Bug 1453: Add SERVERS ldap server list override

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 3542557c4b7776092b7f5f147508fdfc732ac12b..6f0a16f3710cb9f0cc2d438a5c22f3fd64495fb5 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -7198,6 +7198,7 @@ them. The following names are recognized:
 &`USER       `&  set the DN, for authenticating the LDAP bind
 &`PASS       `&  set the password, likewise
 &`REFERRALS  `&  set the referrals parameter
 &`USER       `&  set the DN, for authenticating the LDAP bind
 &`PASS       `&  set the password, likewise
 &`REFERRALS  `&  set the referrals parameter

+&`SERVERS    `&  set alternate server list for this query only

 &`SIZE       `&  set the limit for the number of entries returned
 &`TIME       `&  set the maximum waiting time for a query
 .endd
 &`SIZE       `&  set the limit for the number of entries returned
 &`TIME       `&  set the maximum waiting time for a query
 .endd


@@ -7219,6 +7220,14 @@ Netscape SDK; for OpenLDAP no action is taken.
 The TIME parameter (also a number of seconds) is passed to the server to
 set a server-side limit on the time taken to complete a search.
 
 The TIME parameter (also a number of seconds) is passed to the server to
 set a server-side limit on the time taken to complete a search.
 

+The SERVERS parameter allows you to specify an alternate list of ldap servers
+to use for an individual lookup.  The global ldap_servers option provides a
+default list of ldap servers, and a single lookup can specify a single ldap
+server to use.  But when you need to do a lookup with a list of servers that is
+different than the default list (maybe different order, maybe a completely
+different set of servers), the SERVERS parameter allows you to specify this
+alternate list.
+

 
 Here is an example of an LDAP query in an Exim lookup that uses some of these
 values. This is a single line, folded to fit on the page:
 
 Here is an example of an LDAP query in an Exim lookup that uses some of these
 values. This is a single line, folded to fit on the page:

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 6252956a6c4eb38bb2fc85ef09671272113c9e88..30b27a012ccf4e57d51b57ba258421548d6e3445 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -87,6 +87,9 @@ JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport.  Bug 1455.
 JH/14 New options dnssec_request_domains, dnssec_require_domains on the
       dnslookup router (applying to the forward lookup).
 
 JH/14 New options dnssec_request_domains, dnssec_require_domains on the
       dnslookup router (applying to the forward lookup).
 

+TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
+      of ldap servers used for a specific lookup.  Patch provided by Heiko
+      Schlichting.

 
 Exim version 4.82
 -----------------
 
 Exim version 4.82
 -----------------

diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index c168cf2a781cc09b5ba3ce83b44e33cef7a235e7..bfbfc7150b3231689217ba3b37bd4f9db67367b8 100644 (file)
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -32,6 +32,10 @@ Version 4.83
     is split from the encryption operation. The default remains that a failed
     verification cancels the encryption.
 
     is split from the encryption operation. The default remains that a failed
     verification cancels the encryption.
 

+ 6. New SERVERS override of default ldap server list.  In the ACLs, an ldap
+    lookup can now set a list of servers to use that is different from the
+    default list.
+

 
 Version 4.82
 ------------
 
 Version 4.82
 ------------

diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 27780db49476dbceb082bf8736ddb2d5e1966302..f77229ded320ba5b6923f7f916d7d26ee0c0cc89 100644 (file)
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -1133,6 +1133,7 @@ uschar *url = ldap_url;
 uschar *p;
 uschar *user = NULL;
 uschar *password = NULL;
 uschar *p;
 uschar *user = NULL;
 uschar *password = NULL;

+uschar *local_servers = NULL;

 uschar *server, *list;
 uschar buffer[512];
 
 uschar *server, *list;
 uschar buffer[512];
 


@@ -1161,6 +1162,7 @@ while (strncmpic(url, US"ldap", 4) != 0)
       else if (strncmpic(name, US"TIME=", namelen) == 0) timelimit = Uatoi(value);
       else if (strncmpic(name, US"CONNECT=", namelen) == 0) tcplimit = Uatoi(value);
       else if (strncmpic(name, US"NETTIME=", namelen) == 0) tcplimit = Uatoi(value);
       else if (strncmpic(name, US"TIME=", namelen) == 0) timelimit = Uatoi(value);
       else if (strncmpic(name, US"CONNECT=", namelen) == 0) tcplimit = Uatoi(value);
       else if (strncmpic(name, US"NETTIME=", namelen) == 0) tcplimit = Uatoi(value);

+      else if (strncmpic(name, US"SERVERS=", namelen) == 0) local_servers = value;

 
       /* Don't know if all LDAP libraries have LDAP_OPT_DEREF */
 
 
       /* Don't know if all LDAP libraries have LDAP_OPT_DEREF */
 


@@ -1288,16 +1290,16 @@ if (Ustrncmp(p, "://", 3) != 0)
 
 /* No default servers, or URL contains a server name: just one attempt */
 
 
 /* No default servers, or URL contains a server name: just one attempt */
 

-if (eldap_default_servers == NULL || p[3] != '/')
+if ((eldap_default_servers == NULL && local_servers == NULL) || p[3] != '/')

   {
   return perform_ldap_search(url, NULL, 0, search_type, res, errmsg,
     &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
     referrals);
   }
 
   {
   return perform_ldap_search(url, NULL, 0, search_type, res, errmsg,
     &defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
     referrals);
   }
 

-/* Loop through the default servers until OK or FAIL */
-
-list = eldap_default_servers;
+/* Loop through the default servers until OK or FAIL. Use local_servers list
+ * if defined in the lookup, otherwise use the global default list */
+list = (local_servers == NULL) ? eldap_default_servers : local_servers;

 while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
   {
   int rc;
 while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
   {
   int rc;