Patch for LDAPS on GC
Matthias Dieter Wallnöfer
mdw at samba.org
Sun Jan 30 10:10:01 MST 2011
metze or abartlet,
could this work be merged? It seems very useful to me.
Cheers,
Matthias
William Brown wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On 20/01/2011, at 19:40, Stefan (metze) Metzmacher wrote:
>
>
>> Hi William,
>>
>>
>>> Here is the patches to enable LDAPS on 3269 for global catalog. I have tested this as functional also.
>>>
>> Please squash them into one commit, it makes no sense to add broken patches
>> and directly fix them in the next commit.
>>
> My mistake. Andrew Bartlett just helped me with this since I am not very experienced with git yet.
>
> Here is the squashed patch.
>
> - From 0c8d933630888d9969c5b181c69b51b9f38aaaea Mon Sep 17 00:00:00 2001
> From: William Brown<william.e.brown at adelaide.edu.au>
> Date: Thu, 20 Jan 2011 11:41:01 +1030
> Subject: [PATCH] Added SSL global catalog
>
> - ---
> source4/ldap_server/ldap_server.c | 19 +++++++++++++++++--
> 1 files changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
> index 21030ba..3077678 100644
> - --- a/source4/ldap_server/ldap_server.c
> +++ b/source4/ldap_server/ldap_server.c
> @@ -314,7 +314,7 @@ static void ldapsrv_accept(struct stream_connection *c,
> }
> port = socket_address->port;
> talloc_free(socket_address);
> - - if (port == 3268) /* Global catalog */ {
> + if (port == 3268 || port == 3269) /* Global catalog */ {
> conn->global_catalog = true;
> }
>
> @@ -347,7 +347,7 @@ static void ldapsrv_accept(struct stream_connection *c,
>
> conn->sockets.active = conn->sockets.raw;
>
> - - if (port != 636) {
> + if (port != 636&& port != 3269) {
> ldapsrv_call_read_next(conn);
> return;
> }
> @@ -860,6 +860,21 @@ static NTSTATUS add_socket(struct task_server *task,
> address, port, nt_errstr(status)));
> return status;
> }
> + if (tstream_tls_params_enabled(ldap_service->tls_params)) {
> + /* add ldaps server for the global catalog*/
> + port = 3269;
> + status = stream_setup_socket(task, task->event_ctx, lp_ctx,
> + model_ops,
> + &ldap_stream_nonpriv_ops,
> + "ipv4", address,&port,
> + lpcfg_socket_options(lp_ctx),
> + ldap_service);
> + if (!NT_STATUS_IS_OK(status)) {
> + DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
> + address, port, nt_errstr(status)));
> + return status;
> + }
> + }
> }
>
> /* And once we are bound, free the tempoary ldb, it will
> - --
> 1.7.3.2+GitX
>
>
>> Thanks.
>>
>> metze
>>
>>> From 9ec1f66b3c4d3c56964f83959b3b840e60b9ea50 Mon Sep 17 00:00:00 2001
>>> From: William Brown<william.e.brown at adelaide.edu.au>
>>> Date: Thu, 20 Jan 2011 11:41:01 +1030
>>> Subject: [PATCH 1/5] Added SSL global catalog
>>>
>>> ---
>>> source4/ldap_server/ldap_server.c | 18 ++++++++++++++++++
>>> 1 files changed, 18 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
>>> index 21030ba..a1d4653 100644
>>> --- a/source4/ldap_server/ldap_server.c
>>> +++ b/source4/ldap_server/ldap_server.c
>>> @@ -862,6 +862,24 @@ static NTSTATUS add_socket(struct task_server *task,
>>> }
>>> }
>>>
>>> + if (samba_is_gc(ldb)) {
>>> + if (tstream_tls_params_enabled(ldap_service->tls_params)) {
>>> + /* add ldaps server for the global catalog*/
>>> + port = 3269;
>>> + status = stream_setup_socket(task, task->event_ctx, lp_ctx,
>>> + model_ops,
>>> +&ldap_stream_nonpriv_ops,
>>> + "ipv4", address,&port,
>>> + lpcfg_socket_options(lp_ctx),
>>> + ldap_service);
>>> + if (!NT_STATUS_IS_OK(status)) {
>>> + DEBUG(0,("ldapsrv failed to bind to %s:%u - %s\n",
>>> + address, port, nt_errstr(status)));
>>> + return status;
>>> + }
>>> + }
>>> + }
>>> +
>>> /* And once we are bound, free the tempoary ldb, it will
>>> * connect again on each incoming LDAP connection */
>>> talloc_unlink(ldap_service, ldb);
>>>
>>
> William Brown
>
> Research& Teaching, Technology Services
> The University of Adelaide, AUSTRALIA 5005
>
> CRICOS Provider Number 00123M
> - -----------------------------------------------------------------------------
> IMPORTANT: This message may contain confidential or legally privileged
> information. If you think it was sent to you by mistake, please delete all
> copies and advise the sender. For the purposes of the SPAM Act 2003, this
> email is authorised by The University of Adelaide.
>
> pgp.mit.edu
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>
> iQIcBAEBAgAGBQJNN/zOAAoJEDwKxtqy+SiiD6YP/jrIXMoLMSxHCG51fMkLZL2H
> +J1kOLzySLfSqdAhP1C/heedC+0fYjyPz5ndRPtEyTY8eb2dfW66JS6jNNJ4C4Nk
> pwLzf3A0c9rf92/dkogVf/Rn9CQE3cshfs41g5xEwImji+O39p7VjvLIrziszMBG
> jit4b2AqQa9FMgm87ftlgTSosW0x3Ep59voF72jLkE8Gvm05OXw8MsjwsP4/taVM
> LHAGb7MKoCCqxV/LgMvyALeY6gVAxZLMiHfp2LJh/OgV0xoEQS8MOAbtxe4p7NaE
> Gn83EIOgYZf/8CHUMEzQV5/IOyFnU7iyN2E8lONq4zZQXZCzlTfLmQBBMO4PWAbb
> 9okihc3gSFUHd3iIhGr5jhCQs88XnVqWle2LTvlyfu5TU1nRNIwdgyEkFP4f++RE
> L/gf//smRysHI+NTJr4azeK3ep4KAIs5DHQsOe5EdxgGz7Nno7xwWT+HImongVbr
> hJL0o8UlxKQFsQKecZ1fvm05Kx/pnPfzNdb7zNvk/a1Nw7m0ppPwIxQJgeKvo38x
> CGoZF4AY9WrcrJV8oODf28leNrZen6DuftW9S7SNnzZjH+4JoWwaUjWDFUFJUZ54
> a6ofA2Dp0wQb7IdC18QQQNf8vGVPg9LOyWB3J9k0MZyycZe5VWgryJykeAfNNdc/
> 9RD6ruJxXVKDQEglAqXj
> =HSms
> -----END PGP SIGNATURE-----
>
>
More information about the samba-technical
mailing list