2025-02-24 13:57:43 +03:00 · 2009-10-12 11:34:58 +02:00 · 2009-10-12 11:34:58 +02:00 · c5d5969e24
commit c5d5969e24
parent fa05abc8ff
3 changed files with 42 additions and 2 deletions
--- a/docs-xml/smbdotconf/ldap/ldapreffollow.xml
+++ b/docs-xml/smbdotconf/ldap/ldapreffollow.xml
@ -0,0 +1,21 @@
+<samba:parameter name="ldap ref follow" context="G" type="enum"
+	advanced="1" developer="1"
+	xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+
+<description>
+
+	<para>This option controls whether to follow LDAP referrals or not when
+	searching for entries in the LDAP database. Possible values are
+	<emphasis>on</emphasis> to enable following referrals,
+	<emphasis>off</emphasis> to disable this, and
+	<emphasis>auto</emphasis>, to use the libldap default settings.
+	libldap's choice of following referrals or not is set in
+	/etc/openldap/ldap.conf with the REFERRALS parameter as documented in
+	ldap.conf(5).</para>
+
+</description>
+
+<value type="default">auto</value>
+<value type="example">off</value>
+
+</samba:parameter>
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@ -721,9 +721,18 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
 	rc = ldap_initialize(ldap_struct, uri);
 	if (rc) {
 		DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
+		return rc;
 	}

-	return rc;
+	if (lp_ldap_ref_follow() != Auto) {
+		rc = ldap_set_option(*ldap_struct, LDAP_OPT_REFERRALS,
+		     lp_ldap_ref_follow() ? LDAP_OPT_ON : LDAP_OPT_OFF);
+		if (rc != LDAP_SUCCESS)
+			DEBUG(0, ("Failed to set LDAP_OPT_REFERRALS: %s\n",
+				ldap_err2string(rc)));
+	}
+
+	return LDAP_SUCCESS;
 #else 

 	/* Parse the string manually */
@ -774,7 +783,6 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
 	}
 #endif /* HAVE_LDAP_INITIALIZE */

-
 	/* now set connection timeout */
 #ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
 	{
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@ -260,6 +260,7 @@ struct global {
 	char *szLdapGroupSuffix;
 	int ldap_ssl;
 	bool ldap_ssl_ads;
+	int ldap_ref_follow;
 	char *szLdapSuffix;
 	char *szLdapAdminDn;
 	int ldap_debug_level;
@ -3666,6 +3667,14 @@ static struct parm_struct parm_table[] = {
 		.enum_list	= NULL,
 		.flags		= FLAG_ADVANCED,
 	},
+	{
+		.label		= "ldap ref follow",
+		.type		= P_ENUM,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.ldap_ref_follow,
+		.enum_list	= enum_bool_auto,
+		.flags		= FLAG_ADVANCED,
+	},
 	{
 		.label		= "ldap timeout",
 		.type		= P_INTEGER,
@ -5038,6 +5047,7 @@ static void init_globals(bool first_time_only)
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
+	Globals.ldap_ref_follow = Auto;
 	Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
 	Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
 	Globals.ldap_page_size = LDAP_PAGE_SIZE;
@ -5387,6 +5397,7 @@ FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
 FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
 FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
 FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads)
+FN_GLOBAL_INTEGER(lp_ldap_ref_follow, &Globals.ldap_ref_follow)
 FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
 FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
 FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)