Add Samba to the list of identified LDAP directories

It's behaviour is a mimic of AD, so the same warnings apply

diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h
index 2144b77083598204a192972737866f0468a10cd0..deec044d33b75fb4132ddea66f9afa18297dfa91 100644 (file)
--- a/src/lib/ldap/base.h
+++ b/src/lib/ldap/base.h
@@ -150,7 +150,8 @@ typedef enum {
        FR_LDAP_DIRECTORY_ORACLE_VIRTUAL_DIRECTORY,     //!< Directory server is Oracle Virtual Directory.
        FR_LDAP_DIRECTORY_SUN_ONE_DIRECTORY,            //!< Directory server is Sun One Directory.
        FR_LDAP_DIRECTORY_SIEMENS_AG,                   //!< Directory server is Siemens AG.
-       FR_LDAP_DIRECTORY_UNBOUND_ID                    //!< Directory server is Unbound ID
+       FR_LDAP_DIRECTORY_UNBOUND_ID,                   //!< Directory server is Unbound ID
+       FR_LDAP_DIRECTORY_SAMBA                         //!< Directory server is Samba.
 } fr_ldap_directory_type_t;
 
 typedef enum {

diff --git a/src/lib/ldap/directory.c b/src/lib/ldap/directory.c
index 563118827d2be576c00345e4553e2ea4cd9e882f..9fe1c5b3c4c359e9bccf37262d43efd6380fa270 100644 (file)
--- a/src/lib/ldap/directory.c
+++ b/src/lib/ldap/directory.c
@@ -40,6 +40,7 @@ static fr_table_num_sorted_t const fr_ldap_directory_type_table[] = {
        { L("Oracle Internet Directory"),       FR_LDAP_DIRECTORY_ORACLE_INTERNET_DIRECTORY     },
        { L("Oracle Unified Directory"),        FR_LDAP_DIRECTORY_ORACLE_UNIFIED_DIRECTORY      },
        { L("Oracle Virtual Directory"),        FR_LDAP_DIRECTORY_ORACLE_VIRTUAL_DIRECTORY      },
+       { L("Samba"),                           FR_LDAP_DIRECTORY_SAMBA                         },
        { L("Siemens AG"),                      FR_LDAP_DIRECTORY_SIEMENS_AG                    },
        { L("Sun One Directory"),               FR_LDAP_DIRECTORY_SUN_ONE_DIRECTORY             },
        { L("Unbound ID"),                      FR_LDAP_DIRECTORY_UNBOUND_ID                    },
@@ -88,6 +89,8 @@ int fr_ldap_directory_result_parse(fr_ldap_directory_t *directory, LDAP *handle,
        if (directory->vendor_str) {
                if (strcasestr(directory->vendor_str, "International Business Machines")) {
                        directory->type = FR_LDAP_DIRECTORY_IBM;
+               } else if (strcasestr(directory->vendor_str, "Samba Team")) {
+                       directory->type = FR_LDAP_DIRECTORY_SAMBA;
                }
 
                goto found;
@@ -173,6 +176,7 @@ found:
        switch (directory->type) {
        case FR_LDAP_DIRECTORY_ACTIVE_DIRECTORY:
        case FR_LDAP_DIRECTORY_EDIRECTORY:
+       case FR_LDAP_DIRECTORY_SAMBA:
                directory->cleartext_password = false;
                break;
 

diff --git a/src/modules/rlm_ldap/user.c b/src/modules/rlm_ldap/user.c
index f3ea04380d35c45d4001d2e5a2d951fd155d0c0a..bbdd989b0f96f0da8f23e9179f16ebd92f85e796 100644 (file)
--- a/src/modules/rlm_ldap/user.c
+++ b/src/modules/rlm_ldap/user.c
@@ -270,8 +270,10 @@ void rlm_ldap_check_reply(request_t *request, rlm_ldap_t const *inst, char const
        warnings:
                switch (ttrunk->directory->type) {
                case FR_LDAP_DIRECTORY_ACTIVE_DIRECTORY:
+               case FR_LDAP_DIRECTORY_SAMBA:
                        RWDEBUG2("!!! Found map between LDAP attribute and a FreeRADIUS password attribute");
-                       RWDEBUG2("!!! Active Directory does not allow passwords to be read via LDAP");
+                       RWDEBUG2("!!! %s does not allow passwords to be read via LDAP",
+                               (ttrunk->directory->type == FR_LDAP_DIRECTORY_SAMBA ? "Samba" : "Active Directory"));
                        RWDEBUG2("!!! Remove the password map and either:");
                        RWDEBUG2("!!!  - Configure authentication via ntlm_auth (mschapv2 only)");
                        RWDEBUG2("!!!  - Configure authentication via wbclient (mschapv2 only)");