fix: Establish LDAP connections implicitly

Unfortunately, Centos 7 provides only openssl 1.0.2 (at lest if we disregard epel), so we can't build the bundled libldap & libsasl2. "Okay", one might think, "we can link against the distro's libs". Well, turns out libldap 2.4, which is what we have to deal with in that case, doesn't have ldap_connect! Luckily, we don't have to connect explicitly. According to man pages: ``` ldap_init() acts just like ldap_open(), but does not open a connection to the LDAP server. The actual connection open will occur when the first operation is attempted. ldap_initialize() acts like ldap_init()... ``` This is still true for libldap up to and including version 2.6. NO_DOC=picodata internal patch NO_CHANGELOG=picodata internal patch NO_TEST=picodata internal patch

fix: Establish LDAP connections implicitly
6131a2b5 · Dmitry Ivanov · bbfa847b · 6131a2b5 · 6131a2b5
Commit 6131a2b5 authored 1 year ago by Dmitry Ivanov
--- a/rpm/tarantool-picodata.spec
+++ b/rpm/tarantool-picodata.spec
@@ -49,6 +49,12 @@ Requires(pre): %{_sbindir}/groupadd
 BuildRequires: zlib-devel
 Requires: zlib

+# for LDAP support
+%if 0%{?rhel} >= 7
+BuildRequires: cyrus-sasl-devel
+BuildRequires: openldap-devel
+%endif
+
 %if %{with systemd}
 Requires(post): systemd
 Requires(preun): systemd
@@ -225,6 +231,9 @@ C and Lua/C modules.
 %endif
 %if %{_gc64} == "true"
         -DLUAJIT_ENABLE_GC64:BOOL=ON \
+%endif
+%if 0%{?rhel} >= 7
+         -DENABLE_BUNDLED_LDAP:BOOL=OFF \
 %endif
         -DENABLE_WERROR:BOOL=ON \
         -DENABLE_DIST:BOOL=ON

--- a/src/box/auth_ldap.c
+++ b/src/box/auth_ldap.c
@@ -97,7 +97,13 @@ coio_ldap_check_password(va_list ap)
 	if (format_dn(dn_fmt, user, dn, sizeof(dn)) != 0)
 		goto cleanup;

-	/** Initialize the context, but don't connect just yet */
+	/**
+	 * Initialize the context, but don't connect just yet.
+	 * According to the documentation, the actual connection open
+	 * will occur when the first operation is attempted.
+	 * Previosly we used to call ldap_connect() after this,
+	 * but it's not available in libldap 2.4 (centos 7).
+	 */
 	ret = ldap_initialize(&ldp, url);
 	if (ret != LDAP_SUCCESS) {
 		say_error("failed to initialize LDAP connection: %s",
@@ -114,14 +120,6 @@ coio_ldap_check_password(va_list ap)
 		goto cleanup;
 	}

-	say_info("connecting to LDAP server at '%s'", url);
-	ret = ldap_connect(ldp);
-	if (ret != LDAP_SUCCESS) {
-		say_error("failed to connect to LDAP server at '%s': %s",
-			  url, ldap_err2string(ret));
-		goto cleanup;
-	}
-
 	/** Check user's credentials by binding to the server on their behalf */
 	say_info("attempting LDAP BIND as '%s'", dn);
 	struct berval cred = {