Resolves: #468248

Summary: LDAPI: when nsslapd-ldapiautodnsuffix doesn't exist - Bind is incorrect
Description:
- introducing --enable-auto-dn-suffix option to configure (disabled by default)
- building the auto-dn-suffix code only when the option is set

5 files changed, 33 insertions, 2 deletions

diff --git a/Makefile.am b/Makefile.am
index ea9b2e63..f54d69a6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1028,6 +1028,9 @@ endif
 if enable_autobind
         enable_autobind = 1
 endif
+if enable_auto_dn_suffix
+        enable_auto_dn_suffix = 1
+endif
 
 ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
 	ldap/servers/slapd/auth.c \
@@ -1137,6 +1140,7 @@ fixupcmd = sed \
 	-e 's,@enable_bitwise\@,$(enable_bitwise),g' \
 	-e 's,@enable_dna\@,$(enable_dna),g' \
 	-e 's,@enable_autobind\@,$(enable_autobind),g' \
+	-e 's,@enable_auto_dn_suffix\@,$(enable_auto_dn_suffix),g' \
 	-e 's,@ECHO_N\@,$(ECHO_N),g' \
 	-e 's,@ECHO_C\@,$(ECHO_C),g' \
 	-e 's,@brand\@,$(brand),g' \
@@ -1186,6 +1190,7 @@ fixupcmd = sed \
 	-e 's,@enable_bitwise\@,$(enable_bitwise),g' \
 	-e 's,@enable_dna\@,$(enable_dna),g' \
 	-e 's,@enable_autobind\@,$(enable_autobind),g' \
+	-e 's,@enable_auto_dn_suffix\@,$(enable_auto_dn_suffix),g' \
 	-e 's,@ECHO_N\@,$(ECHO_N),g' \
 	-e 's,@ECHO_C\@,$(ECHO_C),g' \
 	-e 's,@brand\@,$(brand),g' \
diff --git a/configure.ac b/configure.ac
index 54d732d8..243b157b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -137,6 +137,21 @@ else
 fi
 AM_CONDITIONAL(enable_autobind,test "$enable_autobind" = "yes")
 
+if test -z "$enable_auto_dn_suffix" ; then
+   enable_auto_dn_suffix=no # if not set on cmdline, set default
+fi
+AC_MSG_CHECKING(for --enable-auto-dn-suffix)
+AC_ARG_ENABLE(autobind,
+        AS_HELP_STRING([--enable-auto-dn-suffix],
+                       [enable auto bind with auto dn suffix over unix domain socket (LDAPI) support (default: no)]))
+if test "$enable_ldapi" = yes -a "$enable_autobind" = yes -a "$enable_auto_dn_suffix" = "yes"; then
+  AC_MSG_RESULT(yes)
+  AC_DEFINE([ENABLE_AUTO_DN_SUFFIX], [1], [enable ldapi auto bind with auto dn suffix support in the server])
+else
+  AC_MSG_RESULT(no)
+fi
+AM_CONDITIONAL(enable_auto_dn_suffix,test "$enable_auto_dn_suffix" = "yes")
+
 if test -z "$enable_bitwise" ; then
    enable_bitwise=yes # if not set on cmdline, set default
 fi
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index 45d5329c..9430cf2d 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -342,7 +342,9 @@ sub createConfigFile {
             $ent->setValues("nsslapd-ldapiuidnumbertype", "uidNumber");
             $ent->setValues("nsslapd-ldapigidnumbertype", "gidNumber");
             $ent->setValues("nsslapd-ldapientrysearchbase", $inf->{slapd}->{Suffix});
-            $ent->setValues("nsslapd-ldapiautodnsuffix", "cn=peercred,cn=external,cn=auth");
+            if ("@enable_auto_dn_suffix@") {
+                $ent->setValues("nsslapd-ldapiautodnsuffix", "cn=peercred,cn=external,cn=auth");
+            }
         }
         if (!$conn->update($ent)) {
             $conn->close();
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index cd1f6ecb..32c7688c 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -2172,6 +2172,7 @@ root_map_free:
 			}
 		}
 
+#if defined(ENABLE_AUTO_DN_SUFFIX)
 		if(ret) 
 		{
 			/* create phony auth dn? */
@@ -2209,6 +2210,7 @@ root_map_free:
 				ret = 0;
 			}
 		}
+#endif
 	}
 
 bail:
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 6a7c0178..dd2275b0 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -483,9 +483,11 @@ static struct config_get_and_set {
         {CONFIG_LDAPI_SEARCH_BASE_DN_ATTRIBUTE, config_set_ldapi_search_base_dn,
                 NULL, 0,
 		(void**)&global_slapdFrontendConfig.ldapi_search_base_dn, CONFIG_STRING, NULL},
+#if defined(ENABLE_AUTO_DN_SUFFIX)
         {CONFIG_LDAPI_AUTO_DN_SUFFIX_ATTRIBUTE, config_set_ldapi_auto_dn_suffix,
                 NULL, 0,
 		(void**)&global_slapdFrontendConfig.ldapi_auto_dn_suffix, CONFIG_STRING, NULL},
+#endif
 	{CONFIG_ACCESSLOG_MINFREEDISKSPACE_ATTRIBUTE, NULL,
 		log_set_mindiskspace, SLAPD_ACCESS_LOG,
 		(void**)&global_slapdFrontendConfig.accesslog_minfreespace, CONFIG_INT, NULL},
@@ -831,7 +833,9 @@ FrontendConfig_init () {
   cfg->ldapi_uidnumber_type = slapi_ch_strdup("uidNumber");
   cfg->ldapi_gidnumber_type = slapi_ch_strdup("gidNumber");
   cfg->ldapi_search_base_dn = slapi_ch_strdup("dc=example, dc=com");
+#if defined(ENABLE_AUTO_DN_SUFFIX)
   cfg->ldapi_auto_dn_suffix = slapi_ch_strdup("cn=peercred,cn=external,cn=auth");
+#endif
   cfg->threadnumber = SLAPD_DEFAULT_MAX_THREADS;
   cfg->maxthreadsperconn = SLAPD_DEFAULT_MAX_THREADS_PER_CONN;
   cfg->reservedescriptors = SLAPD_DEFAULT_RESERVE_FDS;
@@ -1373,6 +1377,7 @@ int config_set_ldapi_search_base_dn( const char *attrname, char *value, char *er
   return retVal;
 }
 
+#if defined(ENABLE_AUTO_DN_SUFFIX)
 int config_set_ldapi_auto_dn_suffix( const char *attrname, char *value, char *errorbuf, int apply )
 {
   int retVal = LDAP_SUCCESS;
@@ -1391,6 +1396,7 @@ int config_set_ldapi_auto_dn_suffix( const char *attrname, char *value, char *er
   }
   return retVal;
 }
+#endif
 
 
 int
@@ -3420,6 +3426,7 @@ char *config_get_ldapi_search_base_dn(){
   return retVal;
 }
 
+#if defined(ENABLE_AUTO_DN_SUFFIX)
 char *config_get_ldapi_auto_dn_suffix(){
   char *retVal;
   slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
@@ -3429,7 +3436,7 @@ char *config_get_ldapi_auto_dn_suffix(){
 
   return retVal;
 }
-
+#endif
 
 char *
 config_get_workingdir() {