From ab7c49096057d17c929ff3681edf41f07a29e782 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 17 Dec 1999 03:27:16 +0000 Subject: [PATCH] Add BINDDN user-only directive to .ldaprc Used only for simple bind when dn == NULL and password != NULL. --- doc/man/man5/ldap.conf.5 | 13 ++++++++++++- libraries/libldap/init.c | 2 ++ libraries/libldap/ldap-int.h | 2 ++ libraries/libldap/sasl.c | 13 +++++++++---- 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5 index b046aca3d9..29131cce14 100644 --- a/doc/man/man5/ldap.conf.5 +++ b/doc/man/man5/ldap.conf.5 @@ -32,13 +32,24 @@ Environmental variables may also be used to augment the file based defaults. The name of the option is the as listed but with a prefix of \fBLDAP\fP. For example, to define \fBBASE\fP via the environment, define the variable \fBLDAPBASE\fP to desired value. +.LP +Some options are user\-only. Such options are ignored if present +in the +.IR ldap.conf +(or file specified by +.BR LDAPCONF ). .SH OPTIONS The different configuration options are: .TP 1i \fBBASE \fP -Used to specify the default base dn to use when performing ldap operations. +Used to specify the default base DN to use when performing ldap operations. The base must be specified as a Distinguished Name in LDAP format. .TP 1i +\fBBINDDN \fP +Used to specify the default bind DN to use when performing ldap operations. +The bind DN must be specified as a Distinguished Name in LDAP format. +This is a user\-only option. +.TP 1i \fBHOST \fP Used to specify the name(s) of an LDAP server(s) to which .I ldap diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c index 46bae1239f..e7a8f0174b 100644 --- a/libraries/libldap/init.c +++ b/libraries/libldap/init.c @@ -56,6 +56,8 @@ static const struct ol_attribute { offsetof(struct ldapoptions, ldo_sizelimit)}, {0, ATTR_INT, "TIMELIMIT", NULL, offsetof(struct ldapoptions, ldo_timelimit)}, + {1, ATTR_STRING, "BINDDN", NULL, + offsetof(struct ldapoptions, ldo_defbinddn)}, {0, ATTR_STRING, "BASE", NULL, offsetof(struct ldapoptions, ldo_defbase)}, {0, ATTR_INT, "PORT", NULL, diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index 396ba3ef7e..04c1b3147f 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -103,6 +103,7 @@ struct ldapoptions { LDAPURLDesc *ldo_defludp; int ldo_defport; char* ldo_defbase; + char* ldo_defbinddn; /* simple bind dn */ #ifdef LDAP_CONNECTIONLESS int ldo_cldaptries; /* connectionless search retry count */ @@ -216,6 +217,7 @@ struct ldap { #define ld_timelimit ld_options.ldo_timelimit #define ld_sizelimit ld_options.ldo_sizelimit +#define ld_defbinddn ld_options.ldo_defbinddn #define ld_defbase ld_options.ldo_defbase #define ld_defhost ld_options.ldo_defhost #define ld_defport ld_options.ldo_defport diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c index d3ae344f78..28e36768b3 100644 --- a/libraries/libldap/sasl.c +++ b/libraries/libldap/sasl.c @@ -70,15 +70,20 @@ ldap_sasl_bind( return ld->ld_errno; } - if( mechanism != LDAP_SASL_SIMPLE - && ld->ld_version < LDAP_VERSION3) - { + if( mechanism == LDAP_SASL_SIMPLE ) { + if( dn == NULL && cred != NULL ) { + /* use default binddn */ + dn = ld->ld_defbinddn; + } + + } else if( ld->ld_version < LDAP_VERSION3 ) { ld->ld_errno = LDAP_NOT_SUPPORTED; return ld->ld_errno; } - if ( dn == NULL ) + if ( dn == NULL ) { dn = ""; + } /* create a message to send */ if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {