The Samba-Bugzilla – Attachment 4701 Details for
Bug 6717
Option to disable following LDAP refs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Revised patch with doc
0001.diff (text/plain), 4.28 KB, created by
Jan Engelhardt
on 2009-09-15 17:14:40 UTC
(
hide
)
Description:
Revised patch with doc
Filename:
MIME Type:
Creator:
Jan Engelhardt
Created:
2009-09-15 17:14:40 UTC
Size:
4.28 KB
patch
obsolete
>parent 8703d9f5bfd8ded57f263fd4a1f70d121b656b03 (tevent-0-9-8-325-g8703d9f) >commit b0bfa856136db090d2df8bc9c75e0d170ace568d >Author: Jan Engelhardt <jengelh@medozas.de> >Date: Tue Sep 15 22:48:27 2009 +0200 > >s3/smbldap: add option to disable following LDAP refs > >smbd gets pretty unhappy when it sees the same user on two different >DNs, such as by having "diamond reachability" (a->b->d, a->c->d) in an >LDAP tree where smbd searches from the top of the diamond or nodes >above it. >--- > docs-xml/smbdotconf/ldap/ldapreffollow.xml | 21 ++++++++++++++++++++ > source3/lib/smbldap.c | 12 +++++++++- > source3/param/loadparm.c | 11 ++++++++++ > 3 files changed, 42 insertions(+), 2 deletions(-) > create mode 100644 docs-xml/smbdotconf/ldap/ldapreffollow.xml > >diff --git a/docs-xml/smbdotconf/ldap/ldapreffollow.xml b/docs-xml/smbdotconf/ldap/ldapreffollow.xml >new file mode 100644 >index 0000000..f059f15 >--- /dev/null >+++ b/docs-xml/smbdotconf/ldap/ldapreffollow.xml >@@ -0,0 +1,21 @@ >+<samba:parameter name="ldap ref follow" context="G" type="enum" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+ >+<description> >+ >+ <para>This option controls whether to follow LDAP referrals or not when >+ searching for entries in the LDAP database. Possible values are >+ <emphasis>on</emphasis> to enable following referrals, >+ <emphasis>off</emphasis> to disable this, and >+ <emphasis>auto</emphasis>, to use the libldap default settings. >+ libldap's choice of following referrals or not is set in >+ /etc/openldap/ldap.conf with the REFERRALS parameter as documented in >+ ldap.conf(5).</para> >+ >+</description> >+ >+<value type="default">auto</value> >+<value type="example">off</value> >+ >+</samba:parameter> >diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c >index c96801a..47b2208 100644 >--- a/source3/lib/smbldap.c >+++ b/source3/lib/smbldap.c >@@ -721,9 +721,18 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) > rc = ldap_initialize(ldap_struct, uri); > if (rc) { > DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc))); >+ return rc; > } > >- return rc; >+ if (lp_ldap_ref_follow() != Auto) { >+ rc = ldap_set_option(*ldap_struct, LDAP_OPT_REFERRALS, >+ lp_ldap_ref_follow() ? LDAP_OPT_ON : LDAP_OPT_OFF); >+ if (rc != LDAP_SUCCESS) >+ DEBUG(0, ("Failed to set LDAP_OPT_REFERRALS: %s\n", >+ ldap_err2string(rc))); >+ } >+ >+ return LDAP_SUCCESS; > #else > > /* Parse the string manually */ >@@ -774,7 +783,6 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri) > } > #endif /* HAVE_LDAP_INITIALIZE */ > >- > /* now set connection timeout */ > #ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */ > { >diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c >index b278b96..835824a 100644 >--- a/source3/param/loadparm.c >+++ b/source3/param/loadparm.c >@@ -260,6 +260,7 @@ struct global { > char *szLdapGroupSuffix; > int ldap_ssl; > bool ldap_ssl_ads; >+ int ldap_ref_follow; > char *szLdapSuffix; > char *szLdapAdminDn; > int ldap_debug_level; >@@ -3667,6 +3668,14 @@ static struct parm_struct parm_table[] = { > .flags = FLAG_ADVANCED, > }, > { >+ .label = "ldap ref follow", >+ .type = P_ENUM, >+ .p_class = P_GLOBAL, >+ .ptr = &Globals.ldap_ref_follow, >+ .enum_list = enum_bool_auto, >+ .flags = FLAG_ADVANCED, >+ }, >+ { > .label = "ldap timeout", > .type = P_INTEGER, > .p_class = P_GLOBAL, >@@ -5038,6 +5047,7 @@ static void init_globals(bool first_time_only) > Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF; > Globals.ldap_delete_dn = False; > Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */ >+ Globals.ldap_ref_follow = Auto; > Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT; > Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT; > Globals.ldap_page_size = LDAP_PAGE_SIZE; >@@ -5387,6 +5397,7 @@ FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix) > FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn) > FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl) > FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads) >+FN_GLOBAL_INTEGER(lp_ldap_ref_follow, &Globals.ldap_ref_follow) > FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync) > FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn) > FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep) >-- ># Created with git-export-patch
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4701">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6717
:
4687
| 4701