Samba 2.2.7a and LDAP Rebind for Slave enviroment ...
C.Lee Taylor
leet at leenx.co.za
Wed Jan 8 17:56:01 GMT 2003
>> Standard Samba 2.2.7 does not rebind to do updates. This is a
>>problem when using LDAP and a replicated directory.
>>
>>I did try this on the normal mail-list, but got no responce so I hoped
>>to try here.
>>
>> I found http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html,
>>which has a patch to add rebind. Which I am going to try, because I need
>>it and it looks right, not that I am a programmer or anything like that.
Okay, I gave up hoping that somebody would fix my problem ... so I did
the unthinkable ... I went out and tried to fix it myself. I am no
programmer, so I need a little help ...
First, I took the patch at the above address and googled the net until
I found something reguarding ldap rebind.
All that I had to do to get pdb_ldap.c to compile was to remove the ",
NULL" line 289, but then I get the following warning ...
passdb/pdb_ldap.c: In function `ldap_connect_system':
passdb/pdb_ldap.c:289: warning: passing arg 2 of `ldap_set_rebind_proc'
from incompatible pointer type
Now, unlike some projects I have compile, Samba has very few warning,
now is this one a problem?
Also, I don't know who to make an autoconf ( I think ) check to put in
the thrid parameter for ldap_set_rebind_proc function.
This compiles and I will be testing in the morning on a devs box. So I
will let everybody who is interested know tomorrow ... no fingers, toes
and a few other things are all crossed.
Mailed
Lee
P.S. Great work guys.
-------------- next part --------------
--- samba-2.2.7/source/passdb/pdb_ldap.c.ldap 2002-12-10 16:58:15.000000000 +0200
+++ samba-2.2.7/source/passdb/pdb_ldap.c 2003-01-08 18:38:19.000000000 +0200
@@ -65,6 +65,7 @@
static struct ldap_enum_info global_ldap_ent;
+static pstring ldap_secret;
extern pstring samlogon_user;
extern BOOL sam_logon_in_ssb;
@@ -218,13 +219,60 @@
}
/*******************************************************************
+ ldap rebind proc to rebind w/ the admin dn when following referrals
+*******************************************************************/
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+/** @TODO Add a configure check for the rebind_proc version that doesn't take
+ the last argument and include a #define here. */
+static int auth_rebind_proc( LDAP *ld,
+ LDAP_CONST char *url,
+ ber_tag_t request,
+ ber_int_t msgid,
+ void *arg)
+{
+ int rc;
+ if ( ( rc = ldap_simple_bind_s( ld, lp_ldap_admin_dn(), ldap_secret ) ) == LDAP_SUCCESS )
+ {
+ DEBUG( 2, ( "Rebind successful\n" ) );
+ }
+ else {
+ DEBUG( 0, ( "Rebind failed: %s\n", ldap_err2string( rc ) ) );
+ }
+ return rc;
+}
+#else
+static int auth_rebind_proc ( LDAP * ld,
+ char **whop,
+ char **credp,
+ int *methodp,
+ int freeit,
+ void *arg )
+{
+ /** @TODO Use the samba utility functions here. */
+ register char *to_clear = *credp;
+ if ( freeit ) {
+ free( *whop );
+ *whop = NULL;
+ while ( *to_clear != '\0' ) *to_clear++ = '\0';
+ free( *credp );
+ *credp = NULL;
+ }
+ else {
+ *whop = strdup( lp_ldap_admin_dn() );
+ *credp = strdup( ldap_secret );
+ *methodp = LDAP_AUTH_SIMPLE;
+ }
+ return LDAP_SUCCESS;
+}
+#endif
+
+/*******************************************************************
connect to the ldap server under system privilege.
******************************************************************/
static BOOL ldap_connect_system(LDAP * ldap_struct)
{
int rc;
static BOOL got_pw = False;
- static pstring ldap_secret;
/* get the password if we don't have it already */
if (!got_pw && !(got_pw=fetch_ldap_pw(lp_ldap_admin_dn(), ldap_secret, sizeof(pstring))))
@@ -237,6 +285,12 @@
/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
(OpenLDAP) doesnt' seem to support it */
+ DEBUG( 10, ( "ldap_connect_system: setting rebind proc\n " ) );
+ if ( ( rc = ldap_set_rebind_proc( ldap_struct, auth_rebind_proc ) ) != LDAP_SUCCESS )
+ {
+ DEBUG( 2, ( " warning: setting rebind proc failed: %s\n referrals may not work\n", ldap_err2string( rc ) ) );
+ }
+
DEBUG(10,("ldap_connect_system: Binding to ldap server as \"%s\"\n",
lp_ldap_admin_dn()));
More information about the samba-technical
mailing list