From: Arran Cudbard-Bell Date: Tue, 30 Oct 2012 13:00:08 +0000 (+0000) Subject: re-add the expect_password option X-Git-Tag: release_3_0_0_beta1~1628 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d5815c0b8f502cc5ee183f92d5b74fd40f2c493;p=thirdparty%2Ffreeradius-server.git re-add the expect_password option --- diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap index 34582dda967..c4ae0ec72bc 100644 --- a/raddb/mods-available/ldap +++ b/raddb/mods-available/ldap @@ -2,6 +2,7 @@ # # $Id$ +# # Lightweight Directory Access Protocol (LDAP) # ldap { @@ -27,6 +28,11 @@ ldap { # directory attributes. # dictionary_mapping = ${confdir}/ldap.attrmap + # Set to "no" to disable the "no \"known good\" password" warning, + # if you're not using LDAP to retrieve password values. +# expect_password = "yes" + + # # Profile related attributes. # profiles { diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index ee9364616f3..3c8e10d83d9 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -54,6 +54,7 @@ typedef struct { const char *xlat_name; /* name used to xlat */ const char *map_file; + int expect_password; TLDAP_RADIUS *check_map; TLDAP_RADIUS *reply_map; char **attrs; @@ -247,7 +248,11 @@ static const CONF_PARSER module_config[] = { /* file with mapping between LDAP and RADIUS attributes */ {"dictionary_mapping", PW_TYPE_FILENAME, offsetof(ldap_instance, map_file), NULL, NULL}, - + + /* turn off the annoying warning if we don't expect a password */ + {"expect_password", PW_TYPE_BOOLEAN, + offsetof(ldap_instance,expect_password), NULL, "yes"}, + /* * Terrible things which should be deleted. */ @@ -1423,7 +1428,7 @@ static void do_check_reply(ldap_instance *inst, LDAP *ld, REQUEST *request, * More warning messages for people who can't be bothered * to read the documentation. */ - if (debug_flag > 1) { + if (inst->expect_password && (debug_flag > 1)) { if (!pairfind(request->config_items, PW_CLEARTEXT_PASSWORD, 0) && !pairfind(request->config_items, PW_NT_PASSWORD, 0) && !pairfind(request->config_items, PW_USER_PASSWORD, 0) &&