list, but got no responce so I hoped 
>>to try here.
>>
>>     I found http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html, 
>>which has a patch to add rebind. Which I am going to try, because I need 
>>it and it looks right, not that I am a programmer or anything like that.
	Okay, I gave up hoping that somebody would fix my problem ... so I did 
the unthinkable ... I went out and tried to fix it myself. I am no 
programmer, so I need a little help ...

	First, I took the patch at the above address and googled the net until 
I found something reguarding ldap rebind.

	All that I had to do to get pdb_ldap.c to compile was to remove the ", 
NULL" line 289, but then I get the following warning ...

passdb/pdb_ldap.c: In function `ldap_connect_system':
passdb/pdb_ldap.c:289: warning: passing arg 2 of `ldap_set_rebind_proc' 
from incompatible pointer type

	Now, unlike some projects I have compile, Samba has very few warning, 
now is this one a problem?

	Also, I don't know who to make an autoconf ( I think ) check to put in 
the thrid parameter for ldap_set_rebind_proc function.

	This compiles and I will be testing in the morning on a devs box.  So I 
will let everybody who is interested know tomorrow ... no fingers, toes 
and a few other things are all crossed.

Mailed
Lee

P.S. Great work guys.

-------------- next part --------------
--- samba-2.2.7/source/passdb/pdb_ldap.c.ldap	2002-12-10 16:58:15.000000000 +0200
+++ samba-2.2.7/source/passdb/pdb_ldap.c	2003-01-08 18:38:19.000000000 +0200
@@ -65,6 +65,7 @@
 
 static struct ldap_enum_info global_ldap_ent;
 
+static pstring ldap_secret;
 
 extern pstring samlogon_user;
 extern BOOL sam_logon_in_ssb;
@@ -218,13 +219,60 @@
 }
 
 /*******************************************************************
+ ldap rebind proc to rebind w/ the admin dn when following referrals
+*******************************************************************/
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+/** @TODO Add a configure check for the rebind_proc version that doesn't take
+    the last argument and include a #define here. */
+static int auth_rebind_proc( LDAP *ld,
+                             LDAP_CONST char *url,
+                             ber_tag_t request,
+                             ber_int_t msgid,
+                             void *arg)
+{
+    int rc;
+    if ( ( rc = ldap_simple_bind_s( ld, lp_ldap_admin_dn(), ldap_secret ) ) == LDAP_SUCCESS )
+    {
+        DEBUG( 2, ( "Rebind successful\n" ) );
+    }
+    else {
+        DEBUG( 0, ( "Rebind failed: %s\n", ldap_err2string( rc ) ) );
+    }
+    return rc;
+}
+#else
+static int auth_rebind_proc ( LDAP * ld,
+                              char **whop,
+                              char **credp,
+                              int *methodp,
+                              int freeit,
+                              void *arg )
+{
+    /** @TODO Use the samba utility functions here. */
+    register char   *to_clear = *credp;
+    if ( freeit ) {
+        free( *whop );
+        *whop = NULL;
+        while ( *to_clear != '\0' ) *to_clear++ = '\0';
+        free( *credp );
+        *credp = NULL;
+    }
+    else {
+        *whop = strdup( lp_ldap_admin_dn() );
+        *credp = strdup( ldap_secret );
+        *methodp = LDAP_AUTH_SIMPLE;
+    }
+    return LDAP_SUCCESS;
+}
+#endif
+
+/*******************************************************************
  connect to the ldap server under system privilege.
 ******************************************************************/
 static BOOL ldap_connect_system(LDAP * ldap_struct)
 {
 	int rc;
 	static BOOL got_pw = False;
-	static pstring ldap_secret;
 
 	/* get the password if we don't have it already */
 	if (!got_pw && !(got_pw=fetch_ldap_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring)))) 
@@ -237,6 +285,12 @@
 	/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite 
 	   (OpenLDAP) doesnt' seem to support it */
 	   
+    DEBUG( 10, ( "ldap_connect_system: setting rebind proc\n " ) );
+    if ( ( rc = ldap_set_rebind_proc( ldap_struct, auth_rebind_proc ) ) != LDAP_SUCCESS )
+    {
+        DEBUG( 2, ( "   warning: setting rebind proc failed: %s\n referrals may not work\n", ldap_err2string( rc ) ) );
+    }
+    
 	DEBUG(10,("ldap_connect_system: Binding to ldap server as \"%s\"\n",
 		lp_ldap_admin_dn()));

More information about the samba-technical mailing list