From: Pierangelo Masarati Date: Tue, 9 Sep 2008 10:50:51 +0000 (+0000) Subject: allow trying local bind when remote fails (ITS#5656) X-Git-Tag: ACLCHECK_0~1366 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=661398337aeae53e1d9e574caa645d2279593454;p=openldap allow trying local bind when remote fails (ITS#5656) --- diff --git a/doc/man/man5/slapo-translucent.5 b/doc/man/man5/slapo-translucent.5 index 10ab87b635..5f308b6bf7 100644 --- a/doc/man/man5/slapo-translucent.5 +++ b/doc/man/man5/slapo-translucent.5 @@ -83,6 +83,11 @@ is specified, searches will only be run on the remote database. In any case, bot the local and remote entries corresponding to a search result will be merged before being returned to the client. +.TP +.B translucent_bind_local +Enable looking for locally stored credentials for simple bind when binding +to the remote database fails. + .SH CAVEATS .LP The Translucent Proxy overlay will disable schema checking in the local database, diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c index 73573bca79..c8fc02e737 100644 --- a/servers/slapd/overlays/translucent.c +++ b/servers/slapd/overlays/translucent.c @@ -41,6 +41,7 @@ typedef struct translucent_info { int strict; int no_glue; int defer_db_open; + int bind_local; } translucent_info; static ConfigLDAPadd translucent_ldadd; @@ -78,6 +79,12 @@ static ConfigTable translucentcfg[] = { "( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' " "DESC 'Attributes to use in remote search filter' " "SYNTAX OMsDirectoryString )", NULL, NULL }, + { "translucent_bind_local", "on|off", 1, 2, 0, + ARG_ON_OFF|ARG_OFFSET, + (void *)offsetof(translucent_info, bind_local), + "( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' " + "DESC 'Enable local bind' " + "SYNTAX OMsBoolean SINGLE-VALUE)", NULL, NULL }, { NULL, NULL, 0, 0, 0, ARG_IGNORED } }; @@ -95,7 +102,8 @@ static ConfigOCs translucentocs[] = { "DESC 'Translucent configuration' " "SUP olcOverlayConfig " "MAY ( olcTranslucentStrict $ olcTranslucentNoGlue $" - " olcTranslucentLocal $ olcTranslucentRemote ) )", + " olcTranslucentLocal $ olcTranslucentRemote $" + " olcTranslucentBindLocal ) )", Cft_Overlay, translucentcfg, NULL, translucent_cfadd }, { "( OLcfgOvOc:14.2 " "NAME 'olcTranslucentDatabase' " @@ -1044,6 +1052,7 @@ static int translucent_bind(Operation *op, SlapReply *rs) { slap_overinst *on = (slap_overinst *) op->o_bd->bd_info; translucent_info *ov = on->on_bi.bi_private; BackendDB *db; + slap_callback sc = { 0 }, *save_cb; int rc; Debug(LDAP_DEBUG_TRACE, "translucent_bind: <%s> method %d\n", @@ -1054,10 +1063,25 @@ static int translucent_bind(Operation *op, SlapReply *rs) { "remote DB not available"); return(rs->sr_err); } + + if (ov->bind_local) { + sc.sc_response = slap_null_cb; + save_cb = op->o_callback; + op->o_callback = ≻ + } + db = op->o_bd; op->o_bd = &ov->db; rc = ov->db.bd_info->bi_op_bind(op, rs); op->o_bd = db; + + if (ov->bind_local) { + op->o_callback = save_cb; + if (rc != LDAP_SUCCESS) { + rc = SLAP_CB_CONTINUE; + } + } + return rc; }