Patch for Adding in ldap_server, ldb the notion of request made through LDAPS

Matthias Dieter Wallnöfer mdw at
Sun Mar 20 09:28:44 MDT 2011

Hi ekacnet,

I would say that this is a very clean and acceptable approach.

My comments:
- You have to mark each type of LDAP request as secure if needed, not 
only searches (think about further requirements - which are not only 
- On 959966ba0f95882e5a9b6900aabd939113f6dea3 you could also introduce 
the "prefix" helper in the objectclass LDB module (just to make the 
change consistent)
- I'm not sure if the following is Samba style-compatible (objectclass 
module); better use "} else {":
> +                       }
> +                       else {


Matthieu Patou wrote:
> Hello All,
> After noticing that we didn't return correctly referrals when doing it 
> through ldaps (referrals are returned like ldap:// when they should be 
> ldaps://), I started to look in the code and didn't find any trace of 
> flags that indicate whether or not the request comes from ldaps.
> This commit 3fbbbedd47be60f2b1deb04140d73dcc049b00e5, flags the 
> information in the ldapsrv* structures.
> This commit 24874162efdf78065eebf54f194e13ec8465e753, use the flags in 
> the ldapsrv* structure and call the ldb_set_mark function to set the 
> flag in the ldb_request
> This commit 2bec148cb4cb130e23016509c922bb1bfc22ef2e, use the ldb 
> flags to format the referral accordingly.
> They are present at 
> Note: I'm pretty sure that this kind of information will be needed 
> more than once as I also faced case when windows refuse to do things 
> over plain ldap (ie. setting password through ldap).
> Give me your impressions.
> Matthieu.

More information about the samba-technical mailing list