Patch for Adding in ldap_server, ldb the notion of request made through LDAPS
Matthias Dieter Wallnöfer
mdw at samba.org
Sun Mar 20 09:28:44 MDT 2011
Hi ekacnet,
I would say that this is a very clean and acceptable approach.
My comments:
- You have to mark each type of LDAP request as secure if needed, not
only searches (think about further requirements - which are not only
referrals)
- On 959966ba0f95882e5a9b6900aabd939113f6dea3 you could also introduce
the "prefix" helper in the objectclass LDB module (just to make the
change consistent)
- I'm not sure if the following is Samba style-compatible (objectclass
module); better use "} else {":
> + }
> + else {
Cheers,
Matthias
Matthieu Patou wrote:
> Hello All,
>
> After noticing that we didn't return correctly referrals when doing it
> through ldaps (referrals are returned like ldap:// when they should be
> ldaps://), I started to look in the code and didn't find any trace of
> flags that indicate whether or not the request comes from ldaps.
>
>
>
>
> This commit 3fbbbedd47be60f2b1deb04140d73dcc049b00e5, flags the
> information in the ldapsrv* structures.
>
> This commit 24874162efdf78065eebf54f194e13ec8465e753, use the flags in
> the ldapsrv* structure and call the ldb_set_mark function to set the
> flag in the ldb_request
>
> This commit 2bec148cb4cb130e23016509c922bb1bfc22ef2e, use the ldb
> flags to format the referral accordingly.
>
> They are present at
> http://git.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/misc_review.
>
>
> Note: I'm pretty sure that this kind of information will be needed
> more than once as I also faced case when windows refuse to do things
> over plain ldap (ie. setting password through ldap).
>
>
> Give me your impressions.
>
> Matthieu.
>
More information about the samba-technical
mailing list