nss-pam-ldapd branch master updated. 0.9.11-15-g906035b

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org, nss-pam-ldapd-commits [at] lists.arthurdejong.org
Subject: nss-pam-ldapd branch master updated. 0.9.11-15-g906035b
Date: Wed, 3 Nov 2021 22:51:49 +0100 (CET)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "nss-pam-ldapd".

The branch, master has been updated
       via  906035bc0dbfa16ef3eca2d3c3fa44d19244ad29 (commit)
      from  7d81616a991cf2a7f4ca12ae9d420baf54b116ff (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://arthurdejong.org/git/nss-pam-ldapd/commit/?id=906035bc0dbfa16ef3eca2d3c3fa44d19244ad29

commit 906035bc0dbfa16ef3eca2d3c3fa44d19244ad29
Author: Arthur de Jong <arthur@arthurdejong.org>
Date:   Mon Nov 1 23:22:38 2021 +0100

    Support an empty search base
    
    This allows putting `base ""` in nslcd.conf to specify an empty search
    base.
    
    Note that the LDAP server needs to support this. With slapd this
    requires setting up an olcDefaultSearchBase attribute in the
    olcFrontendConfig object under cn=config or have the database have an
    empty suffix.
    
    Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/50

diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml
index 5a61f11..c8f98b6 100644
--- a/man/nslcd.conf.5.xml
+++ b/man/nslcd.conf.5.xml
@@ -351,7 +351,7 @@
            <replaceable>DN</replaceable></term>
      <listitem>
       <para>
-       Specifies the base distinguished name (<acronym>DN</acronym>)
+       Specifies the distinguished name (<acronym>DN</acronym>)
        to use as search base.
        This option may be supplied multiple times and all specified bases
        will be searched.
@@ -364,10 +364,13 @@
        If, instead of a <acronym>DN</acronym>, the value
        <replaceable>DOMAIN</replaceable> is specified, the host's
        <acronym>DNS</acronym> domain is used to construct a search base.
+       A value of <replaceable>""</replaceable> can be used to indicate an
+       empty search base (quotes are not otherwise supported for base
+       values and not all LDAP server configurations support this). <!-- since 
0.9.12 -->
       </para>
       <para>
        If this value is not defined an attempt is made to look it up
-       in the configured <acronym>LDAP</acronym> server. Note that if the
+       in the configured <acronym>LDAP</acronym> server. If the
        <acronym>LDAP</acronym> server is unavailable during start-up
        <command>nslcd</command> will not start.
       </para>
diff --git a/nslcd/cfg.c b/nslcd/cfg.c
index 71b3093..772f0f6 100644
--- a/nslcd/cfg.c
+++ b/nslcd/cfg.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 1997-2005 Luke Howard
    Copyright (C) 2007 West Consulting
-   Copyright (C) 2007-2018 Arthur de Jong
+   Copyright (C) 2007-2021 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -683,6 +683,8 @@ static void handle_base(const char *filename, int lnr,
     exit(EXIT_FAILURE);
 #endif /* not HAVE_LDAP_DOMAIN2DN */
   }
+  if (strcasecmp(value, "\"\"") == 0)
+    value = "";
   /* find the spot in the list of bases */
   for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
     if (bases[i] == NULL)
@@ -1848,14 +1850,14 @@ static void cfg_dump(void)
     log_log(LOG_DEBUG, "CFG: krb5_ccname %s", str);
   for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
     if (nslcd_cfg->bases[i] != NULL)
-      log_log(LOG_DEBUG, "CFG: base %s", nslcd_cfg->bases[i]);
+      log_log(LOG_DEBUG, "CFG: base %s", nslcd_cfg->bases[i][0] == '\0' ? 
"\"\"" : nslcd_cfg->bases[i]);
   for (map = LM_ALIASES; map < LM_NONE; map++)
   {
     strp = base_get_var(map);
     if (strp != NULL)
       for (i = 0; i < NSS_LDAP_CONFIG_MAX_BASES; i++)
         if (strp[i] != NULL)
-          log_log(LOG_DEBUG, "CFG: base %s %s", print_map(map), strp[i]);
+          log_log(LOG_DEBUG, "CFG: base %s %s", print_map(map), strp[i][0] == 
'\0' ? "\"\"" : strp[i]);
   }
   log_log(LOG_DEBUG, "CFG: scope %s", print_scope(nslcd_cfg->scope));
   for (map = LM_ALIASES; map < LM_NONE; map++)
@@ -2061,12 +2063,6 @@ void cfg_init(const char *fname)
   if (nslcd_cfg->bases[0] == NULL)
     nslcd_cfg->bases[0] = get_base_from_rootdse();
   /* TODO: handle the case gracefully when no LDAP server is available yet */
-  /* see if we have a valid basedn */
-  if ((nslcd_cfg->bases[0] == NULL) || (nslcd_cfg->bases[0][0] == '\0'))
-  {
-    log_log(LOG_ERR, "no base defined in config and couldn't get one from 
server");
-    exit(EXIT_FAILURE);
-  }
   /* dump configuration */
   cfg_dump();
   /* initialise all database modules */
diff --git a/tests/test_cfg.c b/tests/test_cfg.c
index 2ae24bc..7a373a0 100644
--- a/tests/test_cfg.c
+++ b/tests/test_cfg.c
@@ -2,7 +2,7 @@
    test_cfg.c - simple test for the cfg module
    This file is part of the nss-pam-ldapd library.
 
-   Copyright (C) 2007, 2009, 2011, 2012, 2013 Arthur de Jong
+   Copyright (C) 2007-2021 Arthur de Jong
 
    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
@@ -187,6 +187,7 @@ static void test_tokenize(void)
 }
 
 extern const char *passwd_bases[];
+extern const char *group_bases[];
 extern const char *group_filter;
 extern int passwd_scope;
 
@@ -202,6 +203,7 @@ static void test_read(void)
           "uri ldap:/// ldaps://127.0.0.1/\n"
           "base dc=test, dc=tld\n"
           "base passwd ou=Some People,dc=test,dc=tld\n"
+          "base group \"\"\n"
           "map\tpasswd uid\t\tsAMAccountName\n"
           "map passwd homeDirectory \"${homeDirectory:-/home/$uid}\"  \n"
           "map    passwd gecos            \"${givenName}. ${sn}\"\n"
@@ -223,6 +225,7 @@ static void test_read(void)
   assert(cfg.uris[3].uri == NULL);
   assertstreq(cfg.bases[0], "dc=test, dc=tld");
   assertstreq(passwd_bases[0], "ou=Some People,dc=test,dc=tld");
+  assertstreq(group_bases[0], "");
   assertstreq(attmap_passwd_uid, "sAMAccountName");
   assertstreq(attmap_passwd_homeDirectory, "\"${homeDirectory:-/home/$uid}\"");
   assertstreq(attmap_passwd_gecos, "\"${givenName}. ${sn}\"");

-----------------------------------------------------------------------

Summary of changes:
 man/nslcd.conf.5.xml |  7 +++++--
 nslcd/cfg.c          | 14 +++++---------
 tests/test_cfg.c     |  5 ++++-
 3 files changed, 14 insertions(+), 12 deletions(-)


hooks/post-receive
-- 
nss-pam-ldapd

nss-pam-ldapd branch master updated. 0.9.11-15-g906035b, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd branch master updated. 0.9.11-14-g7d81616
Next by Date: nss-pam-ldapd branch master updated. 0.9.11-16-g4c46eef
Previous by thread: nss-pam-ldapd branch master updated. 0.9.11-14-g7d81616
Next by thread: nss-pam-ldapd branch master updated. 0.9.11-16-g4c46eef