OpenLDAP 2.2 Change Log
OpenLDAP 2.2.19 Engineering
+ Fixed slapd check for mandatory filter in authz-regexp URI (ITS#3396)
Build Environment
Updated BDB mismatch messages
latter, the server will use the URI to search its own database(s)
and, if the search returns exactly one entry, the SASL name is
replaced by the DN of that entry. The LDAP URI must have no
-hostport, attrs, or extensions components, e.g.
+hostport, attrs, or extensions components, but the filter is mandatory,
+e.g.
.RS
.TP
.B ldap:///OU=Accounts,DC=example,DC=com??one?(UID=$1)
}
rc = ldap_url_parse( uri->bv_val, &ludp );
- if ( rc == LDAP_URL_ERR_BADSCHEME ) {
+ switch ( rc ) {
+ case LDAP_URL_SUCCESS:
+ if ( strcasecmp( ludp->lud_scheme, "ldap" ) != 0 ) {
+ /*
+ * must be ldap:///
+ */
+ return LDAP_PROTOCOL_ERROR;
+ }
+ break;
+
+ case LDAP_URL_ERR_BADSCHEME:
/* last chance: assume it's a(n exact) DN ... */
bv.bv_val = uri->bv_val;
*scope = LDAP_X_SCOPE_EXACT;
goto is_dn;
- }
- if ( rc != LDAP_URL_SUCCESS ) {
+ default:
return LDAP_PROTOCOL_ERROR;
}
- if (( ludp->lud_host && *ludp->lud_host )
+ if ( ( ludp->lud_host && *ludp->lud_host )
|| ludp->lud_attrs || ludp->lud_exts )
{
/* host part must be empty */
op.o_req_ndn.bv_val, op.oq_search.rs_scope, 0 );
#endif
- if(( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL)) {
+ if ( ( op.o_bd == NULL ) || ( op.o_bd->be_search == NULL) ) {
+ goto FINISHED;
+ }
+
+ /* Must run an internal search. */
+ if ( op.ors_filter == NULL ) {
+ rc = LDAP_FILTER_ERROR;
goto FINISHED;
}