ASF Bugzilla – Attachment 20053 Details for
Bug 26538
windows 2003 active directory - [ldap_search_ext_s() for user failed][Referral]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
A code patch to add support for turning on and off referral following
referrals.patch (text/plain), 8.40 KB, created by
Aaron Siri
on 2007-04-26 07:54:09 UTC
(
hide
)
Description:
A code patch to add support for turning on and off referral following
Filename:
MIME Type:
Creator:
Aaron Siri
Created:
2007-04-26 07:54:09 UTC
Size:
8.40 KB
patch
obsolete
>Index: modules/ldap/util_ldap.c >=================================================================== >--- modules/ldap/util_ldap.c (revision 532468) >+++ modules/ldap/util_ldap.c (working copy) >@@ -275,6 +275,9 @@ > /* Set the alias dereferencing option */ > ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref)); > >+ /* Set follow referrals */ >+ ldap_set_option(ldc->ldap, LDAP_OPT_REFERRALS, ((ldc->follow_referrals == 0) ? (void *)LDAP_OPT_OFF : (void *)LDAP_OPT_ON)); >+ > /*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */ > #ifdef APR_LDAP_OPT_VERIFY_CERT > apr_ldap_set_option(ldc->pool, ldc->ldap, >@@ -448,7 +451,8 @@ > uldap_connection_find(request_rec *r, > const char *host, int port, > const char *binddn, const char *bindpw, >- deref_options deref, int secure) >+ deref_options deref, int follow_referrals, >+ int secure) > { > struct util_ldap_connection_t *l, *p; /* To traverse the linked list */ > int secureflag = secure; >@@ -479,7 +483,8 @@ > && !strcmp(l->binddn, binddn))) > && ((!l->bindpw && !bindpw) || (l->bindpw && bindpw > && !strcmp(l->bindpw, bindpw))) >- && (l->deref == deref) && (l->secure == secureflag) >+ && (l->deref == deref) && (l->follow_referrals == follow_referrals) >+ && (l->secure == secureflag) > && !compare_client_certs(st->client_certs, l->client_certs)) > { > break; >@@ -504,7 +509,9 @@ > > #endif > if ((l->port == port) && (strcmp(l->host, host) == 0) && >- (l->deref == deref) && (l->secure == secureflag) && >+ (l->deref == deref) && >+ (l->follow_referrals == follow_referrals) && >+ (l->secure == secureflag) && > !compare_client_certs(st->client_certs, l->client_certs)) > { > /* the bind credentials have changed */ >@@ -548,6 +555,7 @@ > l->host = apr_pstrdup(st->pool, host); > l->port = port; > l->deref = deref; >+ l->follow_referrals = follow_referrals; > util_ldap_strdup((char**)&(l->binddn), binddn); > util_ldap_strdup((char**)&(l->bindpw), bindpw); > >Index: modules/aaa/mod_authnz_ldap.c >=================================================================== >--- modules/aaa/mod_authnz_ldap.c (revision 532468) >+++ modules/aaa/mod_authnz_ldap.c (working copy) >@@ -61,6 +61,7 @@ > char *binddn; /* DN to bind to server (can be NULL) */ > char *bindpw; /* Password to bind to server (can be NULL) */ > >+ int follow_referrals; /* If true, referrals will be followed */ > int user_is_dn; /* If true, connection->user is DN instead of userid */ > char *remote_user_attribute; /* If set, connection->user is this attribute instead of userid */ > int compare_dn_on_server; /* If true, will use server to do DN compare */ >@@ -292,6 +293,7 @@ > sec->binddn = NULL; > sec->bindpw = NULL; > sec->deref = always; >+ sec->follow_referrals = 1; > sec->group_attrib_is_dn = 1; > sec->secure = -1; /*Initialize to unset*/ > >@@ -357,7 +359,7 @@ > if (sec->host) { > ldc = util_ldap_connection_find(r, sec->host, sec->port, > sec->binddn, sec->bindpw, sec->deref, >- sec->secure); >+ sec->follow_referrals, sec->secure); > } > else { > ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, >@@ -495,7 +497,7 @@ > if (sec->host) { > ldc = util_ldap_connection_find(r, sec->host, sec->port, > sec->binddn, sec->bindpw, sec->deref, >- sec->secure); >+ sec->follow_referrals, sec->secure); > apr_pool_cleanup_register(r->pool, ldc, > authnz_ldap_cleanup_connection_close, > apr_pool_cleanup_null); >@@ -625,7 +627,7 @@ > if (sec->host) { > ldc = util_ldap_connection_find(r, sec->host, sec->port, > sec->binddn, sec->bindpw, sec->deref, >- sec->secure); >+ sec->follow_referrals, sec->secure); > apr_pool_cleanup_register(r->pool, ldc, > authnz_ldap_cleanup_connection_close, > apr_pool_cleanup_null); >@@ -773,7 +775,7 @@ > if (sec->host) { > ldc = util_ldap_connection_find(r, sec->host, sec->port, > sec->binddn, sec->bindpw, sec->deref, >- sec->secure); >+ sec->follow_referrals, sec->secure); > apr_pool_cleanup_register(r->pool, ldc, > authnz_ldap_cleanup_connection_close, > apr_pool_cleanup_null); >@@ -880,7 +882,7 @@ > if (sec->host) { > ldc = util_ldap_connection_find(r, sec->host, sec->port, > sec->binddn, sec->bindpw, sec->deref, >- sec->secure); >+ sec->follow_referrals, sec->secure); > apr_pool_cleanup_register(r->pool, ldc, > authnz_ldap_cleanup_connection_close, > apr_pool_cleanup_null); >@@ -992,7 +994,7 @@ > if (sec->host) { > ldc = util_ldap_connection_find(r, sec->host, sec->port, > sec->binddn, sec->bindpw, sec->deref, >- sec->secure); >+ sec->follow_referrals, sec->secure); > apr_pool_cleanup_register(r->pool, ldc, > authnz_ldap_cleanup_connection_close, > apr_pool_cleanup_null); >@@ -1335,6 +1337,11 @@ > "subsequent group comparisons. If set to 'off', auth_ldap uses the string" > "provided by the client directly. Defaults to 'on'."), > >+ AP_INIT_FLAG("AuthLDAPFollowReferrals", ap_set_flag_slot, >+ (void *)APR_OFFSETOF(authn_ldap_config_t, follow_referrals), OR_AUTHCFG, >+ "Set to 'on' to cause auth_ldap to follow referrals. Set it to 'off'" >+ "to prevent referrals from being followed. Defaults to 'on'."), >+ > AP_INIT_TAKE1("AuthLDAPDereferenceAliases", mod_auth_ldap_set_deref, NULL, OR_AUTHCFG, > "Determines how aliases are handled during a search. Can bo one of the" > "values \"never\", \"searching\", \"finding\", or \"always\". " >Index: include/util_ldap.h >=================================================================== >--- include/util_ldap.h (revision 532468) >+++ include/util_ldap.h (working copy) >@@ -97,6 +97,7 @@ > const char *binddn; /* DN to bind to server (can be NULL) */ > const char *bindpw; /* Password to bind to server (can be NULL) */ > >+ int follow_referrals; /* If true, referrals will be followed */ > int secure; /* SSL/TLS mode of the connection */ > apr_array_header_t *client_certs; /* Client certificates on this connection */ > >@@ -196,6 +197,7 @@ > * @param binddn The DN to bind with > * @param bindpw The password to bind with > * @param deref The dereferencing behavior >+ * @param follow_referrals Referral following behavior > * @param secure use SSL on the connection > * @tip Once a connection is found and returned, a lock will be acquired to > * lock that particular connection, so that another thread does not try and >@@ -206,7 +208,7 @@ > * int netscapessl, int starttls) > */ > APR_DECLARE_OPTIONAL_FN(util_ldap_connection_t *,uldap_connection_find,(request_rec *r, const char *host, int port, >- const char *binddn, const char *bindpw, deref_options deref, >+ const char *binddn, const char *bindpw, deref_options deref, int follow_referrals, > int secure)); > > /**
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=20053">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 26538
:
19154
|
20053
|
20522
|
20523
|
21222
|
21578
|
21579