Add BINDDN user-only directive to .ldaprc

Used only for simple bind when dn == NULL and password != NULL.

diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
index b046aca3d9372ab7f2ccd4207dc650cf37a0cbc0..29131cce14f209aaa82f3e905da4df83e0eb650d 100644 (file)
--- a/doc/man/man5/ldap.conf.5
+++ b/doc/man/man5/ldap.conf.5
@@ -32,13 +32,24 @@ Environmental variables may also be used to augment the file based defaults.
 The name of the option is the as listed but with a prefix of \fBLDAP\fP.
 For example, to define \fBBASE\fP via the environment, define the variable
 \fBLDAPBASE\fP to desired value.
+.LP
+Some options are user\-only.  Such options are ignored if present
+in the
+.IR ldap.conf
+(or file specified by
+.BR LDAPCONF ).
 .SH OPTIONS
 The different configuration options are:
 .TP 1i
 \fBBASE <base>\fP
-Used to specify the default base dn to use when performing ldap operations.
+Used to specify the default base DN to use when performing ldap operations.
 The base must be specified as a Distinguished Name in LDAP format.
 .TP 1i
+\fBBINDDN <dn>\fP
+Used to specify the default bind DN to use when performing ldap operations.
+The bind DN must be specified as a Distinguished Name in LDAP format.
+This is a user\-only option.
+.TP 1i
 \fBHOST <name[:port] ...>\fP
 Used to specify the name(s) of an LDAP server(s) to which 
 .I ldap 

diff --git a/libraries/libldap/init.c b/libraries/libldap/init.c
index 46bae1239f93f1dcaf7f4ec0952eefdc87fa217e..e7a8f0174b73c2b800915ef979412694a6621a1d 100644 (file)
--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@@ -56,6 +56,8 @@ static const struct ol_attribute {
                offsetof(struct ldapoptions, ldo_sizelimit)},
        {0, ATTR_INT,           "TIMELIMIT",    NULL,
                offsetof(struct ldapoptions, ldo_timelimit)},
+       {1, ATTR_STRING,        "BINDDN",               NULL,
+               offsetof(struct ldapoptions, ldo_defbinddn)},
        {0, ATTR_STRING,        "BASE",                 NULL,
                offsetof(struct ldapoptions, ldo_defbase)},
        {0, ATTR_INT,           "PORT",                 NULL,

diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index 396ba3ef7e6876f2423155c466db789a1bb46bc7..04c1b3147fbd0193db8d3230b94b742203964ef9 100644 (file)
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -103,6 +103,7 @@ struct ldapoptions {
        LDAPURLDesc *ldo_defludp;
        int             ldo_defport;
        char*   ldo_defbase;
+       char*   ldo_defbinddn;  /* simple bind dn */
 
 #ifdef LDAP_CONNECTIONLESS
        int             ldo_cldaptries; /* connectionless search retry count */
@@ -216,6 +217,7 @@ struct ldap {
 #define ld_timelimit   ld_options.ldo_timelimit
 #define ld_sizelimit   ld_options.ldo_sizelimit
 
+#define ld_defbinddn   ld_options.ldo_defbinddn
 #define ld_defbase             ld_options.ldo_defbase
 #define ld_defhost             ld_options.ldo_defhost
 #define ld_defport             ld_options.ldo_defport

diff --git a/libraries/libldap/sasl.c b/libraries/libldap/sasl.c
index d3ae344f78d1843db05573a92879e8c560149fb1..28e36768b39b3db712ae912332def7a931ae3a57 100644 (file)
--- a/libraries/libldap/sasl.c
+++ b/libraries/libldap/sasl.c
@@ -70,15 +70,20 @@ ldap_sasl_bind(
                return ld->ld_errno;
        }
 
-       if( mechanism != LDAP_SASL_SIMPLE
-               && ld->ld_version < LDAP_VERSION3)
-       {
+       if( mechanism == LDAP_SASL_SIMPLE ) {
+               if( dn == NULL && cred != NULL ) {
+                       /* use default binddn */
+                       dn = ld->ld_defbinddn;
+               }
+
+       } else if( ld->ld_version < LDAP_VERSION3 ) {
                ld->ld_errno = LDAP_NOT_SUPPORTED;
                return ld->ld_errno;
        }
 
-       if ( dn == NULL )
+       if ( dn == NULL ) {
                dn = "";
+       }
 
        /* create a message to send */
        if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {