From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 30 Jan 2005 22:56:59 +0000 (+0000)
Subject: make referrals chasing optional (default is to chase them)
X-Git-Tag: OPENLDAP_REL_ENG_2_3_BP~208
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=cfc77f0a0af07ba7a346c43408363b214929f5b2;p=openldap

make referrals chasing optional (default is to chase them)
---

diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index 174a7039c5..f881c38749 100644
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -95,6 +95,7 @@ struct ldapinfo {
 #define LDAP_BACK_F_SAVECRED		0x01U
 #define LDAP_BACK_F_USE_TLS		0x02U
 #define LDAP_BACK_F_TLS_CRITICAL	( 0x04U | LDAP_BACK_F_USE_TLS )
+#define LDAP_BACK_F_CHASE_REFERRALS	0x8U
 	Avlnode		*conntree;
 
 	int		rwm_started;
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index bdf8078e2f..235a64183a 100644
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -241,15 +241,12 @@ ldap_back_prepare_conn( struct ldapconn **lcp, Operation *op, SlapReply *rs, lda
 	 */
 	ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, (const void *)&vers );
 
-	/* Set LDAP version. This will always succeed: If the client
-	 * bound with a particular version, then so can we.
-	 */
-	ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
-			(const void *)&vers );
-
-	/* FIXME: configurable? */
-	ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
+	/* automatically chase referrals ("chase-referrals"/"dont-chase-referrals" statement) */
+	if ( li->flags & LDAP_BACK_F_CHASE_REFERRALS ) {
+		ldap_set_option( ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON );
+	}
 
+	/* start TLS ("start-tls"/"try-start-tls" statements) */
 	if ( ( li->flags & LDAP_BACK_F_USE_TLS )
 			&& !ldap_is_ldaps_url( li->url )
 			&& ( rs->sr_err = ldap_start_tls_s( ld, NULL, NULL ) ) != LDAP_SUCCESS )
diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index 470becaa3c..afd8f71204 100644
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -289,12 +289,32 @@ ldap_back_db_config(
 	} else if ( strcasecmp( argv[0], "rebind-as-user" ) == 0 ) {
 		if ( argc != 1 ) {
 			fprintf( stderr,
-	"%s: line %d: rebind-as-user takes no arguments\n",
+	"%s: line %d: \"rebind-as-user\" takes no arguments\n",
 					fname, lineno );
 			return( 1 );
 		}
 		li->flags |= LDAP_BACK_F_SAVECRED;
-	
+
+	} else if ( strcasecmp( argv[0], "chase-referrals" ) == 0 ) {
+		if ( argc != 1 ) {
+			fprintf( stderr,
+	"%s: line %d: \"chase-referrals\" takes no arguments\n",
+					fname, lineno );
+			return( 1 );
+		}
+
+		li->flags |= LDAP_BACK_F_CHASE_REFERRALS;
+
+	} else if ( strcasecmp( argv[0], "dont-chase-referrals" ) == 0 ) {
+		if ( argc != 1 ) {
+			fprintf( stderr,
+	"%s: line %d: \"dont-chase-referrals\" takes no arguments\n",
+					fname, lineno );
+			return( 1 );
+		}
+
+		li->flags &= ~LDAP_BACK_F_CHASE_REFERRALS;
+
 	/* intercept exop_who_am_i? */
 	} else if ( strcasecmp( argv[0], "proxy-whoami" ) == 0 ) {
 		if ( argc != 1 ) {
diff --git a/servers/slapd/back-ldap/init.c b/servers/slapd/back-ldap/init.c
index 84f47becbd..08767a4811 100644
--- a/servers/slapd/back-ldap/init.c
+++ b/servers/slapd/back-ldap/init.c
@@ -109,6 +109,9 @@ ldap_back_db_init( Backend *be )
 	/* by default, use proxyAuthz control on each operation */
 	li->idassert_flags = LDAP_BACK_AUTH_NONE;
 
+	/* initialize flags */
+	li->flags = LDAP_BACK_F_CHASE_REFERRALS;
+
 	ldap_pvt_thread_mutex_init( &li->conn_mutex );
 
 	be->be_private = li;