mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-24 13:24:56 +08:00
more on ITS#3396: note that the filter is mandatory, and that the protocol must be ldap://
This commit is contained in:
parent
227961178e
commit
184fc4878a
@ -357,16 +357,21 @@ string, e.g.
|
||||
.B UID=$1,OU=Accounts,DC=example,DC=com
|
||||
|
||||
.RE
|
||||
The replaced name can be either a DN or an LDAP URI. If the
|
||||
latter, the server will use the URI to search its own database(s)
|
||||
The replaced name can be either a DN, i.e. a string prefixed by "dn:",
|
||||
or an LDAP URI.
|
||||
If the latter, the server will use the URI to search its own database(s)
|
||||
and, if the search returns exactly one entry, the name is
|
||||
replaced by the DN of that entry. The LDAP URI must have no
|
||||
hostport, attrs, or extensions components, e.g.
|
||||
hostport, attrs, or extensions components, but the filter is mandatory,
|
||||
e.g.
|
||||
.RS
|
||||
.TP
|
||||
.B ldap:///OU=Accounts,DC=example,DC=com??one?(UID=$1)
|
||||
|
||||
.RE
|
||||
The protocol portion of the URI must be strictly
|
||||
.BR ldap .
|
||||
|
||||
Multiple
|
||||
.B authz-regexp
|
||||
options can be given in the configuration file to allow for multiple matching
|
||||
|
@ -409,7 +409,17 @@ is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
|
||||
* <filter> must pass str2filter()
|
||||
*/
|
||||
rc = ldap_url_parse( uri->bv_val, &ludp );
|
||||
if ( rc == LDAP_URL_ERR_BADSCHEME ) {
|
||||
switch ( rc ) {
|
||||
case LDAP_URL_SUCCESS:
|
||||
if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
|
||||
/*
|
||||
* must be ldap:///
|
||||
*/
|
||||
return LDAP_PROTOCOL_ERROR;
|
||||
}
|
||||
break;
|
||||
|
||||
case LDAP_URL_ERR_BADSCHEME:
|
||||
/*
|
||||
* last chance: assume it's a(n exact) DN ...
|
||||
*
|
||||
@ -418,13 +428,12 @@ is_dn: bv.bv_len = uri->bv_len - (bv.bv_val - uri->bv_val);
|
||||
bv.bv_val = uri->bv_val;
|
||||
*scope = LDAP_X_SCOPE_EXACT;
|
||||
goto is_dn;
|
||||
}
|
||||
|
||||
if ( rc != LDAP_URL_SUCCESS ) {
|
||||
default:
|
||||
return LDAP_PROTOCOL_ERROR;
|
||||
}
|
||||
|
||||
if (( ludp->lud_host && *ludp->lud_host )
|
||||
if ( ( ludp->lud_host && *ludp->lud_host )
|
||||
|| ludp->lud_attrs || ludp->lud_exts )
|
||||
{
|
||||
/* host part must be empty */
|
||||
|
Loading…
Reference in New Issue
Block a user