Add fallthrough_attr to LDAP query

diff --git a/src/lib/ldap/base.h b/src/lib/ldap/base.h
index 0a2b34b12acd631ab6157864f8d85f6d9c57dcad..f8cb4d694f406b5c70aa7a143d6f306e0daa6843 100644 (file)
--- a/src/lib/ldap/base.h
+++ b/src/lib/ldap/base.h
@@ -855,7 +855,8 @@ int         fr_ldap_map_getvalue(TALLOC_CTX *ctx, fr_pair_list_t *out, request_t *reque
 int            fr_ldap_map_verify(map_t *map, void *instance);
 
 int            fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request,
-                                  map_list_t const *maps, char const *generic_attr, char const *check_attr);
+                                  map_list_t const *maps, char const *generic_attr, char const *check_attr,
+                                  char const *fallthrough_attr);
 
 int            fr_ldap_map_do(request_t *request, char const *check_attr,
                               char const *valuepair_attr, fr_ldap_map_exp_t const *expanded, LDAPMessage *entry);

diff --git a/src/lib/ldap/map.c b/src/lib/ldap/map.c
index 95b77b350bdcbc8a37e4018ca150beb6db433195..7e32dd9391c47726cf0594b464114fd8b64e2cd5 100644 (file)
--- a/src/lib/ldap/map.c
+++ b/src/lib/ldap/map.c
@@ -265,12 +265,13 @@ int fr_ldap_map_verify(map_t *map, UNUSED void *instance)
  * @param[in] maps             to expand.
  * @param[in] generic_attr     name to append to the attribute list.
  * @param[in] check_attr       name to append to the attribute list.
+ * @param[in] fallthrough_attr name to append to the attribute list.
  * @return
  *     - 0 on success.
  *     - -1 on failure.
  */
 int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *request, map_list_t const *maps,
-                      char const *generic_attr, char const *check_attr)
+                      char const *generic_attr, char const *check_attr, char const *fallthrough_attr)
 {
        map_t const     *map = NULL;
        unsigned int    total = 0;
@@ -299,6 +300,7 @@ int fr_ldap_map_expand(TALLOC_CTX *ctx, fr_ldap_map_exp_t *expanded, request_t *
 
        if (generic_attr) expanded->attrs[total++] = generic_attr;
        if (check_attr) expanded->attrs[total++] = check_attr;
+       if (fallthrough_attr) expanded->attrs[total++] = fallthrough_attr;
 
        expanded->attrs[total] = NULL;
        expanded->count = total;

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 15a92ffa20750a2cf787d4f14f66a0f7b908d28a..7d68997085702f894b8eaf6f5f1ab0a98c43d08a 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -1174,7 +1174,7 @@ static xlat_action_t ldap_profile_xlat(UNUSED TALLOC_CTX *ctx, UNUSED fr_dcursor
         *      Synchronous expansion of maps (fixme!)
         */
        if (fr_ldap_map_expand(xlat_ctx, &xlat_ctx->expanded, request, env_data->profile_map,
-                              inst->valuepair_attr, inst->profile.check_attr) < 0) goto error;
+                              inst->valuepair_attr, inst->profile.check_attr, inst->profile.fallthrough_attr) < 0) goto error;
        ttrunk = fr_thread_ldap_trunk_get(t, host_url, handle_config->admin_identity,
                                          handle_config->admin_password, request, handle_config);
        if (host) ldap_memfree(host);
@@ -1400,7 +1400,7 @@ static unlang_action_t mod_map_proc(rlm_rcode_t *p_result, void const *mod_inst,
        /*
         *      Expand the RHS of the maps to get the name of the attributes.
         */
-       if (fr_ldap_map_expand(map_ctx, &map_ctx->expanded, request, maps, NULL, NULL) < 0) goto fail;
+       if (fr_ldap_map_expand(map_ctx, &map_ctx->expanded, request, maps, NULL, NULL, NULL) < 0) goto fail;
 
        /*
         *      If the URL is <scheme>:/// the parsed host will be NULL - use config default
@@ -1849,7 +1849,7 @@ static unlang_action_t CC_HINT(nonnull) mod_authorize(rlm_rcode_t *p_result, mod
         *      User-Password here.  LDAP authorization can be used
         *      for many things besides searching for users.
         */
-       if (fr_ldap_map_expand(autz_ctx, expanded, request, call_env->user_map, inst->valuepair_attr, NULL) < 0) {
+       if (fr_ldap_map_expand(autz_ctx, expanded, request, call_env->user_map, inst->valuepair_attr, NULL, NULL) < 0) {
        fail:
                talloc_free(autz_ctx);
                RETURN_MODULE_FAIL;