3 * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
7 * Copyright (c) 1996 Regents of the University of Michigan.
10 * Redistribution and use in source and binary forms are permitted
11 * provided that this notice is preserved and that due credit is given
12 * to the University of Michigan at Ann Arbor. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission. This software
15 * is provided ``as is'' without express or implied warranty.
19 * ldap_op.c - routines to perform LDAP operations
26 #include <ac/stdlib.h>
29 #include <ac/string.h>
32 #include <ac/unistd.h>
35 #include "lutil_ldap.h"
38 /* Forward references */
39 static struct berval **make_singlevalued_berval LDAP_P(( char *, int ));
40 static int op_ldap_add LDAP_P(( Ri *, Re *, char ** ));
41 static int op_ldap_modify LDAP_P(( Ri *, Re *, char ** ));
42 static int op_ldap_delete LDAP_P(( Ri *, Re *, char ** ));
43 static int op_ldap_modrdn LDAP_P(( Ri *, Re *, char ** ));
44 static LDAPMod *alloc_ldapmod LDAP_P(( void ));
45 static void free_ldapmod LDAP_P(( LDAPMod * ));
46 static void free_ldmarr LDAP_P(( LDAPMod ** ));
47 static int getmodtype LDAP_P(( char * ));
48 static void dump_ldm_array LDAP_P(( LDAPMod ** ));
49 static int do_bind LDAP_P(( Ri *, int * ));
50 static int do_unbind LDAP_P(( Ri * ));
54 * Determine the type of ldap operation being performed and call the
55 * appropriate routine.
56 * - If successful, returns DO_LDAP_OK
57 * - If a retryable error occurs, ERR_DO_LDAP_RETRYABLE is returned.
58 * The caller should wait a while and retry the operation.
59 * - If a fatal error occurs, ERR_DO_LDAP_FATAL is returned. The caller
60 * should reject the operation and continue with the next replication
75 if ( ri->ri_ldp == NULL ) {
76 lderr = do_bind( ri, &lderr );
78 if ( lderr != BIND_OK ) {
79 return DO_LDAP_ERR_RETRYABLE;
83 switch ( re->re_changetype ) {
85 lderr = op_ldap_add( ri, re, errmsg );
86 if ( lderr != LDAP_SUCCESS ) {
88 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
89 "Error: ldap_add_s failed adding \"%s\": %s\n",
90 *errmsg ? *errmsg : ldap_err2string( lderr ),
93 Debug( LDAP_DEBUG_ANY,
94 "Error: ldap_add_s failed adding \"%s\": %s\n",
95 *errmsg ? *errmsg : ldap_err2string( lderr ),
102 lderr = op_ldap_modify( ri, re, errmsg );
103 if ( lderr != LDAP_SUCCESS ) {
105 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
106 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
107 *errmsg ? *errmsg : ldap_err2string( lderr ),
110 Debug( LDAP_DEBUG_ANY,
111 "Error: ldap_modify_s failed modifying \"%s\": %s\n",
112 *errmsg ? *errmsg : ldap_err2string( lderr ),
119 lderr = op_ldap_delete( ri, re, errmsg );
120 if ( lderr != LDAP_SUCCESS ) {
122 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
123 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
124 *errmsg ? *errmsg : ldap_err2string( lderr ),
127 Debug( LDAP_DEBUG_ANY,
128 "Error: ldap_delete_s failed deleting \"%s\": %s\n",
129 *errmsg ? *errmsg : ldap_err2string( lderr ),
136 lderr = op_ldap_modrdn( ri, re, errmsg );
137 if ( lderr != LDAP_SUCCESS ) {
139 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
140 "Error: ldap_modrdn_s failed modifying %s: %s\n",
141 *errmsg ? *errmsg : ldap_err2string( lderr ),
144 Debug( LDAP_DEBUG_ANY,
145 "Error: ldap_modrdn_s failed modifying %s: %s\n",
146 *errmsg ? *errmsg : ldap_err2string( lderr ),
154 LDAP_LOG ( OPERATION, ERR, "do_ldap: "
155 "Error: bad op \"%d\", dn = \"%s\"\n",
156 re->re_changetype, re->re_dn, 0 );
158 Debug( LDAP_DEBUG_ANY,
159 "Error: do_ldap: bad op \"%d\", dn = \"%s\"\n",
160 re->re_changetype, re->re_dn, 0 );
162 return DO_LDAP_ERR_FATAL;
166 * Analyze return code. If ok, just return. If LDAP_SERVER_DOWN,
167 * we may have been idle long enough that the remote slapd timed
168 * us out. Rebind and try again.
175 return DO_LDAP_ERR_FATAL;
177 case LDAP_SERVER_DOWN: /* server went down */
178 (void) do_unbind( ri );
181 } while ( retry > 0 );
183 return DO_LDAP_ERR_RETRYABLE;
189 * Perform an ldap add operation.
199 int nattrs, rc = 0, i;
200 LDAPMod *ldm, **ldmarr;
207 * Construct a null-terminated array of LDAPMod structs.
210 while ( mi[ i ].mi_type != NULL ) {
211 ldm = alloc_ldapmod();
212 ldmarr = ( LDAPMod ** ) ch_realloc( ldmarr,
213 ( nattrs + 2 ) * sizeof( LDAPMod * ));
214 ldmarr[ nattrs ] = ldm;
215 ldm->mod_op = LDAP_MOD_BVALUES;
216 ldm->mod_type = mi[ i ].mi_type;
218 make_singlevalued_berval( mi[ i ].mi_val, mi[ i ].mi_len );
223 if ( ldmarr != NULL ) {
224 ldmarr[ nattrs ] = NULL;
226 /* Perform the operation */
228 LDAP_LOG ( OPERATION, ARGS,
229 "op_ldap_add: replica %s:%d - add dn \"%s\"\n",
230 ri->ri_hostname, ri->ri_port, re->re_dn );
232 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - add dn \"%s\"\n",
233 ri->ri_hostname, ri->ri_port, re->re_dn );
235 rc = ldap_add_s( ri->ri_ldp, re->re_dn, ldmarr );
237 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
240 *errmsg = "No modifications to do";
242 LDAP_LOG ( OPERATION, ERR,
243 "op_ldap_add: Error: no mods to do (%s)!\n", re->re_dn, 0, 0 );
245 Debug( LDAP_DEBUG_ANY,
246 "Error: op_ldap_add: no mods to do (%s)!\n", re->re_dn, 0, 0 );
249 free_ldmarr( ldmarr );
257 * Perform an ldap modify operation.
259 #define AWAITING_OP -1
268 int state; /* This code is a simple-minded state machine */
269 int nvals; /* Number of values we're modifying */
270 int nops; /* Number of LDAPMod structs in ldmarr */
271 LDAPMod *ldm = NULL, **ldmarr;
281 if ( re->re_mods == NULL ) {
282 *errmsg = "No arguments given";
284 LDAP_LOG ( OPERATION, ERR,
285 "op_ldap_modify: Error: no arguments\n" , 0, 0, 0 );
287 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modify: no arguments\n",
294 * Construct a null-terminated array of LDAPMod structs.
296 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
297 type = mi[ i ].mi_type;
298 value = mi[ i ].mi_val;
299 len = mi[ i ].mi_len;
300 switch ( getmodtype( type )) {
302 state = T_MODSEP; /* Got a separator line "-\n" */
306 ldmarr = ( LDAPMod ** )
307 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
308 ldmarr[ nops ] = ldm = alloc_ldapmod();
309 ldm->mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
310 ldm->mod_type = value;
315 state = T_MODOPREPLACE;
316 ldmarr = ( LDAPMod ** )
317 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
318 ldmarr[ nops ] = ldm = alloc_ldapmod();
319 ldm->mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
320 ldm->mod_type = value;
325 state = T_MODOPDELETE;
326 ldmarr = ( LDAPMod ** )
327 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
328 ldmarr[ nops ] = ldm = alloc_ldapmod();
329 ldm->mod_op = LDAP_MOD_DELETE | LDAP_MOD_BVALUES;
330 ldm->mod_type = value;
334 case T_MODOPINCREMENT:
335 state = T_MODOPINCREMENT;
336 ldmarr = ( LDAPMod ** )
337 ch_realloc(ldmarr, (( nops + 2 ) * ( sizeof( LDAPMod * ))));
338 ldmarr[ nops ] = ldm = alloc_ldapmod();
339 ldm->mod_op = LDAP_MOD_INCREMENT | LDAP_MOD_BVALUES;
340 ldm->mod_type = value;
345 if ( state == AWAITING_OP ) {
347 LDAP_LOG ( OPERATION, ERR,
348 "op_ldap_modify: Error: unknown mod type \"%s\"\n", type, 0, 0 );
350 Debug( LDAP_DEBUG_ANY,
351 "Error: op_ldap_modify: unknown mod type \"%s\"\n",
360 * We should have an attribute: value pair here.
361 * Construct the mod_bvalues part of the ldapmod struct.
363 if ( strcasecmp( type, ldm->mod_type )) {
365 LDAP_LOG ( OPERATION, ERR,
366 "op_ldap_modify: Error: "
367 "malformed modify op, %s: %s (expecting \"%s\")\n",
368 type, value, ldm->mod_type );
370 Debug( LDAP_DEBUG_ANY,
371 "Error: malformed modify op, %s: %s (expecting %s:)\n",
372 type, value, ldm->mod_type );
376 ldm->mod_bvalues = ( struct berval ** )
377 ch_realloc( ldm->mod_bvalues,
378 ( nvals + 2 ) * sizeof( struct berval * ));
379 ldm->mod_bvalues[ nvals + 1 ] = NULL;
380 ldm->mod_bvalues[ nvals ] = ( struct berval * )
381 ch_malloc( sizeof( struct berval ));
382 ldm->mod_bvalues[ nvals ]->bv_val = value;
383 ldm->mod_bvalues[ nvals ]->bv_len = len;
387 ldmarr[ nops ] = NULL;
390 /* Actually perform the LDAP operation */
392 LDAP_LOG ( OPERATION, DETAIL1,
393 "op_ldap_modify: replica %s:%d - modify dn \"%s\"\n",
394 ri->ri_hostname, ri->ri_port, re->re_dn );
396 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - modify dn \"%s\"\n",
397 ri->ri_hostname, ri->ri_port, re->re_dn );
399 rc = ldap_modify_s( ri->ri_ldp, re->re_dn, ldmarr );
401 free_ldmarr( ldmarr );
409 * Perform an ldap delete operation.
421 LDAP_LOG ( OPERATION, ARGS,
422 "op_ldap_delete: replica %s:%d - delete dn \"%s\"\n",
423 ri->ri_hostname, ri->ri_port, re->re_dn );
425 Debug( LDAP_DEBUG_ARGS, "replica %s:%d - delete dn \"%s\"\n",
426 ri->ri_hostname, ri->ri_port, re->re_dn );
428 rc = ldap_delete_s( ri->ri_ldp, re->re_dn );
437 * Perform an ldap modrdn operation.
439 #define GOT_NEWRDN 0x1
440 #define GOT_DELOLDRDN 0x2
441 #define GOT_NEWSUP 0x4
443 #define GOT_MODDN_REQ (GOT_NEWRDN|GOT_DELOLDRDN)
444 #define GOT_ALL_MODDN(f) (((f) & GOT_MODDN_REQ) == GOT_MODDN_REQ)
461 if ( re->re_mods == NULL ) {
462 *errmsg = "No arguments given";
464 LDAP_LOG ( OPERATION, ERR,
465 "op_ldap_modrdn: Error: no arguments\n" , 0, 0, 0 );
467 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: no arguments\n",
474 * Get the arguments: should see newrdn: and deleteoldrdn: args.
476 for ( mi = re->re_mods, i = 0; mi[ i ].mi_type != NULL; i++ ) {
477 if ( !strcmp( mi[ i ].mi_type, T_NEWRDNSTR )) {
478 if( state & GOT_NEWRDN ) {
480 LDAP_LOG ( OPERATION, ERR,
481 "op_ldap_modrdn: Error: multiple newrdn arg \"%s\"\n",
482 mi[ i ].mi_val, 0, 0 );
484 Debug( LDAP_DEBUG_ANY,
485 "Error: op_ldap_modrdn: multiple newrdn arg \"%s\"\n",
486 mi[ i ].mi_val, 0, 0 );
488 *errmsg = "Multiple newrdn argument";
492 newrdn = mi[ i ].mi_val;
495 } else if ( !strcmp( mi[ i ].mi_type, T_DELOLDRDNSTR )) {
496 if( state & GOT_DELOLDRDN ) {
498 LDAP_LOG ( OPERATION, ERR,
499 "op_ldap_modrdn: Error: multiple deleteoldrdn arg \"%s\"\n",
500 mi[ i ].mi_val, 0, 0 );
502 Debug( LDAP_DEBUG_ANY,
503 "Error: op_ldap_modrdn: multiple deleteoldrdn arg \"%s\"\n",
504 mi[ i ].mi_val, 0, 0 );
506 *errmsg = "Multiple newrdn argument";
510 state |= GOT_DELOLDRDN;
511 if ( !strcmp( mi[ i ].mi_val, "0" )) {
513 } else if ( !strcmp( mi[ i ].mi_val, "1" )) {
517 LDAP_LOG ( OPERATION, ERR,
518 "op_ldap_modrdn: Error: bad deleteoldrdn arg \"%s\"\n",
519 mi[ i ].mi_val, 0, 0 );
521 Debug( LDAP_DEBUG_ANY,
522 "Error: op_ldap_modrdn: bad deleteoldrdn arg \"%s\"\n",
523 mi[ i ].mi_val, 0, 0 );
525 *errmsg = "Incorrect argument to deleteoldrdn";
529 } else if ( !strcmp( mi[ i ].mi_type, T_NEWSUPSTR )) {
530 if( state & GOT_NEWSUP ) {
532 LDAP_LOG ( OPERATION, ERR,
533 "op_ldap_modrdn: Error: multiple newsuperior arg \"%s\"\n",
534 mi[ i ].mi_val, 0, 0 );
536 Debug( LDAP_DEBUG_ANY,
537 "Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
538 mi[ i ].mi_val, 0, 0 );
540 *errmsg = "Multiple newsuperior argument";
544 newsup = mi[ i ].mi_val;
549 LDAP_LOG ( OPERATION, ERR,
550 "op_ldap_modrdn: Error: bad type \"%s\"\n",
551 mi[ i ].mi_type, 0, 0 );
553 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: bad type \"%s\"\n",
554 mi[ i ].mi_type, 0, 0 );
556 *errmsg = "Bad value in replication log entry";
562 * Punt if we don't have all the args.
564 if ( !GOT_ALL_MODDN(state) ) {
566 LDAP_LOG ( OPERATION, ERR,
567 "op_ldap_modrdn: Error: missing arguments\n" , 0, 0, 0 );
569 Debug( LDAP_DEBUG_ANY, "Error: op_ldap_modrdn: missing arguments\n",
572 *errmsg = "Missing argument: requires \"newrdn\" and \"deleteoldrdn\"";
577 if ( ldap_debug & LDAP_DEBUG_ARGS ) {
580 int buf2len = strlen( re->re_dn ) + strlen( mi->mi_val ) + 11;
582 snprintf( buf, sizeof(buf), "%s:%d", ri->ri_hostname, ri->ri_port );
584 buf2 = (char *) ch_malloc( buf2len );
585 snprintf( buf2, buf2len, "(\"%s\" -> \"%s\")", re->re_dn, mi->mi_val );
588 LDAP_LOG ( OPERATION, ARGS,
589 "op_ldap_modrdn: replica %s - modify rdn %s (flag: %d)\n",
590 buf, buf2, drdnflag );
592 Debug( LDAP_DEBUG_ARGS,
593 "replica %s - modify rdn %s (flag: %d)\n",
594 buf, buf2, drdnflag );
598 #endif /* LDAP_DEBUG */
603 rc = ldap_rename2_s( ri->ri_ldp, re->re_dn, newrdn, newsup, drdnflag );
605 ldap_get_option( ri->ri_ldp, LDAP_OPT_ERROR_NUMBER, &lderr);
612 * Allocate and initialize an ldapmod struct.
615 alloc_ldapmod( void )
619 ldm = ( struct ldapmod * ) ch_malloc( sizeof ( struct ldapmod ));
620 ldm->mod_type = NULL;
621 ldm->mod_bvalues = ( struct berval ** ) NULL;
628 * Free an ldapmod struct associated mod_bvalues. NOTE - it is assumed
629 * that mod_bvalues and mod_type contain pointers to the same block of memory
630 * pointed to by the repl struct. Therefore, it's not freed here.
641 if ( ldm->mod_bvalues != NULL ) {
642 for ( i = 0; ldm->mod_bvalues[ i ] != NULL; i++ ) {
643 free( ldm->mod_bvalues[ i ] );
645 free( ldm->mod_bvalues );
653 * Free an an array of LDAPMod pointers and the LDAPMod structs they point
662 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
663 free_ldapmod( ldmarr[ i ] );
670 * Create a berval with a single value.
672 static struct berval **
673 make_singlevalued_berval(
679 p = ( struct berval ** ) ch_malloc( 2 * sizeof( struct berval * ));
680 p[ 0 ] = ( struct berval * ) ch_malloc( sizeof( struct berval ));
682 p[ 0 ]->bv_val = value;
683 p[ 0 ]->bv_len = len;
689 * Given a modification type (string), return an enumerated type.
690 * Avoids ugly copy in op_ldap_modify - lets us use a switch statement
697 if ( !strcmp( type, T_MODSEPSTR )) {
700 if ( !strcmp( type, T_MODOPADDSTR )) {
701 return( T_MODOPADD );
703 if ( !strcmp( type, T_MODOPREPLACESTR )) {
704 return( T_MODOPREPLACE );
706 if ( !strcmp( type, T_MODOPDELETESTR )) {
707 return( T_MODOPDELETE );
709 if ( !strcmp( type, T_MODOPINCREMENTSTR )) {
710 return( T_MODOPINCREMENT );
717 * Perform an LDAP unbind operation. If replica is NULL, or the
718 * repl_ldp is NULL, just return LDAP_SUCCESS. Otherwise, unbind,
719 * set the ldp to NULL, and return the result of the unbind call.
726 int rc = LDAP_SUCCESS;
728 if (( ri != NULL ) && ( ri->ri_ldp != NULL )) {
729 rc = ldap_unbind( ri->ri_ldp );
730 if ( rc != LDAP_SUCCESS ) {
732 LDAP_LOG ( OPERATION, ERR,
733 "do_unbind: ldap_unbind failed for %s:%d: %s\n",
734 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
736 Debug( LDAP_DEBUG_ANY,
737 "Error: do_unbind: ldap_unbind failed for %s:%d: %s\n",
738 ri->ri_hostname, ri->ri_port, ldap_err2string( rc ) );
749 * Perform an LDAP bind operation to the replication site given
750 * by replica. If replica->repl_ldp is non-NULL, then we unbind
751 * from the replica before rebinding. It should be safe to call
752 * this to re-connect if the replica's connection goes away
755 * Returns 0 on success, -1 if an LDAP error occurred, and a return
756 * code > 0 if some other error occurred, e.g. invalid bind method.
757 * If an LDAP error occurs, the LDAP error is returned in lderr.
766 int do_tls = ri->ri_tls;
772 LDAP_LOG ( OPERATION, ERR, "do_bind: null ri ptr\n" , 0, 0, 0 );
774 Debug( LDAP_DEBUG_ANY, "Error: do_bind: null ri ptr\n", 0, 0, 0 );
776 return( BIND_ERR_BADRI );
780 if ( ri->ri_ldp != NULL ) {
781 ldrc = ldap_unbind( ri->ri_ldp );
782 if ( ldrc != LDAP_SUCCESS ) {
784 LDAP_LOG ( OPERATION, ERR,
785 "do_bind: ldap_unbind failed: %s\n", ldap_err2string( ldrc ), 0, 0 );
787 Debug( LDAP_DEBUG_ANY,
788 "Error: do_bind: ldap_unbind failed: %s\n",
789 ldap_err2string( ldrc ), 0, 0 );
795 if ( ri->ri_uri != NULL ) { /* new URI style */
797 LDAP_LOG ( OPERATION, ARGS,
798 "do_bind: Initializing session to %s\n",
801 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s\n",
805 ldrc = ldap_initialize( &(ri->ri_ldp), ri->ri_uri);
807 if (ldrc != LDAP_SUCCESS) {
809 LDAP_LOG ( OPERATION, ERR,
810 "do_bind: ldap_initalize (0, %s) failed: %s\n",
811 ri->ri_uri, ldap_err2string(ldrc), 0 );
813 Debug( LDAP_DEBUG_ANY, "Error: ldap_initialize(0, %s) failed: %s\n",
814 ri->ri_uri, ldap_err2string(ldrc), 0 );
816 return( BIND_ERR_OPEN );
818 } else { /* old HOST style */
820 LDAP_LOG ( OPERATION, ARGS,
821 "do_bind: Initializing session to %s:%d\n",
822 ri->ri_hostname, ri->ri_port, 0 );
824 Debug( LDAP_DEBUG_ARGS, "Initializing session to %s:%d\n",
825 ri->ri_hostname, ri->ri_port, 0 );
828 ri->ri_ldp = ldap_init( ri->ri_hostname, ri->ri_port );
829 if ( ri->ri_ldp == NULL ) {
831 LDAP_LOG ( OPERATION, ERR,
832 "do_bind: ldap_init (%s, %d) failed: %s\n",
833 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
835 Debug( LDAP_DEBUG_ANY, "Error: ldap_init(%s, %d) failed: %s\n",
836 ri->ri_hostname, ri->ri_port, sys_errlist[ errno ] );
838 return( BIND_ERR_OPEN );
842 { /* set version 3 */
843 int err, version = 3;
844 err = ldap_set_option(ri->ri_ldp,
845 LDAP_OPT_PROTOCOL_VERSION, &version);
847 if( err != LDAP_OPT_SUCCESS ) {
849 LDAP_LOG ( OPERATION, ERR, "do_bind: "
850 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
851 ri->ri_hostname, 0, 0 );
853 Debug( LDAP_DEBUG_ANY,
854 "Error: ldap_set_option(%s, LDAP_OPT_VERSION, 3) failed!\n",
855 ri->ri_hostname, NULL, NULL );
858 ldap_unbind( ri->ri_ldp );
860 return BIND_ERR_VERSION;
865 * Set ldap library options to (1) not follow referrals, and
866 * (2) restart the select() system call.
870 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
872 if( err != LDAP_OPT_SUCCESS ) {
874 LDAP_LOG ( OPERATION, ERR, "do_bind: "
875 "Error: ldap_set_option(%s, REFERRALS, OFF) failed!\n",
876 ri->ri_hostname, 0, 0 );
878 Debug( LDAP_DEBUG_ANY,
879 "Error: ldap_set_option(%s,REFERRALS, OFF) failed!\n",
880 ri->ri_hostname, NULL, NULL );
882 ldap_unbind( ri->ri_ldp );
884 return BIND_ERR_REFERRALS;
887 ldap_set_option(ri->ri_ldp, LDAP_OPT_RESTART, LDAP_OPT_ON);
890 int err = ldap_start_tls_s(ri->ri_ldp, NULL, NULL);
892 if( err != LDAP_SUCCESS ) {
894 LDAP_LOG ( OPERATION, ERR, "do_bind: "
895 "%s: ldap_start_tls failed: %s (%d)\n",
896 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
897 ldap_err2string( err ), err );
899 Debug( LDAP_DEBUG_ANY,
900 "%s: ldap_start_tls failed: %s (%d)\n",
901 ri->ri_tls == TLS_CRITICAL ? "Error" : "Warning",
902 ldap_err2string( err ), err );
905 if( ri->ri_tls == TLS_CRITICAL ) {
907 ldap_unbind( ri->ri_ldp );
909 return BIND_ERR_TLS_FAILED;
916 switch ( ri->ri_bind_method ) {
917 case LDAP_AUTH_SIMPLE:
919 * Bind with a plaintext password.
922 LDAP_LOG ( OPERATION, ARGS,
923 "do_bind: bind to %s:%d as %s (simple)\n",
924 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
926 Debug( LDAP_DEBUG_ARGS, "bind to %s:%d as %s (simple)\n",
927 ri->ri_hostname, ri->ri_port, ri->ri_bind_dn );
929 ldrc = ldap_simple_bind_s( ri->ri_ldp, ri->ri_bind_dn,
931 if ( ldrc != LDAP_SUCCESS ) {
933 LDAP_LOG ( OPERATION, ERR, "do_bind: "
934 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
935 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
937 Debug( LDAP_DEBUG_ANY,
938 "Error: ldap_simple_bind_s for %s:%d failed: %s\n",
939 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
942 ldap_unbind( ri->ri_ldp );
944 return( BIND_ERR_SIMPLE_FAILED );
950 LDAP_LOG ( OPERATION, ARGS,
951 "do_bind: bind to %s as %s via %s (SASL)\n",
953 ri->ri_authcId ? ri->ri_authcId : "-",
956 Debug( LDAP_DEBUG_ARGS, "bind to %s as %s via %s (SASL)\n",
958 ri->ri_authcId ? ri->ri_authcId : "-",
962 #ifdef HAVE_CYRUS_SASL
963 if( ri->ri_secprops != NULL ) {
964 int err = ldap_set_option(ri->ri_ldp,
965 LDAP_OPT_X_SASL_SECPROPS, ri->ri_secprops);
967 if( err != LDAP_OPT_SUCCESS ) {
969 LDAP_LOG ( OPERATION, ERR, "do_bind: "
970 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
971 ri->ri_hostname, ri->ri_secprops, 0 );
973 Debug( LDAP_DEBUG_ANY,
974 "Error: ldap_set_option(%s,SECPROPS,\"%s\") failed!\n",
975 ri->ri_hostname, ri->ri_secprops, NULL );
977 ldap_unbind( ri->ri_ldp );
979 return BIND_ERR_SASL_FAILED;
984 void *defaults = lutil_sasl_defaults( ri->ri_ldp, ri->ri_saslmech,
985 ri->ri_realm, ri->ri_authcId, ri->ri_password, ri->ri_authzId );
987 ldrc = ldap_sasl_interactive_bind_s( ri->ri_ldp, ri->ri_bind_dn,
988 ri->ri_saslmech, NULL, NULL,
989 LDAP_SASL_QUIET, lutil_sasl_interact, defaults );
991 lutil_sasl_freedefs( defaults );
992 if ( ldrc != LDAP_SUCCESS ) {
994 LDAP_LOG ( OPERATION, ERR, "do_bind: "
995 "Error: LDAP SASL for %s:%d failed: %s\n",
996 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ) );
998 Debug( LDAP_DEBUG_ANY, "Error: LDAP SASL for %s:%d failed: %s\n",
999 ri->ri_hostname, ri->ri_port, ldap_err2string( ldrc ));
1002 ldap_unbind( ri->ri_ldp );
1004 return( BIND_ERR_SASL_FAILED );
1010 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1011 "Error: do_bind: SASL not supported %s:%d\n",
1012 ri->ri_hostname, ri->ri_port, 0 );
1014 Debug( LDAP_DEBUG_ANY,
1015 "Error: do_bind: SASL not supported %s:%d\n",
1016 ri->ri_hostname, ri->ri_port, NULL );
1018 ldap_unbind( ri->ri_ldp );
1020 return( BIND_ERR_BAD_ATYPE );
1025 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1026 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
1027 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
1029 Debug( LDAP_DEBUG_ANY,
1030 "Error: do_bind: unknown auth type \"%d\" for %s:%d\n",
1031 ri->ri_bind_method, ri->ri_hostname, ri->ri_port );
1033 ldap_unbind( ri->ri_ldp );
1035 return( BIND_ERR_BAD_ATYPE );
1041 LDAPControl *ctrls[2];
1045 c.ldctl_oid = LDAP_CONTROL_MANAGEDSAIT;
1046 c.ldctl_value.bv_val = NULL;
1047 c.ldctl_value.bv_len = 0;
1048 c.ldctl_iscritical = 0;
1050 err = ldap_set_option(ri->ri_ldp, LDAP_OPT_SERVER_CONTROLS, &ctrls);
1052 if( err != LDAP_OPT_SUCCESS ) {
1054 LDAP_LOG ( OPERATION, ERR, "do_bind: "
1055 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1056 ri->ri_hostname, 0, 0 );
1058 Debug( LDAP_DEBUG_ANY, "Error: "
1059 "ldap_set_option(%s, SERVER_CONTROLS, ManageDSAit) failed!\n",
1060 ri->ri_hostname, NULL, NULL );
1062 ldap_unbind( ri->ri_ldp );
1064 return BIND_ERR_MANAGEDSAIT;
1076 * For debugging. Print the contents of an ldmarr array.
1088 for ( i = 0; ldmarr[ i ] != NULL; i++ ) {
1091 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1092 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1093 (long) getpid(), i, 0 );
1094 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1095 "Trace (%ld): *** ldm->mod_op: %d\n",
1096 (long) getpid(), ldm->mod_op, 0 );
1097 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1098 "Trace (%ld): *** ldm->mod_type: %s\n",
1099 (long) getpid(), ldm->mod_type, 0 );
1101 Debug( LDAP_DEBUG_TRACE,
1102 "Trace (%ld): *** ldmarr[ %d ] contents:\n",
1103 (long) getpid(), i, 0 );
1104 Debug( LDAP_DEBUG_TRACE,
1105 "Trace (%ld): *** ldm->mod_op: %d\n",
1106 (long) getpid(), ldm->mod_op, 0 );
1107 Debug( LDAP_DEBUG_TRACE,
1108 "Trace (%ld): *** ldm->mod_type: %s\n",
1109 (long) getpid(), ldm->mod_type, 0 );
1111 if ( ldm->mod_bvalues != NULL ) {
1112 for ( j = 0; ( b = ldm->mod_bvalues[ j ] ) != NULL; j++ ) {
1113 msgbuf = ch_malloc( b->bv_len + 512 );
1114 sprintf( msgbuf, "***** bv[ %d ] len = %ld, val = <%s>",
1115 j, b->bv_len, b->bv_val );
1117 LDAP_LOG ( OPERATION, INFO, "dump_ldm_array: "
1118 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );
1120 Debug( LDAP_DEBUG_TRACE,
1121 "Trace (%ld):%s\n", (long) getpid(), msgbuf, 0 );