make referrals chasing optional (default is to chase them)

2025-01-06 10:46:21 +08:00 · 2005-01-30 22:56:59 +00:00 · 2005-01-30 22:56:59 +00:00 · cfc77f0a0a
commit cfc77f0a0a
parent 14fc23c23a
4 changed files with 31 additions and 10 deletions
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@ -95,6 +95,7 @@ struct ldapinfo {
 #define LDAP_BACK_F_SAVECRED		0x01U
 #define LDAP_BACK_F_USE_TLS		0x02U
 #define LDAP_BACK_F_TLS_CRITICAL	( 0x04U | LDAP_BACK_F_USE_TLS )
+#define LDAP_BACK_F_CHASE_REFERRALS	0x8U
 	Avlnode		*conntree;

 	int		rwm_started;
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@ -241,15 +241,12 @@ ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, lda
 	 */
 	ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, (const void *)&vers );

-	/* Set LDAP version. This will always succeed: If the client
-	 * bound with a particular version, then so can we.
-	 */
-	ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
-			(const void *)&vers );
-
-	/* FIXME: configurable? */
-	ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
+	/* automatically chase referrals ("chase-referrals"/"dont-chase-referrals" statement) */
+	if ( li->flags & LDAP_BACK_F_CHASE_REFERRALS ) {
+		ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
+	}

+	/* start TLS ("start-tls"/"try-start-tls" statements) */
 	if ( ( li->flags & LDAP_BACK_F_USE_TLS )
 			&& !ldap_is_ldaps_url( li->url )
 			&& ( rs->sr_err = ldap_start_tls_s( ld, NULL, NULL ) ) != LDAP_SUCCESS )
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@ -289,12 +289,32 @@ ldap_back_db_config(
 	} else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
 		if ( argc != 1 ) {
 			fprintf( stderr,
-	"%s: line %d: rebind-as-user takes no arguments\n",
+	"%s: line %d: \"rebind-as-user\" takes no arguments\n",
 					fname, lineno );
 			return( 1 );
 		}
 		li->flags |= LDAP_BACK_F_SAVECRED;
-	
+
+	} else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
+		if ( argc != 1 ) {
+			fprintf( stderr,
+	"%s: line %d: \"chase-referrals\" takes no arguments\n",
+					fname, lineno );
+			return( 1 );
+		}
+
+		li->flags |= LDAP_BACK_F_CHASE_REFERRALS;
+
+	} else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
+		if ( argc != 1 ) {
+			fprintf( stderr,
+	"%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
+					fname, lineno );
+			return( 1 );
+		}
+
+		li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
+
 	/* intercept exop_who_am_i? */
 	} else if ( strcasecmp( argv[0], "proxy-whoami" ) == 0 ) {
 		if ( argc != 1 ) {
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@ -109,6 +109,9 @@ ldap_back_db_init( Backend *be )
 	/* by default, use proxyAuthz control on each operation */
 	li->idassert_flags = LDAP_BACK_AUTH_NONE;

+	/* initialize flags */
+	li->flags = LDAP_BACK_F_CHASE_REFERRALS;
+
 	ldap_pvt_thread_mutex_init( &li->conn_mutex );

 	be->be_private = li;