Patch for LDAPS on GC

William Brown william.e.brown at adelaide.edu.au
Thu Jan 20 02:02:42 MST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Here is the patches to enable LDAPS on 3269 for global catalog. I have tested this as functional also.

- From 9ec1f66b3c4d3c56964f83959b3b840e60b9ea50 Mon Sep 17 00:00:00 2001
From: William Brown <william.e.brown at adelaide.edu.au>
Date: Thu, 20 Jan 2011 11:41:01 +1030
Subject: [PATCH 1/5] Added SSL global catalog

- ---
 source4/ldap_server/ldap_server.c |   18 ++++++++++++++++++
 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 21030ba..a1d4653 100644
- --- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -862,6 +862,24 @@ static NTSTATUS add_socket(struct task_server *task,
                }
        }
 
+       if (samba_is_gc(ldb)) {
+               if (tstream_tls_params_enabled(ldap_service->tls_params)) {
+                       /* add ldaps server for the global catalog*/
+                       port = 3269;
+                       status = stream_setup_socket(task, task->event_ctx, lp_ctx,
+                                                    model_ops,
+                                                    &ldap_stream_nonpriv_ops,
+                                                    "ipv4", address, &port,
+                                                    lpcfg_socket_options(lp_ctx),
+                                                    ldap_service);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
+                                        address, port, nt_errstr(status)));
+                               return status;
+                       }
+               }
+       }
+
        /* And once we are bound, free the tempoary ldb, it will
         * connect again on each incoming LDAP connection */
        talloc_unlink(ldap_service, ldb);
- -- 
1.7.3.2

- From 4d296d32da9c2b59abe478478921bcc8ef1d3ffa Mon Sep 17 00:00:00 2001
From: William Brown <william.e.brown at adelaide.edu.au>
Date: Thu, 20 Jan 2011 11:52:51 +1030
Subject: [PATCH 2/5] Added some more GC handling code for SSL

- ---
 source4/ldap_server/ldap_server.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index a1d4653..eaef52d 100644
- --- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -314,7 +314,7 @@ static void ldapsrv_accept(struct stream_connection *c,
        }
        port = socket_address->port;
        talloc_free(socket_address);
- -       if (port == 3268) /* Global catalog */ {
+       if (port == 3268 || port == 3269) /* Global catalog */ {
                conn->global_catalog = true;
        }
 
- -- 
1.7.3.2

- From fbd7f3f3f6a7eec3965c54325c9b85679aef4b62 Mon Sep 17 00:00:00 2001
From: William Brown <william.e.brown at adelaide.edu.au>
Date: Thu, 20 Jan 2011 11:56:58 +1030
Subject: [PATCH 3/5] Final part of GC SSL

- ---
 source4/ldap_server/ldap_server.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index eaef52d..545cebc 100644
- --- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -347,7 +347,7 @@ static void ldapsrv_accept(struct stream_connection *c,
 
        conn->sockets.active = conn->sockets.raw;
 
- -       if (port != 636) {
+       if (port != 636 || port != 3269) {
                ldapsrv_call_read_next(conn);
                return;
        }
- -- 
1.7.3.2

- From a4c1b88c544dc7e2df4a3726f96cfe5b50fc3749 Mon Sep 17 00:00:00 2001
From: William Brown <william.e.brown at adelaide.edu.au>
Date: Thu, 20 Jan 2011 14:06:15 +1030
Subject: [PATCH 4/5] Fixed typo

- ---
 source4/ldap_server/ldap_server.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 545cebc..6253fd6 100644
- --- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -862,7 +862,7 @@ static NTSTATUS add_socket(struct task_server *task,
                }
        }
 
- -       if (samba_is_gc(ldb)) {
+       if (samdb_is_gc(ldb)) {
                if (tstream_tls_params_enabled(ldap_service->tls_params)) {
                        /* add ldaps server for the global catalog*/
                        port = 3269;
- -- 
1.7.3.2

- From 1bb9931205c06f646783d390eaa36a23375491bb Mon Sep 17 00:00:00 2001
From: William Brown <william.e.brown at adelaide.edu.au>
Date: Thu, 20 Jan 2011 19:30:23 +1030
Subject: [PATCH 5/5] Fixed ldaps on GC port.

- ---
 source4/ldap_server/ldap_server.c |    5 +----
 1 files changed, 1 insertions(+), 4 deletions(-)

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 6253fd6..3077678 100644
- --- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -347,7 +347,7 @@ static void ldapsrv_accept(struct stream_connection *c,
 
        conn->sockets.active = conn->sockets.raw;
 
- -       if (port != 636 || port != 3269) {
+       if (port != 636 && port != 3269) {
                ldapsrv_call_read_next(conn);
                return;
        }
@@ -860,9 +860,6 @@ static NTSTATUS add_socket(struct task_server *task,
                                 address, port, nt_errstr(status)));
                        return status;
                }
- -       }
- -
- -       if (samdb_is_gc(ldb)) {
                if (tstream_tls_params_enabled(ldap_service->tls_params)) {
                        /* add ldaps server for the global catalog*/
                        port = 3269;
- -- 
1.7.3.2


William Brown

Research & Teaching, Technology Services
The University of Adelaide, AUSTRALIA 5005

CRICOS Provider Number 00123M
- -----------------------------------------------------------------------------
IMPORTANT: This message may contain confidential or legally privileged
information. If you think it was sent to you by mistake, please delete all
copies and advise the sender. For the purposes of the SPAM Act 2003, this
email is authorised by The University of Adelaide.

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQIcBAEBAgAGBQJNN/o1AAoJEDwKxtqy+Sii3TkP/38RayrX/QwqeU2BrFYUpxpV
09Cep2LvCe6M7QgaLc3YSY2rLSaG2TFGPKdZJglQpU7Nw9/4zVyz5nTDh+PA8+ag
/NUg0r+pzc1gEOoWhM83vV9sEEaHnyAorVi/GdACEBEJ3x0/kMaNWLTjsDvIKEiD
dtJMhDghxobR70sHkYcqzdRYVV+9OKnKm4D+pFOaC4CfjCrERF5us93kB2ocIZm2
HaJAXtVDQclsnboIIK4eXYn/x22v5TTdbPmuLgoah15/lpkv+HHaZ/xHbgpArHII
qiVa5loY9LkWmaBkjEwymtkQNQ2WIanUfLiNzOj3CBwu5o6k/Rj4rOltpVyu0YVH
IeyOFNP1GJwqGToBOqPkdWIqfUf7n6eYhB1dZCQ9FCljoYBmOVZCZ+aQ3IgYSIvU
rYL6SYD8rx0hnafnz/qA4awGgBnSaOixiFEb0CqT8WpcMWOIqzDu4u1T8R/sglB8
gx3+JXAuR82jX0hOcwtPlOQ/YZhCqlesYmma3zzAGKJ/zWdneF0tcxNkLXFU0j9y
4Tk50RfdLcex+nnnZZGpxCo+xF5Jf4Mnuub50cn5BcHQITQibs2e7j+lBCVCBFPR
jPZB1SBLce4EdcsJMxi720v8h98aYGW6RhzR7DpulwuoQ5nqVulR0UB0toinxoSj
21IVmJPBujNV1PeDZunu
=ZUM0
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list