summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smbldap.h1
-rw-r--r--source3/lib/smbldap.c101
-rw-r--r--source3/passdb/pdb_ldap.c59
3 files changed, 103 insertions, 58 deletions
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index d980d08280..adb51430dc 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -145,6 +145,7 @@ struct smbldap_state {
const char *uri;
char *bind_dn;
char *bind_secret;
+ BOOL paged_results;
unsigned int num_failures;
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 518bafcc74..7908bc254d 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -806,6 +806,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
int rc;
char *ldap_dn;
char *ldap_secret;
+ int version;
/* get the password */
if (!fetch_ldap_pw(&ldap_dn, &ldap_secret)) {
@@ -855,7 +856,14 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
ldap_state->num_failures = 0;
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+ if (smbldap_has_control(ldap_state, ADS_PAGE_CTL_OID) && version == 3) {
+ ldap_state->paged_results = True;
+ }
+
DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n"));
+ DEBUGADD(3, ("ldap_connect_system: LDAP server %s support paged results\n", ldap_state->paged_results?"does":"does not"));
return rc;
}
@@ -1431,3 +1439,96 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry)
return unix_dn;
}
+/*******************************************************************
+ Check if root-dse has a certain Control or Extension
+********************************************************************/
+
+static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char **attrs, const char *value)
+{
+ LDAPMessage *msg = NULL;
+ LDAPMessage *entry = NULL;
+ char **values = NULL;
+ int rc, num_result, num_values, i;
+ BOOL result = False;
+
+ if (!attrs[0]) {
+ DEBUG(3,("smbldap_check_root_dse: nothing to look for\n"));
+ return False;
+ }
+
+ if (!strequal(attrs[0], "supportedExtension") &&
+ !strequal(attrs[0], "supportedControl")) {
+ DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0]));
+ return False;
+ }
+
+ rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, 0 , &msg);
+
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));
+ return False;
+ }
+
+ num_result = ldap_count_entries(ldap_state->ldap_struct, msg);
+
+ if (num_result != 1) {
+ DEBUG(3,("smbldap_check_root_dse: Expected one rootDSE, got %d\n", num_result));
+ goto done;
+ }
+
+ entry = ldap_first_entry(ldap_state->ldap_struct, msg);
+
+ if (entry == NULL) {
+ DEBUG(3,("smbldap_check_root_dse: Could not retrieve rootDSE\n"));
+ goto done;
+ }
+
+ values = ldap_get_values(ldap_state->ldap_struct, entry, attrs[0]);
+
+ if (values == NULL) {
+ DEBUG(5,("smbldap_check_root_dse: LDAP Server does not support any %s\n", attrs[0]));
+ goto done;
+ }
+
+ num_values = ldap_count_values(values);
+
+ if (num_values == 0) {
+ DEBUG(5,("smbldap_check_root_dse: LDAP Server does not have any %s\n", attrs[0]));
+ goto done;
+ }
+
+ for (i=0; i<num_values; i++) {
+ if (strcmp(values[i], value) == 0)
+ result = True;
+ }
+
+
+ done:
+ if (values != NULL)
+ ldap_value_free(values);
+ if (msg != NULL)
+ ldap_msgfree(msg);
+
+ return result;
+}
+
+/*******************************************************************
+ Check if LDAP-Server supports a certain Control (OID in string format)
+********************************************************************/
+
+BOOL smbldap_has_control(struct smbldap_state *ldap_state, const char *control)
+{
+ const char *attrs[] = { "supportedControl", NULL };
+ return smbldap_check_root_dse(ldap_state, attrs, control);
+}
+
+/*******************************************************************
+ Check if LDAP-Server supports a certain Extension (OID in string format)
+********************************************************************/
+
+BOOL smbldap_has_extension(struct smbldap_state *ldap_state, const char *extension)
+{
+ const char *attrs[] = { "supportedExtension", NULL };
+ return smbldap_check_root_dse(ldap_state, attrs, extension);
+}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 6c1d64abce..ee0cb260e8 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -782,8 +782,6 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
pdb_set_hours_len(sampass, hours_len, PDB_SET);
pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
-/* pdb_set_munged_dial(sampass, munged_dial, PDB_SET); */
-
if (!smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry,
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_BAD_PASSWORD_COUNT), temp)) {
/* leave as default */
@@ -1409,62 +1407,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
static BOOL ldapsam_can_pwchange_exop(struct smbldap_state *ldap_state)
{
- LDAPMessage *msg = NULL;
- LDAPMessage *entry = NULL;
- char **values = NULL;
- char *attrs[] = { "supportedExtension", NULL };
- int rc, num_result, num_values, i;
- BOOL result = False;
-
- rc = smbldap_search(ldap_state, "", LDAP_SCOPE_BASE, "(objectclass=*)",
- attrs, 0, &msg);
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(3, ("Could not search rootDSE\n"));
- return False;
- }
-
- num_result = ldap_count_entries(ldap_state->ldap_struct, msg);
-
- if (num_result != 1) {
- DEBUG(3, ("Expected one rootDSE, got %d\n", num_result));
- goto done;
- }
-
- entry = ldap_first_entry(ldap_state->ldap_struct, msg);
-
- if (entry == NULL) {
- DEBUG(3, ("Could not retrieve rootDSE\n"));
- goto done;
- }
-
- values = ldap_get_values(ldap_state->ldap_struct, entry,
- "supportedExtension");
-
- if (values == NULL) {
- DEBUG(9, ("LDAP Server does not support any extensions\n"));
- goto done;
- }
-
- num_values = ldap_count_values(values);
-
- if (num_values == 0) {
- DEBUG(9, ("LDAP Server does not support any extensions\n"));
- goto done;
- }
-
- for (i=0; i<num_values; i++) {
- if (strcmp(values[i], LDAP_EXOP_MODIFY_PASSWD) == 0)
- result = True;
- }
-
- done:
- if (values != NULL)
- ldap_value_free(values);
- if (msg != NULL)
- ldap_msgfree(msg);
-
- return result;
+ return smbldap_has_extension(ldap_state, LDAP_EXOP_MODIFY_PASSWD);
}
/********************************************************************