diff options
| author | Martin Nagy <mnagy@redhat.com> | 2010-02-12 18:24:53 +0100 |
|---|---|---|
| committer | Martin Nagy <mnagy@redhat.com> | 2010-03-23 18:01:27 +0100 |
| commit | 5c12b890739e7e79f3d4a41bebc76358bc8f08b4 (patch) | |
| tree | 5c4a26a994360db16cb864d5a9dca1eb264b61f7 /src | |
| parent | 14460a7497642a2003dbe81b20cc28af4b43e6c3 (diff) | |
| download | ldap_driver-5c12b890739e7e79f3d4a41bebc76358bc8f08b4.tar.gz ldap_driver-5c12b890739e7e79f3d4a41bebc76358bc8f08b4.tar.xz ldap_driver-5c12b890739e7e79f3d4a41bebc76358bc8f08b4.zip | |
Fail over to passwordless login if other method fails
Resolves ticket #26
Diffstat (limited to 'src')
| -rw-r--r-- | src/ldap_helper.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/ldap_helper.c b/src/ldap_helper.c index cd2b117..a5e3078 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -392,10 +392,21 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, CHECK(semaphore_init(&ldap_inst->conn_semaphore, ldap_inst->connections)); +retry: for (i = 0; i < ldap_inst->connections; i++) { ldap_conn = NULL; CHECK(new_ldap_connection(ldap_inst, &ldap_conn)); - ldap_connect(ldap_conn); + result = ldap_connect(ldap_conn); + /* If the credentials are invalid, try passwordless login. */ + if (result == ISC_R_NOPERM + && ldap_inst->auth_method != AUTH_NONE) { + destroy_ldap_connection(&ldap_conn); + FOR_EACH_UNLINK(ldap_conn, ldap_inst->conn_list) { + destroy_ldap_connection(&ldap_conn); + } END_FOR_EACH_UNLINK(ldap_conn); + ldap_inst->auth_method = AUTH_NONE; + goto retry; + } APPEND(ldap_inst->conn_list, ldap_conn, link); } @@ -1628,6 +1639,8 @@ ldap_reconnect(ldap_connection_t *ldap_conn) if (ret != LDAP_SUCCESS) { log_error("bind to LDAP server failed: %s", ldap_err2string(ret)); + if (ret == LDAP_INVALID_CREDENTIALS) + return ISC_R_NOPERM; return ISC_R_FAILURE; } else { log_debug(2, "bind to LDAP server successful"); |