Patch: SASL EXTERNAL in smbldap.c

Alexey Lobanov a.lobanov at cro-rct.ru
Sun Oct 23 18:58:36 GMT 2005 

Hello all.

Looks like that it works... for me, as usial.

[2005/10/23 22:54:31, 10] lib/smbldap.c:smbldap_connect_system(795)
  ldap_connect_system: no DN supplied, binding to ldap server
ldapi://%2fvar%2frun%2fldapi/ by SASL EXTERNAL
[2005/10/23 22:54:31, 3] lib/smbldap.c:smbldap_connect_system(825)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/10/23 22:54:31, 4] lib/smbldap.c:smbldap_open(889)
  The LDAP server is succesfully connected

To avoid new configuration parameters, this code always tries SASL
EXTERNAL if no "admin dn" is given; seems to be a quite natural fallback
policy. "ldap_simple_bind_s" usage is copied from the mentioned PADL code.

*** smbldap.c.orig	2005-08-08 03:09:54.000000000 +0400
--- smbldap.c	2005-10-21 14:56:56.000000000 +0400
***************
*** 686,691 ****
--- 686,694 ----
  {
  	struct smbldap_state *ldap_state = arg;
  	int rc;
+ 	struct berval cred;
+
+ if (ldap_state->bind_dn == NULL) {
  	DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n",
  		 ldap_state->bind_dn));
  	
***************
*** 694,700 ****
  	    username and password to? */

  	rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn,
ldap_state->bind_secret);
! 	
  	GetTimeOfDay(&ldap_state->last_rebind);

  	return rc;
--- 697,709 ----
  	    username and password to? */

  	rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn,
ldap_state->bind_secret);
! } else {
! 	DEBUG(5,("rebindproc_connect_with_state: Rebinding as SASL EXTERNAL\n"));
!         cred.bv_val = "";
!         cred.bv_len = 0;
!         rc = ldap_sasl_bind_s(ldap_struct, NULL, "EXTERNAL", &cred,
NULL, NULL,
!           NULL);
! }	
  	GetTimeOfDay(&ldap_state->last_rebind);

  	return rc;
***************
*** 745,750 ****
--- 754,762 ----
  	char *ldap_dn;
  	char *ldap_secret;
  	int version;
+ 	struct berval cred;
+
+ if (ldap_dn == NULL) {

  	/* get the password */
  	if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) {
***************
*** 755,763 ****
  	ldap_state->bind_dn = ldap_dn;
  	ldap_state->bind_secret = ldap_secret;

- 	/* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
- 	   (OpenLDAP) doesnt' seem to support it */
- 	
  	DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n",
  		  ldap_state->uri, ldap_dn));

--- 767,772 ----
***************
*** 778,784 ****
--- 787,801 ----
  #endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION >
2000)*/

  	rc = ldap_simple_bind_s(ldap_struct, ldap_dn, ldap_secret);
+ } else {
+ 	DEBUG(10,("ldap_connect_system: no DN supplied, binding to ldap
server %s by SASL EXTERNAL\n",
+ 		  ldap_state->uri));

+        cred.bv_val = "";
+        cred.bv_len = 0;
+        rc = ldap_sasl_bind_s(ldap_struct, NULL, "EXTERNAL", &cred,
NULL, NULL,
+                             NULL);
+ };
  	if (rc != LDAP_SUCCESS) {
  		char *ld_error = NULL;
  		ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,

--
Alexey

More information about the samba-technical mailing list