3 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1996 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
19 * ldap_op.c - routines to perform LDAP operations
26 #include <ac/stdlib.h>
29 #include <ac/string.h>
32 #include <ac/unistd.h>
35 #include "lutil_ldap.h"
38 /* Forward references */
39 static struct berval **make_singlevalued_berval LDAP_P(( char *, int ));
40 static int op_ldap_add LDAP_P(( Ri *, Re *, char ** ));
41 static int op_ldap_modify LDAP_P(( Ri *, Re *, char ** ));
42 static int op_ldap_delete LDAP_P(( Ri *, Re *, char ** ));
43 static int op_ldap_modrdn LDAP_P(( Ri *, Re *, char ** ));
44 static LDAPMod *alloc_ldapmod LDAP_P(( void ));
45 static void free_ldapmod LDAP_P(( LDAPMod * ));
46 static void free_ldmarr LDAP_P(( LDAPMod ** ));
47 static int getmodtype LDAP_P(( char * ));
48 static void dump_ldm_array LDAP_P(( LDAPMod ** ));
49 static int do_bind LDAP_P(( Ri *, int * ));
50 static int do_unbind LDAP_P(( Ri * ));
54 * Determine the type of ldap operation being performed and call the
55 * appropriate routine.
56 * - If successful, returns DO_LDAP_OK
57 * - If a retryable error occurs, ERR_DO_LDAP_RETRYABLE is returned.
58 * The caller should wait a while and retry the operation.
59 * - If a fatal error occurs, ERR_DO_LDAP_FATAL is returned. The caller
60 * should reject the operation and continue with the next replication
75 if ( ri->ri_ldp == NULL ) {
76 lderr = do_bind( ri, &lderr );
78 if ( lderr != BIND_OK ) {
79 return DO_LDAP_ERR_RETRYABLE;
83 switch ( re->re_changetype ) {
85 lderr = op_ldap_add( ri, re, errmsg );
86 if ( lderr != LDAP_SUCCESS ) {
88 LDAP_LOG (( " ldap_op", LDAP_LEVEL_ERR, "do_ldap: "
89 "Error: ldap_add_s failed adding \"%s\": %s\n",
90 *errmsg ? *errmsg : ldap_err2string( lderr ), re->re_dn ));
92 Debug( LDAP_DEBUG_ANY,
93 "Error: ldap_add_s failed adding \"%s\": %s\n",
94 *errmsg ? *errmsg : ldap_err2string( lderr ),
101 lderr = op_ldap_modify( ri, re, errmsg );
102 if ( lderr != LDAP_SUCCESS ) {
104 LDAP_LOG (( " ldap_op", LDAP_LEVEL_ERR, "do_ldap: "
105 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
106 *errmsg ? *errmsg : ldap_err2string( lderr ), re->re_dn ));
108 Debug( LDAP_DEBUG_ANY,
109 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
110 *errmsg ? *errmsg : ldap_err2string( lderr ),
117 lderr = op_ldap_delete( ri, re, errmsg );
118 if ( lderr != LDAP_SUCCESS ) {
120 LDAP_LOG (( " ldap_op", LDAP_LEVEL_ERR, "do_ldap: "
121 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
122 *errmsg ? *errmsg : ldap_err2string( lderr ), re->re_dn ));
124 Debug( LDAP_DEBUG_ANY,
125 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
126 *errmsg ? *errmsg : ldap_err2string( lderr ),
133 lderr = op_ldap_modrdn( ri, re, errmsg );
134 if ( lderr != LDAP_SUCCESS ) {
136 LDAP_LOG (( " ldap_op", LDAP_LEVEL_ERR, "do_ldap: "
137 "Error: ldap_modrdn_s failed modifying %s: %s\n",
138 *errmsg ? *errmsg : ldap_err2string( lderr ), re->re_dn ));
140 Debug( LDAP_DEBUG_ANY,
141 "Error: ldap_modrdn_s failed modifying %s: %s\n",
142 *errmsg ? *errmsg : ldap_err2string( lderr ),
150 LDAP_LOG (( " ldap_op", LDAP_LEVEL_ERR, "do_ldap: "
151 "Error: bad op \"%d\", dn = \"%s\"\n",
152 re->re_changetype, re->re_dn ));
154 Debug( LDAP_DEBUG_ANY,
155 "Error: do_ldap: bad op \"%d\", dn = \"%s\"\n",
156 re->re_changetype, re->re_dn, 0 );
158 return DO_LDAP_ERR_FATAL;
162 * Analyze return code. If ok, just return. If LDAP_SERVER_DOWN,
163 * we may have been idle long enough that the remote slapd timed
164 * us out. Rebind and try again.
171 return DO_LDAP_ERR_FATAL;
173 case LDAP_SERVER_DOWN: /* server went down */
174 (void) do_unbind( ri );
177 } while ( retry > 0 );
179 return DO_LDAP_ERR_RETRYABLE;
185 * Perform an ldap add operation.
195 int nattrs, rc = 0, i;
196 LDAPMod *ldm, **ldmarr;
203 * Construct a null-terminated array of LDAPMod structs.
206 while ( mi[ i ].mi_type != NULL ) {
207 ldm = alloc_ldapmod();
208 ldmarr = ( LDAPMod ** ) ch_realloc( ldmarr,
209 ( nattrs + 2 ) * sizeof( LDAPMod * ));
210 ldmarr[ nattrs ] = ldm;
211 ldm->mod_op = LDAP_MOD_BVALUES;
212 ldm->mod_type = mi[ i ].mi_type;
214 make_singlevalued_berval( mi[ i ].mi_val, mi[ i ].mi_len );
219 if ( ldmarr != NULL ) {
220 ldmarr[ nattrs ] = NULL;
222 /* Perform the operation */
224 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ARGS,
225 "op_ldap_add: replica %s:%d - add dn \"%s\"\n",
226 ri->ri_hostname, ri->ri_port, re->re_dn ));
228 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - add dn \"%s\"\n",
229 ri->ri_hostname, ri->ri_port, re->re_dn );
231 rc = ldap_add_s( ri->ri_ldp, re->re_dn, ldmarr );
233 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
236 *errmsg = "No modifications to do";
238 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
239 "op_ldap_add: Error: no mods to do (%s)!\n", re->re_dn ));
241 Debug( LDAP_DEBUG_ANY,
242 "Error: op_ldap_add: no mods to do (%s)!\n", re->re_dn, 0, 0 );
245 free_ldmarr( ldmarr );
253 * Perform an ldap modify operation.
255 #define AWAITING_OP -1
264 int state; /* This code is a simple-minded state machine */
265 int nvals; /* Number of values we're modifying */
266 int nops; /* Number of LDAPMod structs in ldmarr */
267 LDAPMod *ldm = NULL, **ldmarr;
277 if ( re->re_mods == NULL ) {
278 *errmsg = "No arguments given";
280 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
281 "op_ldap_modify: Error: no arguments\n" ));
283 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modify: no arguments\n",
290 * Construct a null-terminated array of LDAPMod structs.
292 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
293 type = mi[ i ].mi_type;
294 value = mi[ i ].mi_val;
295 len = mi[ i ].mi_len;
296 switch ( getmodtype( type )) {
298 state = T_MODSEP; /* Got a separator line "-\n" */
302 ldmarr = ( LDAPMod ** )
303 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
304 ldmarr[ nops ] = ldm = alloc_ldapmod();
305 ldm->mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
306 ldm->mod_type = value;
311 state = T_MODOPREPLACE;
312 ldmarr = ( LDAPMod ** )
313 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
314 ldmarr[ nops ] = ldm = alloc_ldapmod();
315 ldm->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
316 ldm->mod_type = value;
321 state = T_MODOPDELETE;
322 ldmarr = ( LDAPMod ** )
323 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
324 ldmarr[ nops ] = ldm = alloc_ldapmod();
325 ldm->mod_op = LDAP_MOD_DELETE | LDAP_MOD_BVALUES;
326 ldm->mod_type = value;
331 if ( state == AWAITING_OP ) {
333 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
334 "op_ldap_modify: Error: unknown mod type \"%s\"\n", type ));
336 Debug( LDAP_DEBUG_ANY,
337 "Error: op_ldap_modify: unknown mod type \"%s\"\n",
346 * We should have an attribute: value pair here.
347 * Construct the mod_bvalues part of the ldapmod struct.
349 if ( strcasecmp( type, ldm->mod_type )) {
351 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
352 "op_ldap_modify: Error: "
353 "malformed modify op, %s: %s (expecting \"%s\")\n",
354 type, value, ldm->mod_type ));
356 Debug( LDAP_DEBUG_ANY,
357 "Error: malformed modify op, %s: %s (expecting %s:)\n",
358 type, value, ldm->mod_type );
362 ldm->mod_bvalues = ( struct berval ** )
363 ch_realloc( ldm->mod_bvalues,
364 ( nvals + 2 ) * sizeof( struct berval * ));
365 ldm->mod_bvalues[ nvals + 1 ] = NULL;
366 ldm->mod_bvalues[ nvals ] = ( struct berval * )
367 ch_malloc( sizeof( struct berval ));
368 ldm->mod_bvalues[ nvals ]->bv_val = value;
369 ldm->mod_bvalues[ nvals ]->bv_len = len;
373 ldmarr[ nops ] = NULL;
376 /* Actually perform the LDAP operation */
378 LDAP_LOG (( "ldap_op", LDAP_LEVEL_DETAIL1,
379 "op_ldap_modify: replica %s:%d - modify dn \"%s\"\n",
380 ri->ri_hostname, ri->ri_port, re->re_dn ));
382 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - modify dn \"%s\"\n",
383 ri->ri_hostname, ri->ri_port, re->re_dn );
385 rc = ldap_modify_s( ri->ri_ldp, re->re_dn, ldmarr );
387 free_ldmarr( ldmarr );
395 * Perform an ldap delete operation.
407 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ARGS,
408 "op_ldap_delete: replica %s:%d - delete dn \"%s\"\n",
409 ri->ri_hostname, ri->ri_port, re->re_dn ));
411 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - delete dn \"%s\"\n",
412 ri->ri_hostname, ri->ri_port, re->re_dn );
414 rc = ldap_delete_s( ri->ri_ldp, re->re_dn );
423 * Perform an ldap modrdn operation.
425 #define GOT_NEWRDN 0x1
426 #define GOT_DELOLDRDN 0x2
427 #define GOT_NEWSUP 0x4
429 #define GOT_MODDN_REQ (GOT_NEWRDN|GOT_DELOLDRDN)
430 #define GOT_ALL_MODDN(f) (((f) & GOT_MODDN_REQ) == GOT_MODDN_REQ)
447 if ( re->re_mods == NULL ) {
448 *errmsg = "No arguments given";
450 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
451 "op_ldap_modrdn: Error: no arguments\n" ));
453 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: no arguments\n",
460 * Get the arguments: should see newrdn: and deleteoldrdn: args.
462 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
463 if ( !strcmp( mi[ i ].mi_type, T_NEWRDNSTR )) {
464 if( state & GOT_NEWRDN ) {
466 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
467 "op_ldap_modrdn: Error: multiple newrdn arg \"%s\"\n",
470 Debug( LDAP_DEBUG_ANY,
471 "Error: op_ldap_modrdn: multiple newrdn arg \"%s\"\n",
472 mi[ i ].mi_val, 0, 0 );
474 *errmsg = "Multiple newrdn argument";
478 newrdn = mi[ i ].mi_val;
481 } else if ( !strcmp( mi[ i ].mi_type, T_DELOLDRDNSTR )) {
482 if( state & GOT_DELOLDRDN ) {
484 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
485 "op_ldap_modrdn: Error: multiple deleteoldrdn arg \"%s\"\n",
488 Debug( LDAP_DEBUG_ANY,
489 "Error: op_ldap_modrdn: multiple deleteoldrdn arg \"%s\"\n",
490 mi[ i ].mi_val, 0, 0 );
492 *errmsg = "Multiple newrdn argument";
496 state |= GOT_DELOLDRDN;
497 if ( !strcmp( mi[ i ].mi_val, "0" )) {
499 } else if ( !strcmp( mi[ i ].mi_val, "1" )) {
503 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
504 "op_ldap_modrdn: Error: bad deleteoldrdn arg \"%s\"\n",
507 Debug( LDAP_DEBUG_ANY,
508 "Error: op_ldap_modrdn: bad deleteoldrdn arg \"%s\"\n",
509 mi[ i ].mi_val, 0, 0 );
511 *errmsg = "Incorrect argument to deleteoldrdn";
515 } else if ( !strcmp( mi[ i ].mi_type, T_NEWSUPSTR )) {
516 if( state & GOT_NEWSUP ) {
518 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
519 "op_ldap_modrdn: Error: multiple newsuperior arg \"%s\"\n",
522 Debug( LDAP_DEBUG_ANY,
523 "Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
524 mi[ i ].mi_val, 0, 0 );
526 *errmsg = "Multiple newsuperior argument";
530 newsup = mi[ i ].mi_val;
535 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
536 "op_ldap_modrdn: Error: bad type \"%s\"\n",
539 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: bad type \"%s\"\n",
540 mi[ i ].mi_type, 0, 0 );
542 *errmsg = "Bad value in replication log entry";
548 * Punt if we don't have all the args.
550 if ( !GOT_ALL_MODDN(state) ) {
552 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
553 "op_ldap_modrdn: Error: missing arguments\n" ));
555 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: missing arguments\n",
558 *errmsg = "Missing argument: requires \"newrdn\" and \"deleteoldrdn\"";
563 if ( ldap_debug & LDAP_DEBUG_ARGS ) {
566 sprintf( buf, "%s:%d", ri->ri_hostname, ri->ri_port );
567 buf2 = (char *) ch_malloc( strlen( re->re_dn ) + strlen( mi->mi_val )
569 sprintf( buf2, "(\"%s\" -> \"%s\")", re->re_dn, mi->mi_val );
571 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ARGS,
572 "op_ldap_modrdn: replica %s - modify rdn %s (flag: %d)\n",
573 buf, buf2, drdnflag ));
575 Debug( LDAP_DEBUG_ARGS,
576 "replica %s - modify rdn %s (flag: %d)\n",
577 buf, buf2, drdnflag );
581 #endif /* LDAP_DEBUG */
586 rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, newrdn, newsup, drdnflag );
588 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
595 * Allocate and initialize an ldapmod struct.
598 alloc_ldapmod( void )
602 ldm = ( struct ldapmod * ) ch_malloc( sizeof ( struct ldapmod ));
603 ldm->mod_type = NULL;
604 ldm->mod_bvalues = ( struct berval ** ) NULL;
611 * Free an ldapmod struct associated mod_bvalues. NOTE - it is assumed
612 * that mod_bvalues and mod_type contain pointers to the same block of memory
613 * pointed to by the repl struct. Therefore, it's not freed here.
624 if ( ldm->mod_bvalues != NULL ) {
625 for ( i = 0; ldm->mod_bvalues[ i ] != NULL; i++ ) {
626 free( ldm->mod_bvalues[ i ] );
628 free( ldm->mod_bvalues );
636 * Free an an array of LDAPMod pointers and the LDAPMod structs they point
645 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
646 free_ldapmod( ldmarr[ i ] );
653 * Create a berval with a single value.
655 static struct berval **
656 make_singlevalued_berval(
662 p = ( struct berval ** ) ch_malloc( 2 * sizeof( struct berval * ));
663 p[ 0 ] = ( struct berval * ) ch_malloc( sizeof( struct berval ));
665 p[ 0 ]->bv_val = value;
666 p[ 0 ]->bv_len = len;
672 * Given a modification type (string), return an enumerated type.
673 * Avoids ugly copy in op_ldap_modify - lets us use a switch statement
680 if ( !strcmp( type, T_MODSEPSTR )) {
683 if ( !strcmp( type, T_MODOPADDSTR )) {
684 return( T_MODOPADD );
686 if ( !strcmp( type, T_MODOPREPLACESTR )) {
687 return( T_MODOPREPLACE );
689 if ( !strcmp( type, T_MODOPDELETESTR )) {
690 return( T_MODOPDELETE );
697 * Perform an LDAP unbind operation. If replica is NULL, or the
698 * repl_ldp is NULL, just return LDAP_SUCCESS. Otherwise, unbind,
699 * set the ldp to NULL, and return the result of the unbind call.
706 int rc = LDAP_SUCCESS;
708 if (( ri != NULL ) && ( ri->ri_ldp != NULL )) {
709 rc = ldap_unbind( ri->ri_ldp );
710 if ( rc != LDAP_SUCCESS ) {
712 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
713 "do_unbind: ldap_unbind failed for %s:%d: %s\n",
714 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) ));
716 Debug( LDAP_DEBUG_ANY,
717 "Error: do_unbind: ldap_unbind failed for %s:%d: %s\n",
718 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
729 * Perform an LDAP bind operation to the replication site given
730 * by replica. If replica->repl_ldp is non-NULL, then we unbind
731 * from the replica before rebinding. It should be safe to call
732 * this to re-connect if the replica's connection goes away
735 * Returns 0 on success, -1 if an LDAP error occurred, and a return
736 * code > 0 if some other error occurred, e.g. invalid bind method.
737 * If an LDAP error occurs, the LDAP error is returned in lderr.
751 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: null ri ptr\n" ));
753 Debug( LDAP_DEBUG_ANY, "Error: do_bind: null ri ptr\n", 0, 0, 0 );
755 return( BIND_ERR_BADRI );
758 if ( ri->ri_ldp != NULL ) {
759 ldrc = ldap_unbind( ri->ri_ldp );
760 if ( ldrc != LDAP_SUCCESS ) {
762 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
763 "do_bind: ldap_unbind failed: %s\n", ldap_err2string( ldrc ) ));
765 Debug( LDAP_DEBUG_ANY,
766 "Error: do_bind: ldap_unbind failed: %s\n",
767 ldap_err2string( ldrc ), 0, 0 );
774 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ARGS,
775 "do_bind: Initializing session to %s:%d\n",
776 ri->ri_hostname, ri->ri_port ));
778 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s:%d\n",
779 ri->ri_hostname, ri->ri_port, 0 );
782 ri->ri_ldp = ldap_init( ri->ri_hostname, ri->ri_port );
783 if ( ri->ri_ldp == NULL ) {
785 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR,
786 "do_bind: ldap_init (%s, %d) failed: %s\n",
787 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] ));
789 Debug( LDAP_DEBUG_ANY, "Error: ldap_init(%s, %d) failed: %s\n",
790 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
792 return( BIND_ERR_OPEN );
795 { /* set version 3 */
796 int err, version = 3;
797 err = ldap_set_option(ri->ri_ldp,
798 LDAP_OPT_PROTOCOL_VERSION, &version);
800 if( err != LDAP_OPT_SUCCESS ) {
802 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: ",
803 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
806 Debug( LDAP_DEBUG_ANY,
807 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
808 ri->ri_hostname, NULL, NULL );
811 ldap_unbind( ri->ri_ldp );
813 return BIND_ERR_VERSION;
818 * Set ldap library options to (1) not follow referrals, and
819 * (2) restart the select() system call.
823 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
825 if( err != LDAP_OPT_SUCCESS ) {
827 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: ",
828 "Error: ldap_set_option(%s, REFERRALS, OFF) failed!\n",
831 Debug( LDAP_DEBUG_ANY,
832 "Error: ldap_set_option(%s,REFERRALS, OFF) failed!\n",
833 ri->ri_hostname, NULL, NULL );
835 ldap_unbind( ri->ri_ldp );
837 return BIND_ERR_REFERRALS;
840 ldap_set_option(ri->ri_ldp, LDAP_OPT_RESTART, LDAP_OPT_ON);
844 err = ldap_start_tls_s(ri->ri_ldp, NULL, NULL);
846 if( err != LDAP_SUCCESS ) {
848 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: ",
849 "%s: ldap_start_tls failed: %s (%d)\n",
850 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
851 ldap_err2string( err ), err ));
853 Debug( LDAP_DEBUG_ANY,
854 "%s: ldap_start_tls failed: %s (%d)\n",
855 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
856 ldap_err2string( err ), err );
859 if( ri->ri_tls == TLS_CRITICAL ) {
860 ldap_unbind( ri->ri_ldp );
862 return BIND_ERR_TLS_FAILED;
867 switch ( ri->ri_bind_method ) {
870 * Bind with a plaintext password.
873 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ARGS,
874 "do_bind: bind to %s:%d as %s (simple)\n",
875 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn ));
877 Debug( LDAP_DEBUG_ARGS, "bind to %s:%d as %s (simple)\n",
878 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
880 ldrc = ldap_simple_bind_s( ri->ri_ldp, ri->ri_bind_dn,
882 if ( ldrc != LDAP_SUCCESS ) {
884 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: "
885 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
886 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) ));
888 Debug( LDAP_DEBUG_ANY,
889 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
890 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
893 ldap_unbind( ri->ri_ldp );
895 return( BIND_ERR_SIMPLE_FAILED );
901 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ARGS,
902 "do_bind: bind to %s as %s via %s (SASL)\n",
903 ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech ));
905 Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
906 ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech );
909 #ifdef HAVE_CYRUS_SASL
910 if( ri->ri_secprops != NULL ) {
912 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_X_SASL_SECPROPS,
915 if( err != LDAP_OPT_SUCCESS ) {
917 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: "
918 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
919 ri->ri_hostname, ri->ri_secprops ));
921 Debug( LDAP_DEBUG_ANY,
922 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
923 ri->ri_hostname, ri->ri_secprops, NULL );
925 ldap_unbind( ri->ri_ldp );
927 return BIND_ERR_SASL_FAILED;
932 char *passwd = ri->ri_password ? ber_strdup( ri->ri_password ) : NULL;
933 void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
934 ri->ri_realm, ri->ri_authcId, passwd, ri->ri_authzId );
936 ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
937 ri->ri_saslmech, NULL, NULL,
938 LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
939 if ( ldrc != LDAP_SUCCESS ) {
941 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: "
942 "Error: LDAP SASL for %s:%d failed: %s\n",
943 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) ));
945 Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
946 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
949 ldap_unbind( ri->ri_ldp );
951 return( BIND_ERR_SASL_FAILED );
954 ber_memfree( passwd );
955 ber_memfree( defaults );
960 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: "
961 "Error: do_bind: SASL not supported %s:%d\n",
962 ri->ri_hostname, ri->ri_port ));
964 Debug( LDAP_DEBUG_ANY,
965 "Error: do_bind: SASL not supported %s:%d\n",
966 ri->ri_hostname, ri->ri_port, NULL );
968 ldap_unbind( ri->ri_ldp );
970 return( BIND_ERR_BAD_ATYPE );
975 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: "
976 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
977 ri->ri_bind_method, ri->ri_hostname, ri->ri_port ));
979 Debug( LDAP_DEBUG_ANY,
980 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
981 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
983 ldap_unbind( ri->ri_ldp );
985 return( BIND_ERR_BAD_ATYPE );
991 LDAPControl *ctrls[2];
995 c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
996 c.ldctl_value.bv_val = NULL;
997 c.ldctl_value.bv_len = 0;
998 c.ldctl_iscritical = 0;
1000 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_SERVER_CONTROLS, &ctrls);
1002 if( err != LDAP_OPT_SUCCESS ) {
1004 LDAP_LOG (( "ldap_op", LDAP_LEVEL_ERR, "do_bind: "
1005 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1008 Debug( LDAP_DEBUG_ANY, "Error: "
1009 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1010 ri->ri_hostname, NULL, NULL );
1012 ldap_unbind( ri->ri_ldp );
1014 return BIND_ERR_MANAGEDSAIT;
1026 * For debugging. Print the contents of an ldmarr array.
1038 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
1041 LDAP_LOG (( "ldap_op", LDAP_LEVEL_INFO, "dump_ldm_array: "
1042 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1043 (long) getpid(), i ));
1044 LDAP_LOG (( "ldap_op", LDAP_LEVEL_INFO, "dump_ldm_array: "
1045 "Trace (%ld): *** ldm->mod_op: %d\n",
1046 (long) getpid(), ldm->mod_op ));
1047 LDAP_LOG (( "ldap_op", LDAP_LEVEL_INFO, "dump_ldm_array: "
1048 "Trace (%ld): *** ldm->mod_type: %s\n",
1049 (long) getpid(), ldm->mod_type ));
1051 Debug( LDAP_DEBUG_TRACE,
1052 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1053 (long) getpid(), i, 0 );
1054 Debug( LDAP_DEBUG_TRACE,
1055 "Trace (%ld): *** ldm->mod_op: %d\n",
1056 (long) getpid(), ldm->mod_op, 0 );
1057 Debug( LDAP_DEBUG_TRACE,
1058 "Trace (%ld): *** ldm->mod_type: %s\n",
1059 (long) getpid(), ldm->mod_type, 0 );
1061 if ( ldm->mod_bvalues != NULL ) {
1062 for ( j = 0; ( b = ldm->mod_bvalues[ j ] ) != NULL; j++ ) {
1063 msgbuf = ch_malloc( b->bv_len + 512 );
1064 sprintf( msgbuf, "***** bv[ %d ] len = %ld, val = <%s>",
1065 j, b->bv_len, b->bv_val );
1067 LDAP_LOG (( "ldap_op", LDAP_LEVEL_INFO, "dump_ldm_array: "
1068 "Trace (%ld):%s\n", (long) getpid(), msgbuf ));
1070 Debug( LDAP_DEBUG_TRACE,
1071 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );