This directive sets the password for acl checking in conjunction
with the above mentioned "binddn" directive.
.TP
+.B rebind-as-user
+If this option is given, the client's bind credentials are remembered
+for rebinds when chasing referrals.
+.TP
.B pseudorootdn "<substitute DN in case of rootdn bind>"
This directive, if present, sets the DN that will be substituted to
the bind DN if a bind with the backend's "rootdn" succeeds.
#include "../back-ldap/back-ldap.h"
#include "back-meta.h"
+static LDAP_REBIND_PROC meta_back_rebind;
+
static int
meta_back_do_single_bind(
struct metainfo *li,
lc->conns[ candidate ].bound = META_BOUND;
lc->bound_target = candidate;
+ if ( li->savecred ) {
+ if ( lc->conns[ candidate ].cred.bv_val )
+ ch_free( lc->conns[ candidate ].cred.bv_val );
+ ber_dupbv( &lc->conns[ candidate ].cred, cred );
+ ldap_set_rebind_proc( lc->conns[ candidate ].ld,
+ meta_back_rebind,
+ &lc->conns[ candidate ] );
+ }
+
if ( li->cache.ttl != META_DNCACHE_DISABLED
&& ndn->bv_len != 0 ) {
( void )meta_dncache_update_entry( &li->cache,
return 0;
}
+/*
+ * meta_back_rebind
+ *
+ * This is a callback used for chasing referrals using the same
+ * credentials as the original user on this session.
+ */
+static int
+meta_back_rebind( LDAP *ld, LDAP_CONST char *url, ber_tag_t request,
+ ber_int_t msgid, void *params )
+{
+ struct metasingleconn *lc = params;
+
+ return ldap_bind_s( ld, lc->bound_dn.bv_val, lc->cred.bv_val, LDAP_AUTH_SIMPLE );
+}
+
/*
* FIXME: error return must be handled in a cleaner way ...
*/
}
ber_str2bv( argv[ 1 ], 0L, 1, &li->targets[ i ]->bindpw );
+ /* save bind creds for referral rebinds? */
+ } else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
+ if (argc != 1) {
+ fprintf( stderr,
+ "%s: line %d: rebind-as-user takes no arguments\n",
+ fname, lineno );
+ return( 1 );
+ }
+ li->savecred = 1;
+
/* name to use as pseudo-root dn */
} else if ( strcasecmp( argv[ 0 ], "pseudorootdn" ) == 0 ) {
int i = li->ntargets-1;
projects / openldap / commitdiff