From 66836445a2d5fde1e82eae7fc2f6a6ee86a6c468 Mon Sep 17 00:00:00 2001 From: Björn Jacke Date: Thu, 10 Dec 2009 21:00:26 +0100 Subject: s3: add LDAP Alias Dereferencing support Thanks to Dan Cox for initial patch for 3.0. This closes #2350. --- source3/lib/smbldap.c | 11 +++++++++++ source3/param/loadparm.c | 20 ++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index f7ca1c167b..4727c1593e 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -877,6 +877,7 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) { int rc = LDAP_SUCCESS; int version; + int deref; LDAP **ldap_struct = &ldap_state->ldap_struct; rc = smb_ldap_setup_conn(ldap_struct, ldap_state->uri); @@ -902,6 +903,16 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) return rc; } + /* Set alias dereferencing method */ + deref = lp_ldap_deref(); + if (deref != -1) { + if (ldap_set_option (*ldap_struct, LDAP_OPT_DEREF, &deref) != LDAP_OPT_SUCCESS) { + DEBUG(1,("smbldap_open_connection: Failed to set dereferencing method: %d\n", deref)); + } else { + DEBUG(5,("Set dereferencing method: %d\n", deref)); + } + } + DEBUG(2, ("smbldap_open_connection: connection opened\n")); return rc; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index d6d78c8179..38cad7c979 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -259,6 +259,7 @@ struct global { char *szLdapGroupSuffix; int ldap_ssl; bool ldap_ssl_ads; + int ldap_deref; int ldap_follow_referral; char *szLdapSuffix; char *szLdapAdminDn; @@ -746,6 +747,14 @@ static const struct enum_list enum_ldap_ssl[] = { {-1, NULL} }; +static const struct enum_list enum_ldap_deref[] = { + {LDAP_DEREFERENCE_NEVER, "never"}, + {LDAP_DEREFERENCE_SEARCHING, "searching"}, + {LDAP_DEREFERENCE_FINDING, "finding"}, + {LDAP_DEREFERENCE_ALWAYS, "always"}, + {-1, NULL} +}; + static const struct enum_list enum_ldap_passwd_sync[] = { {LDAP_PASSWD_SYNC_OFF, "no"}, {LDAP_PASSWD_SYNC_OFF, "off"}, @@ -3670,6 +3679,15 @@ static struct parm_struct parm_table[] = { .enum_list = NULL, .flags = FLAG_ADVANCED, }, + { + .label = "ldap deref", + .type = P_ENUM, + .p_class = P_GLOBAL, + .ptr = &Globals.ldap_deref, + .special = NULL, + .enum_list = enum_ldap_deref, + .flags = FLAG_ADVANCED, + }, { .label = "ldap follow referral", .type = P_ENUM, @@ -5064,6 +5082,7 @@ static void init_globals(bool first_time_only) string_set(&Globals.szLdapAdminDn, ""); Globals.ldap_ssl = LDAP_SSL_START_TLS; Globals.ldap_ssl_ads = False; + Globals.ldap_deref = LDAP_DEREFERENCE_NEVER; Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF; Globals.ldap_delete_dn = False; Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */ @@ -5418,6 +5437,7 @@ FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix) FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn) FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl) FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads) +FN_GLOBAL_INTEGER(lp_ldap_deref, &Globals.ldap_deref) FN_GLOBAL_INTEGER(lp_ldap_follow_referral, &Globals.ldap_follow_referral) FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync) FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn) -- cgit