diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/partition.c | 16 | ||||
-rw-r--r-- | source4/ldap_server/ldap_backend.c | 18 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.c | 1 | ||||
-rw-r--r-- | source4/ldap_server/ldap_server.h | 6 |
4 files changed, 36 insertions, 5 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 49bdeb04fa5..f66ccab1dd5 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -902,11 +902,17 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) data->partitions[i]->ctrl->dn) == 0) && (ldb_dn_compare(req->op.search.base, data->partitions[i]->ctrl->dn) != 0)) { - char *ref = talloc_asprintf(ac, - "ldap://%s/%s%s", - lpcfg_dnsdomain(lp_ctx), - ldb_dn_get_linearized(data->partitions[i]->ctrl->dn), - req->op.search.scope == LDB_SCOPE_ONELEVEL ? "??base" : ""); + const char *scheme = ldb_get_opaque( + ldb, LDAP_REFERRAL_SCHEME_OPAQUE); + char *ref = talloc_asprintf( + ac, + "%s://%s/%s%s", + scheme == NULL ? "ldap" : scheme, + lpcfg_dnsdomain(lp_ctx), + ldb_dn_get_linearized( + data->partitions[i]->ctrl->dn), + req->op.search.scope == + LDB_SCOPE_ONELEVEL ? "??base" : ""); if (ref == NULL) { return ldb_oom(ldb); diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 39f1aa2a2a6..573472c0f7f 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -647,6 +647,24 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) call->notification.busy = true; } + { + const char *scheme = NULL; + switch (call->conn->referral_scheme) { + case LDAP_REFERRAL_SCHEME_LDAPS: + scheme = "ldaps"; + break; + default: + scheme = "ldap"; + } + ldb_ret = ldb_set_opaque( + samdb, + LDAP_REFERRAL_SCHEME_OPAQUE, + discard_const_p(char *, scheme)); + if (ldb_ret != LDB_SUCCESS) { + goto reply; + } + } + ldb_set_timeout(samdb, lreq, req->timelimit); if (!call->conn->is_privileged) { diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index bc2f54bc146..9599e0dacac 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -436,6 +436,7 @@ static void ldapsrv_accept_tls_done(struct tevent_req *subreq) } conn->sockets.active = conn->sockets.tls; + conn->referral_scheme = LDAP_REFERRAL_SCHEME_LDAPS; ldapsrv_call_read_next(conn); } diff --git a/source4/ldap_server/ldap_server.h b/source4/ldap_server/ldap_server.h index d3e31fb1eec..5b944f5ab9b 100644 --- a/source4/ldap_server/ldap_server.h +++ b/source4/ldap_server/ldap_server.h @@ -24,6 +24,11 @@ #include "system/network.h" #include "lib/param/loadparm.h" +enum ldap_server_referral_scheme { + LDAP_REFERRAL_SCHEME_LDAP, + LDAP_REFERRAL_SCHEME_LDAPS +}; + struct ldapsrv_connection { struct ldapsrv_connection *next, *prev; struct loadparm_context *lp_ctx; @@ -47,6 +52,7 @@ struct ldapsrv_connection { bool is_privileged; enum ldap_server_require_strong_auth require_strong_auth; bool authz_logged; + enum ldap_server_referral_scheme referral_scheme; struct { int initial_timeout; |