Do not use LDAP_DEPRECATED in plugins

Remove the LDAP_DEPRECATED constant and do not use functions that are
marked as deprecated in recent OpenLDAP releases. Also always define
WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that
depend on that constant.

https://fedorahosted.org/freeipa/ticket/576

3 files changed, 31 insertions, 8 deletions

diff --git a/ipa-client/ipa-client-common.h b/ipa-client/ipa-client-common.h
index 863b805a..b738fb4a 100644
--- a/ipa-client/ipa-client-common.h
+++ b/ipa-client/ipa-client-common.h
@@ -23,6 +23,10 @@
 #include <libintl.h>
 #define _(STRING) gettext(STRING)
 
+#ifndef discard_const
+#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
+#endif
+
 int init_gettext(void);
 
 #endif /* __IPA_CLIENT_COMMON_H */
diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c
index 96747a86..8f108de4 100644
--- a/ipa-client/ipa-getkeytab.c
+++ b/ipa-client/ipa-getkeytab.c
@@ -57,10 +57,6 @@
 #define KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1"
 #define KEYTAB_RET_OID "2.16.840.1.113730.3.8.3.2"
 
-#ifndef discard_const
-#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
-#endif
-
 struct krb_key_salt {
     krb5_enctype enctype;
     krb5_int32 salttype;
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index 5c3d1402..ff0fed9a 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -18,7 +18,6 @@
  */
 
 #define _GNU_SOURCE
-#define LDAP_DEPRECATED 1
 
 #include <unistd.h>
 #include <stdlib.h>
@@ -178,6 +177,9 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
     int version = LDAP_VERSION3;
     int ret;
     int ldapdebug = 0;
+    char *uri;
+    struct berval bindpw_bv;
+
     if (debug) {
         ldapdebug=2;
         ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldapdebug);
@@ -186,7 +188,20 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
     if (ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, CAFILE) != LDAP_OPT_SUCCESS)
         goto fail;
 
-    ld = (LDAP *)ldap_init(hostname, 636);
+    ret = asprintf(&uri, "ldaps://%s:636", hostname);
+    if (ret == -1) {
+        fprintf(stderr, _("Out of memory!"));
+        goto fail;
+    }
+
+    ret = ldap_initialize(&ld, uri);
+    free(uri);
+    if(ret != LDAP_SUCCESS) {
+        fprintf(stderr, _("Unable to initialize connection to ldap server: %s"),
+                        ldap_err2string(ret));
+        goto fail;
+    }
+
     if (ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl) != LDAP_OPT_SUCCESS) {
         fprintf(stderr, _("Unable to enable SSL in LDAP\n"));
         goto fail;
@@ -198,7 +213,12 @@ connect_ldap(const char *hostname, const char *binddn, const char *bindpw) {
         goto fail;
     }
 
-    ret = ldap_bind_s(ld, binddn, bindpw, LDAP_AUTH_SIMPLE);
+    bindpw_bv.bv_val = discard_const(bindpw);
+    bindpw_bv.bv_len = strlen(bindpw);
+
+    ret = ldap_sasl_bind_s(ld, binddn, LDAP_SASL_SIMPLE, &bindpw_bv,
+                           NULL, NULL, NULL);
+
     if (ret != LDAP_SUCCESS) {
         int err;
 
@@ -446,7 +466,10 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
     if ((rc = ldap_extended_operation_s(ld, JOIN_OID, &valrequest, NULL, NULL, &oidresult, &valresult)) != LDAP_SUCCESS) {
         if (!quiet)
             fprintf(stderr, _("principal not found in host entry\n"));
-        if (debug) ldap_perror(ld, "ldap_extended_operation_s");
+        if (debug) {
+            fprintf(stderr, "ldap_extended_operation_s failed: %s",
+                            ldap_err2string(rc));
+        }
         rval = 18;
         goto ldap_done;
     }