mirror of
https://github.com/haiwen/ccnet-server.git
synced 2025-08-17 12:06:43 +00:00
Add follow_referrals option to LDAP.
When connecting to AD, if you use domain root (e.g. dc=example,dc=com), you need to set follow_referrals to false.
This commit is contained in:
Jonathan Xu
parent
f770efc9cd
commit
13ea4ddf8e
@ -226,10 +226,21 @@ static int try_load_ldap_settings (CcnetUserManager *manager)
|
|||||||
if (!manager->login_attr)
|
if (!manager->login_attr)
|
||||||
manager->login_attr = g_strdup("mail");
|
manager->login_attr = g_strdup("mail");
|
||||||
|
|
||||||
|
GError *error = NULL;
|
||||||
|
manager->follow_referrals = g_key_file_get_boolean (config,
|
||||||
|
"LDAP", "FOLLOW_REFERRALS",
|
||||||
|
&error);
|
||||||
|
if (error) {
|
||||||
|
/* Default is follow referrals. */
|
||||||
|
g_clear_error (&error);
|
||||||
|
manager->follow_referrals = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static LDAP *ldap_init_and_bind (const char *host,
|
static LDAP *ldap_init_and_bind (CcnetUserManager *manager,
|
||||||
|
const char *host,
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
gboolean use_ssl,
|
gboolean use_ssl,
|
||||||
#endif
|
#endif
|
||||||
@ -266,6 +277,14 @@ static LDAP *ldap_init_and_bind (const char *host,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
res = ldap_set_option (ld, LDAP_OPT_REFERRALS,
|
||||||
|
manager->follow_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF);
|
||||||
|
if (res != LDAP_OPT_SUCCESS) {
|
||||||
|
ccnet_warning ("ldap_set_option referrals failed: %s.\n",
|
||||||
|
ldap_err2string(res));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
if (user_dn) {
|
if (user_dn) {
|
||||||
#ifndef WIN32
|
#ifndef WIN32
|
||||||
res = ldap_bind_s (ld, user_dn, password, LDAP_AUTH_SIMPLE);
|
res = ldap_bind_s (ld, user_dn, password, LDAP_AUTH_SIMPLE);
|
||||||
@ -355,7 +374,8 @@ static int ldap_verify_user_password (CcnetUserManager *manager,
|
|||||||
|
|
||||||
/* First search for the DN with the given uid. */
|
/* First search for the DN with the given uid. */
|
||||||
|
|
||||||
ld = ldap_init_and_bind (manager->ldap_host,
|
ld = ldap_init_and_bind (manager,
|
||||||
|
manager->ldap_host,
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
manager->use_ssl,
|
manager->use_ssl,
|
||||||
#endif
|
#endif
|
||||||
@ -410,7 +430,8 @@ static int ldap_verify_user_password (CcnetUserManager *manager,
|
|||||||
|
|
||||||
ldap_unbind_s (ld);
|
ldap_unbind_s (ld);
|
||||||
|
|
||||||
ld = ldap_init_and_bind (manager->ldap_host,
|
ld = ldap_init_and_bind (manager,
|
||||||
|
manager->ldap_host,
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
manager->use_ssl,
|
manager->use_ssl,
|
||||||
#endif
|
#endif
|
||||||
@ -441,7 +462,8 @@ static GList *ldap_list_users (CcnetUserManager *manager, const char *uid,
|
|||||||
char *attrs[2];
|
char *attrs[2];
|
||||||
LDAPMessage *msg = NULL, *entry;
|
LDAPMessage *msg = NULL, *entry;
|
||||||
|
|
||||||
ld = ldap_init_and_bind (manager->ldap_host,
|
ld = ldap_init_and_bind (manager,
|
||||||
|
manager->ldap_host,
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
manager->use_ssl,
|
manager->use_ssl,
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -41,6 +41,7 @@ struct _CcnetUserManager
|
|||||||
char *user_dn; /* DN of the admin user */
|
char *user_dn; /* DN of the admin user */
|
||||||
char *password; /* password for admin user */
|
char *password; /* password for admin user */
|
||||||
char *login_attr; /* attribute name used for login */
|
char *login_attr; /* attribute name used for login */
|
||||||
|
gboolean follow_referrals; /* Follow referrals returned by the server. */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int passwd_hash_iter;
|
int passwd_hash_iter;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user