Updates from Samba HEAD:

 - Fix segfaults in the 'net ads' commands when no password is provided
 - Readd --with-ldapsam for 2.2 compatability.  This conditionally compiles the
   old options, but the actual code is available on all ldap systems.
 - Fix shadow passwords (as per work with vl)
 - Fix sending plaintext passwords to unicode servers (again vl)
 - Add a bit of const to secrets.c functions
 - Fix some spelling and grammer by vance.
 - Document the -r option in smbgroupedit.

There are more changes in HEAD, I'm only merging the changes I've been involved
with.

Andrew Bartlett
(This used to be commit 83973c389355a5cc9ca74af467dfd8b5dabd2c8f)

2 files changed, 24 insertions, 9 deletions

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index c7badb50e7..a10e6f2989 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -954,9 +954,9 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 	make_a_mod(mods, ldap_op, "primaryGroupID", temp);
 
 	/* displayName, cn, and gecos should all be the same
-	   *  most easily accomplished by giving them the same OID
-	   *  gecos isn't set here b/c it should be handled by the 
-	   *  add-user script
+	 *  most easily accomplished by giving them the same OID
+	 *  gecos isn't set here b/c it should be handled by the 
+	 *  add-user script
 	 */
 
 	make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
@@ -1730,8 +1730,23 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
 
 	if (location) {
 		ldap_state->uri = talloc_strdup(pdb_context->mem_ctx, location);
+#ifdef WITH_LDAP_SAMCONFIG
 	} else {
-		ldap_state->uri = "ldap://localhost";
+		int ldap_port = lp_ldap_port();
+			
+		/* remap default port is no SSL */
+		if ( (lp_ldap_ssl() == LDAP_SSL_OFF) && (ldap_port == 636) ) {
+			ldap_port = 389;
+		}
+
+		ldap_state->uri = talloc_asprintf(pdb_context->mem_ctx, "%s://%s:%d", lp_ldap_ssl() ? "ldap" : "ldaps", lp_ldap_server(), ldap_port);
+		if (!ldap_state->uri) {
+			return NT_STATUS_NO_MEMORY;
+		}
+#else
+	} else {
+		ldap_state->uri = "ldaps://localhost";
+#endif
 	}
 
 	(*pdb_method)->private_data = ldap_state;
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 08a0e9c9ac..4b2c76d8b0 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -95,7 +95,7 @@ BOOL secrets_delete(const char *key)
 	return tdb_delete(tdb, kbuf) == 0;
 }
 
-BOOL secrets_store_domain_sid(char *domain, const DOM_SID *sid)
+BOOL secrets_store_domain_sid(const char *domain, const DOM_SID *sid)
 {
 	fstring key;
 
@@ -104,7 +104,7 @@ BOOL secrets_store_domain_sid(char *domain, const DOM_SID *sid)
 	return secrets_store(key, sid, sizeof(DOM_SID));
 }
 
-BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
+BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid)
 {
 	DOM_SID *dyn_sid;
 	fstring key;
@@ -128,7 +128,7 @@ BOOL secrets_fetch_domain_sid(char *domain, DOM_SID *sid)
 	return True;
 }
 
-BOOL secrets_store_domain_guid(char *domain, GUID *guid)
+BOOL secrets_store_domain_guid(const char *domain, GUID *guid)
 {
 	fstring key;
 
@@ -137,7 +137,7 @@ BOOL secrets_store_domain_guid(char *domain, GUID *guid)
 	return secrets_store(key, guid, sizeof(GUID));
 }
 
-BOOL secrets_fetch_domain_guid(char *domain, GUID *guid)
+BOOL secrets_fetch_domain_guid(const char *domain, GUID *guid)
 {
 	GUID *dyn_guid;
 	fstring key;
@@ -227,7 +227,7 @@ BOOL secrets_lock_trust_account_password(char *domain, BOOL dolock)
  the above call.
 ************************************************************************/
 
-BOOL secrets_fetch_trust_account_password(char *domain, uint8 ret_pwd[16],
+BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
 					  time_t *pass_last_set_time)
 {
 	struct machine_acct_pass *pass;