From 66a64e4ebf56fc7eb61de25896a0a8adb7ec3d5d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bj=C3=B6rn=20Jacke?= Date: Thu, 10 Dec 2009 21:00:26 +0100 Subject: [PATCH] s3: add LDAP Alias Dereferencing support Thanks to Dan Cox for initial patch for 3.0. This closes #2350. The default for "ldap deref" is "auto" which means the LDAP library's default behaviour will be used and samba does not set any dereferencing parameter by itself. (cherry picked from commit 8adbc166b230b37ff18ba70f2280a9a729240ff1) --- source3/include/proto.h | 1 + source3/lib/smbldap.c | 11 +++++++++++ source3/param/loadparm.c | 26 ++++++++++++++++++++++++++ 3 files changed, 38 insertions(+) diff --git a/source3/include/proto.h b/source3/include/proto.h index 7b575cab4e3..56505ba883a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3993,6 +3993,7 @@ char *lp_ldap_suffix(void); char *lp_ldap_admin_dn(void); int lp_ldap_ssl(void); bool lp_ldap_ssl_ads(void); +int lp_ldap_deref(void); int lp_ldap_follow_referral(void); int lp_ldap_passwd_sync(void); bool lp_ldap_delete_dn(void); diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index f7ca1c167bd..4727c1593e5 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -877,6 +877,7 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) { int rc = LDAP_SUCCESS; int version; + int deref; LDAP **ldap_struct = &ldap_state->ldap_struct; rc = smb_ldap_setup_conn(ldap_struct, ldap_state->uri); @@ -902,6 +903,16 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state) return rc; } + /* Set alias dereferencing method */ + deref = lp_ldap_deref(); + if (deref != -1) { + if (ldap_set_option (*ldap_struct, LDAP_OPT_DEREF, &deref) != LDAP_OPT_SUCCESS) { + DEBUG(1,("smbldap_open_connection: Failed to set dereferencing method: %d\n", deref)); + } else { + DEBUG(5,("Set dereferencing method: %d\n", deref)); + } + } + DEBUG(2, ("smbldap_open_connection: connection opened\n")); return rc; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 0499d6538c3..b5c76e23090 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -259,6 +259,7 @@ struct global { char *szLdapGroupSuffix; int ldap_ssl; bool ldap_ssl_ads; + int ldap_deref; int ldap_follow_referral; char *szLdapSuffix; char *szLdapAdminDn; @@ -746,6 +747,20 @@ static const struct enum_list enum_ldap_ssl[] = { {-1, NULL} }; +/* LDAP Dereferencing Alias types */ +#define SAMBA_LDAP_DEREF_NEVER 0 +#define SAMBA_LDAP_DEREF_SEARCHING 1 +#define SAMBA_LDAP_DEREF_FINDING 2 +#define SAMBA_LDAP_DEREF_ALWAYS 3 + +static const struct enum_list enum_ldap_deref[] = { + {SAMBA_LDAP_DEREF_NEVER, "never"}, + {SAMBA_LDAP_DEREF_SEARCHING, "searching"}, + {SAMBA_LDAP_DEREF_FINDING, "finding"}, + {SAMBA_LDAP_DEREF_ALWAYS, "always"}, + {-1, "auto"} +}; + static const struct enum_list enum_ldap_passwd_sync[] = { {LDAP_PASSWD_SYNC_OFF, "no"}, {LDAP_PASSWD_SYNC_OFF, "off"}, @@ -3671,6 +3686,15 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED, }, { + .label = "ldap deref", + .type = P_ENUM, + .p_class = P_GLOBAL, + .ptr = &Globals.ldap_deref, + .special = NULL, + .enum_list = enum_ldap_deref, + .flags = FLAG_ADVANCED, + }, + { .label = "ldap follow referral", .type = P_ENUM, .p_class = P_GLOBAL, @@ -5064,6 +5088,7 @@ static void init_globals(bool first_time_only) string_set(&Globals.szLdapAdminDn, ""); Globals.ldap_ssl = LDAP_SSL_START_TLS; Globals.ldap_ssl_ads = False; + Globals.ldap_deref = -1; Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF; Globals.ldap_delete_dn = False; Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */ @@ -5418,6 +5443,7 @@ FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix) FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn) FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl) FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads) +FN_GLOBAL_INTEGER(lp_ldap_deref, &Globals.ldap_deref) FN_GLOBAL_INTEGER(lp_ldap_follow_referral, &Globals.ldap_follow_referral) FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync) FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn) -- 2.11.4.GIT