diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-10-12 11:34:58 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2009-10-12 11:34:58 +0200 |
| commit | c5d5969e24913ea544590dd16378f7e071b07c4b (patch) | |
| tree | fdbcdc7c0e356d30e69eb68b6704d6bb546fa9f8 /source3 | |
| parent | fa05abc8ffc82b1873b97d43118480b4eb9140d4 (diff) | |
| download | samba-c5d5969e24913ea544590dd16378f7e071b07c4b.tar.gz samba-c5d5969e24913ea544590dd16378f7e071b07c4b.tar.bz2 samba-c5d5969e24913ea544590dd16378f7e071b07c4b.zip | |
s3/smbldap: add option to disable following LDAP refs
Fix bug #6717.
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/lib/smbldap.c | 12 | ||||
| -rw-r--r-- | source3/param/loadparm.c | 11 |
2 files changed, 21 insertions, 2 deletions
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index c96801a72b..47b2208880 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -721,9 +721,18 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) rc = ldap_initialize(ldap_struct, uri); if (rc) { DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); + return rc; } - return rc; + if (lp_ldap_ref_follow() != Auto) { + rc = ldap_set_option(*ldap_struct, LDAP_OPT_REFERRALS, + lp_ldap_ref_follow() ? LDAP_OPT_ON : LDAP_OPT_OFF); + if (rc != LDAP_SUCCESS) + DEBUG(0, ("Failed to set LDAP_OPT_REFERRALS: %s\n", + ldap_err2string(rc))); + } + + return LDAP_SUCCESS; #else /* Parse the string manually */ @@ -774,7 +783,6 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) } #endif /* HAVE_LDAP_INITIALIZE */ - /* now set connection timeout */ #ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */ { diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index b1f2a4aeb5..7bac72ebd3 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -260,6 +260,7 @@ struct global { char *szLdapGroupSuffix; int ldap_ssl; bool ldap_ssl_ads; + int ldap_ref_follow; char *szLdapSuffix; char *szLdapAdminDn; int ldap_debug_level; @@ -3667,6 +3668,14 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED, }, { + .label = "ldap ref follow", + .type = P_ENUM, + .p_class = P_GLOBAL, + .ptr = &Globals.ldap_ref_follow, + .enum_list = enum_bool_auto, + .flags = FLAG_ADVANCED, + }, + { .label = "ldap timeout", .type = P_INTEGER, .p_class = P_GLOBAL, @@ -5038,6 +5047,7 @@ static void init_globals(bool first_time_only) Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF; Globals.ldap_delete_dn = False; Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */ + Globals.ldap_ref_follow = Auto; Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT; Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT; Globals.ldap_page_size = LDAP_PAGE_SIZE; @@ -5387,6 +5397,7 @@ FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix) FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn) FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl) FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads) +FN_GLOBAL_INTEGER(lp_ldap_ref_follow, &Globals.ldap_ref_follow) FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync) FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn) FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep) |