Skip to content
Snippets Groups Projects
Commit 6131a2b5 authored by Dmitry Ivanov's avatar Dmitry Ivanov
Browse files

fix: Establish LDAP connections implicitly

Unfortunately, Centos 7 provides only openssl 1.0.2 (at lest if we
disregard epel), so we can't build the bundled libldap & libsasl2.
"Okay", one might think, "we can link against the distro's libs".
Well, turns out libldap 2.4, which is what we have to deal with in
that case, doesn't have ldap_connect!

Luckily, we don't have to connect explicitly. According to man pages:

```
ldap_init() acts just like ldap_open(), but does not open a connection
to the LDAP server.  The actual connection open will occur when the
first operation is attempted.

ldap_initialize()  acts  like ldap_init()...
```

This is still true for libldap up to and including version 2.6.

NO_DOC=picodata internal patch
NO_CHANGELOG=picodata internal patch
NO_TEST=picodata internal patch
parent bbfa847b
No related branches found
No related tags found
1 merge request!80fix: Add extra byproducts to bundled ldap & sasl
Pipeline #21270 passed
......@@ -49,6 +49,12 @@ Requires(pre): %{_sbindir}/groupadd
BuildRequires: zlib-devel
Requires: zlib
# for LDAP support
%if 0%{?rhel} >= 7
BuildRequires: cyrus-sasl-devel
BuildRequires: openldap-devel
%endif
%if %{with systemd}
Requires(post): systemd
Requires(preun): systemd
......@@ -225,6 +231,9 @@ C and Lua/C modules.
%endif
%if %{_gc64} == "true"
-DLUAJIT_ENABLE_GC64:BOOL=ON \
%endif
%if 0%{?rhel} >= 7
-DENABLE_BUNDLED_LDAP:BOOL=OFF \
%endif
-DENABLE_WERROR:BOOL=ON \
-DENABLE_DIST:BOOL=ON
......
......@@ -97,7 +97,13 @@ coio_ldap_check_password(va_list ap)
if (format_dn(dn_fmt, user, dn, sizeof(dn)) != 0)
goto cleanup;
/** Initialize the context, but don't connect just yet */
/**
* Initialize the context, but don't connect just yet.
* According to the documentation, the actual connection open
* will occur when the first operation is attempted.
* Previosly we used to call ldap_connect() after this,
* but it's not available in libldap 2.4 (centos 7).
*/
ret = ldap_initialize(&ldp, url);
if (ret != LDAP_SUCCESS) {
say_error("failed to initialize LDAP connection: %s",
......@@ -114,14 +120,6 @@ coio_ldap_check_password(va_list ap)
goto cleanup;
}
say_info("connecting to LDAP server at '%s'", url);
ret = ldap_connect(ldp);
if (ret != LDAP_SUCCESS) {
say_error("failed to connect to LDAP server at '%s': %s",
url, ldap_err2string(ret));
goto cleanup;
}
/** Check user's credentials by binding to the server on their behalf */
say_info("attempting LDAP BIND as '%s'", dn);
struct berval cred = {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment