r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb

backend.

The idea is that every time we open an LDB, we can provide a
session_info and/or credentials.  This would allow any ldb to be remote
to LDAP.  We should also support provisioning to a authenticated ldap
server.

(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).

Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)

1 files changed, 13 insertions, 0 deletions

diff --git a/source4/lib/db_wrap.c b/source4/lib/db_wrap.c
index 974490f8b2..e070d4eb14 100644
--- a/source4/lib/db_wrap.c
+++ b/source4/lib/db_wrap.c
@@ -61,6 +61,8 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level,
  */
 struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
 				     const char *url,
+				     struct auth_session_info *session_info,
+				     struct cli_credentials *credentials,
 				     unsigned int flags,
 				     const char *options[])
 {
@@ -80,6 +82,17 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
 	ev = event_context_find(ldb);
 
 	if (ldb_set_opaque(ldb, "EventContext", ev)) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	if (ldb_set_opaque(ldb, "sessionInfo", session_info)) {
+		talloc_free(ldb);
+		return NULL;
+	}
+
+	if (ldb_set_opaque(ldb, "credentials", credentials)) {
+		talloc_free(ldb);
 		return NULL;
 	}