s3-libads: use ldap_init_fd() to initialize a ldap session if possible master
authorBjörn Baumbach <bb@sernet.de>
Wed, 3 Jun 2020 17:40:59 +0000 (19:40 +0200)
committerBjörn Baumbach <bb@sernet.de>
Wed, 10 Jun 2020 12:58:20 +0000 (14:58 +0200)
Use the known ip address of the ldap server to open the connection and
initialize the ldap session with ldap_init_fd().

This avoid unnecessary DNS lookups which might block or prevent the
successful connection.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13124

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source3/libads/ldap.c

index eb5fef0c7f39175c4535d8338470870c85c10baf..7513f5b474027a99d79cca4437de893d9ce5b9b4 100755 (executable)
@@ -92,7 +92,23 @@ static void gotalarm_sig(int signum)
                return NULL;
        }
 
-#ifdef HAVE_LDAP_INITIALIZE
+#ifdef HAVE_LDAP_INIT_FD
+       {
+       int fd = -1;
+       NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+
+       status = open_socket_out(ss, port, to, &fd);
+       if (!NT_STATUS_IS_OK(status)) {
+               return NULL;
+       }
+
+/* define LDAP_PROTO_TCP from openldap.h if required */
+#ifndef LDAP_PROTO_TCP
+#define LDAP_PROTO_TCP 1
+#endif
+       ldap_err = ldap_init_fd(fd, LDAP_PROTO_TCP, uri, &ldp);
+       }
+#elif defined(HAVE_LDAP_INITIALIZE)
        ldap_err = ldap_initialize(&ldp, uri);
 #else
        ldp = ldap_open(server, port);