diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2018-01-07 12:50:30 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2018-01-07 12:50:30 -0500 |
commit | d5f37803ddaec9bd21f7dc23145047d5b12a9c28 (patch) | |
tree | c57618de68be2da7ed31068088335d37efe47ed1 /src/mod_vhostdb_ldap.c | |
parent | ec9e6abcb3b5d3a2eb1339e6f87b5700cd1cd4c6 (diff) | |
download | lighttpd-git-d5f37803ddaec9bd21f7dc23145047d5b12a9c28.tar.gz |
[mod_authn_ldap] auth with ldap referrals (fixes #2846)
use ldap_set_rebind_proc() to provide auth when rebinding following
ldap referrals (instead of rebinding anonymously for ldap referrals)
x-ref:
"LDAP authentication vs. AD: problems with referrals"
https://redmine.lighttpd.net/issues/2846
Diffstat (limited to 'src/mod_vhostdb_ldap.c')
-rw-r--r-- | src/mod_vhostdb_ldap.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/mod_vhostdb_ldap.c b/src/mod_vhostdb_ldap.c index 4f7e2a5f..57a5ee26 100644 --- a/src/mod_vhostdb_ldap.c +++ b/src/mod_vhostdb_ldap.c @@ -18,6 +18,7 @@ typedef struct { LDAP *ldap; buffer *filter; + server *srv; const char *attr; const char *host; @@ -302,6 +303,14 @@ static int mod_authn_ldap_bind(server *srv, LDAP *ld, const char *dn, const char return ret; } +static int mod_authn_ldap_rebind_proc (LDAP *ld, LDAP_CONST char *url, ber_tag_t ldap_request, ber_int_t msgid, void *params) { + vhostdb_config *s = (vhostdb_config *)params; + UNUSED(url); + UNUSED(ldap_request); + UNUSED(msgid); + return mod_authn_ldap_bind(s->srv, ld, s->binddn, s->bindpw); +} + static LDAPMessage * mod_authn_ldap_search(server *srv, vhostdb_config *s, char *base, char *filter) { LDAPMessage *lm = NULL; char *attrs[] = { LDAP_NO_ATTRS, NULL }; @@ -336,6 +345,7 @@ static LDAPMessage * mod_authn_ldap_search(server *srv, vhostdb_config *s, char return NULL; } + ldap_set_rebind_proc(s->ldap, mod_authn_ldap_rebind_proc, s); ret = mod_authn_ldap_bind(srv, s->ldap, s->binddn, s->bindpw); if (LDAP_SUCCESS != ret) { ldap_destroy(s->ldap); @@ -376,6 +386,7 @@ static int mod_vhostdb_ldap_query(server *srv, connection *con, void *p_d, buffe mod_vhostdb_patch_connection(srv, con, p); if (NULL == p->conf.vdata) return 0; /*(after resetting docroot)*/ dbconf = (vhostdb_config *)p->conf.vdata; + dbconf->srv = srv; template = dbconf->filter; for (char *b = template->ptr, *d; *b; b = d+1) { |