*/
fr_table_num_sorted_t const fr_ldap_scope[] = {
{ L("base"), LDAP_SCOPE_BASE },
-#ifdef LDAP_SCOPE_CHILDREN
{ L("children"), LDAP_SCOPE_CHILDREN },
-#endif
{ L("one"), LDAP_SCOPE_ONE },
{ L("sub"), LDAP_SCOPE_SUB }
};
size_t fr_ldap_scope_len = NUM_ELEMENTS(fr_ldap_scope);
-#ifdef LDAP_OPT_X_TLS_NEVER
fr_table_num_sorted_t const fr_ldap_tls_require_cert[] = {
{ L("allow"), LDAP_OPT_X_TLS_ALLOW },
{ L("demand"), LDAP_OPT_X_TLS_DEMAND },
{ L("try"), LDAP_OPT_X_TLS_TRY }
};
size_t fr_ldap_tls_require_cert_len = NUM_ELEMENTS(fr_ldap_tls_require_cert);
-#endif
fr_table_num_sorted_t const fr_ldap_dereference[] = {
{ L("always"), LDAP_DEREF_ALWAYS },
if (request) RINDENT();
-#ifdef LDAP_OPT_NETWORK_TIMEOUT
if (ldap_get_option(conn->handle, LDAP_OPT_NETWORK_TIMEOUT, &net) != LDAP_OPT_SUCCESS) {
ROPTIONAL(REDEBUG, ERROR, "Failed getting LDAP_OPT_NETWORK_TIMEOUT");
}
-#endif
-#ifdef LDAP_OPT_TIMEOUT
if (ldap_get_option(conn->handle, LDAP_OPT_TIMEOUT, &client) != LDAP_OPT_SUCCESS) {
ROPTIONAL(REDEBUG, ERROR, "Failed getting LDAP_OPT_TIMEOUT");
}
-#endif
if (ldap_get_option(conn->handle, LDAP_OPT_TIMELIMIT, &server) != LDAP_OPT_SUCCESS) {
ROPTIONAL(REDEBUG, ERROR, "Failed getting LDAP_OPT_TIMELIMIT");
ROPTIONAL(RDEBUG4, DEBUG4, "Client side result timeout (ovr): unset");
}
-#ifdef LDAP_OPT_TIMEOUT
if (client && (client->tv_sec != -1)) {
ROPTIONAL(RDEBUG4, DEBUG4, "Client side result timeout (dfl): %pVs",
fr_box_time_delta(fr_time_delta_from_timeval(client)));
} else {
ROPTIONAL(RDEBUG4, DEBUG4, "Client side result timeout (dfl): unset");
}
-#endif
-#ifdef LDAP_OPT_NETWORK_TIMEOUT
if (net && (net->tv_sec != -1)) {
ROPTIONAL(RDEBUG4, DEBUG4, "Client side network I/O timeout : %pVs",
fr_box_time_delta(fr_time_delta_from_timeval(net)));
ROPTIONAL(RDEBUG4, DEBUG4, "Client side network I/O timeout : unset");
}
-#endif
+
ROPTIONAL(RDEBUG4, DEBUG4, "Server side result timeout : %i", server);
if (request) REXDENT();
static void _ldap_handle_thread_local_free(void *handle)
{
-#ifdef HAVE_LDAP_UNBIND_EXT_S
ldap_unbind_ext_s(handle, NULL, NULL);
-#else
- ldap_unbind_s(handle);
-#endif
}
/** Get a thread local dummy LDAP handle
if (!ldap_thread_local_handle) {
LDAP *handle;
-#ifdef HAVE_LDAP_INITIALIZE
ldap_initialize(&handle, "");
-#else
- handle = ldap_init("", 0);
-#endif
+
fr_atexit_thread_local(ldap_thread_local_handle, _ldap_handle_thread_local_free, handle);
}
#define maybe_ldap_global_option(_option, _name, _value) \
if (_value) do_ldap_global_option(_option, _name, _value)
-#ifdef LDAP_OPT_DEBUG_LEVEL
if (debug_level) do_ldap_global_option(LDAP_OPT_DEBUG_LEVEL, "ldap_debug", &debug_level);
-#else
- if (debug_level) WARN("ldap_debug not honoured as LDAP_OPT_DEBUG_LEVEL is not available");
-#endif
-#ifdef LDAP_OPT_X_TLS_RANDOM_FILE
/*
* OpenLDAP will error out if we attempt to set
* this on a handle. Presumably it's global in
* OpenSSL too.
*/
maybe_ldap_global_option(LDAP_OPT_X_TLS_RANDOM_FILE, "random_file", tls_random_file);
-#endif
done_config = true;
*
* See: https://github.com/arr2036/ldapperf/issues/2
*/
-#ifdef HAVE_LDAP_INITIALIZE
ldap_initialize(&ldap_global_handle, "");
-#else
- ldap_global_handle = ldap_init("", 0);
-#endif
+
if (!ldap_global_handle) {
ERROR("Failed initialising global LDAP handle");
return -1;
* of the module should always work,
* irrespective of what changes happen in libldap.
*/
-#ifdef HAVE_LDAP_UNBIND_EXT_S
ldap_unbind_ext_s(ldap_global_handle, NULL, NULL);
-#else
- ldap_unbind_s(ldap_global_handle);
-#endif
}
# endif
#endif
-/*
- * Ensure the have the ldap_create_sort_keylist()
- * function too, else we can't use ldap_create_sort_control()
- */
-#if !defined(HAVE_LDAP_CREATE_SORT_KEYLIST) || !defined(HAVE_LDAP_FREE_SORT_KEYLIST)
-# undef HAVE_LDAP_CREATE_SORT_CONTROL
-#endif
-
/*
* Because the LTB people define LDAP_VENDOR_VERSION_PATCH
* as X, which precludes its use in printf statements *sigh*
# define LDAP_CONST
#endif
-#if defined(HAVE_LDAP_URL_PARSE) && defined(HAVE_LDAP_IS_LDAP_URL) && defined(HAVE_LDAP_URL_DESC2STR)
-# define LDAP_CAN_PARSE_URLS
-#endif
-
#define LDAP_MAX_CONTROLS 10 //!< Maximum number of client/server controls.
//!< Used to allocate static arrays of control pointers.
#define LDAP_MAX_ATTRMAP 128 //!< Maximum number of mappings between LDAP and
/*
* For keep-alives.
*/
-#ifdef LDAP_OPT_X_KEEPALIVE_IDLE
fr_time_delta_t keepalive_idle; //!< Number of seconds a connections needs to remain idle
//!< before TCP starts sending keepalive probes.
-#endif
-#ifdef LDAP_OPT_X_KEEPALIVE_PROBES
+
uint32_t keepalive_probes; //!< Number of missed timeouts before the connection is
///< dropped.
-#endif
-#ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL
+
fr_time_delta_t keepalive_interval; //!< Interval between keepalive probes.
-#endif
/*
* Search timelimits
function. */
#undef HAVE_LDAP_CREATE_SESSION_TRACKING_CONTROL
-/* Define to 1 if you have the `ldap_create_sort_control' function. */
-#undef HAVE_LDAP_CREATE_SORT_CONTROL
-
-/* Define to 1 if you have the `ldap_create_sort_keylist' function. */
-#undef HAVE_LDAP_CREATE_SORT_KEYLIST
-
-/* Define to 1 if you have the `ldap_free_sort_keylist' function. */
-#undef HAVE_LDAP_FREE_SORT_KEYLIST
-
-/* Define to 1 if you have the `ldap_initialize' function. */
-#undef HAVE_LDAP_INITIALIZE
-
-/* Define to 1 if you have the `ldap_is_ldap_url' function. */
-#undef HAVE_LDAP_IS_LDAP_URL
-
-/* Define to 1 if you have the `ldap_sasl_interactive_bind' function. */
-#undef HAVE_LDAP_SASL_INTERACTIVE_BIND
-
-/* Define to 1 if you have the `ldap_start_tls_s' function. */
-#undef HAVE_LDAP_START_TLS_S
-
-/* Define to 1 if you have the `ldap_unbind_ext_s' function. */
-#undef HAVE_LDAP_UNBIND_EXT_S
-
-/* Define to 1 if you have the `ldap_url_desc2str' function. */
-#undef HAVE_LDAP_URL_DESC2STR
-
-/* Define to 1 if you have the `ldap_url_parse' function. */
-#undef HAVE_LDAP_URL_PARSE
-
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
if test "x$fail" = "x"; then
- ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind" "ac_cv_func_ldap_sasl_interactive_bind"
-if test "x$ac_cv_func_ldap_sasl_interactive_bind" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_SASL_INTERACTIVE_BIND 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_unbind_ext_s" "ac_cv_func_ldap_unbind_ext_s"
-if test "x$ac_cv_func_ldap_unbind_ext_s" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_UNBIND_EXT_S 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_start_tls_s" "ac_cv_func_ldap_start_tls_s"
-if test "x$ac_cv_func_ldap_start_tls_s" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_START_TLS_S 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_initialize" "ac_cv_func_ldap_initialize"
-if test "x$ac_cv_func_ldap_initialize" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_INITIALIZE 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_create_sort_control" "ac_cv_func_ldap_create_sort_control"
-if test "x$ac_cv_func_ldap_create_sort_control" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_CREATE_SORT_CONTROL 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_create_sort_keylist" "ac_cv_func_ldap_create_sort_keylist"
-if test "x$ac_cv_func_ldap_create_sort_keylist" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_CREATE_SORT_KEYLIST 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_free_sort_keylist" "ac_cv_func_ldap_free_sort_keylist"
-if test "x$ac_cv_func_ldap_free_sort_keylist" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_FREE_SORT_KEYLIST 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_create_session_tracking_control" "ac_cv_func_ldap_create_session_tracking_control"
+ ac_fn_c_check_func "$LINENO" "ldap_create_session_tracking_control" "ac_cv_func_ldap_create_session_tracking_control"
if test "x$ac_cv_func_ldap_create_session_tracking_control" = xyes
then :
printf "%s\n" "#define HAVE_LDAP_CREATE_SESSION_TRACKING_CONTROL 1" >>confdefs.h
-fi
-ac_fn_c_check_func "$LINENO" "ldap_url_parse" "ac_cv_func_ldap_url_parse"
-if test "x$ac_cv_func_ldap_url_parse" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_URL_PARSE 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_is_ldap_url" "ac_cv_func_ldap_is_ldap_url"
-if test "x$ac_cv_func_ldap_is_ldap_url" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_IS_LDAP_URL 1" >>confdefs.h
-
-fi
-ac_fn_c_check_func "$LINENO" "ldap_url_desc2str" "ac_cv_func_ldap_url_desc2str"
-if test "x$ac_cv_func_ldap_url_desc2str" = xyes
-then :
- printf "%s\n" "#define HAVE_LDAP_URL_DESC2STR 1" >>confdefs.h
-
fi
smart_prefix=
if test "x$ac_cv_header_sasl_sasl_h" = "xyes"; then
- if test x"$ac_cv_func_ldap_sasl_interactive_bind" = "xyes"; then
printf "%s\n" "#define WITH_SASL 1" >>confdefs.h
SASL="sasl_s.c sasl.c"
- fi
fi
targetname=libfreeradius-ldap
if test "x$fail" = "x"; then
AC_CHECK_FUNCS(
- ldap_sasl_interactive_bind \
- ldap_unbind_ext_s \
- ldap_start_tls_s \
- ldap_initialize \
- ldap_create_sort_control \
- ldap_create_sort_keylist \
- ldap_free_sort_keylist \
- ldap_create_session_tracking_control \
- ldap_url_parse \
- ldap_is_ldap_url \
- ldap_url_desc2str
+ ldap_create_session_tracking_control
)
AC_CHECK_DECLS([ldap_create_session_tracking_control], [], [], [[#include <ldap.h>]])
*/
int fr_ldap_connection_configure(fr_ldap_connection_t *c, fr_ldap_config_t const *config)
{
- LDAP *handle = NULL;
- int ldap_errno, ldap_version;
+ LDAP *handle = NULL;
+ int ldap_errno, ldap_version, keepalive, probes, is_server;
fr_assert(config->server);
-#ifdef HAVE_LDAP_INITIALIZE
ldap_errno = ldap_initialize(&handle, config->server);
if (ldap_errno != LDAP_SUCCESS) {
ERROR("ldap_initialize failed: %s", ldap_err2string(ldap_errno));
error:
return -1;
}
-#else
- handle = ldap_init(config->server, config->port);
- if (!handle) {
- ERROR("ldap_init failed");
- error:
- return -1;
- }
-#endif
DEBUG3("New connection %p libldap handle %p", c, handle);
*/
do_ldap_option(LDAP_OPT_REFERRALS, "chase_referrals", LDAP_OPT_OFF);
-#ifdef LDAP_OPT_NETWORK_TIMEOUT
/*
* A value of zero results in an handle configuration failure.
*
(fr_time_delta_ispos(config->net_timeout) ?
&fr_time_delta_to_timeval(config->net_timeout) :
&(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
-#endif
do_ldap_option(LDAP_OPT_TIMELIMIT, "srv_timelimit", &fr_time_delta_to_timeval(config->srv_timelimit));
ldap_version = LDAP_VERSION3;
do_ldap_option(LDAP_OPT_PROTOCOL_VERSION, "ldap_version", &ldap_version);
-#ifdef LDAP_OPT_X_KEEPALIVE_IDLE
- {
- int keepalive = fr_time_delta_to_sec(config->keepalive_idle);
-
- do_ldap_option(LDAP_OPT_X_KEEPALIVE_IDLE, "keepalive_idle", &keepalive);
- }
-#endif
-
-#ifdef LDAP_OPT_X_KEEPALIVE_PROBES
- {
- int probes = config->keepalive_probes;
-
- do_ldap_option(LDAP_OPT_X_KEEPALIVE_PROBES, "keepalive_probes", &probes);
- }
-#endif
+ keepalive = fr_time_delta_to_sec(config->keepalive_idle);
+ do_ldap_option(LDAP_OPT_X_KEEPALIVE_IDLE, "keepalive_idle", &keepalive);
-#ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL
- {
- int keepalive = fr_time_delta_to_sec(config->keepalive_interval);
+ probes = config->keepalive_probes;
+ do_ldap_option(LDAP_OPT_X_KEEPALIVE_PROBES, "keepalive_probes", &probes);
- do_ldap_option(LDAP_OPT_X_KEEPALIVE_INTERVAL, "keepalive_interval", &keepalive);
- }
-#endif
+ keepalive = fr_time_delta_to_sec(config->keepalive_interval);
+ do_ldap_option(LDAP_OPT_X_KEEPALIVE_INTERVAL, "keepalive_interval", &keepalive);
-#ifdef HAVE_LDAP_START_TLS_S
/*
* Set all of the TLS options
*/
maybe_ldap_option(LDAP_OPT_X_TLS_CERTFILE, "certificate_file", config->tls_certificate_file);
maybe_ldap_option(LDAP_OPT_X_TLS_KEYFILE, "private_key_file", config->tls_private_key_file);
-# ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
if (config->tls_require_cert_str) {
do_ldap_option(LDAP_OPT_X_TLS_REQUIRE_CERT, "require_cert", &config->tls_require_cert);
}
-# endif
-# ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
if (config->tls_min_version_str) {
do_ldap_option(LDAP_OPT_X_TLS_PROTOCOL_MIN, "tls_min_version", &config->tls_min_version);
}
-# endif
/*
* Counter intuitively the TLS context appears to need to be initialised
* after all the TLS options are set on the handle.
*/
-# ifdef LDAP_OPT_X_TLS_NEWCTX
- {
- /* Always use the new TLS configuration context */
- int is_server = 0;
- do_ldap_option(LDAP_OPT_X_TLS_NEWCTX, "new TLS context", &is_server);
- }
-# endif
+
+ /* Always use the new TLS configuration context */
+ is_server = 0;
+ do_ldap_option(LDAP_OPT_X_TLS_NEWCTX, "new TLS context", &is_server);
if (config->sasl_secprops) do_ldap_option(LDAP_OPT_X_SASL_SECPROPS, "sasl_secprops", config->sasl_secprops);
"configuration");
}
}
-#endif /* HAVE_LDAP_START_TLS_S */
return 0;
}
if (!c->handle) return 0; /* Don't need to do anything else if we don't yet have a handle */
-#ifdef HAVE_LDAP_UNBIND_EXT_S
LDAPControl *our_serverctrls[LDAP_MAX_CONTROLS];
LDAPControl *our_clientctrls[LDAP_MAX_CONTROLS];
DEBUG3("Closing connection %p libldap handle %p", c->handle, c);
ldap_unbind_ext(c->handle, our_serverctrls, our_clientctrls); /* Same code as ldap_unbind_ext_s */
-#else
- DEBUG3("Closing connection %p libldap handle %p", c->handle, c);
- ldap_unbind(c->handle); /* Same code as ldap_unbind_s */
-#endif
+
c->handle = NULL;
return 0;
int fr_ldap_connection_timeout_set(fr_ldap_connection_t const *c, fr_time_delta_t timeout)
{
-#ifdef LDAP_OPT_NETWORK_TIMEOUT
int ldap_errno;
/*
(fr_time_delta_ispos(timeout) ?
&fr_time_delta_to_timeval(timeout) :
&(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
-#endif
return 0;
int fr_ldap_connection_timeout_reset(fr_ldap_connection_t const *c)
{
-
-#ifdef LDAP_OPT_NETWORK_TIMEOUT
int ldap_errno;
/*
(fr_time_delta_ispos(c->config->net_timeout) ?
&fr_time_delta_to_timeval(c->config->net_timeout) :
&(struct timeval) { .tv_sec = -1, .tv_usec = 0 }));
-#endif
return 0;
p++;
}
-#ifdef HAVE_LDAP_CREATE_SORT_CONTROL
/*
* Server side sort control
*/
continue;
}
-#endif
fr_strerror_printf("URL extension \"%s\" not supported", p);
return -1;
{ FR_CONF_OFFSET("require_cert", FR_TYPE_STRING, fr_ldap_config_t, tls_require_cert_str) },
-#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
{ FR_CONF_OFFSET("tls_min_version", FR_TYPE_STRING, fr_ldap_config_t, tls_min_version_str) },
-#endif
CONF_PARSER_TERMINATOR
};
{ FR_CONF_OFFSET("sasl_secprops", FR_TYPE_STRING, rlm_ldap_t, handle_config.sasl_secprops) },
-#ifdef LDAP_OPT_NETWORK_TIMEOUT
/*
* We use this config option to populate libldap's LDAP_OPT_NETWORK_TIMEOUT -
* timeout on network activity - specifically libldap's initial call to "connect"
* Must be non-zero for async connections to start correctly.
*/
{ FR_CONF_OFFSET("net_timeout", FR_TYPE_TIME_DELTA, rlm_ldap_t, handle_config.net_timeout), .dflt = "10" },
-#endif
-#ifdef LDAP_OPT_X_KEEPALIVE_IDLE
{ FR_CONF_OFFSET("idle", FR_TYPE_TIME_DELTA, rlm_ldap_t, handle_config.keepalive_idle), .dflt = "60" },
-#endif
-#ifdef LDAP_OPT_X_KEEPALIVE_PROBES
+
{ FR_CONF_OFFSET("probes", FR_TYPE_UINT32, rlm_ldap_t, handle_config.keepalive_probes), .dflt = "3" },
-#endif
-#ifdef LDAP_OPT_X_KEEPALIVE_INTERVAL
+
{ FR_CONF_OFFSET("interval", FR_TYPE_TIME_DELTA, rlm_ldap_t, handle_config.keepalive_interval), .dflt = "30" },
-#endif
{ FR_CONF_OFFSET("dereference", FR_TYPE_STRING, rlm_ldap_t, handle_config.dereference_str) },
mod_s[total].mod_op = LDAP_MOD_DELETE;
break;
-#ifdef LDAP_MOD_INCREMENT
case T_OP_INCRM:
mod_s[total].mod_op = LDAP_MOD_INCREMENT;
break;
-#endif
+
default:
REDEBUG("Operator '%s' is not supported for LDAP modify operations",
fr_table_str_by_value(fr_tokens_table, op, "<INVALID>"));
{
rlm_ldap_t *inst = talloc_get_type_abort(mctx->inst->data, rlm_ldap_t);
-#ifdef HAVE_LDAP_CREATE_SORT_CONTROL
if (inst->userobj_sort_ctrl) ldap_control_free(inst->userobj_sort_ctrl);
-#endif
fr_pool_free(inst->pool);
}
#endif
-#ifndef HAVE_LDAP_CREATE_SORT_CONTROL
- if (inst->userobj_sort_by) {
- cf_log_err(conf, "Configuration item 'sort_by' not supported. "
- "Linked libldap does not provide ldap_create_sort_control function");
- goto error;
- }
-#endif
-
-#ifndef HAVE_LDAP_URL_PARSE
- if (inst->handle_config.use_referral_credentials) {
- cf_log_err(conf, "Configuration item 'use_referral_credentials' not supported. "
- "Linked libldap does not support URL parsing");
- goto error;
- }
-#endif
-
/*
* Initialise server with zero length string to
* make code below simpler.
}
}
-#ifdef LDAP_CAN_PARSE_URLS
/*
* Split original server value out into URI, server and port
* so whatever initialization function we use later will have
bool set_port_maybe = true;
int default_port = LDAP_PORT;
char *p;
+ char *url;
if (ldap_url_parse(value, &ldap_url)){
cf_log_err(conf, "Parsing LDAP URL \"%s\" failed", value);
set_port_maybe = false;
}
- /* We allow extensions */
-
-# ifdef HAVE_LDAP_INITIALIZE
- {
- char *url;
-
- /*
- * Figure out the default port from the URL
- */
- if (ldap_url->lud_scheme) {
- if (strcmp(ldap_url->lud_scheme, "ldaps") == 0) {
- if (inst->handle_config.start_tls == true) {
- cf_log_err(conf, "ldaps:// scheme is not compatible "
- "with 'start_tls'");
- goto ldap_url_error;
- }
- default_port = LDAPS_PORT;
-
- } else if (strcmp(ldap_url->lud_scheme, "ldapi") == 0) {
- set_port_maybe = false; /* Unix socket, no port */
+ /*
+ * Figure out the default port from the URL
+ */
+ if (ldap_url->lud_scheme) {
+ if (strcmp(ldap_url->lud_scheme, "ldaps") == 0) {
+ if (inst->handle_config.start_tls == true) {
+ cf_log_err(conf, "ldaps:// scheme is not compatible with 'start_tls'");
+ goto ldap_url_error;
}
- }
+ default_port = LDAPS_PORT;
- if (set_port_maybe) {
- /*
- * URL port overrides configured port.
- */
- ldap_url->lud_port = inst->handle_config.port;
-
- /*
- * If there's no URL port, then set it to the default
- * this is so debugging messages show explicitly
- * the port we're connecting to.
- */
- if (!ldap_url->lud_port) ldap_url->lud_port = default_port;
+ } else if (strcmp(ldap_url->lud_scheme, "ldapi") == 0) {
+ set_port_maybe = false; /* Unix socket, no port */
}
-
- url = ldap_url_desc2str(ldap_url);
- if (!url) {
- cf_log_err(conf, "Failed recombining URL components");
- goto ldap_url_error;
- }
- inst->handle_config.server = talloc_asprintf_append(inst->handle_config.server,
- "%s ", url);
- free(url);
- }
-# else
- /*
- * No LDAP initialize function. Can't specify a scheme.
- */
- if (ldap_url->lud_scheme &&
- ((strcmp(ldap_url->lud_scheme, "ldaps") == 0) ||
- (strcmp(ldap_url->lud_scheme, "ldapi") == 0) ||
- (strcmp(ldap_url->lud_scheme, "cldap") == 0))) {
- cf_log_err(conf, "%s is not supported by linked libldap",
- ldap_url->lud_scheme);
- return -1;
}
- /*
- * URL port over-rides the configured
- * port. But if there's no configured
- * port, we use the hard-coded default.
- */
if (set_port_maybe) {
+ /*
+ * URL port overrides configured port.
+ */
ldap_url->lud_port = inst->handle_config.port;
+
+ /*
+ * If there's no URL port, then set it to the default
+ * this is so debugging messages show explicitly
+ * the port we're connecting to.
+ */
if (!ldap_url->lud_port) ldap_url->lud_port = default_port;
}
- inst->handle_config.server = talloc_asprintf_append(inst->handle_config.server, "%s:%i ",
- ldap_url->lud_host ? ldap_url->lud_host :
- "localhost",
- ldap_url->lud_port);
-# endif
+ url = ldap_url_desc2str(ldap_url);
+ if (!url) {
+ cf_log_err(conf, "Failed recombining URL components");
+ goto ldap_url_error;
+ }
+ inst->handle_config.server = talloc_asprintf_append(inst->handle_config.server,
+ "%s ", url);
+ free(url);
+
/*
* @todo We could set a few other top level
* directives using the URL, like base_dn
* We need to construct an LDAP URI
*/
} else
-#endif /* HAVE_LDAP_URL_PARSE && HAVE_LDAP_IS_LDAP_URL && LDAP_URL_DESC2STR */
/*
* If it's not an URL, or we don't have the functions necessary
* to break apart the URL and recombine it, then just treat
* server as a hostname.
*/
{
-#ifdef HAVE_LDAP_INITIALIZE
char const *p;
char *q;
int port = 0;
*/
if (strchr(value, '/')) {
bad_server_fmt:
-#ifdef LDAP_CAN_PARSE_URLS
cf_log_err(conf, "Invalid 'server' entry, must be in format <server>[:<port>] or "
"an ldap URI (ldap|cldap|ldaps|ldapi)://<server>:<port>");
-#else
- cf_log_err(conf, "Invalid 'server' entry, must be in format <server>[:<port>]");
-#endif
return -1;
}
inst->handle_config.server = talloc_asprintf_append(inst->handle_config.server,
"ldap://%.*s:%i ",
(int) len, value, port);
-#else
- /*
- * ldap_init takes port, which can be overridden by :port so
- * we don't need to do any parsing here.
- */
- inst->handle_config.server = talloc_asprintf_append(inst->handle_config.server, "%s ", value);
-#endif
}
}
DEBUG4("rlm_ldap (%s) - LDAP server string: %s", mctx->inst->name, inst->handle_config.server);
}
-#ifdef LDAP_OPT_X_TLS_NEVER
/*
* Workaround for servers which support LDAPS but not START TLS
*/
} else {
inst->handle_config.tls_mode = 0;
}
-#endif
/*
* Convert dereference strings to enumerated constants
*/
inst->userobj_scope = fr_table_value_by_str(fr_ldap_scope, inst->userobj_scope_str, -1);
if (inst->userobj_scope < 0) {
-#ifdef LDAP_SCOPE_CHILDREN
cf_log_err(conf, "Invalid 'user.scope' value \"%s\", expected 'sub', 'one', 'base' or 'children'",
inst->userobj_scope_str);
-#else
- cf_log_err(conf, "Invalid 'user.scope' value \"%s\", expected 'sub', 'one' or 'children'",
- inst->userobj_scope_str);
-#endif
goto error;
}
inst->groupobj_scope = fr_table_value_by_str(fr_ldap_scope, inst->groupobj_scope_str, -1);
if (inst->groupobj_scope < 0) {
-#ifdef LDAP_SCOPE_CHILDREN
cf_log_err(conf, "Invalid 'group.scope' value \"%s\", expected 'sub', 'one', 'base' or 'children'",
inst->groupobj_scope_str);
-#else
- cf_log_err(conf, "Invalid 'group.scope' value \"%s\", expected 'sub', 'one' or 'children'",
- inst->groupobj_scope_str);
-#endif
-
goto error;
}
-#ifdef HAVE_LDAP_CREATE_SORT_CONTROL
/*
* Build the server side sort control for user objects
*/
goto error;
}
}
-#endif
if (inst->handle_config.tls_require_cert_str) {
-#ifdef LDAP_OPT_X_TLS_NEVER
/*
* Convert cert strictness to enumerated constants
*/
"'demand', 'allow', 'try' or 'hard'", inst->handle_config.tls_require_cert_str);
goto error;
}
-#else
- cf_log_err(conf, "Modifying 'tls.require_cert' is not supported by current "
- "version of libldap. Please upgrade or substitute current libldap and "
- "rebuild this module");
-
- goto error;
-#endif
}
-if (inst->handle_config.tls_min_version_str) {
-#ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN
+ if (inst->handle_config.tls_min_version_str) {
if (strcmp(inst->handle_config.tls_min_version_str, "1.2") == 0) {
inst->handle_config.tls_min_version = LDAP_OPT_X_TLS_PROTOCOL_TLS1_2;
cf_log_err(conf, "Invalid 'tls.tls_min_version' value \"%s\"", inst->handle_config.tls_min_version_str);
goto error;
}
-#else
- cf_log_err(conf, "This version of libldap does not support tls.tls_min_version."
- " Please upgrade or substitute current libldap and "
- "rebuild this module");
- goto error;
-
-#endif
}
/*
projects / thirdparty / freeradius-server.git / commitdiff
