From aa3bb1ee65a03a854fa4359041bd297114c11900 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Sat, 2 Mar 2013 09:50:13 -0500 Subject: [PATCH 1/1] Made "chase_referrals" and "rebind" to "yes" by default. And updated the source so that it prints out warnings if they cannot be enabled. We should probably just remove these two options. There are always benefits to leaving them on. There are no real benefits to turning them off --- raddb/mods-available/ldap | 10 +++++----- src/modules/rlm_ldap/rlm_ldap.c | 6 ++++-- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap index a65eb65..695ee0d 100644 --- a/raddb/mods-available/ldap +++ b/raddb/mods-available/ldap @@ -181,12 +181,12 @@ ldap { options { # # The following two configuration items are for Active Directory - # compatibility. If you see the helpful "operations error" - # being returned to the LDAP module, uncomment the next - # two lines. + # compatibility. If you set these to "no", then searches + # will likely return "operations error", instead of a + # useful resuly. # -# chase_referrals = yes -# rebind = yes + chase_referrals = yes + rebind = yes # seconds to wait for LDAP query to finish. default: 20 timeout = 10 diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 08b679b..0dd3fe5 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -571,11 +571,13 @@ static void *ldap_conn_create(void *ctx) do_ldap_option(LDAP_OPT_REFERRALS, "chase_referrals", LDAP_OPT_ON); -#if LDAP_SET_REBIND_PROC_ARGS == 3 if (inst->rebind == 1) { +#if LDAP_SET_REBIND_PROC_ARGS == 3 ldap_set_rebind_proc(handle, ldap_rebind, inst); - } +#else + DEBUGW("The flag 'rebind = yes' is not supported by the system LDAP library. Ignoring."); #endif + } } else { do_ldap_option(LDAP_OPT_REFERRALS, "chase_referrals", LDAP_OPT_OFF); -- 2.1.4