summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smbldap.h15
-rw-r--r--source3/lib/smbldap.c3
-rw-r--r--source3/passdb/pdb_ldap.c620
-rw-r--r--source3/sam/idmap_ldap.c24
4 files changed, 386 insertions, 276 deletions
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index 987206b450..31f8d33b88 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -92,6 +92,18 @@ typedef struct _attrib_map_entry {
const char *name;
} ATTRIB_MAP_ENTRY;
+
+struct smbldap_state {
+ LDAP *ldap_struct;
+ time_t last_ping;
+ /* retrive-once info */
+ const char *uri;
+ char *bind_dn;
+ char *bind_secret;
+
+ unsigned int num_failures;
+};
+
/* structures */
extern ATTRIB_MAP_ENTRY attrib_map_v22[];
@@ -109,8 +121,7 @@ const char* get_attr_key2string( ATTRIB_MAP_ENTRY table[], int key );
char** get_attr_list( ATTRIB_MAP_ENTRY table[] );
void free_attr_list( char **list );
BOOL fetch_ldap_pw(char **dn, char** pw);
-void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value);
-
+void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value);
#endif /* _SMBLDAP_H */
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index bb37222d5a..b627134446 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -262,7 +262,7 @@ BOOL fetch_ldap_pw(char **dn, char** pw)
manage memory used by the array, by each struct, and values
***********************************************************************/
-void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value)
+void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value)
{
LDAPMod **mods;
int i;
@@ -344,3 +344,4 @@ void ldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const
*modlist = mods;
}
+
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index e8ba639073..4cc1762a0d 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -80,15 +80,13 @@
#include "smbldap.h"
struct ldapsam_privates {
+ struct smbldap_state *smbldap_state;
+
/* Former statics */
- LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
int index;
- time_t last_ping;
- /* retrive-once info */
- const char *uri;
const char *domain_name;
DOM_SID domain_sid;
@@ -103,16 +101,10 @@ struct ldapsam_privates {
uint32 low_allocated_group_rid;
uint32 high_allocated_group_rid;
- char *bind_dn;
- char *bind_secret;
-
- unsigned int num_failures;
};
-#define LDAPSAM_DONT_PING_TIME 10 /* ping only all 10 seconds */
-
-static struct ldapsam_privates *static_ldap_state;
-
+#define SMBLDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */
+#define SMBLDAP_NUM_RETRIES 8 /* retry only 8 times */
/**********************************************************************
get the attribute name given a user schame version
@@ -155,24 +147,82 @@ static char** get_userattr_list( int schema_ver )
return NULL;
}
-
+
+/**********************************************************************
+ Some varients of the LDAP rebind code do not pass in the third 'arg'
+ pointer to a void*, so we try and work around it by assuming that the
+ value of the 'LDAP *' pointer is the same as the one we had passed in
+ **********************************************************************/
+
+struct smbldap_state_lookup {
+ LDAP *ld;
+ struct smbldap_state *smbldap_state;
+ struct smbldap_state_lookup *prev, *next;
+};
+
+static struct smbldap_state_lookup *smbldap_state_lookup_list;
+
+static struct smbldap_state *smbldap_find_state(LDAP *ld)
+{
+ struct smbldap_state_lookup *t;
+
+ for (t = smbldap_state_lookup_list; t; t = t->next) {
+ if (t->ld == ld) {
+ return t->smbldap_state;
+ }
+ }
+ return NULL;
+}
+
+static void smbldap_delete_state(struct smbldap_state *smbldap_state)
+{
+ struct smbldap_state_lookup *t;
+
+ for (t = smbldap_state_lookup_list; t; t = t->next) {
+ if (t->smbldap_state == smbldap_state) {
+ DLIST_REMOVE(smbldap_state_lookup_list, t);
+ SAFE_FREE(t);
+ }
+ }
+}
+
+static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state)
+{
+ struct smbldap_state *tmp_ldap_state;
+ struct smbldap_state_lookup *t;
+ struct smbldap_state_lookup *tmp;
+
+ if ((tmp_ldap_state = smbldap_find_state(ld))) {
+ SMB_ASSERT(tmp_ldap_state == smbldap_state);
+ return;
+ }
+
+ t = smb_xmalloc(sizeof(*t));
+ ZERO_STRUCTP(t);
+
+ DLIST_ADD_END(smbldap_state_lookup_list, t, tmp);
+ t->ld = ld;
+ t->smbldap_state = smbldap_state;
+}
+
/*******************************************************************
open a connection to the ldap server.
******************************************************************/
-static int ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP ** ldap_struct)
+static int smbldap_open_connection (struct smbldap_state *ldap_state)
+
{
int rc = LDAP_SUCCESS;
int version;
BOOL ldap_v3 = False;
+ LDAP **ldap_struct = &ldap_state->ldap_struct;
#ifdef HAVE_LDAP_INITIALIZE
- DEBUG(10, ("ldapsam_open_connection: %s\n", ldap_state->uri));
+ DEBUG(10, ("smbldap_open_connection: %s\n", ldap_state->uri));
if ((rc = ldap_initialize(ldap_struct, ldap_state->uri)) != LDAP_SUCCESS) {
DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
return rc;
}
-
#else
/* Parse the string manually */
@@ -216,13 +266,19 @@ static int ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP **
DEBUG(3,("LDAPS option set...!\n"));
#else
- DEBUG(0,("ldapsam_open_connection: Secure connection not supported by LDAP client libraries!\n"));
+ DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
return LDAP_OPERATIONS_ERROR;
#endif
}
}
#endif
+ /* Store the LDAP pointer in a lookup list */
+
+ smbldap_store_state(*ldap_struct, ldap_state);
+
+ /* Upgrade to LDAPv3 if possible */
+
if (ldap_get_option(*ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS)
{
if (version != LDAP_VERSION3)
@@ -252,12 +308,12 @@ static int ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP **
return LDAP_OPERATIONS_ERROR;
}
#else
- DEBUG(0,("ldapsam_open_connection: StartTLS not supported by LDAP client libraries!\n"));
+ DEBUG(0,("smbldap_open_connection: StartTLS not supported by LDAP client libraries!\n"));
return LDAP_OPERATIONS_ERROR;
#endif
}
- DEBUG(2, ("ldapsam_open_connection: connection opened\n"));
+ DEBUG(2, ("smbldap_open_connection: connection opened\n"));
return rc;
}
@@ -271,7 +327,7 @@ static int ldapsam_open_connection (struct ldapsam_privates *ldap_state, LDAP **
static int rebindproc_with_state (LDAP * ld, char **whop, char **credp,
int *methodp, int freeit, void *arg)
{
- struct ldapsam_privates *ldap_state = arg;
+ struct smbldap_state *ldap_state = arg;
/** @TODO Should we be doing something to check what servers we rebind to?
Could we get a referral to a machine that we don't want to give our
@@ -311,7 +367,7 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct,
ber_tag_t request,
ber_int_t msgid, void *arg)
{
- struct ldapsam_privates *ldap_state = arg;
+ struct smbldap_state *ldap_state = arg;
int rc;
DEBUG(5,("rebindproc_connect_with_state: Rebinding as \"%s\"\n",
ldap_state->bind_dn));
@@ -335,8 +391,10 @@ static int rebindproc_connect_with_state (LDAP *ldap_struct,
static int rebindproc (LDAP *ldap_struct, char **whop, char **credp,
int *method, int freeit )
{
+ struct smbldap_state *ldap_state = smbldap_find_state(ldap_struct);
+
return rebindproc_with_state(ldap_struct, whop, credp,
- method, freeit, static_ldap_state);
+ method, freeit, ldap_state);
}
# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/
@@ -351,8 +409,10 @@ static int rebindproc (LDAP *ldap_struct, char **whop, char **credp,
static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request,
ber_int_t msgid)
{
+ struct smbldap_state *ldap_state = smbldap_find_state(ld);
+
return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid,
- static_ldap_state);
+ ldap_state);
}
# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/
#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
@@ -360,16 +420,12 @@ static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request,
/*******************************************************************
connect to the ldap server under system privilege.
******************************************************************/
-static int ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ldap_struct)
+static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_struct)
{
int rc;
char *ldap_dn;
char *ldap_secret;
- /* The rebind proc needs this *HACK*. We are not multithreaded, so
- this will work, but it's not nice. */
- static_ldap_state = ldap_state;
-
/* get the password */
if (!fetch_ldap_pw(&ldap_dn, &ldap_secret))
{
@@ -410,8 +466,8 @@ static int ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ld
&ld_error);
DEBUG(ldap_state->num_failures ? 2 : 0,
("failed to bind to server with dn= %s Error: %s\n\t%s\n",
- ldap_dn ? ld_error : "(unknown)", ldap_err2string(rc),
- ld_error));
+ ldap_dn ? ldap_dn : "(unknown)", ldap_err2string(rc),
+ ld_error ? ld_error : "(unknown)"));
SAFE_FREE(ld_error);
ldap_state->num_failures++;
return rc;
@@ -424,21 +480,21 @@ static int ldapsam_connect_system(struct ldapsam_privates *ldap_state, LDAP * ld
}
/**********************************************************************
-Connect to LDAP server
+Connect to LDAP server (called before every ldap operation)
*********************************************************************/
-static int ldapsam_open(struct ldapsam_privates *ldap_state)
+static int smbldap_open(struct smbldap_state *ldap_state)
{
int rc;
SMB_ASSERT(ldap_state);
#ifndef NO_LDAP_SECURITY
if (geteuid() != 0) {
- DEBUG(0, ("ldapsam_open: cannot access LDAP when not root..\n"));
+ DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n"));
return LDAP_INSUFFICIENT_ACCESS;
}
#endif
- if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + LDAPSAM_DONT_PING_TIME) < time(NULL))) {
+ if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) < time(NULL))) {
struct sockaddr_un addr;
socklen_t len = sizeof(addr);
int sd;
@@ -454,15 +510,15 @@ static int ldapsam_open(struct ldapsam_privates *ldap_state)
}
if (ldap_state->ldap_struct != NULL) {
- DEBUG(5,("ldapsam_open: already connected to the LDAP server\n"));
+ DEBUG(5,("smbldap_open: already connected to the LDAP server\n"));
return LDAP_SUCCESS;
}
- if ((rc = ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct))) {
+ if ((rc = smbldap_open_connection(ldap_state))) {
return rc;
}
- if ((rc = ldapsam_connect_system(ldap_state, ldap_state->ldap_struct))) {
+ if ((rc = smbldap_connect_system(ldap_state, ldap_state->ldap_struct))) {
ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
ldap_state->ldap_struct = NULL;
return rc;
@@ -478,7 +534,7 @@ static int ldapsam_open(struct ldapsam_privates *ldap_state)
/**********************************************************************
Disconnect from LDAP server
*********************************************************************/
-static NTSTATUS ldapsam_close(struct ldapsam_privates *ldap_state)
+static NTSTATUS smbldap_close(struct smbldap_state *ldap_state)
{
if (!ldap_state)
return NT_STATUS_INVALID_PARAMETER;
@@ -487,14 +543,18 @@ static NTSTATUS ldapsam_close(struct ldapsam_privates *ldap_state)
ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
ldap_state->ldap_struct = NULL;
}
+
+ smbldap_delete_state(ldap_state);
DEBUG(5,("The connection to the LDAP server was closed\n"));
/* maybe free the results here --metze */
+
+
return NT_STATUS_OK;
}
-static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts)
+static int smbldap_retry_open(struct smbldap_state *ldap_state, int *attempts)
{
int rc;
@@ -517,7 +577,7 @@ static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts
}
(*attempts)++;
- if ((rc = ldapsam_open(ldap_state))) {
+ if ((rc = smbldap_open(ldap_state))) {
DEBUG(1,("Connection to LDAP Server failed for the %d try!\n",*attempts));
return rc;
}
@@ -529,7 +589,7 @@ static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts
/*********************************************************************
********************************************************************/
-static int ldapsam_search(struct ldapsam_privates *ldap_state,
+static int smbldap_search(struct smbldap_state *ldap_state,
const char *base, int scope, const char *filter,
char *attrs[], int attrsonly,
LDAPMessage **res)
@@ -544,9 +604,9 @@ static int ldapsam_search(struct ldapsam_privates *ldap_state,
return LDAP_NO_MEMORY;
}
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) {
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
continue;
rc = ldap_search_s(ldap_state->ldap_struct, base, scope,
@@ -555,14 +615,14 @@ static int ldapsam_search(struct ldapsam_privates *ldap_state,
if (rc == LDAP_SERVER_DOWN) {
DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- ldapsam_close(ldap_state);
+ smbldap_close(ldap_state);
}
SAFE_FREE(utf8_filter);
return rc;
}
-static int ldapsam_modify(struct ldapsam_privates *ldap_state, const char *dn, LDAPMod *attrs[])
+static int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[])
{
int rc = LDAP_SERVER_DOWN;
int attempts = 0;
@@ -574,9 +634,9 @@ static int ldapsam_modify(struct ldapsam_privates *ldap_state, const char *dn, L
return LDAP_NO_MEMORY;
}
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) {
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
continue;
rc = ldap_modify_s(ldap_state->ldap_struct, utf8_dn, attrs);
@@ -584,14 +644,14 @@ static int ldapsam_modify(struct ldapsam_privates *ldap_state, const char *dn, L
if (rc == LDAP_SERVER_DOWN) {
DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- ldapsam_close(ldap_state);
+ smbldap_close(ldap_state);
}
SAFE_FREE(utf8_dn);
return rc;
}
-static int ldapsam_add(struct ldapsam_privates *ldap_state, const char *dn, LDAPMod *attrs[])
+static int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[])
{
int rc = LDAP_SERVER_DOWN;
int attempts = 0;
@@ -603,9 +663,9 @@ static int ldapsam_add(struct ldapsam_privates *ldap_state, const char *dn, LDAP
return LDAP_NO_MEMORY;
}
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) {
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
continue;
rc = ldap_add_s(ldap_state->ldap_struct, utf8_dn, attrs);
@@ -613,14 +673,14 @@ static int ldapsam_add(struct ldapsam_privates *ldap_state, const char *dn, LDAP
if (rc == LDAP_SERVER_DOWN) {
DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- ldapsam_close(ldap_state);
+ smbldap_close(ldap_state);
}
SAFE_FREE(utf8_dn);
return rc;
}
-static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn)
+static int smbldap_delete(struct smbldap_state *ldap_state, const char *dn)
{
int rc = LDAP_SERVER_DOWN;
int attempts = 0;
@@ -632,9 +692,9 @@ static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn)
return LDAP_NO_MEMORY;
}
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) {
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
continue;
rc = ldap_delete_s(ldap_state->ldap_struct, utf8_dn);
@@ -642,14 +702,17 @@ static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn)
if (rc == LDAP_SERVER_DOWN) {
DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- ldapsam_close(ldap_state);
+ smbldap_close(ldap_state);
}
SAFE_FREE(utf8_dn);
return rc;
}
-static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap)
+static int smbldap_extended_operation(struct smbldap_state *ldap_state,
+ LDAP_CONST char *reqoid, struct berval *reqdata,
+ LDAPControl **serverctrls, LDAPControl **clientctrls,
+ char **retoidp, struct berval **retdatap)
{
int rc = LDAP_SERVER_DOWN;
int attempts = 0;
@@ -657,17 +720,18 @@ static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_
if (!ldap_state)
return (-1);
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
+ while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) {
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
+ if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
continue;
- rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap);
+ rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata,
+ serverctrls, clientctrls, retoidp, retdatap);
}
if (rc == LDAP_SERVER_DOWN) {
DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
- ldapsam_close(ldap_state);
+ smbldap_close(ldap_state);
}
return rc;
@@ -676,23 +740,23 @@ static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_suffix (struct ldapsam_privates *ldap_state, const char *filter,
+static int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter,
char **search_attr, LDAPMessage ** result)
{
int scope = LDAP_SCOPE_SUBTREE;
int rc;
- DEBUG(2, ("ldapsam_search_suffix: searching for:[%s]\n", filter));
+ DEBUG(2, ("smbldap_search_suffix: searching for:[%s]\n", filter));
- rc = ldapsam_search(ldap_state, lp_ldap_suffix(), scope, filter, search_attr, 0, result);
+ rc = smbldap_search(ldap_state, lp_ldap_suffix(), scope, filter, search_attr, 0, result);
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
- DEBUG(0,("ldapsam_search_suffix: Problem during the LDAP search: %s (%s)\n",
+ DEBUG(0,("smbldap_search_suffix: Problem during the LDAP search: %s (%s)\n",
ld_error?ld_error:"(unknown)", ldap_err2string (rc)));
- DEBUG(3,("ldapsam_search_suffix: Query was: %s, %s\n", lp_ldap_suffix(),
+ DEBUG(3,("smbldap_search_suffix: Query was: %s, %s\n", lp_ldap_suffix(),
filter));
SAFE_FREE(ld_error);
}
@@ -718,7 +782,7 @@ static const char* get_objclass_filter( int schema_ver )
snprintf( objclass_filter, sizeof(objclass_filter)-1, "(objectclass=%s)", LDAP_OBJ_SAMBASAMACCOUNT );
break;
default:
- DEBUG(0,("ldapsam_search_suffix_by_name(): Invalid schema version specified!\n"));
+ DEBUG(0,("pdb_ldapsam: get_objclass_filter(): Invalid schema version specified!\n"));
break;
}
@@ -728,8 +792,9 @@ static const char* get_objclass_filter( int schema_ver )
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_suffix_by_name (struct ldapsam_privates *ldap_state, const char *user,
- LDAPMessage ** result, char **attr)
+static int ldapsam_search_suffix_by_name (struct ldapsam_privates *ldap_state,
+ const char *user,
+ LDAPMessage ** result, char **attr)
{
pstring filter;
char *escape_user = escape_ldap_string_alloc(user);
@@ -754,15 +819,15 @@ static int ldapsam_search_suffix_by_name (struct ldapsam_privates *ldap_state, c
all_string_sub(filter, "%u", escape_user, sizeof(pstring));
SAFE_FREE(escape_user);
- return ldapsam_search_suffix(ldap_state, filter, attr, result);
+ return smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
}
/*******************************************************************
run the search by rid.
******************************************************************/
static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
- uint32 rid, LDAPMessage ** result,
- char **attr)
+ uint32 rid, LDAPMessage ** result,
+ char **attr)
{
pstring filter;
int rc;
@@ -772,7 +837,7 @@ static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
snprintf(filter, sizeof(filter)-1, "(&(rid=%i)%s)", rid,
get_objclass_filter(ldap_state->schema_ver));
- rc = ldapsam_search_suffix(ldap_state, filter, attr, result);
+ rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
return rc;
}
@@ -781,8 +846,8 @@ static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,
run the search by SID.
******************************************************************/
static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state,
- const DOM_SID *sid, LDAPMessage ** result,
- char **attr)
+ const DOM_SID *sid, LDAPMessage ** result,
+ char **attr)
{
pstring filter;
int rc;
@@ -795,7 +860,7 @@ static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state,
sid_to_string(sid_string, sid),
get_objclass_filter(ldap_state->schema_ver));
- rc = ldapsam_search_suffix(ldap_state, filter, attr, result);
+ rc = smbldap_search_suffix(ldap_state->smbldap_state, filter, attr, result);
return rc;
}
@@ -838,7 +903,7 @@ static BOOL get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
Set attribute to newval in LDAP, regardless of what value the
attribute had in LDAP before.
*********************************************************************/
-static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing,
+static void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing,
LDAPMod ***mods,
const char *attribute, const char *newval)
{
@@ -867,7 +932,7 @@ static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing,
the old value, should it exist. */
if ((newval != NULL) && (strlen(newval) > 0)) {
- ldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
+ smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
}
if (values == NULL) {
@@ -882,7 +947,7 @@ static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing,
deny the complete operation if somebody changed the
attribute behind our back. */
- ldap_set_mod(mods, LDAP_MOD_DELETE, attribute, values[0]);
+ smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, values[0]);
ldap_value_free(values);
}
@@ -901,19 +966,19 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state,
char *name, *dn;
BerElement *ptr = NULL;
- rc = ldap_count_entries(ldap_state->ldap_struct, result);
+ rc = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
if (rc != 1) {
DEBUG(0, ("Entry must exist exactly once!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
- dn = ldap_get_dn(ldap_state->ldap_struct, entry);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
+ dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
if (lp_ldap_delete_dn()) {
NTSTATUS ret = NT_STATUS_OK;
- rc = ldapsam_delete(ldap_state, dn);
+ rc = smbldap_delete(ldap_state->smbldap_state, dn);
if (rc != LDAP_SUCCESS) {
DEBUG(0, ("Could not delete object %s\n", dn));
@@ -925,9 +990,9 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state,
/* Ok, delete only the SAM attributes */
- for (name = ldap_first_attribute(ldap_state->ldap_struct, entry, &ptr);
+ for (name = ldap_first_attribute(ldap_state->smbldap_state->ldap_struct, entry, &ptr);
name != NULL;
- name = ldap_next_attribute(ldap_state->ldap_struct, entry, ptr))
+ name = ldap_next_attribute(ldap_state->smbldap_state->ldap_struct, entry, ptr))
{
char **attrib;
@@ -938,7 +1003,7 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state,
{
if (StrCaseCmp(*attrib, name) == 0) {
DEBUG(10, ("deleting attribute %s\n", name));
- ldap_set_mod(&mods, LDAP_MOD_DELETE, name, NULL);
+ smbldap_set_mod(&mods, LDAP_MOD_DELETE, name, NULL);
}
}
@@ -949,14 +1014,14 @@ static NTSTATUS ldapsam_delete_entry(struct ldapsam_privates *ldap_state,
ber_free(ptr, 0);
}
- ldap_set_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass);
+ smbldap_set_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass);
- rc = ldapsam_modify(ldap_state, dn, mods);
+ rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
ldap_mods_free(mods, True);
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0, ("could not delete attributes for %s, error: %s (%s)\n",
@@ -989,7 +1054,8 @@ static int ldapsam_search_domain_info(struct ldapsam_privates *ldap_state,
attr_list = get_attr_list( dominfo_attr_list );
- rc = ldapsam_search_suffix(ldap_state, filter, attr_list , result);
+ rc = smbldap_search_suffix(ldap_state->smbldap_state, filter,
+ attr_list , result);
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS) {
@@ -1013,7 +1079,7 @@ static uint32 entry_to_rid(struct ldapsam_privates *ldap_state, LDAPMessage *ent
DOM_SID dom_sid;
uint32 rid;
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
LDAP_ATTRIBUTE_SID, sid_string))
{
return 0;
@@ -1070,7 +1136,8 @@ static uint32 search_next_allocated_rid(struct ldapsam_privates *ldap_state, int
DEBUG(2, ("search_top_allocated_rid: searching for:[%s]\n", filter));
- rc = ldapsam_search_suffix(ldap_state, filter, sid_attr, &result);
+ rc = smbldap_search_suffix(ldap_state->smbldap_state, filter,
+ sid_attr, &result);
if (rc != LDAP_SUCCESS) {
DEBUG(3, ("LDAP search failed! cannot find base for NUA RIDs: %s\n", ldap_err2string(rc)));
@@ -1080,18 +1147,18 @@ static uint32 search_next_allocated_rid(struct ldapsam_privates *ldap_state, int
return 0;
}
- count = ldap_count_entries(ldap_state->ldap_struct, result);
+ count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
DEBUG(2, ("search_top_allocated_rid: %d entries in the base!\n", count));
if (count == 0) {
DEBUG(3, ("LDAP search returned no records, assuming no allocated RIDs present!: %s\n", ldap_err2string(rc)));
DEBUGADD(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter));
} else {
- entry = ldap_first_entry(ldap_state->ldap_struct,result);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,result);
top_rid = entry_to_rid(ldap_state, entry, rid_type);
- while ((entry = ldap_next_entry(ldap_state->ldap_struct, entry))) {
+ while ((entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, entry))) {
rid = entry_to_rid(ldap_state, entry, rid_type);
if (((rid & ~RID_TYPE_MASK) == rid_type) && (rid > top_rid)) {
@@ -1164,14 +1231,15 @@ static NTSTATUS add_new_domain_info(struct ldapsam_privates *ldap_state)
ldap_state->domain_name, LDAP_OBJ_DOMINFO);
attr_list = get_attr_list( dominfo_attr_list );
- rc = ldapsam_search_suffix(ldap_state, filter, attr_list, &result);
+ rc = smbldap_search_suffix(ldap_state->smbldap_state, filter,
+ attr_list, &result);
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS) {
return NT_STATUS_UNSUCCESSFUL;
}
- num_result = ldap_count_entries(ldap_state->ldap_struct, result);
+ num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
if (num_result > 1) {
DEBUG (0, ("More than domain with that name exists: bailing out!\n"));
@@ -1189,27 +1257,27 @@ static NTSTATUS add_new_domain_info(struct ldapsam_privates *ldap_state)
ldap_msgfree(result);
/* make the changes - the entry *must* not already have samba attributes */
- ldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
ldap_state->domain_name);
sid_to_string(tmp, &ldap_state->domain_sid);
- ldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), tmp);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), tmp);
snprintf(tmp, sizeof(tmp)-1, "%i", next_allocated_user_rid);
- ldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), tmp);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), tmp);
snprintf(tmp, sizeof(tmp)-1, "%i", next_allocated_group_rid);
- ldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), tmp);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), tmp);
- ldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
switch(ldap_op)
{
case LDAP_MOD_ADD:
- rc = ldapsam_add(ldap_state, dn, mods);
+ rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
break;
case LDAP_MOD_REPLACE:
- rc = ldapsam_modify(ldap_state, dn, mods);
+ rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
break;
default:
DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op));
@@ -1218,7 +1286,7 @@ static NTSTATUS add_new_domain_info(struct ldapsam_privates *ldap_state)
if (rc!=LDAP_SUCCESS) {
char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(1,
("failed to %s domain dn= %s with: %s\n\t%s\n",
@@ -1252,11 +1320,12 @@ static BOOL sid_in_use(struct ldapsam_privates *ldap_state,
slprintf(filter, sizeof(filter)-1, "(%s=%s)", LDAP_ATTRIBUTE_SID, sid_to_string(sid_string, sid));
- rc = ldapsam_search_suffix(ldap_state, filter, sid_attr, &result);
+ rc = smbldap_search_suffix(ldap_state->smbldap_state,
+ filter, sid_attr, &result);
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
DEBUG(2, ("Failed to check if sid %s is alredy in use: %s\n",
sid_string, ld_error));
SAFE_FREE(ld_error);
@@ -1265,7 +1334,7 @@ static BOOL sid_in_use(struct ldapsam_privates *ldap_state,
return True;
}
- if ((count = ldap_count_entries(ldap_state->ldap_struct, result)) > 0) {
+ if ((count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result)) > 0) {
DEBUG(3, ("Sid %s already in use - trying next RID\n",
sid_string));
ldap_msgfree(result);
@@ -1311,7 +1380,7 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
return ret;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) < 1) {
DEBUG(3, ("Got no domain info entries for domain %s\n",
ldap_state->domain_name));
ldap_msgfree(result);
@@ -1323,20 +1392,20 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
}
}
- if ((count = ldap_count_entries(ldap_state->ldap_struct, result)) > 1) {
+ if ((count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result)) > 1) {
DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n",
count, ldap_state->domain_name));
ldap_msgfree(result);
return ret;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
if (!entry) {
ldap_msgfree(result);
return ret;
}
- if ((dn = ldap_get_dn(ldap_state->ldap_struct, entry)) == NULL) {
+ if ((dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry)) == NULL) {
DEBUG(0, ("Could not get domain info DN\n"));
ldap_msgfree(result);
return ret;
@@ -1347,7 +1416,7 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
switch (rid_type) {
case USER_RID_TYPE:
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
old_rid_string))
{
@@ -1357,7 +1426,7 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
}
break;
case GROUP_RID_TYPE:
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID),
old_rid_string))
{
@@ -1384,7 +1453,7 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
/* Try to make the modification atomically by enforcing the
old value in the delete mod. */
- make_ldap_mod(ldap_state->ldap_struct, entry, &mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
next_rid_string);
break;
@@ -1396,19 +1465,19 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
/* Try to make the modification atomically by enforcing the
old value in the delete mod. */
- make_ldap_mod(ldap_state->ldap_struct, entry, &mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID),
next_rid_string);
break;
}
- if ((rc = ldap_modify_s(ldap_state->ldap_struct, dn, mods)) == LDAP_SUCCESS) {
+ if ((rc = ldap_modify_s(ldap_state->smbldap_state->ldap_struct, dn, mods)) == LDAP_SUCCESS) {
DOM_SID dom_sid;
DOM_SID sid;
pstring domain_sid_string;
int error = 0;
- if (!get_single_attribute(ldap_state->ldap_struct, result,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, result,
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID),
domain_sid_string))
{
@@ -1444,7 +1513,7 @@ static NTSTATUS ldapsam_next_rid(struct ldapsam_privates *ldap_state, uint32 *ri
return NT_STATUS_OK;
}
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
DEBUG(2, ("Failed to modify rid: %s\n", ld_error));
SAFE_FREE(ld_error);
@@ -1486,7 +1555,7 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
char **ldap_values;
char **values;
- if ((ldap_values = ldap_get_values (ldap_state->ldap_struct, entry, "objectClass")) == NULL) {
+ if ((ldap_values = ldap_get_values (ldap_state->smbldap_state->ldap_struct, entry, "objectClass")) == NULL) {
DEBUG (1, ("get_unix_attributes: no objectClass! \n"));
return False;
}
@@ -1504,13 +1573,13 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
}
ldap_value_free(ldap_values);
- if ( !get_single_attribute(ldap_state->ldap_struct, entry,
+ if ( !get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_UNIX_HOME), homedir) )
{
return False;
}
- if ( !get_single_attribute(ldap_state->ldap_struct, entry,
+ if ( !get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_GIDNUMBER), temp) )
{
return False;
@@ -1583,12 +1652,12 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
return False;
}
- if (ldap_state->ldap_struct == NULL) {
- DEBUG(0, ("init_sam_from_ldap: ldap_state->ldap_struct is NULL!\n"));
+ if (ldap_state->smbldap_state->ldap_struct == NULL) {
+ DEBUG(0, ("init_sam_from_ldap: ldap_state->smbldap_state->ldap_struct is NULL!\n"));
return False;
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "uid", username)) {
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, "uid", username)) {
DEBUG(1, ("No uid attribute found for this user!\n"));
return False;
}
@@ -1608,13 +1677,13 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
if ( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT )
{
- if (get_single_attribute(ldap_state->ldap_struct, entry,
+ if (get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), temp))
{
pdb_set_user_sid_from_string(sampass, temp, PDB_SET);
}
- if (get_single_attribute(ldap_state->ldap_struct, entry,
+ if (get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_SID), temp))
{
pdb_set_group_sid_from_string(sampass, temp, PDB_SET);
@@ -1628,14 +1697,14 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
}
else
{
- if (get_single_attribute(ldap_state->ldap_struct, entry,
+ if (get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID), temp))
{
user_rid = (uint32)atol(temp);
pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PRIMARY_GROUP_RID), temp))
{
pdb_set_group_sid_from_rid(sampass, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
@@ -1682,7 +1751,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
}
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET), temp))
{
/* leave as default */
@@ -1691,7 +1760,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp))
{
/* leave as default */
@@ -1700,7 +1769,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_logon_time(sampass, logon_time, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp))
{
/* leave as default */
@@ -1709,7 +1778,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp))
{
/* leave as default */
@@ -1718,7 +1787,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp))
{
/* leave as default */
@@ -1727,7 +1796,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp))
{
/* leave as default */
@@ -1742,10 +1811,10 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
* that fits your needs; using cn then displayName rather than 'userFullName'
*/
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME), fullname))
{
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_CN), fullname))
{
/* leave as default */
@@ -1756,7 +1825,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_fullname(sampass, fullname, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE), dir_drive))
{
pdb_set_dir_drive(sampass, talloc_sub_specified(sampass->mem_ctx,
@@ -1768,7 +1837,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH), homedir))
{
pdb_set_homedir(sampass, talloc_sub_specified(sampass->mem_ctx,
@@ -1780,7 +1849,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_homedir(sampass, homedir, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT), logon_script))
{
pdb_set_logon_script(sampass, talloc_sub_specified(sampass->mem_ctx,
@@ -1792,7 +1861,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_logon_script(sampass, logon_script, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH), profile_path))
{
pdb_set_profile_path(sampass, talloc_sub_specified(sampass->mem_ctx,
@@ -1804,7 +1873,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_profile_path(sampass, profile_path, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC), acct_desc))
{
/* leave as default */
@@ -1812,7 +1881,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS), workstations))
{
/* leave as default */;
@@ -1826,7 +1895,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
hours_len = 21;
memset(hours, 0xff, hours_len);
- if (!get_single_attribute (ldap_state->ldap_struct, entry,
+ if (!get_single_attribute (ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW), temp))
{
/* leave as default */
@@ -1838,7 +1907,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
ZERO_STRUCT(smblmpwd);
}
- if (!get_single_attribute (ldap_state->ldap_struct, entry,
+ if (!get_single_attribute (ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW), temp))
{
/* leave as default */
@@ -1850,7 +1919,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
ZERO_STRUCT(smbntpwd);
}
- if (!get_single_attribute (ldap_state->ldap_struct, entry,
+ if (!get_single_attribute (ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO), temp))
{
acct_ctrl |= ACB_NORMAL;
@@ -1902,7 +1971,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
* do this on a per-mod basis
*/
if (need_update(sampass, PDB_USERNAME))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
"uid", pdb_get_username(sampass));
DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
@@ -1952,13 +2021,13 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
return False;
}
slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID),
temp);
break;
case SCHEMAVER_SAMBASAMACCOUNT:
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
sid_to_string(sid_string, user_sid));
break;
@@ -1989,13 +2058,13 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
}
slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_PRIMARY_GROUP_RID), temp);
break;
case SCHEMAVER_SAMBASAMACCOUNT:
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver,
LDAP_ATTR_PRIMARY_GROUP_SID), sid_to_string(sid_string, group_sid));
break;
@@ -2016,63 +2085,63 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
*/
if (need_update(sampass, PDB_FULLNAME))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DISPLAY_NAME),
pdb_get_fullname(sampass));
if (need_update(sampass, PDB_ACCTDESC))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_DESC),
pdb_get_acct_desc(sampass));
if (need_update(sampass, PDB_WORKSTATIONS))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_WKS),
pdb_get_workstations(sampass));
if (need_update(sampass, PDB_SMBHOME))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_PATH),
pdb_get_homedir(sampass));
if (need_update(sampass, PDB_DRIVE))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_HOME_DRIVE),
pdb_get_dir_drive(sampass));
if (need_update(sampass, PDB_LOGONSCRIPT))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_SCRIPT),
pdb_get_logon_script(sampass));
if (need_update(sampass, PDB_PROFILE))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PROFILE_PATH),
pdb_get_profile_path(sampass));
slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass));
if (need_update(sampass, PDB_LOGONTIME))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGON_TIME), temp);
slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass));
if (need_update(sampass, PDB_LOGOFFTIME))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LOGOFF_TIME), temp);
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass));
if (need_update(sampass, PDB_KICKOFFTIME))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_KICKOFF_TIME), temp);
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass));
if (need_update(sampass, PDB_CANCHANGETIME))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp);
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass));
if (need_update(sampass, PDB_MUSTCHANGETIME))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp);
if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))
@@ -2083,7 +2152,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
pdb_get_acct_ctrl(sampass));
if (need_update(sampass, PDB_LMPASSWD))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_LMPW),
temp);
@@ -2091,13 +2160,13 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
pdb_get_acct_ctrl(sampass));
if (need_update(sampass, PDB_NTPASSWD))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_NTPW),
temp);
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
if (need_update(sampass, PDB_PASSLASTSET))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_LAST_SET),
temp);
}
@@ -2105,7 +2174,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
/* FIXME: Hours stuff goes in LDAP */
if (need_update(sampass, PDB_ACCTCTRL))
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_ACB_INFO),
pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN));
@@ -2129,7 +2198,8 @@ static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
all_string_sub(filter, "%u", "*", sizeof(pstring));
attr_list = get_userattr_list(ldap_state->schema_ver);
- rc = ldapsam_search_suffix(ldap_state, filter, attr_list, &ldap_state->result);
+ rc = smbldap_search_suffix(ldap_state->smbldap_state, filter,
+ attr_list, &ldap_state->result);
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS) {
@@ -2141,10 +2211,10 @@ static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
}
DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n",
- ldap_count_entries(ldap_state->ldap_struct,
+ ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
ldap_state->result)));
- ldap_state->entry = ldap_first_entry(ldap_state->ldap_struct,
+ ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct,
ldap_state->result);
ldap_state->index = 0;
@@ -2172,10 +2242,6 @@ static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
BOOL bret = False;
- /* The rebind proc needs this *HACK*. We are not multithreaded, so
- this will work, but it's not nice. */
- static_ldap_state = ldap_state;
-
while (!bret) {
if (!ldap_state->entry)
return ret;
@@ -2183,7 +2249,7 @@ static NTSTATUS ldapsam_getsampwent(struct pdb_methods *my_methods, SAM_ACCOUNT
ldap_state->index++;
bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
- ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct,
+ ldap_state->entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct,
ldap_state->entry);
}
@@ -2210,7 +2276,7 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT
if ( rc != LDAP_SUCCESS )
return NT_STATUS_NO_SUCH_USER;
- count = ldap_count_entries(ldap_state->ldap_struct, result);
+ count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
if (count < 1) {
DEBUG(4,
@@ -2224,7 +2290,7 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT
return NT_STATUS_NO_SUCH_USER;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
if (entry) {
if (!init_sam_from_ldap(ldap_state, user, entry)) {
DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname));
@@ -2281,7 +2347,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
break;
}
- count = ldap_count_entries(ldap_state->ldap_struct, result);
+ count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
if (count < 1)
{
@@ -2300,7 +2366,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
return NT_STATUS_NO_SUCH_USER;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
if (entry)
{
if (!init_sam_from_ldap(ldap_state, user, entry)) {
@@ -2339,11 +2405,13 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
switch(ldap_op)
{
case LDAP_MOD_ADD:
- ldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_ACCOUNT);
- rc = ldapsam_add(ldap_state, dn, mods);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_ACCOUNT);
+ rc = smbldap_add(ldap_state->smbldap_state,
+ dn, mods);
break;
case LDAP_MOD_REPLACE:
- rc = ldapsam_modify(ldap_state, dn ,mods);
+ rc = smbldap_modify(ldap_state->smbldap_state,
+ dn ,mods);
break;
default:
DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op));
@@ -2352,7 +2420,7 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
if (rc!=LDAP_SUCCESS) {
char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(1,
("failed to %s user dn= %s with: %s\n\t%s\n",
@@ -2406,8 +2474,10 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
SAFE_FREE(utf8_password);
ber_free(ber, 1);
- if ((rc = ldapsam_extended_operation(ldap_state, LDAP_EXOP_MODIFY_PASSWD,
- bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS) {
+ if ((rc = smbldap_extended_operation(ldap_state->smbldap_state,
+ LDAP_EXOP_MODIFY_PASSWD,
+ bv, NULL, NULL, &retoid,
+ &retdata)) != LDAP_SUCCESS) {
DEBUG(0,("LDAP Password could not be changed for user %s: %s\n",
pdb_get_username(newpwd),ldap_err2string(rc)));
} else {
@@ -2505,14 +2575,14 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
if (rc != LDAP_SUCCESS)
return NT_STATUS_UNSUCCESSFUL;
- if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) {
+ if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) {
DEBUG(0, ("No user to modify!\n"));
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
- dn = ldap_get_dn(ldap_state->ldap_struct, entry);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
+ dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd,
element_is_changed)) {
@@ -2535,7 +2605,7 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
if (!NT_STATUS_IS_OK(ret)) {
char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0,("failed to modify user with uid = %s, error: %s (%s)\n",
pdb_get_username(newpwd), ld_error?ld_error:"(unknwon)", ldap_err2string(rc)));
@@ -2594,7 +2664,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
+ if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 0) {
DEBUG(0,("User '%s' already in the base, with samba attributes\n",
username));
ldap_msgfree(result);
@@ -2611,13 +2681,14 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
all_string_sub( filter, "%u", escape_user, sizeof(filter) );
SAFE_FREE( escape_user );
- rc = ldapsam_search_suffix(ldap_state, filter, attr_list, &result);
+ rc = smbldap_search_suffix(ldap_state->smbldap_state,
+ filter, attr_list, &result);
free_attr_list( attr_list );
if ( rc != LDAP_SUCCESS )
return NT_STATUS_UNSUCCESSFUL;
- num_result = ldap_count_entries(ldap_state->ldap_struct, result);
+ num_result = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
if (num_result > 1) {
DEBUG (0, ("More than one user with that uid exists: bailing out!\n"));
@@ -2631,8 +2702,8 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
DEBUG(3,("User exists without samba attributes: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
- entry = ldap_first_entry (ldap_state->ldap_struct, result);
- tmp = ldap_get_dn (ldap_state->ldap_struct, entry);
+ entry = ldap_first_entry (ldap_state->smbldap_state->ldap_struct, result);
+ tmp = ldap_get_dn (ldap_state->smbldap_state->ldap_struct, entry);
slprintf (dn, sizeof (dn) - 1, "%s", tmp);
ldap_memfree (tmp);
} else {
@@ -2662,10 +2733,10 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
switch ( ldap_state->schema_ver )
{
case SCHEMAVER_SAMBAACCOUNT:
- ldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBAACCOUNT);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBAACCOUNT);
break;
case SCHEMAVER_SAMBASAMACCOUNT:
- ldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBASAMACCOUNT);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBASAMACCOUNT);
break;
default:
DEBUG(0,("ldapsam_add_sam_account: invalid schema version specified\n"));
@@ -2690,18 +2761,14 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
Housekeeping
*********************************************************************/
-static void free_private_data(void **vp)
+static void smbldap_free_struct(struct smbldap_state **ldap_state)
{
- struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
-
- ldapsam_close(*ldap_state);
-
+ smbldap_close(*ldap_state);
+
if ((*ldap_state)->bind_secret) {
memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret));
}
- ldapsam_close(*ldap_state);
-
SAFE_FREE((*ldap_state)->bind_dn);
SAFE_FREE((*ldap_state)->bind_secret);
@@ -2710,6 +2777,22 @@ static void free_private_data(void **vp)
/* No need to free any further, as it is talloc()ed */
}
+
+/**********************************************************************
+ Housekeeping
+ *********************************************************************/
+
+static void free_private_data(void **vp)
+{
+ struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
+
+ smbldap_free_struct(&(*ldap_state)->smbldap_state);
+
+ *ldap_state = NULL;
+
+ /* No need to free any further, as it is talloc()ed */
+}
+
/**********************************************************************
*********************************************************************/
@@ -2725,13 +2808,14 @@ static int ldapsam_search_one_group (struct ldapsam_privates *ldap_state,
attr_list = get_attr_list(groupmap_attr_list);
- rc = ldapsam_search(ldap_state, lp_ldap_group_suffix (), scope,
+ rc = smbldap_search(ldap_state->smbldap_state,
+ lp_ldap_group_suffix (), scope,
filter, attr_list, 0, result);
free_attr_list( attr_list );
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0, ("ldapsam_search_one_group: "
"Problem during the LDAP search: LDAP error: %s (%s)",
@@ -2753,13 +2837,13 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state,
pstring temp;
if (ldap_state == NULL || map == NULL || entry == NULL ||
- ldap_state->ldap_struct == NULL)
+ ldap_state->smbldap_state->ldap_struct == NULL)
{
DEBUG(0, ("init_group_from_ldap: NULL parameters found!\n"));
return False;
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), temp))
{
DEBUG(0, ("Mandatory attribute %s not found\n",
@@ -2770,7 +2854,7 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state,
map->gid = (gid_t)atol(temp);
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID), temp))
{
DEBUG(0, ("Mandatory attribute %s not found\n",
@@ -2779,7 +2863,7 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state,
}
string_to_sid(&map->sid, temp);
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp))
{
DEBUG(0, ("Mandatory attribute %s not found\n",
@@ -2794,11 +2878,11 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state,
return False;
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), temp))
{
temp[0] = '\0';
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_CN), temp))
{
DEBUG(0, ("Attributes cn not found either "
@@ -2808,7 +2892,7 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state,
}
fstrcpy(map->nt_name, temp);
- if (!get_single_attribute(ldap_state->ldap_struct, entry,
+ if (!get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DESC), temp))
{
temp[0] = '\0';
@@ -2836,15 +2920,15 @@ static BOOL init_ldap_from_group(LDAP *ldap_struct,
*mods = NULL;
sid_to_string(tmp, &map->sid);
- make_ldap_mod(ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_struct, existing, mods,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID), tmp);
snprintf(tmp, sizeof(tmp)-1, "%i", map->sid_name_use);
- make_ldap_mod(ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_struct, existing, mods,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), tmp);
- make_ldap_mod(ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_struct, existing, mods,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DISPLAY_NAME), map->nt_name);
- make_ldap_mod(ldap_struct, existing, mods,
+ smbldap_make_mod(ldap_struct, existing, mods,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_DESC), map->comment);
return True;
@@ -2868,7 +2952,7 @@ static NTSTATUS ldapsam_getgroup(struct pdb_methods *methods,
return NT_STATUS_NO_SUCH_GROUP;
}
- count = ldap_count_entries(ldap_state->ldap_struct, result);
+ count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result);
if (count < 1) {
DEBUG(4, ("Did not find group for filter %s\n", filter));
@@ -2881,7 +2965,7 @@ static NTSTATUS ldapsam_getgroup(struct pdb_methods *methods,
return NT_STATUS_NO_SUCH_GROUP;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
if (!entry) {
ldap_msgfree(result);
@@ -2996,19 +3080,19 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) != 1) {
+ if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) != 1) {
DEBUG(2, ("Group %i must exist exactly once in LDAP\n",
map->gid));
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
- tmp = ldap_get_dn(ldap_state->ldap_struct, entry);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
+ tmp = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
pstrcpy(dn, tmp);
ldap_memfree(tmp);
- if (!init_ldap_from_group(ldap_state->ldap_struct,
+ if (!init_ldap_from_group(ldap_state->smbldap_state->ldap_struct,
result, &mods, map)) {
DEBUG(0, ("init_ldap_from_group failed!\n"));
ldap_mods_free(mods, True);
@@ -3023,14 +3107,14 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
return NT_STATUS_UNSUCCESSFUL;
}
- ldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP );
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP );
- rc = ldapsam_modify(ldap_state, dn, mods);
+ rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
ldap_mods_free(mods, True);
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0, ("failed to add group %i error: %s (%s)\n", map->gid,
ld_error ? ld_error : "(unknown)", ldap_err2string(rc)));
@@ -3062,16 +3146,16 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods,
return NT_STATUS_UNSUCCESSFUL;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) {
+ if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result) == 0) {
DEBUG(0, ("No group to modify!\n"));
ldap_msgfree(result);
return NT_STATUS_UNSUCCESSFUL;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
- dn = ldap_get_dn(ldap_state->ldap_struct, entry);
+ entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result);
+ dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
- if (!init_ldap_from_group(ldap_state->ldap_struct,
+ if (!init_ldap_from_group(ldap_state->smbldap_state->ldap_struct,
result, &mods, map)) {
DEBUG(0, ("init_ldap_from_group failed\n"));
ldap_msgfree(result);
@@ -3085,13 +3169,13 @@ static NTSTATUS ldapsam_update_group_mapping_entry(struct pdb_methods *methods,
return NT_STATUS_UNSUCCESSFUL;
}
- rc = ldapsam_modify(ldap_state, dn, mods);
+ rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
ldap_mods_free(mods, True);
if (rc != LDAP_SUCCESS) {
char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0, ("failed to modify group %i error: %s (%s)\n", map->gid,
ld_error ? ld_error : "(unknown)", ldap_err2string(rc)));
@@ -3147,7 +3231,7 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, BOOL update)
snprintf( filter, sizeof(filter)-1, "(objectclass=%s)", LDAP_OBJ_GROUPMAP);
attr_list = get_attr_list( groupmap_attr_list );
- rc = ldapsam_search(ldap_state, lp_ldap_group_suffix(),
+ rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(),
LDAP_SCOPE_SUBTREE, filter,
attr_list, 0, &ldap_state->result);
free_attr_list( attr_list );
@@ -3161,10 +3245,10 @@ static NTSTATUS ldapsam_setsamgrent(struct pdb_methods *my_methods, BOOL update)
}
DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n",
- ldap_count_entries(ldap_state->ldap_struct,
+ ldap_count_entries(ldap_state->smbldap_state->ldap_struct,
ldap_state->result)));
- ldap_state->entry = ldap_first_entry(ldap_state->ldap_struct, ldap_state->result);
+ ldap_state->entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result);
ldap_state->index = 0;
return NT_STATUS_OK;
@@ -3188,10 +3272,6 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods,
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
BOOL bret = False;
- /* The rebind proc needs this *HACK*. We are not multithreaded, so
- this will work, but it's not nice. */
- static_ldap_state = ldap_state;
-
while (!bret) {
if (!ldap_state->entry)
return ret;
@@ -3199,7 +3279,7 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods,
ldap_state->index++;
bret = init_group_from_ldap(ldap_state, map, ldap_state->entry);
- ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct,
+ ldap_state->entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct,
ldap_state->entry);
}
@@ -3260,6 +3340,27 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
}
/**********************************************************************
+ Intitalise the 'general' ldap structures, on which ldap operations may be conducted
+ *********************************************************************/
+
+static NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_state **smbldap_state)
+{
+ *smbldap_state = talloc_zero(mem_ctx, sizeof(**smbldap_state));
+ if (!*smbldap_state) {
+ DEBUG(0, ("talloc() failed for ldapsam private_data!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (location) {
+ (*smbldap_state)->uri = talloc_strdup(mem_ctx, location);
+ } else {
+ (*smbldap_state)->uri = "ldap://localhost";
+ }
+ return NT_STATUS_OK;
+}
+
+/**********************************************************************
+ Intitalise the parts of the pdb_context that are common to all pdb_ldap modes
*********************************************************************/
static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
@@ -3293,18 +3394,15 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **
/* TODO: Setup private data and free */
- ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct ldapsam_privates));
-
+ ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(*ldap_state));
if (!ldap_state) {
DEBUG(0, ("talloc() failed for ldapsam private_data!\n"));
return NT_STATUS_NO_MEMORY;
}
- if (location) {
- ldap_state->uri = talloc_strdup(pdb_context->mem_ctx, location);
- } else {
- ldap_state->uri = "ldap://localhost";
- }
+ if (!NT_STATUS_IS_OK(nt_status =
+ smbldap_init(pdb_context->mem_ctx, location,
+ &ldap_state->smbldap_state)));
ldap_state->domain_name = talloc_strdup(pdb_context->mem_ctx, get_global_sam_name());
if (!ldap_state->domain_name) {
@@ -3321,6 +3419,7 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **
}
/**********************************************************************
+ Initialise the 'compat' mode for pdb_ldap
*********************************************************************/
static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
@@ -3328,21 +3427,10 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state;
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
- return nt_status;
- }
-
- (*pdb_method)->name = "ldapsam_compat";
-
- ldap_state = (*pdb_method)->private_data;
- ldap_state->schema_ver = SCHEMAVER_SAMBAACCOUNT;
-
- if (location) {
- ldap_state->uri = talloc_strdup(pdb_context->mem_ctx, location);
- } else {
#ifndef WITH_LDAP_SAMCONFIG
- ldap_state->uri = "ldap://localhost";
+ location = "ldap://localhost";
#else
+ {
int ldap_port = lp_ldap_port();
/* remap default port if not using SSL (ie clear or TLS) */
@@ -3350,17 +3438,27 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **
ldap_port = 389;
}
- ldap_state->uri = talloc_asprintf(pdb_context->mem_ctx, "%s://%s:%d", lp_ldap_ssl() == LDAP_SSL_ON ? "ldaps" : "ldap", lp_ldap_server(), ldap_port);
- if (!ldap_state->uri) {
+ location = talloc_asprintf(pdb_context->mem_ctx, "%s://%s:%d", lp_ldap_ssl() == LDAP_SSL_ON ? "ldaps" : "ldap", lp_ldap_server(), ldap_port);
+ if (!location) {
return NT_STATUS_NO_MEMORY;
}
+ }
#endif
+
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
+ return nt_status;
}
+ (*pdb_method)->name = "ldapsam_compat";
+
+ ldap_state = (*pdb_method)->private_data;
+ ldap_state->schema_ver = SCHEMAVER_SAMBAACCOUNT;
+
return NT_STATUS_OK;
}
/**********************************************************************
+ Initialise the normal mode for pdb_ldap
*********************************************************************/
static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
diff --git a/source3/sam/idmap_ldap.c b/source3/sam/idmap_ldap.c
index 379f7729ab..b31ce18925 100644
--- a/source3/sam/idmap_ldap.c
+++ b/source3/sam/idmap_ldap.c
@@ -575,8 +575,8 @@ static NTSTATUS ldap_allocate_id(unid_t *id, int id_type)
snprintf(new_id_str, sizeof(new_id_str), "%u",
((id_type & ID_USERID) ? id->uid : id->gid) + 1);
- ldap_set_mod( &mods, LDAP_MOD_DELETE, type, id_str );
- ldap_set_mod( &mods, LDAP_MOD_ADD, type, new_id_str );
+ smbldap_set_mod( &mods, LDAP_MOD_DELETE, type, id_str );
+ smbldap_set_mod( &mods, LDAP_MOD_ADD, type, new_id_str );
rc = ldap_modify_s(ldap_state.ldap_struct, dn, mods);
@@ -829,9 +829,9 @@ static NTSTATUS ldap_set_mapping(const DOM_SID *sid, unid_t id, int id_type)
snprintf(id_str, sizeof(id_str), "%u", ((id_type & ID_USERID) ? id.uid : id.gid));
sid_to_string( sid_str, sid );
- ldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDMAP_ENTRY );
- ldap_set_mod( &mods, LDAP_MOD_ADD, type, id_str );
- ldap_set_mod( &mods, LDAP_MOD_ADD,
+ smbldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDMAP_ENTRY );
+ smbldap_set_mod( &mods, LDAP_MOD_ADD, type, id_str );
+ smbldap_set_mod( &mods, LDAP_MOD_ADD,
get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID), sid_str );
do {
@@ -910,10 +910,10 @@ static NTSTATUS ldap_idmap_init( char *params )
snprintf( uid_str, sizeof(uid_str), "%d", luid );
snprintf( gid_str, sizeof(gid_str), "%d", lgid );
- ldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDPOOL );
- ldap_set_mod( &mods, LDAP_MOD_ADD,
+ smbldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_IDPOOL );
+ smbldap_set_mod( &mods, LDAP_MOD_ADD,
get_attr_key2string(idpool_attr_list, LDAP_ATTR_UIDNUMBER), uid_str );
- ldap_set_mod( &mods, LDAP_MOD_ADD,
+ smbldap_set_mod( &mods, LDAP_MOD_ADD,
get_attr_key2string(idpool_attr_list, LDAP_ATTR_GIDNUMBER), gid_str );
do {
@@ -931,15 +931,15 @@ static NTSTATUS ldap_idmap_init( char *params )
mods = NULL;
snprintf( dn, sizeof(dn), "%s,%s", IDMAP_USER_SUFFIX, lp_ldap_idmap_suffix() );
- ldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_OU );
- ldap_set_mod( &mods, LDAP_MOD_ADD, "ou", "idmap people" );
+ smbldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_OU );
+ smbldap_set_mod( &mods, LDAP_MOD_ADD, "ou", "idmap people" );
ldap_add_s(ldap_state.ldap_struct, dn, mods);
ldap_mods_free( mods, True );
mods = NULL;
snprintf( dn, sizeof(dn), "%s,%s", IDMAP_GROUP_SUFFIX, lp_ldap_idmap_suffix() );
- ldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_OU );
- ldap_set_mod( &mods, LDAP_MOD_ADD, "ou", "idmap group" );
+ smbldap_set_mod( &mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_OU );
+ smbldap_set_mod( &mods, LDAP_MOD_ADD, "ou", "idmap group" );
ldap_add_s(ldap_state.ldap_struct, dn, mods);
ldap_mods_free( mods, True );
#endif