s3: add LDAP Alias Dereferencing support

Thanks to Dan Cox for initial patch for 3.0. This closes #2350.

diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index f7ca1c167bdc82623bef3c05e548b93e75f040e2..4727c1593e57f84e79bdf8ab845ee977ba4ecb7c 100644 (file)
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -877,6 +877,7 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state)
 {
        int rc = LDAP_SUCCESS;
        int version;
+       int deref;
        LDAP **ldap_struct = &ldap_state->ldap_struct;
 
        rc = smb_ldap_setup_conn(ldap_struct, ldap_state->uri);
@@ -902,6 +903,16 @@ static int smbldap_open_connection (struct smbldap_state *ldap_state)
                return rc;
        }
 
+       /* Set alias dereferencing method */
+       deref = lp_ldap_deref();
+       if (deref != -1) {
+               if (ldap_set_option (*ldap_struct, LDAP_OPT_DEREF, &deref) != LDAP_OPT_SUCCESS) {
+                       DEBUG(1,("smbldap_open_connection: Failed to set dereferencing method: %d\n", deref));
+               } else {
+                       DEBUG(5,("Set dereferencing method: %d\n", deref));
+               }
+       }
+
        DEBUG(2, ("smbldap_open_connection: connection opened\n"));
        return rc;
 }

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d6d78c817960c0f6c3380844f4a59ef996497c0d..38cad7c979ac9aa858c024b730ad7fc1bc679c37 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -259,6 +259,7 @@ struct global {
        char *szLdapGroupSuffix;
        int ldap_ssl;
        bool ldap_ssl_ads;
+       int ldap_deref;
        int ldap_follow_referral;
        char *szLdapSuffix;
        char *szLdapAdminDn;
@@ -746,6 +747,14 @@ static const struct enum_list enum_ldap_ssl[] = {
        {-1, NULL}
 };
 
+static const struct enum_list enum_ldap_deref[] = {
+       {LDAP_DEREFERENCE_NEVER, "never"},
+       {LDAP_DEREFERENCE_SEARCHING, "searching"},
+       {LDAP_DEREFERENCE_FINDING, "finding"},
+       {LDAP_DEREFERENCE_ALWAYS, "always"},
+       {-1, NULL}
+};
+
 static const struct enum_list enum_ldap_passwd_sync[] = {
        {LDAP_PASSWD_SYNC_OFF, "no"},
        {LDAP_PASSWD_SYNC_OFF, "off"},
@@ -3670,6 +3679,15 @@ static struct parm_struct parm_table[] = {
                .enum_list      = NULL,
                .flags          = FLAG_ADVANCED,
        },
+       {
+               .label          = "ldap deref",
+               .type           = P_ENUM,
+               .p_class        = P_GLOBAL,
+               .ptr            = &Globals.ldap_deref,
+               .special        = NULL,
+               .enum_list      = enum_ldap_deref,
+               .flags          = FLAG_ADVANCED,
+       },
        {
                .label          = "ldap follow referral",
                .type           = P_ENUM,
@@ -5064,6 +5082,7 @@ static void init_globals(bool first_time_only)
        string_set(&Globals.szLdapAdminDn, "");
        Globals.ldap_ssl = LDAP_SSL_START_TLS;
        Globals.ldap_ssl_ads = False;
+       Globals.ldap_deref = LDAP_DEREFERENCE_NEVER;
        Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
        Globals.ldap_delete_dn = False;
        Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
@@ -5418,6 +5437,7 @@ FN_GLOBAL_STRING(lp_ldap_suffix, &Globals.szLdapSuffix)
 FN_GLOBAL_STRING(lp_ldap_admin_dn, &Globals.szLdapAdminDn)
 FN_GLOBAL_INTEGER(lp_ldap_ssl, &Globals.ldap_ssl)
 FN_GLOBAL_BOOL(lp_ldap_ssl_ads, &Globals.ldap_ssl_ads)
+FN_GLOBAL_INTEGER(lp_ldap_deref, &Globals.ldap_deref)
 FN_GLOBAL_INTEGER(lp_ldap_follow_referral, &Globals.ldap_follow_referral)
 FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
 FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)