Add the beginings of sam_ads to the tree.

This module, primarilly the work of "Stefan (metze) Metzmacher"
<metze@metzemix.de>, uses the Active Directory schema to store the
user/group/other information.  I've been testing it against a real AD server,
and it is intended to work with OpenLDAP as well.

I've moved a few functions around in our other libads code, which has made it
easier to tap into that existing code.

Also, I've made some changes to the SAM interface, I hope there are not too
many objections...   To ensure we don't get silly bugs in the skel module, it
is now in the default compile.  This way you should not forget to update it :-)

Andrew Bartlett
(This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)

4 files changed, 46 insertions, 3 deletions

diff --git a/source3/libads/ads_ldap.c b/source3/libads/ads_ldap.c
index 8c39a89762..05b016539e 100644
--- a/source3/libads/ads_ldap.c
+++ b/source3/libads/ads_ldap.c
@@ -83,7 +83,7 @@ done:
 /* convert a sid to a user or group name */
 NTSTATUS ads_sid_to_name(ADS_STRUCT *ads,
 			 TALLOC_CTX *mem_ctx,
-			 DOM_SID *sid,
+			 const DOM_SID *sid,
 			 char **name,
 			 enum SID_NAME_USE *type)
 {
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
index b68c822ce3..3cdd015bf4 100644
--- a/source3/libads/ads_struct.c
+++ b/source3/libads/ads_struct.c
@@ -122,6 +122,7 @@ void ads_destroy(ADS_STRUCT **ads)
 		SAFE_FREE((*ads)->server.realm);
 		SAFE_FREE((*ads)->server.workgroup);
 		SAFE_FREE((*ads)->server.ldap_server);
+		SAFE_FREE((*ads)->server.ldap_uri);
 
 		SAFE_FREE((*ads)->auth.realm);
 		SAFE_FREE((*ads)->auth.password);
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index e09ffeb3f6..1004ea229c 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -67,6 +67,29 @@ static BOOL ads_try_connect(ADS_STRUCT *ads, const char *server, unsigned port)
 	return True;
 }
 
+/*
+  try a connection to a given ldap server, based on URL, returning True if successful
+ */
+static BOOL ads_try_connect_uri(ADS_STRUCT *ads)
+{
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+	DEBUG(5,("ads_try_connect: trying ldap server at URI '%s'\n", 
+		 ads->server.ldap_uri));
+
+	
+	if (ldap_initialize((LDAP**)&(ads->ld), ads->server.ldap_uri) == LDAP_SUCCESS) {
+		return True;
+	}
+	DEBUG(0, ("ldap_initialize: %s\n", strerror(errno)));
+	
+#else 
+
+	DEBUG(1, ("no URL support in LDAP libs!\n"));
+#endif
+
+	return False;
+}
+
 /* used by the IP comparison function */
 struct ldap_ip {
 	struct in_addr ip;
@@ -210,6 +233,13 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
 	ads->last_attempt = time(NULL);
 	ads->ld = NULL;
 
+	/* try with a URL based server */
+
+	if (ads->server.ldap_uri &&
+	    ads_try_connect_uri(ads)) {
+		goto got_connection;
+	}
+
 	/* try with a user specified server */
 	if (ads->server.ldap_server && 
 	    ads_try_connect(ads, ads->server.ldap_server, LDAP_PORT)) {
@@ -278,6 +308,14 @@ got_connection:
 		return ADS_SUCCESS;
 	}
 
+	if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
+		return ADS_ERROR(ldap_simple_bind_s( ads->ld, NULL, NULL));
+	}
+
+	if (ads->auth.flags & ADS_AUTH_SIMPLE_BIND) {
+		return ADS_ERROR(ldap_simple_bind_s( ads->ld, ads->auth.user_name, ads->auth.password));
+	}
+
 	return ads_sasl_bind(ads);
 }
 
@@ -1771,8 +1809,9 @@ ADS_STATUS ads_server_info(ADS_STRUCT *ads)
 	ads->config.realm = strdup(p+2);
 	ads->config.bind_path = ads_build_dn(ads->config.realm);
 
-	DEBUG(3,("got ldap server name %s@%s\n", 
-		 ads->config.ldap_server_name, ads->config.realm));
+	DEBUG(3,("got ldap server name %s@%s, using bind path: %s\n", 
+		 ads->config.ldap_server_name, ads->config.realm,
+		 ads->config.bind_path));
 
 	ads->config.current_time = ads_parse_time(timestr);
 
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index 9e4b8a1de9..907f7c8aff 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -42,6 +42,9 @@ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path, int scope
 
 	bp = strdup(bind_path);
 
+	if (!bp) 
+		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+
 	while (count--) {
 		status = ads_do_search_all(ads, bp, scope, exp, attrs, res);
 		if (ADS_ERR_OK(status)) {