In keeping with the APR concept of hiding LDAP differences, I added a couple
of cases to the apr_ldap_set_option function. One of the cases has differences
between at least the openLDAP and Tivoli SDKs so I added both of them for
consistency and to handle possible differences in other SDKs.
Folks who know the other SDKs should check if any #ifs need to be added
to these cases for any of the other SDKs.
Once someone commits this patch I will be able to commit the Apache portion
of the rebind code.
Thanks,
--
Paul J. Reder
-----------------------------------------------------------
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it. Only if every single citizen feels duty bound to do
his share in this defense are the constitutional rights secure."
-- Albert Einstein
Index: apr-util-trunk/ldap/apr_ldap_option.c
===================================================================
--- apr-util-trunk/ldap/apr_ldap_option.c (revision 603437)
+++ apr-util-trunk/ldap/apr_ldap_option.c (working copy)
@@ -144,6 +144,42 @@
result->reason = "LDAP: Could not set verify mode";
}
break;
+
+ case APR_LDAP_OPT_REFERRALS:
+ /* Setting this option is supported on at least TIVOLI_SDK and OpenLDAP. Folks
+ * who know the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if
+ * the SDK at least tolerates this option being set, or add an elif to handle
+ * special cases (i.e. different LDAP_OPT_X value).
+ */
+ result->rc = ldap_set_option(ldap, LDAP_OPT_REFERRALS, (void *)invalue);
+
+ if (result->rc != LDAP_SUCCESS) {
+ result->reason = "Unable to set LDAP_OPT_REFERRALS.";
+ return(result->rc);
+ }
+ break;
+
+ case APR_LDAP_OPT_REFHOPLIMIT:
+#if APR_HAS_OPENLDAP_LDAPSDK
+ /* Setting this option is not supported by current versions of OpenLDAP,
+ * OpenLDAP does support the concept though and defaults to 5.
+ */
+ result->rc = LDAP_SUCCESS;
+#else
+ /* Setting this option is supported on at least TIVOLI_SDK. Folks who know
+ * the NOVELL, NETSCAPE, MOZILLA, and SOLARIS SDKs should note here if
+ * the SDK at least tolerates this option being set, or add an elif to handle
+ * special cases so an error isn't returned if there is a perfectly good
+ * default value that just can't be changed (like openLDAP).
+ */
+ result->rc = ldap_set_option(ldap, LDAP_OPT_REFHOPLIMIT, (void *)invalue);
+#endif
+
+ if (result->rc != LDAP_SUCCESS) {
+ result->reason = "Unable to set LDAP_OPT_REFHOPLIMIT.";
+ return(result->rc);
+ }
+ break;
default:
/* set the option specified using the native LDAP function */
Index: apr-util-trunk/include/apr_ldap_option.h
===================================================================
--- apr-util-trunk/include/apr_ldap_option.h (revision 603437)
+++ apr-util-trunk/include/apr_ldap_option.h (working copy)
@@ -56,6 +56,16 @@
* all servers are considered trusted.
*/
#define APR_LDAP_OPT_VERIFY_CERT 0x6ffd
+/**
+ * Set the LDAP library to indicate if referrals should be chased during
+ * LDAP searches.
+ */
+#define APR_LDAP_OPT_REFERRALS 0x6ffc
+/**
+ * Set the LDAP library to indicate a maximum number of referral hops to
+ * chase before giving up on the search.
+ */
+#define APR_LDAP_OPT_REFHOPLIMIT 0x6ffb
/**
* Structures for the apr_set_option() cases
