From 9c3a9824a9165e9d7cf362d4b8c6add8ad0cc983 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Tue, 6 Jul 2010 15:36:21 +1000
Subject: s4-ldb: added support for simple binds on ldb_ldap backend

this uses the options[] array to pass in bindMech, bindID and
bindSecret. Currently only "simple" is supported.
---
 source4/lib/ldb/ldb_ldap/ldb_ldap.c | 50 +++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

(limited to 'source4/lib/ldb/ldb_ldap/ldb_ldap.c')

diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c
index 292da7aed0..8383627694 100644
--- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c
+++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c
@@ -40,6 +40,7 @@
 
 #include "ldb_includes.h"
 #include "ldb_module.h"
+#include "ldb_private.h"
 
 #define LDAP_DEPRECATED 1
 #include <ldap.h>
@@ -856,6 +857,48 @@ static int lldb_destructor(struct lldb_private *lldb)
 	return 0;
 }
 
+
+/*
+  optionally perform a bind
+ */
+static int lldb_bind(struct ldb_module *module,
+		     const char *options[])
+{
+	const char *bind_mechanism;
+	struct lldb_private *lldb;
+	struct ldb_context *ldb = ldb_module_get_ctx(module);
+	int ret;
+
+	bind_mechanism = ldb_options_find(ldb, options, "bindMech");
+	if (bind_mechanism == NULL) {
+		/* no bind wanted */
+		return LDB_SUCCESS;
+	}
+
+	lldb = talloc_get_type(ldb_module_get_private(module), struct lldb_private);
+
+	if (strcmp(bind_mechanism, "simple") == 0) {
+		const char *bind_id, *bind_secret;
+
+		bind_id = ldb_options_find(ldb, options, "bindID");
+		bind_secret = ldb_options_find(ldb, options, "bindSecret");
+		if (bind_id == NULL || bind_secret == NULL) {
+			ldb_asprintf_errstring(ldb, "simple bind requires bindID and bindSecret");
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
+
+		ret = ldap_simple_bind_s(lldb->ldap, bind_id, bind_secret);
+		if (ret != LDAP_SUCCESS) {
+			ldb_asprintf_errstring(ldb, "bind failed: %s", ldap_err2string(ret));
+			return ret;
+		}
+		return LDB_SUCCESS;
+	}
+
+	ldb_asprintf_errstring(ldb, "bind failed: unknown mechanism %s", bind_mechanism);
+	return LDB_ERR_INAPPROPRIATE_AUTHENTICATION;
+}
+
 /*
   connect to the database
 */
@@ -897,6 +940,13 @@ static int lldb_connect(struct ldb_context *ldb,
 	}
 
 	*_module = module;
+
+	ret = lldb_bind(module, options);
+	if (ret != LDB_SUCCESS) {
+		goto failed;
+	}
+
+
 	return LDB_SUCCESS;
 
 failed:
-- 
cgit