Add BINDDN user-only directive to .ldaprc

Used only for simple bind when dn == NULL and password != NULL.

doc/man/man5/ldap.conf.5

@@ -32,13 +32,24 @@ Environmental variables may also be used to augment the file based defaults.
 The name of the option is the as listed but with a prefix of \fBLDAP\fP.
 For example, to define \fBBASE\fP via the environment, define the variable
 \fBLDAPBASE\fP to desired value.
+.LP
+Some options are user\-only.  Such options are ignored if present
+in the
+.IR ldap.conf
+(or file specified by
+.BR LDAPCONF ).
 .SH OPTIONS
 The different configuration options are:
 .TP 1i
 \fBBASE <base>\fP
-Used to specify the default base dn to use when performing ldap operations.
+Used to specify the default base DN to use when performing ldap operations.
 The base must be specified as a Distinguished Name in LDAP format.
 .TP 1i
+\fBBINDDN <dn>\fP
+Used to specify the default bind DN to use when performing ldap operations.
+The bind DN must be specified as a Distinguished Name in LDAP format.
+This is a user\-only option.
+.TP 1i
 \fBHOST <name[:port] ...>\fP
 Used to specify the name(s) of an LDAP server(s) to which 
 .I ldap 

libraries/libldap/init.c

@@ -56,6 +56,8 @@ static const struct ol_attribute {
 		offsetof(struct ldapoptions, ldo_sizelimit)},
 	{0, ATTR_INT,		"TIMELIMIT",	NULL,
 		offsetof(struct ldapoptions, ldo_timelimit)},
+	{1, ATTR_STRING,	"BINDDN",		NULL,
+		offsetof(struct ldapoptions, ldo_defbinddn)},
 	{0, ATTR_STRING,	"BASE",			NULL,
 		offsetof(struct ldapoptions, ldo_defbase)},
 	{0, ATTR_INT,		"PORT",			NULL,

libraries/libldap/ldap-int.h

@@ -103,6 +103,7 @@ struct ldapoptions {
 	LDAPURLDesc *ldo_defludp;
 	int		ldo_defport;
 	char*	ldo_defbase;
+	char*	ldo_defbinddn;	/* simple bind dn */
 
 #ifdef LDAP_CONNECTIONLESS
 	int		ldo_cldaptries;	/* connectionless search retry count */
@@ -216,6 +217,7 @@ struct ldap {
 #define ld_timelimit	ld_options.ldo_timelimit
 #define ld_sizelimit	ld_options.ldo_sizelimit
 
+#define ld_defbinddn	ld_options.ldo_defbinddn
 #define ld_defbase		ld_options.ldo_defbase
 #define ld_defhost		ld_options.ldo_defhost
 #define ld_defport		ld_options.ldo_defport

libraries/libldap/sasl.c

@@ -70,15 +70,20 @@ ldap_sasl_bind(
 		return ld->ld_errno;
 	}
 
-	if( mechanism != LDAP_SASL_SIMPLE
-		&& ld->ld_version < LDAP_VERSION3)
-	{
+	if( mechanism == LDAP_SASL_SIMPLE ) {
+		if( dn == NULL && cred != NULL ) {
+			/* use default binddn */
+			dn = ld->ld_defbinddn;
+		}
+
+	} else if( ld->ld_version < LDAP_VERSION3 ) {
 		ld->ld_errno = LDAP_NOT_SUPPORTED;
 		return ld->ld_errno;
 	}
 
-	if ( dn == NULL )
+	if ( dn == NULL ) {
 		dn = "";
+	}
 
 	/* create a message to send */
 	if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {