/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*
* Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
+static LDAP_REBIND_PROC meta_back_rebind;
+
static int
meta_back_do_single_bind(
struct metainfo *li,
int candidate
)
{
- struct berval mdn = { 0, NULL };
- int rc;
+ struct berval mdn = { 0, NULL };
+ int rc;
+ ber_int_t msgid;
/*
* Rewrite the bind dn if needed
}
if ( op->o_ctrls ) {
- ldap_set_option( lc->conns[ candidate ].ld,
+ rc = ldap_set_option( lc->conns[ candidate ].ld,
LDAP_OPT_SERVER_CONTROLS, op->o_ctrls );
+ if ( rc != LDAP_SUCCESS ) {
+ rc = ldap_back_map_result( rc );
+ goto return_results;
+ }
}
- rc = ldap_bind_s( lc->conns[ candidate ].ld, mdn.bv_val, cred->bv_val, method );
+ rc = ldap_sasl_bind(lc->conns[ candidate ].ld, mdn.bv_val,
+ LDAP_SASL_SIMPLE, cred, op->o_ctrls, NULL, &msgid);
if ( rc != LDAP_SUCCESS ) {
rc = ldap_back_map_result( rc );
} else {
lc->conns[ candidate ].bound = META_BOUND;
lc->bound_target = candidate;
+ if ( li->savecred ) {
+ if ( lc->conns[ candidate ].cred.bv_val )
+ ch_free( lc->conns[ candidate ].cred.bv_val );
+ ber_dupbv( &lc->conns[ candidate ].cred, cred );
+ ldap_set_rebind_proc( lc->conns[ candidate ].ld,
+ meta_back_rebind,
+ &lc->conns[ candidate ] );
+ }
+
if ( li->cache.ttl != META_DNCACHE_DISABLED
&& ndn->bv_len != 0 ) {
( void )meta_dncache_update_entry( &li->cache,
ndn, candidate );
}
}
+
+return_results:;
if ( mdn.bv_val != dn->bv_val ) {
free( mdn.bv_val );
continue;
}
+ /*
+ * If required, set controls
+ */
+ if ( op->o_ctrls ) {
+ if ( ldap_set_option( lsc->ld, LDAP_OPT_SERVER_CONTROLS,
+ op->o_ctrls ) != LDAP_SUCCESS ) {
+ ( void )meta_clear_one_candidate( lsc, 1 );
+ continue;
+ }
+ }
+
/*
* If the target is already bound it is skipped
*/
lsc->bound_dn.bv_len = 0;
}
- if ( op->o_ctrls ) {
- ldap_set_option( lsc->ld, LDAP_OPT_SERVER_CONTROLS,
- op->o_ctrls );
- }
-
+
rc = ldap_bind_s( lsc->ld, 0, NULL, LDAP_AUTH_SIMPLE );
if ( rc != LDAP_SUCCESS ) {
#ifdef NEW_LOGGING
LDAP_LOG( BACK_META, WARNING,
"meta_back_dobind: (anonymous)"
- " bind as \"%s\" failed"
- " with error \"%s\"\n",
- lsc->bound_dn.bv_val,
- ldap_err2string( rc ), 0 );
+ " bind failed"
+ " with error %d (%s)\n",
+ rc, ldap_err2string( rc ), 0 );
#else /* !NEW_LOGGING */
Debug( LDAP_DEBUG_ANY,
"==>meta_back_dobind: (anonymous)"
- " bind as \"%s\" failed"
- " with error \"%s\"\n%s",
- lsc->bound_dn.bv_val,
- ldap_err2string( rc ), "" );
+ " bind failed"
+ " with error %d (%s)\n",
+ rc, ldap_err2string( rc ), 0 );
#endif /* !NEW_LOGGING */
/*
return 0;
}
+/*
+ * meta_back_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+static int
+meta_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+ ber_int_t msgid, void *params )
+{
+ struct metasingleconn *lc = params;
+
+ return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val,
+ LDAP_AUTH_SIMPLE );
+}
+
/*
* FIXME: error return must be handled in a cleaner way ...
*/