Add profile check attr to LDAP search request maps

diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h
index deec044d33b75fb4132ddea66f9afa18297dfa91..2998637ea58630268915c7b72506b7d225fdc887 100644 (file)
--- a/src/lib/ldap/base.h
+++ b/src/lib/ldap/base.h
@@ -854,7 +854,8 @@ int         fr_ldap_map_getvalue(TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *reque
 
 int            fr_ldap_map_verify(map_t *map, void *instance);
 
-int            fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps, char const *generic_attr);
+int            fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request,
+                                  map_list_t const *maps, char const *generic_attr, char const *check_attr);
 
 int            fr_ldap_map_do(request_t *request,
                               char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry);

diff --git a/src/lib/ldap/map.c b/src/lib/ldap/map.c
index de9c1b74923382bbaef88f8c8808dc8844c61704..4fed0e90519aeb8a5e4697193e84d28fed939d55 100644 (file)
--- a/src/lib/ldap/map.c
+++ b/src/lib/ldap/map.c
@@ -268,7 +268,8 @@ int fr_ldap_map_verify(map_t *map, UNUSED void *instance)
  *     - 0 on success.
  *     - -1 on failure.
  */
-int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps, char const *generic_attr)
+int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps,
+                      char const *generic_attr, char const *check_attr)
 {
        map_t const     *map = NULL;
        unsigned int    total = 0;
@@ -296,6 +297,7 @@ int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *
        }
 
        if (generic_attr) expanded->attrs[total++] = generic_attr;
+       if (check_attr) expanded->attrs[total++] = check_attr;
 
        expanded->attrs[total] = NULL;
        expanded->count = total;

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index fe02e5a9618c021a7d0d8acb956ef3bc7304976c..d7d546669ee2f108f9e0dc77794ff2f65903fb0c 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -1171,7 +1171,7 @@ static xlat_action_t ldap_profile_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor
         *      Synchronous expansion of maps (fixme!)
         */
        if (fr_ldap_map_expand(xlat_ctx, &xlat_ctx->expanded, request, env_data->profile_map,
-                              inst->valuepair_attr) < 0) goto error;
+                              inst->valuepair_attr, inst->profile_check_attr) < 0) goto error;
        ttrunk = fr_thread_ldap_trunk_get(t, host_url, handle_config->admin_identity,
                                          handle_config->admin_password, request, handle_config);
        if (host) ldap_memfree(host);
@@ -1383,7 +1383,7 @@ static unlang_action_t mod_map_proc(rlm_rcode_t *p_result, void const *mod_inst,
        /*
         *      Expand the RHS of the maps to get the name of the attributes.
         */
-       if (fr_ldap_map_expand(map_ctx, &map_ctx->expanded, request, maps, NULL) < 0) goto fail;
+       if (fr_ldap_map_expand(map_ctx, &map_ctx->expanded, request, maps, NULL, NULL) < 0) goto fail;
 
        /*
         *      If the URL is <scheme>:/// the parsed host will be NULL - use config default
@@ -1869,7 +1869,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod
         *      User-Password here.  LDAP authorization can be used
         *      for many things besides searching for users.
         */
-       if (fr_ldap_map_expand(autz_ctx, expanded, request, call_env->user_map, inst->valuepair_attr) < 0) {
+       if (fr_ldap_map_expand(autz_ctx, expanded, request, call_env->user_map, inst->valuepair_attr, NULL) < 0) {
        fail:
                talloc_free(autz_ctx);
                RETURN_MODULE_FAIL;