Hello all,

please see attached patch for bind-dyndb-ldap, it should solve (at least
from bind-dyndb-ldap side) ticket #1931. It adds new "ldap_hostname"
option and ipa-server-install utility should set this option when
/bin/hostname is different from --hostname parameter.

Comments are welcomed.

Regards, Adam
>From c6913e6f0bb90253ad141917cb804f74dec070ae Mon Sep 17 00:00:00 2001
From: Adam Tkac <at...@redhat.com>
Date: Tue, 11 Oct 2011 11:21:39 +0200
Subject: [PATCH] Added new ldap_hostname option.

Signed-off-by: Adam Tkac <at...@redhat.com>
---
 NEWS              |    4 ++++
 README            |    7 +++++++
 src/ldap_helper.c |   11 +++++++++++
 3 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/NEWS b/NEWS
index ce822b0..da3d11d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,10 @@
 [1] When connection to the LDAP was lost, the plugin didn't call the ldap_bind
 during reconnection.
 
+[2] Added new option "ldap_hostname" which allows to set LDAP server hostname
+when it is different from actual /bin/hostname. This option sets the
+LDAP_OPT_HOST_NAME option.
+
 1.0.0b1
 ======
 
diff --git a/README b/README
index a46c998..1509068 100644
--- a/README
+++ b/README
@@ -183,6 +183,13 @@ reconnect_interval (default 60)
        Time (in seconds) after that the plugin should try to connect to LDAP 
server
        again in case connection is lost and immediate reconnection fails.
 
+ldap_hostname (default "")
+       Sets hostname of the LDAP server. When it is set to "", actual
+       /bin/hostname is used. Please prefer "uri" option, this option should be
+       used only in special cases, for example when GSSAPI authentication
+       is used and named service has Kerberos principal different from
+       /bin/hostname output.
+
 
 5.2 Sample configuration
 ------------------------
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index aaa4dd6..8c88b4c 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -155,6 +155,7 @@ struct ldap_instance {
        ld_string_t             *krb5_keytab;
        ld_string_t             *fake_mname;
        isc_boolean_t           psearch;
+       ld_string_t             *ldap_hostname;
        isc_task_t              *task;
        isc_thread_t            watcher;
        isc_boolean_t           exiting;
@@ -324,6 +325,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
                { "krb5_keytab", default_string("")             },
                { "fake_mname",  default_string("")             },
                { "psearch",     default_boolean(ISC_FALSE)     },
+               { "ldap_hostname", default_string("")           },
                end_of_settings
        };
 
@@ -360,6 +362,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
        CHECK(str_new(mctx, &ldap_inst->sasl_password));
        CHECK(str_new(mctx, &ldap_inst->krb5_keytab));
        CHECK(str_new(mctx, &ldap_inst->fake_mname));
+       CHECK(str_new(mctx, &ldap_inst->ldap_hostname));
 
        i = 0;
        ldap_settings[i++].target = ldap_inst->uri;
@@ -379,6 +382,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
        ldap_settings[i++].target = ldap_inst->krb5_keytab;
        ldap_settings[i++].target = ldap_inst->fake_mname;
        ldap_settings[i++].target = &ldap_inst->psearch; 
+       ldap_settings[i++].target = ldap_inst->ldap_hostname;
        CHECK(set_settings(ldap_settings, argv));
 
        /* Validate and check settings. */
@@ -498,6 +502,7 @@ destroy_ldap_instance(ldap_instance_t **ldap_instp)
        str_destroy(&ldap_inst->sasl_password);
        str_destroy(&ldap_inst->krb5_keytab);
        str_destroy(&ldap_inst->fake_mname);
+       str_destroy(&ldap_inst->ldap_hostname);
 
        /* commented out for now, causes named to hang */
        //dns_view_detach(&ldap_inst->view);
@@ -1341,6 +1346,12 @@ ldap_connect(ldap_instance_t *ldap_inst, 
ldap_connection_t *ldap_conn,
        ret = ldap_set_option(ld, LDAP_OPT_TIMEOUT, &timeout);
        LDAP_OPT_CHECK(ret, "failed to set timeout");
 
+       if (str_len(ldap_inst->ldap_hostname) > 0) {
+               ret = ldap_set_option(ld, LDAP_OPT_HOST_NAME,
+                                     str_buf(ldap_inst->ldap_hostname));
+               LDAP_OPT_CHECK(ret, "failed to set LDAP_OPT_HOST_NAME");
+       }
+
        if (ldap_conn->handle != NULL)
                ldap_unbind_ext_s(ldap_conn->handle, NULL, NULL);
        ldap_conn->handle = ld;
-- 
1.7.6.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to