X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/d00328e20768f90b0ee6ee0c2425997b3c3ff521..d7d7b7b91dd75cec636fc144da7e27eed860f971:/src/src/lookups/ldap.c diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index 330164570..313640e9e 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -1,10 +1,10 @@ -/* $Cambridge: exim/src/src/lookups/ldap.c,v 1.3 2004/11/11 12:05:54 ph10 Exp $ */ +/* $Cambridge: exim/src/src/lookups/ldap.c,v 1.10 2006/02/07 11:19:01 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1995 - 2004 */ +/* Copyright (c) University of Cambridge 1995 - 2006 */ /* See the file NOTICE for conditions of use and distribution. */ /* Many thanks to Stuart Lynne for contributing the original code for this @@ -167,7 +167,7 @@ uschar *matched = NULL; /* partially matched DN */ int attr_count = 0; int error_yield = DEFER; int msgid; -int rc; +int rc, ldap_rc, ldap_parse_rc; int port; int ptr = 0; int rescount = 0; @@ -380,9 +380,14 @@ if (lcp == NULL) #ifdef LDAP_X_OPT_CONNECT_TIMEOUT if (tcplimit > 0) { - unsigned int timeout1000 = tcplimit*1000; + int timeout1000 = tcplimit*1000; ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, (void *)&timeout1000); } + else + { + int notimeout = LDAP_X_IO_TIMEOUT_NO_TIMEOUT; + ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, (void *)¬imeout); + } #endif /* Set the TCP connect timeout. This works with OpenLDAP 2.2.14. */ @@ -390,7 +395,7 @@ if (lcp == NULL) #ifdef LDAP_OPT_NETWORK_TIMEOUT if (tcplimit > 0) ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, (void *)timeoutptr); - #endif + #endif /* I could not get TLS to work until I set the version to 3. That version seems to be the default nowadays. The RFC is dated 1997, so I would hope @@ -481,7 +486,7 @@ if (!lcp->bound || if ((rc = ldap_result( lcp->ld, msgid, 1, timeoutptr, &result )) <= 0) { *errmsg = string_sprintf("failed to bind the LDAP connection to server " - "%s%s - LDAP error: %s", host, porttext, + "%s%s - LDAP error: %s", host, porttext, rc == -1 ? "result retrieval failed" : "timeout" ); result = NULL; goto RETURN_ERROR; @@ -555,7 +560,16 @@ msgid = ldap_search(lcp->ld, ludp->lud_dn, ludp->lud_scope, ludp->lud_filter, if (msgid == -1) { - *errmsg = string_sprintf("ldap search initiation failed"); + #if defined LDAP_LIB_SOLARIS || defined LDAP_LIB_OPENLDAP2 + int err; + ldap_get_option(lcp->ld, LDAP_OPT_ERROR_NUMBER, &err); + *errmsg = string_sprintf("ldap_search failed: %d, %s", err, + ldap_err2string(err)); + + #else + *errmsg = string_sprintf("ldap_search failed"); + #endif + goto RETURN_ERROR; } @@ -774,10 +788,16 @@ if (rc == -1 || result == NULL) } /* A return code that isn't -1 doesn't necessarily mean there were no problems -with the search. The message must be an LDAP_RES_SEARCH_RESULT or else it's -something we can't handle. */ - -if (rc != LDAP_RES_SEARCH_RESULT) +with the search. The message must be an LDAP_RES_SEARCH_RESULT or +LDAP_RES_SEARCH_REFERENCE or else it's something we can't handle. Some versions +of LDAP do not define LDAP_RES_SEARCH_REFERENCE (LDAP v1 is one, it seems). So +we don't provide that functionality when we can't. :-) */ + +if (rc != LDAP_RES_SEARCH_RESULT +#ifdef LDAP_RES_SEARCH_REFERENCE + && rc != LDAP_RES_SEARCH_REFERENCE +#endif + ) { *errmsg = string_sprintf("ldap_result returned unexpected code %d", rc); goto RETURN_ERROR; @@ -786,11 +806,19 @@ if (rc != LDAP_RES_SEARCH_RESULT) /* We have a result message from the server. This doesn't yet mean all is well. We need to parse the message to find out exactly what's happened. */ - #if defined LDAP_LIB_SOLARIS || defined LDAP_LIB_OPENLDAP2 - if (ldap_parse_result(lcp->ld, result, &rc, CSS &matched, CSS &error2, NULL, - NULL, 0) < 0) +#if defined LDAP_LIB_SOLARIS || defined LDAP_LIB_OPENLDAP2 + ldap_rc = rc; + ldap_parse_rc = ldap_parse_result(lcp->ld, result, &rc, CSS &matched, + CSS &error2, NULL, NULL, 0); + DEBUG(D_lookup) debug_printf("ldap_parse_result: %d\n", ldap_parse_rc); + if (ldap_parse_rc < 0 && + (ldap_parse_rc != LDAP_NO_RESULTS_RETURNED + #ifdef LDAP_RES_SEARCH_REFERENCE + || ldap_rc != LDAP_RES_SEARCH_REFERENCE + #endif + )) { - *errmsg = US"ldap_parse_result failed"; + *errmsg = string_sprintf("ldap_parse_result failed %d", ldap_parse_rc); goto RETURN_ERROR; } error1 = US ldap_err2string(rc);