diff options
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 13 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 37 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_private.h | 2 |
4 files changed, 52 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index ea5f9570..543774b8 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -71,7 +71,8 @@ struct dp_option default_basic_opts[] = { { "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER }, { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER } + { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER }, + { "ldap_deref", DP_OPT_STRING, NULL_STRING, NULL_STRING } }; struct sdap_attr_map generic_attr_map[] = { @@ -188,6 +189,8 @@ int ldap_get_options(TALLOC_CTX *memctx, int ret; int account_cache_expiration; int offline_credentials_expiration; + const char *ldap_deref; + int ldap_deref_val; opts = talloc_zero(memctx, struct sdap_options); if (!opts) return ENOMEM; @@ -293,6 +296,14 @@ int ldap_get_options(TALLOC_CTX *memctx, goto done; } + ldap_deref = dp_opt_get_string(opts->basic, SDAP_DEREF); + if (ldap_deref != NULL) { + ret = deref_string_to_val(ldap_deref, &ldap_deref_val); + if (ret != EOK) { + DEBUG(1, ("Failed to verify ldap_deref option.\n")); + goto done; + } + } #ifndef HAVE_LDAP_CONNCB bool ldap_referrals; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 4506085f..be4cf8a0 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -178,6 +178,7 @@ enum sdap_basic_opt { SDAP_ACCESS_FILTER, SDAP_NETGROUP_SEARCH_BASE, SDAP_NESTING_LEVEL, + SDAP_DEREF, SDAP_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index b6205052..e4ca9624 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -28,6 +28,24 @@ #define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D +errno_t deref_string_to_val(const char *str, int *val) +{ + if (strcasecmp(str, "never") == 0) { + *val = LDAP_DEREF_NEVER; + } else if (strcasecmp(str, "searching") == 0) { + *val = LDAP_DEREF_SEARCHING; + } else if (strcasecmp(str, "finding") == 0) { + *val = LDAP_DEREF_FINDING; + } else if (strcasecmp(str, "always") == 0) { + *val = LDAP_DEREF_ALWAYS; + } else { + DEBUG(1, ("Illegal deref option [%s].\n", str)); + return EINVAL; + } + + return EOK; +} + /* ==Connect-to-LDAP-Server=============================================== */ struct sdap_connect_state { @@ -61,6 +79,8 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, int msgid; char *errmsg = NULL; bool ldap_referrals; + const char *ldap_deref; + int ldap_deref_val; req = tevent_req_create(memctx, &state, struct sdap_connect_state); if (!req) return NULL; @@ -130,6 +150,23 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, goto fail; } + /* Set alias dereferencing */ + ldap_deref = dp_opt_get_string(opts->basic, SDAP_DEREF); + if (ldap_deref != NULL) { + ret = deref_string_to_val(ldap_deref, &ldap_deref_val); + if (ret != EOK) { + DEBUG(1, ("deref_string_to_val failed.\n")); + goto fail; + } + + lret = ldap_set_option(state->sh->ldap, LDAP_OPT_DEREF, &ldap_deref_val); + if (lret != LDAP_OPT_SUCCESS) { + DEBUG(1, ("Failed to set deref option to %d\n", ldap_deref_val)); + goto fail; + } + + } + ret = setup_ldap_connection_callbacks(state->sh, state->ev); if (ret != EOK) { DEBUG(1, ("setup_ldap_connection_callbacks failed.\n")); diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index 10ed4469..f049fa6a 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -53,6 +53,8 @@ int sdap_get_rootdse_recv(struct tevent_req *req, TALLOC_CTX *memctx, struct sysdb_attrs **rootdse); +errno_t deref_string_to_val(const char *str, int *val); + /* from sdap_child_helpers.c */ struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx, |