make referrals chasing optional (default is to chase them)

diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index 174a7039c580685be77921ebb4e0ed18345279d9..f881c387495f499e684b0cf691884c8682b04d35 100644 (file)
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -95,6 +95,7 @@ struct ldapinfo {
 #define LDAP_BACK_F_SAVECRED           0x01U
 #define LDAP_BACK_F_USE_TLS            0x02U
 #define LDAP_BACK_F_TLS_CRITICAL       ( 0x04U | LDAP_BACK_F_USE_TLS )
+#define LDAP_BACK_F_CHASE_REFERRALS    0x8U
        Avlnode         *conntree;
 
        int             rwm_started;

diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index bdf8078e2f25b9665ce0ae4062ccd498e207bef8..235a64183a5dd95e38bc496967ee23b02ce24150 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -241,15 +241,12 @@ ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, lda
         */
        ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, (const void *)&vers );
 
-       /* Set LDAP version. This will always succeed: If the client
-        * bound with a particular version, then so can we.
-        */
-       ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
-                       (const void *)&vers );
-
-       /* FIXME: configurable? */
-       ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
+       /* automatically chase referrals ("chase-referrals"/"dont-chase-referrals" statement) */
+       if ( li->flags & LDAP_BACK_F_CHASE_REFERRALS ) {
+               ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
+       }
 
+       /* start TLS ("start-tls"/"try-start-tls" statements) */
        if ( ( li->flags & LDAP_BACK_F_USE_TLS )
                        && !ldap_is_ldaps_url( li->url )
                        && ( rs->sr_err = ldap_start_tls_s( ld, NULL, NULL ) ) != LDAP_SUCCESS )

diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 470becaa3cef9d773b84355b1799bcf7192142d1..afd8f712041c8a4b2f86764607f3ed35516be5a8 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -289,12 +289,32 @@ ldap_back_db_config(
        } else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
                if ( argc != 1 ) {
                        fprintf( stderr,
-       "%s: line %d: rebind-as-user takes no arguments\n",
+       "%s: line %d: \"rebind-as-user\" takes no arguments\n",
                                        fname, lineno );
                        return( 1 );
                }
                li->flags |= LDAP_BACK_F_SAVECRED;
-       
+
+       } else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
+               if ( argc != 1 ) {
+                       fprintf( stderr,
+       "%s: line %d: \"chase-referrals\" takes no arguments\n",
+                                       fname, lineno );
+                       return( 1 );
+               }
+
+               li->flags |= LDAP_BACK_F_CHASE_REFERRALS;
+
+       } else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
+               if ( argc != 1 ) {
+                       fprintf( stderr,
+       "%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
+                                       fname, lineno );
+                       return( 1 );
+               }
+
+               li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
+
        /* intercept exop_who_am_i? */
        } else if ( strcasecmp( argv[0], "proxy-whoami" ) == 0 ) {
                if ( argc != 1 ) {

diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c
index 84f47becbd447c63b667605bb9a207c04a4fbf7f..08767a481123c2e4264e0c34ffd67c5a10518f20 100644 (file)
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@@ -109,6 +109,9 @@ ldap_back_db_init( Backend *be )
        /* by default, use proxyAuthz control on each operation */
        li->idassert_flags = LDAP_BACK_AUTH_NONE;
 
+       /* initialize flags */
+       li->flags = LDAP_BACK_F_CHASE_REFERRALS;
+
        ldap_pvt_thread_mutex_init( &li->conn_mutex );
 
        be->be_private = li;