is~\term{""} which means `anonymous connection'.
\titem{\{ldap\_password, Password\}} \ind{options!ldap\_password}Bind password. The default
value is \term{""}.
+\titem{\{ldap\_deref\_aliases, never|always|finding|searching\}} \ind{options!ldap\_deref\_aliases} Whether or not to dereference aliases. The default is \term{never}.
\end{description}
Example:
its own optional parameters. The first group of parameters has the same
meaning as the top-level LDAP parameters to set the authentication method:
\option{ldap\_servers}, \option{ldap\_port}, \option{ldap\_rootdn},
-\option{ldap\_password}, \option{ldap\_base}, \option{ldap\_uids}, and
-\option{ldap\_filter}. See section~\ref{ldapauth} for detailed information
+\option{ldap\_password}, \option{ldap\_base}, \option{ldap\_uids},
+\option{ldap\_deref\_aliases} and \option{ldap\_filter}.
+See section~\ref{ldapauth} for detailed information
about these options. If one of these options is not set, \ejabberd{} will look
for the top-level option with the same name.
ufilter,
sfilter,
lfilter, %% Local filter (performed by ejabberd, not LDAP)
+ deref_aliases,
dn_filter,
dn_filter_attrs
}).
ResAttrs = result_attrs(State),
case eldap_filter:parse(State#state.sfilter) of
{ok, EldapFilter} ->
- case eldap_pool:search(Eldap_ID, [{base, State#state.base},
- {filter, EldapFilter},
- {timeout, ?LDAP_SEARCH_TIMEOUT},
- {attributes, ResAttrs}]) of
+ case eldap_pool:search(Eldap_ID,
+ [{base, State#state.base},
+ {filter, EldapFilter},
+ {timeout, ?LDAP_SEARCH_TIMEOUT},
+ {deref_aliases, State#state.deref_aliases},
+ {attributes, ResAttrs}]) of
#eldap_search_result{entries = Entries} ->
lists:flatmap(
fun(#eldap_entry{attributes = Attrs,
case eldap_pool:search(State#state.eldap_id,
[{base, State#state.base},
{filter, Filter},
+ {deref_aliases, State#state.deref_aliases},
{attributes, ResAttrs}]) of
#eldap_search_result{entries = [#eldap_entry{attributes = Attrs,
object_name = DN} | _]} ->
end ++ [{"%d", State#state.host}, {"%D", DN}],
case eldap_filter:parse(State#state.dn_filter, SubstValues) of
{ok, EldapFilter} ->
- case eldap_pool:search(State#state.eldap_id, [
- {base, State#state.base},
- {filter, EldapFilter},
- {attributes, ["dn"]}]) of
+ case eldap_pool:search(State#state.eldap_id,
+ [{base, State#state.base},
+ {filter, EldapFilter},
+ {deref_aliases, State#state.deref_aliases},
+ {attributes, ["dn"]}]) of
#eldap_search_result{entries = [_|_]} ->
DN;
_ ->
end,
eldap_utils:check_filter(DNFilter),
LocalFilter = ejabberd_config:get_local_option({ldap_local_filter, Host}),
+ DerefAliases = case ejabberd_config:get_local_option(
+ {ldap_deref_aliases, Host}) of
+ undefined -> never;
+ Val -> Val
+ end,
#state{host = Host,
eldap_id = Eldap_ID,
bind_eldap_id = Bind_Eldap_ID,
ufilter = UserFilter,
sfilter = SearchFilter,
lfilter = LocalFilter,
+ deref_aliases = DerefAliases,
dn_filter = DNFilter,
dn_filter_attrs = DNFilterAttrs
}.
parse_search_args(T,A#eldap_search{timeout = Timeout});
parse_search_args([{limit, Limit}|T],A) when is_integer(Limit) ->
parse_search_args(T,A#eldap_search{limit = Limit});
+parse_search_args([{deref_aliases, never}|T],A) ->
+ parse_search_args(T,A#eldap_search{deref_aliases = neverDerefAliases});
+parse_search_args([{deref_aliases, searching}|T],A) ->
+ parse_search_args(T,A#eldap_search{deref_aliases = derefInSearching});
+parse_search_args([{deref_aliases, finding}|T],A) ->
+ parse_search_args(T,A#eldap_search{deref_aliases = derefFindingBaseObj});
+parse_search_args([{deref_aliases, always}|T],A) ->
+ parse_search_args(T,A#eldap_search{deref_aliases = derefAlways});
parse_search_args([H|_],_) ->
throw({error,{unknown_arg, H}});
parse_search_args([],A) ->
{searchRequest,
#'SearchRequest'{baseObject = A#eldap_search.base,
scope = v_scope(A#eldap_search.scope),
- derefAliases = neverDerefAliases,
+ derefAliases = A#eldap_search.deref_aliases,
sizeLimit = A#eldap_search.limit,
timeLimit = v_timeout(A#eldap_search.timeout),
typesOnly = v_bool(A#eldap_search.types_only),
limit = 0,
attributes = [],
types_only = false,
+ deref_aliases = neverDerefAliases,
timeout = 0}).
base,
password,
uid,
+ deref_aliases,
group_attr,
group_desc,
user_desc,
[{base, State#state.base},
{filter, EldapFilter},
{timeout, ?LDAP_SEARCH_TIMEOUT},
+ {deref_aliases, State#state.deref_aliases},
{attributes, AttributesList}]) of
#eldap_search_result{entries = Es} ->
%% A result with entries. Return their list.
"" -> GroupSubFilter;
_ -> "(&" ++ GroupSubFilter ++ ConfigFilter ++ ")"
end,
+ DerefAliases = case gen_mod:get_opt(deref_aliases, Opts, undefined) of
+ undefined ->
+ case ejabberd_config:get_local_option(
+ {deref_aliases, Host}) of
+ undefined -> never;
+ D -> D
+ end;
+ D -> D
+ end,
#state{host = Host,
eldap_id = Eldap_ID,
servers = LDAPServers,
base = LDAPBase,
password = Password,
uid = UIDAttr,
+ deref_aliases = DerefAliases,
group_attr = GroupAttr,
group_desc = GroupDesc,
user_desc = UserDesc,
search_fields,
search_reported,
search_reported_attrs,
+ deref_aliases,
matches
}).
VCardAttrs = State#state.vcard_map_attrs,
case eldap_filter:parse(RFC2254_Filter, [{"%u", User}]) of
{ok, EldapFilter} ->
- case eldap_pool:search(Eldap_ID, [{base, Base},
- {filter, EldapFilter},
- {attributes, VCardAttrs}]) of
+ case eldap_pool:search(Eldap_ID,
+ [{base, Base},
+ {filter, EldapFilter},
+ {deref_aliases, State#state.deref_aliases},
+ {attributes, VCardAttrs}]) of
#eldap_search_result{entries = [E | _]} ->
E;
_ ->
Limit = State#state.matches,
ReportedAttrs = State#state.search_reported_attrs,
Filter = eldap:'and'([SearchFilter, eldap_utils:make_filter(Data, UIDs)]),
- case eldap_pool:search(Eldap_ID, [{base, Base},
- {filter, Filter},
- {limit, Limit},
- {attributes, ReportedAttrs}]) of
+ case eldap_pool:search(Eldap_ID,
+ [{base, Base},
+ {filter, Filter},
+ {limit, Limit},
+ {deref_aliases, State#state.deref_aliases},
+ {attributes, ReportedAttrs}]) of
#eldap_search_result{entries = E} ->
search_items(E, State);
_ ->
_ -> []
end
end, SearchReported) ++ UIDAttrs),
+ DerefAliases = case gen_mod:get_opt(deref_aliases, Opts, undefined) of
+ undefined ->
+ case ejabberd_config:get_local_option(
+ {deref_aliases, Host}) of
+ undefined -> never;
+ D -> D
+ end;
+ D -> D
+ end,
#state{serverhost = Host,
myhost = MyHost,
eldap_id = Eldap_ID,
search_fields = SearchFields,
search_reported = SearchReported,
search_reported_attrs = SearchReportedAttrs,
+ deref_aliases = DerefAliases,
matches = Matches
}.
projects / ejabberd / commitdiff