From: Alan T. DeKok Date: Sat, 2 Mar 2013 14:50:13 +0000 (-0500) Subject: Made "chase_referrals" and "rebind" to "yes" by default. X-Git-Tag: release_3_0_0_beta1~881 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa3bb1ee65a03a854fa4359041bd297114c11900;p=thirdparty%2Ffreeradius-server.git Made "chase_referrals" and "rebind" to "yes" by default. And updated the source so that it prints out warnings if they cannot be enabled. We should probably just remove these two options. There are always benefits to leaving them on. There are no real benefits to turning them off --- diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap index a65eb657919..695ee0d72a6 100644 --- a/raddb/mods-available/ldap +++ b/raddb/mods-available/ldap @@ -181,12 +181,12 @@ ldap { options { # # The following two configuration items are for Active Directory - # compatibility. If you see the helpful "operations error" - # being returned to the LDAP module, uncomment the next - # two lines. + # compatibility. If you set these to "no", then searches + # will likely return "operations error", instead of a + # useful resuly. # -# chase_referrals = yes -# rebind = yes + chase_referrals = yes + rebind = yes # seconds to wait for LDAP query to finish. default: 20 timeout = 10 diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 08b679bbc85..0dd3fe5b28f 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -571,11 +571,13 @@ static void *ldap_conn_create(void *ctx) do_ldap_option(LDAP_OPT_REFERRALS, "chase_referrals", LDAP_OPT_ON); -#if LDAP_SET_REBIND_PROC_ARGS == 3 if (inst->rebind == 1) { +#if LDAP_SET_REBIND_PROC_ARGS == 3 ldap_set_rebind_proc(handle, ldap_rebind, inst); - } +#else + DEBUGW("The flag 'rebind = yes' is not supported by the system LDAP library. Ignoring."); #endif + } } else { do_ldap_option(LDAP_OPT_REFERRALS, "chase_referrals", LDAP_OPT_OFF);