Patch for LDAPS on GC

William Brown william.e.brown at adelaide.edu.au
Thu Jan 20 02:13:47 MST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 20/01/2011, at 19:40, Stefan (metze) Metzmacher wrote:

> Hi William,
> 
>> Here is the patches to enable LDAPS on 3269 for global catalog. I have tested this as functional also.
> 
> Please squash them into one commit, it makes no sense to add broken patches
> and directly fix them in the next commit.

My mistake. Andrew Bartlett just helped me with this since I am not very experienced with git yet.

Here is the squashed patch.

- From 0c8d933630888d9969c5b181c69b51b9f38aaaea Mon Sep 17 00:00:00 2001
From: William Brown <william.e.brown at adelaide.edu.au>
Date: Thu, 20 Jan 2011 11:41:01 +1030
Subject: [PATCH] Added SSL global catalog

- ---
 source4/ldap_server/ldap_server.c |   19 +++++++++++++++++--
 1 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 21030ba..3077678 100644
- --- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -314,7 +314,7 @@ static void ldapsrv_accept(struct stream_connection *c,
 	}
 	port = socket_address->port;
 	talloc_free(socket_address);
- -	if (port == 3268) /* Global catalog */ {
+	if (port == 3268 || port == 3269) /* Global catalog */ {
 		conn->global_catalog = true;
 	}
 
@@ -347,7 +347,7 @@ static void ldapsrv_accept(struct stream_connection *c,
 
 	conn->sockets.active = conn->sockets.raw;
 
- -	if (port != 636) {
+	if (port != 636 && port != 3269) {
 		ldapsrv_call_read_next(conn);
 		return;
 	}
@@ -860,6 +860,21 @@ static NTSTATUS add_socket(struct task_server *task,
 				 address, port, nt_errstr(status)));
 			return status;
 		}
+		if (tstream_tls_params_enabled(ldap_service->tls_params)) {
+			/* add ldaps server for the global catalog*/
+			port = 3269;
+			status = stream_setup_socket(task, task->event_ctx, lp_ctx,
+						     model_ops,
+						     &ldap_stream_nonpriv_ops,
+						     "ipv4", address, &port,
+						     lpcfg_socket_options(lp_ctx),
+						     ldap_service);
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
+					 address, port, nt_errstr(status)));
+				return status;
+			}
+		}
 	}
 
 	/* And once we are bound, free the tempoary ldb, it will
- -- 
1.7.3.2+GitX

> 
> Thanks.
> 
> metze
>> From 9ec1f66b3c4d3c56964f83959b3b840e60b9ea50 Mon Sep 17 00:00:00 2001
>> From: William Brown <william.e.brown at adelaide.edu.au>
>> Date: Thu, 20 Jan 2011 11:41:01 +1030
>> Subject: [PATCH 1/5] Added SSL global catalog
>> 
>> ---
>> source4/ldap_server/ldap_server.c |   18 ++++++++++++++++++
>> 1 files changed, 18 insertions(+), 0 deletions(-)
>> 
>> diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
>> index 21030ba..a1d4653 100644
>> --- a/source4/ldap_server/ldap_server.c
>> +++ b/source4/ldap_server/ldap_server.c
>> @@ -862,6 +862,24 @@ static NTSTATUS add_socket(struct task_server *task,
>>                }
>>        }
>> 
>> +       if (samba_is_gc(ldb)) {
>> +               if (tstream_tls_params_enabled(ldap_service->tls_params)) {
>> +                       /* add ldaps server for the global catalog*/
>> +                       port = 3269;
>> +                       status = stream_setup_socket(task, task->event_ctx, lp_ctx,
>> +                                                    model_ops,
>> +                                                    &ldap_stream_nonpriv_ops,
>> +                                                    "ipv4", address, &port,
>> +                                                    lpcfg_socket_options(lp_ctx),
>> +                                                    ldap_service);
>> +                       if (!NT_STATUS_IS_OK(status)) {
>> +                               DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
>> +                                        address, port, nt_errstr(status)));
>> +                               return status;
>> +                       }
>> +               }
>> +       }
>> +
>>        /* And once we are bound, free the tempoary ldb, it will
>>         * connect again on each incoming LDAP connection */
>>        talloc_unlink(ldap_service, ldb);
> 

William Brown

Research & Teaching, Technology Services
The University of Adelaide, AUSTRALIA 5005

CRICOS Provider Number 00123M
- -----------------------------------------------------------------------------
IMPORTANT: This message may contain confidential or legally privileged
information. If you think it was sent to you by mistake, please delete all
copies and advise the sender. For the purposes of the SPAM Act 2003, this
email is authorised by The University of Adelaide.

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQIcBAEBAgAGBQJNN/zOAAoJEDwKxtqy+SiiD6YP/jrIXMoLMSxHCG51fMkLZL2H
+J1kOLzySLfSqdAhP1C/heedC+0fYjyPz5ndRPtEyTY8eb2dfW66JS6jNNJ4C4Nk
pwLzf3A0c9rf92/dkogVf/Rn9CQE3cshfs41g5xEwImji+O39p7VjvLIrziszMBG
jit4b2AqQa9FMgm87ftlgTSosW0x3Ep59voF72jLkE8Gvm05OXw8MsjwsP4/taVM
LHAGb7MKoCCqxV/LgMvyALeY6gVAxZLMiHfp2LJh/OgV0xoEQS8MOAbtxe4p7NaE
Gn83EIOgYZf/8CHUMEzQV5/IOyFnU7iyN2E8lONq4zZQXZCzlTfLmQBBMO4PWAbb
9okihc3gSFUHd3iIhGr5jhCQs88XnVqWle2LTvlyfu5TU1nRNIwdgyEkFP4f++RE
L/gf//smRysHI+NTJr4azeK3ep4KAIs5DHQsOe5EdxgGz7Nno7xwWT+HImongVbr
hJL0o8UlxKQFsQKecZ1fvm05Kx/pnPfzNdb7zNvk/a1Nw7m0ppPwIxQJgeKvo38x
CGoZF4AY9WrcrJV8oODf28leNrZen6DuftW9S7SNnzZjH+4JoWwaUjWDFUFJUZ54
a6ofA2Dp0wQb7IdC18QQQNf8vGVPg9LOyWB3J9k0MZyycZe5VWgryJykeAfNNdc/
9RD6ruJxXVKDQEglAqXj
=HSms
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list