#include <ac/time.h>
#include <ac/unistd.h>
-#include <lber.h>
#include <ldap.h>
#include "slurp.h"
g->myname = strdup( g->myname + 1 );
}
- while ( (i = getopt( argc, argv, "hd:f:r:t:k:o" )) != EOF ) {
+ while ( (i = getopt( argc, argv, "hd:f:r:t:o" )) != EOF ) {
switch ( i ) {
case 'd': /* set debug level and 'do not detach' flag */
g->no_detach = 1;
g->slurpd_rdir = (char *)malloc (strlen(optarg) + strlen("/replica") + 1);
sprintf(g->slurpd_rdir, "%s/replica", optarg);
break;
- case 'k': /* name of kerberos srvtab file */
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- g->default_srvtab = strdup( optarg );
-#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
- fprintf( stderr, "must compile with KERBEROS to use -k option\n" );
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
- break;
case 'h':
usage( g->myname );
return( -1 );
#include <ac/socket.h>
#include <ac/ctype.h>
-#include <lber.h>
#include <ldap.h>
#include "slurp.h"
* Parse a "replica" line from the config file. replica lines should be
* in the following format:
* replica host=<hostname:portnumber> binddn=<binddn>
- * bindmethod="simple|kerberos" credentials=<creds>
+ * bindmethod="simple" credentials=<creds>
*
* where:
* <hostname:portnumber> describes the host name and port number where the
*
* <binddn> is the DN to bind to the replica slapd as,
*
- * bindmethod is either "simple" or "kerberos", and
+ * bindmethod is "simple", and
*
* <creds> are the credentials (e.g. password) for binddn. <creds> are
- * only used for bindmethod=simple. For bindmethod=kerberos, the
- * credentials= option should be omitted. Credentials for kerberos
- * authentication are in the system srvtab file.
+ * only used for bindmethod=simple.
*
* The "replica" config file line may be split across multiple lines. If
* a line begins with whitespace, it is considered a continuation of the
strlen( BINDMETHSTR ))) {
val = cargv[ i ] + strlen( BINDMETHSTR ) + 1;
if ( !strcasecmp( val, KERBEROSSTR )) {
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- ri->ri_bind_method = AUTH_KERBEROS;
- if ( ri->ri_srvtab == NULL ) {
- ri->ri_srvtab = strdup( sglob->default_srvtab );
- }
- gots |= GOT_METHOD;
-#else /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
fprintf( stderr, "Error: a bind method of \"kerberos\" was\n" );
- fprintf( stderr, "specified in the slapd configuration file,\n" );
- fprintf( stderr, "but slurpd was not built with kerberos.\n" );
- fprintf( stderr, "You must rebuild the LDAP release with\n" );
- fprintf( stderr, "kerberos support if you wish to use\n" );
- fprintf( stderr, "bindmethod=kerberos\n" );
+ fprintf( stderr, "specified in the slapd configuration file.\n" );
+ fprintf( stderr, "slurpd no longer supports Kerberos.\n" );
exit( EXIT_FAILURE );
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
} else if ( !strcasecmp( val, SIMPLESTR )) {
ri->ri_bind_method = AUTH_SIMPLE;
gots |= GOT_METHOD;
#include <ac/time.h>
#include <ac/unistd.h>
-#include <ac/krb.h>
-
-#if defined( STR_TRANSLATION ) && defined( LDAP_DEFAULT_CHARSET )
-/* Get LDAP->ld_lberoptions. Must precede slurp.h, both define ldap_debug. */
-#include "../../libraries/libldap/ldap-int.h"
-#endif
-
-#include <lber.h>
#include <ldap.h>
#include "slurp.h"
static void free_ldmarr LDAP_P(( LDAPMod ** ));
static int getmodtype LDAP_P(( char * ));
static void dump_ldm_array LDAP_P(( LDAPMod ** ));
-static char **read_krbnames LDAP_P(( Ri * ));
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-static void upcase LDAP_P(( char * ));
-#endif
static int do_bind LDAP_P(( Ri *, int * ));
static int do_unbind LDAP_P(( Ri * ));
-static char *kattrs[] = {"kerberosName", NULL };
-static struct timeval kst = {30L, 0L};
-
-
-
/*
* Determine the type of ldap operation being performed and call the
* appropriate routine.
Debug( LDAP_DEBUG_ANY,
"Error: op_ldap_modrdn: multiple newsuperior arg \"%s\"\n",
mi[ i ].mi_val, 0, 0 );
- *errmsg = "Multiple newrdn argument";
+ *errmsg = "Multiple newsuperior argument";
return -1;
}
}
}
}
-
-
-/*
- * Get the kerberos names from the binddn for "replica" via an ldap search.
- * Returns a null-terminated array of char *, or NULL if the entry could
- * not be found or there were no kerberosName attributes. The caller is
- * responsible for freeing the returned array and strings it points to.
- */
-static char **
-read_krbnames(
- Ri *ri
-)
-{
- int rc;
- char **krbnames;
- int ne;
- LDAPMessage *result, *entry;
-
- /* First need to bind as NULL */
- rc = ldap_simple_bind_s( ri->ri_ldp, NULL, NULL );
- if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: null bind failed getting krbnames for %s:%d: %s\n",
- ri->ri_hostname, ri->ri_port, ldap_err2string( rc ));
- return( NULL );
- }
- rc = ldap_search_st( ri->ri_ldp, ri->ri_bind_dn, LDAP_SCOPE_BASE,
- NULL, kattrs, 0, &kst, &result );
- if ( rc != LDAP_SUCCESS ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: search failed getting krbnames for %s:%d: %s\n",
- ri->ri_hostname, ri->ri_port, ldap_err2string( rc ));
- return( NULL );
- }
- ne = ldap_count_entries( ri->ri_ldp, result );
- if ( ne == 0 ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: Can't find entry \"%s\" for %s:%d kerberos bind\n",
- ri->ri_bind_dn, ri->ri_hostname, ri->ri_port );
- return( NULL );
- }
- if ( ne > 1 ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: Kerberos binddn \"%s\" for %s:%dis ambiguous\n",
- ri->ri_bind_dn, ri->ri_hostname, ri->ri_port );
- return( NULL );
- }
- entry = ldap_first_entry( ri->ri_ldp, result );
- if ( entry == NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "Error: Can't find \"%s\" for kerberos binddn for %s:%d\n",
- ri->ri_bind_dn, ri->ri_hostname, ri->ri_port );
- return( NULL );
- }
- krbnames = ldap_get_values( ri->ri_ldp, entry, "kerberosName" );
- ldap_msgfree( result );
- return( krbnames );
-}
-
-
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-
-/*
- * upcase a string
- */
-static void
-upcase(
- char *s
-)
-{
- char *p;
-
- for ( p = s; ( p != NULL ) && ( *p != '\0' ); p++ ) {
- *p = TOUPPER( (unsigned char) *p );
- }
-}
-
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
projects / openldap / commitdiff