Re: [exim] LDAP dereference parameter don't work on active d…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Justo Alonso
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] LDAP dereference parameter don't work on active directory
Hi,
    I'm using OpenLDAP libraries (openldap2-devel-2.2.24-4.12 rpm of Suse
Enterprise 9)


    In ldap.h we have defined LDAP_OPT_DEREF as:


#define LDAP_OPT_DEREF 0x0002

    You are thinking about a openldap libraries bug (or this rpm bug) ??


    I will try to debug it.


j

On 3/9/06, Philip Hazel <ph10@???> wrote:
>
> On Thu, 9 Mar 2006, Justo Alonso wrote:
>
> >     Running strace I see that the lookup tries to search all references,
> but
> > I already set dereference=never, so it seems that it's not working. This
> is
> > the server_condition that I'm using:

> >
> > server_condition = ${lookup ldap {user="${lookup
> > ldapdn{user="LDAP_ACTIVE_USER" pass=${quote:LDAP_ACTIVE_PASS} \
> >                         dereference=never size=1
> > ldap:///LDAP_ACTIVE_BASEDN?dn?sub?LDAP_ACTIVE_AUTH_P}}" \
> >                         pass=${quote:$3} dereference=never size=1 \

> >
> > ldap:///LDAP_ACTIVE_BASEDN?mail?sub?LDAP_ACTIVE_AUTH_P}{1}{0}}
> >
> >    If I set nettime=1 on the ldapdn lookup, then all works (I get the
> > timeout in just one second), the second query gets executed following no
> > references (maybe it's using the cached connection)

>
> I don't know much about LDAP (most of the code was contributed by
> others, though I have hacked it occasionally). However, I see that the
> code contains this snippet:
>
> /* Similarly for dereferencing aliases. Don't know if this is possible
> on
> an LDAP library without LDAP_OPT_DEREF. */
>
> #if defined(LDAP_OPT_DEREF)
> ldap_set_option(lcp->ld, LDAP_OPT_DEREF, (void *)&dereference);
> #endif
>
> This suggests that different LDAP libraries may or may not support the
> feature. So the first check is to see if LDAP_OPT_DEREF is defined in
> ldap.h on your system. But if it is, I'm not sure how to proceed,
> because the above code is all that is done by Exim. (The variable
> "deference" contains one of LDAP_DEREF_{NEVER,SEARCHING,FINDING,ALWAYS}
> at this stage.)
>
> --
> Philip Hazel            University of Cambridge Computing Service
> Get the Exim 4 book:    http://www.uit.co.uk/exim-book

>