Hello all,
please see attached patch for bind-dyndb-ldap, it should solve (at least
from bind-dyndb-ldap side) ticket #1931. It adds new "ldap_hostname"
option and ipa-server-install utility should set this option when
/bin/hostname is different from --hostname parameter.
Comments are welcomed.
Regards, Adam
>From c6913e6f0bb90253ad141917cb804f74dec070ae Mon Sep 17 00:00:00 2001
From: Adam Tkac <at...@redhat.com>
Date: Tue, 11 Oct 2011 11:21:39 +0200
Subject: [PATCH] Added new ldap_hostname option.
Signed-off-by: Adam Tkac <at...@redhat.com>
---
NEWS | 4 ++++
README | 7 +++++++
src/ldap_helper.c | 11 +++++++++++
3 files changed, 22 insertions(+), 0 deletions(-)
diff --git a/NEWS b/NEWS
index ce822b0..da3d11d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,10 @@
[1] When connection to the LDAP was lost, the plugin didn't call the ldap_bind
during reconnection.
+[2] Added new option "ldap_hostname" which allows to set LDAP server hostname
+when it is different from actual /bin/hostname. This option sets the
+LDAP_OPT_HOST_NAME option.
+
1.0.0b1
======
diff --git a/README b/README
index a46c998..1509068 100644
--- a/README
+++ b/README
@@ -183,6 +183,13 @@ reconnect_interval (default 60)
Time (in seconds) after that the plugin should try to connect to LDAP
server
again in case connection is lost and immediate reconnection fails.
+ldap_hostname (default "")
+ Sets hostname of the LDAP server. When it is set to "", actual
+ /bin/hostname is used. Please prefer "uri" option, this option should be
+ used only in special cases, for example when GSSAPI authentication
+ is used and named service has Kerberos principal different from
+ /bin/hostname output.
+
5.2 Sample configuration
------------------------
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index aaa4dd6..8c88b4c 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -155,6 +155,7 @@ struct ldap_instance {
ld_string_t *krb5_keytab;
ld_string_t *fake_mname;
isc_boolean_t psearch;
+ ld_string_t *ldap_hostname;
isc_task_t *task;
isc_thread_t watcher;
isc_boolean_t exiting;
@@ -324,6 +325,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
{ "krb5_keytab", default_string("") },
{ "fake_mname", default_string("") },
{ "psearch", default_boolean(ISC_FALSE) },
+ { "ldap_hostname", default_string("") },
end_of_settings
};
@@ -360,6 +362,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
CHECK(str_new(mctx, &ldap_inst->sasl_password));
CHECK(str_new(mctx, &ldap_inst->krb5_keytab));
CHECK(str_new(mctx, &ldap_inst->fake_mname));
+ CHECK(str_new(mctx, &ldap_inst->ldap_hostname));
i = 0;
ldap_settings[i++].target = ldap_inst->uri;
@@ -379,6 +382,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
ldap_settings[i++].target = ldap_inst->krb5_keytab;
ldap_settings[i++].target = ldap_inst->fake_mname;
ldap_settings[i++].target = &ldap_inst->psearch;
+ ldap_settings[i++].target = ldap_inst->ldap_hostname;
CHECK(set_settings(ldap_settings, argv));
/* Validate and check settings. */
@@ -498,6 +502,7 @@ destroy_ldap_instance(ldap_instance_t **ldap_instp)
str_destroy(&ldap_inst->sasl_password);
str_destroy(&ldap_inst->krb5_keytab);
str_destroy(&ldap_inst->fake_mname);
+ str_destroy(&ldap_inst->ldap_hostname);
/* commented out for now, causes named to hang */
//dns_view_detach(&ldap_inst->view);
@@ -1341,6 +1346,12 @@ ldap_connect(ldap_instance_t *ldap_inst,
ldap_connection_t *ldap_conn,
ret = ldap_set_option(ld, LDAP_OPT_TIMEOUT, &timeout);
LDAP_OPT_CHECK(ret, "failed to set timeout");
+ if (str_len(ldap_inst->ldap_hostname) > 0) {
+ ret = ldap_set_option(ld, LDAP_OPT_HOST_NAME,
+ str_buf(ldap_inst->ldap_hostname));
+ LDAP_OPT_CHECK(ret, "failed to set LDAP_OPT_HOST_NAME");
+ }
+
if (ldap_conn->handle != NULL)
ldap_unbind_ext_s(ldap_conn->handle, NULL, NULL);
ldap_conn->handle = ld;
--
1.7.6.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
