*/
if (NULL == ldc->ldap)
{
- /* clear connection requested */
- if (!ldc->secure)
- {
- ldc->ldap = ldap_init(const_cast(ldc->host), ldc->port);
- }
- else /* ssl connnection requested */
- {
- /* check configuration to make sure it supports SSL
- */
- if (st->ssl_support)
- {
- #if APR_HAS_LDAP_SSL
-
- #if APR_HAS_NOVELL_LDAPSDK
- ldc->ldap = ldapssl_init(ldc->host, ldc->port, 1);
-
- #elif APR_HAS_NETSCAPE_LDAPSDK
- ldc->ldap = ldapssl_init(ldc->host, ldc->port, 1);
-
- #elif APR_HAS_OPENLDAP_LDAPSDK
- ldc->ldap = ldap_init(ldc->host, ldc->port);
- if (NULL != ldc->ldap)
- {
- int SSLmode = LDAP_OPT_X_TLS_HARD;
- result = ldap_set_option(ldc->ldap, LDAP_OPT_X_TLS, &SSLmode);
- if (LDAP_SUCCESS != result)
- {
- ldap_unbind_s(ldc->ldap);
- ldc->reason = "LDAP: ldap_set_option - LDAP_OPT_X_TLS_HARD failed";
- ldc->ldap = NULL;
- }
- }
-
- #elif APR_HAS_MICROSOFT_LDAPSDK
- ldc->ldap = ldap_sslinit(const_cast(ldc->host), ldc->port, 1);
-
- #else
- ldc->reason = "LDAP: ssl connections not supported";
- #endif /* APR_HAS_NOVELL_LDAPSDK */
-
- #endif /* APR_HAS_LDAP_SSL */
- }
- else
- ldc->reason = "LDAP: ssl connections not supported";
+ apr_ldap_err_t *result = NULL;
+ int rc = apr_ldap_init(r->pool,
+ &(ldc->ldap),
+ ldc->host,
+ ldc->port,
+ ldc->secure,
+ &(result));
+
+ if (result != NULL) {
+ ldc->reason = result->reason;
}
if (NULL == ldc->ldap)
*/
for (failures=0; failures<10; failures++)
{
- result = ldap_simple_bind_s(ldc->ldap, const_cast(ldc->binddn), const_cast(ldc->bindpw));
+ result = ldap_simple_bind_s(ldc->ldap, ldc->binddn, ldc->bindpw);
if (LDAP_SERVER_DOWN != result)
break;
}
}
/* search for reqdn */
- if ((result = ldap_search_ext_s(ldc->ldap, const_cast(reqdn), LDAP_SCOPE_BASE,
+ if ((result = ldap_search_ext_s(ldc->ldap, reqdn, LDAP_SCOPE_BASE,
"(objectclass=*)", NULL, 1,
NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
ldc->reason = "DN Comparison ldap_search_ext_s() failed with server down";
return result;
}
- if ((result = ldap_compare_s(ldc->ldap, const_cast(dn), const_cast(attrib), const_cast(value)))
+ if ((result = ldap_compare_s(ldc->ldap, dn, attrib, value))
== LDAP_SERVER_DOWN) {
/* connection failed - try again */
ldc->reason = "ldap_compare_s() failed with server down";
/* try do the search */
if ((result = ldap_search_ext_s(ldc->ldap,
- const_cast(basedn), scope,
- const_cast(filter), attrs, 0,
+ basedn, scope,
+ filter, attrs, 0,
NULL, NULL, NULL, -1, &res)) == LDAP_SERVER_DOWN) {
ldc->reason = "ldap_search_ext_s() for user failed with server down";
util_ldap_connection_unbind(ldc);
* exists, since we just retrieved it)
*/
if ((result =
- ldap_simple_bind_s(ldc->ldap, const_cast(*binddn), const_cast(bindpw))) ==
+ ldap_simple_bind_s(ldc->ldap, *binddn, bindpw)) ==
LDAP_SERVER_DOWN) {
ldc->reason = "ldap_simple_bind_s() to check user credentials failed with server down";
ldap_msgfree(res);
static apr_status_t util_ldap_cleanup_module(void *data)
{
-#if APR_HAS_LDAP_SSL && APR_HAS_NOVELL_LDAPSDK
+
server_rec *s = data;
util_ldap_state_t *st = (util_ldap_state_t *)ap_get_module_config(
s->module_config, &ldap_module);
- if (st->ssl_support)
- ldapssl_client_deinit();
+ if (st->ssl_support) {
+ apr_ldap_ssl_deinit();
+ }
-#endif
return APR_SUCCESS;
+
}
static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog,
/* log the LDAP SDK used
*/
- #if APR_HAS_NETSCAPE_LDAPSDK
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with Netscape LDAP SDK" );
-
- #elif APR_HAS_NOVELL_LDAPSDK
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with Novell LDAP SDK" );
-
- #elif APR_HAS_OPENLDAP_LDAPSDK
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with OpenLDAP LDAP SDK" );
-
- #elif APR_HAS_MICROSOFT_LDAPSDK
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with Microsoft LDAP SDK" );
- #else
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Built with unknown LDAP SDK" );
-
- #endif /* APR_HAS_NETSCAPE_LDAPSDK */
-
-
+ {
+ apr_ldap_err_t *result = NULL;
+ apr_ldap_info(&(result), p);
+ if (result != NULL) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, result->reason);
+ }
+ }
apr_pool_cleanup_register(p, s, util_ldap_cleanup_module,
util_ldap_cleanup_module);
/* initialize SSL support if requested
*/
- if (st->cert_auth_file)
- {
- #if APR_HAS_LDAP_SSL /* compiled with ssl support */
-
- #if APR_HAS_NETSCAPE_LDAPSDK
+ if (st->cert_auth_file) {
- /* Netscape sdk only supports a cert7.db file
- */
- if (st->cert_file_type == LDAP_CA_TYPE_CERT7_DB)
- {
- rc = ldapssl_client_init(st->cert_auth_file, NULL);
- }
- else
- {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
- "LDAP: Invalid LDAPTrustedCAType directive - "
- "CERT7_DB_PATH type required");
- rc = -1;
- }
-
- #elif APR_HAS_NOVELL_LDAPSDK
-
- /* Novell SDK supports DER or BASE64 files
- */
- if (st->cert_file_type == LDAP_CA_TYPE_DER ||
- st->cert_file_type == LDAP_CA_TYPE_BASE64 )
- {
- rc = ldapssl_client_init(NULL, NULL);
- if (LDAP_SUCCESS == rc)
- {
- if (st->cert_file_type == LDAP_CA_TYPE_BASE64)
- rc = ldapssl_add_trusted_cert(st->cert_auth_file,
- LDAPSSL_CERT_FILETYPE_B64);
- else
- rc = ldapssl_add_trusted_cert(st->cert_auth_file,
- LDAPSSL_CERT_FILETYPE_DER);
-
- if (LDAP_SUCCESS != rc)
- ldapssl_client_deinit();
- }
- }
- else
- {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
- "LDAP: Invalid LDAPTrustedCAType directive - "
- "DER_FILE or BASE64_FILE type required");
- rc = -1;
- }
-
- #elif APR_HAS_OPENLDAP_LDAPSDK
-
- /* OpenLDAP SDK supports BASE64 files
- */
- if (st->cert_file_type == LDAP_CA_TYPE_BASE64)
- {
- rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, st->cert_auth_file);
- }
- else
- {
- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
- "LDAP: Invalid LDAPTrustedCAType directive - "
- "BASE64_FILE type required");
- rc = -1;
- }
-
-
- #elif APR_HAS_MICROSOFT_LDAPSDK
-
- /* Microsoft SDK use the registry certificate store - always
- * assume support is always available
- */
- rc = LDAP_SUCCESS;
-
- #else
- rc = -1;
- #endif /* APR_HAS_NETSCAPE_LDAPSDK */
+ apr_ldap_err_t *result = NULL;
+ int rc = apr_ldap_ssl_init(p,
+ st->cert_auth_file,
+ st->cert_file_type,
+ &(result));
- #else /* not compiled with SSL Support */
-
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
- "LDAP: Not built with SSL support." );
- rc = -1;
-
- #endif /* APR_HAS_LDAP_SSL */
-
- if (LDAP_SUCCESS == rc)
- {
+ if (LDAP_SUCCESS == rc) {
st->ssl_support = 1;
}
- else
- {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "LDAP: SSL initialization failed");
+ else if (NULL != result) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, result->reason);
st->ssl_support = 0;
}
+
}
- /* The Microsoft SDK uses the registry certificate store -
- * always assume support is available
- */
- #if APR_HAS_MICROSOFT_LDAPSDK
- st->ssl_support = 1;
- #endif
-
-
- /* log SSL status - If SSL isn't available it isn't necessarily
- * an error because the modules asking for LDAP connections
- * may not ask for SSL support
- */
- if (st->ssl_support)
- {
+ /* log SSL status - If SSL isn't available it isn't necessarily
+ * an error because the modules asking for LDAP connections
+ * may not ask for SSL support
+ */
+ if (st->ssl_support) {
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
"LDAP: SSL support available" );
}
- else
- {
+ else {
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
"LDAP: SSL support unavailable" );
}
projects / apache / commitdiff