Hi,
I've attached a patch, that enables ldap module, to follow referrals given from the LDAP servers.
F.ex. if you have a several windows domains, that thrust each other - then they each have their own part of the forest (dc=tree1,dc=example,dc=com and dc=tree2,dc=example,dc=com) - and if you then try to lookup a user in tree1, using server responsible for tree2 - it'll give you an LDAP referral, enabling you to look up users in all trees - by just adding one server to the ldap servers list (it has to be able to connect to ALL servers using same binddn though).
The patch is developed by another consultancy - which didn't upstream it, so I was asked to fix it up for latest ldap module version and upstream it if possible :)
Development is sponsored by Københavns Kommune, Denmark (Copenhagen municipality).
Comment | File | Size | Author |
---|---|---|---|
#4 | ldap-7.x-2.0-beta4-followreferral.patch | 73.09 KB | klavs |
#2 | ldap-7.x-2.0-beta4-ldap-followref.patch | 2.05 KB | klavs |
ldap-7.x-2.0-beta4-ldap-followref.patch | 2.05 KB | klavs | |
Comments
Comment #1
johnbarclay CreditAttribution: johnbarclay commentedThis looks good. Appreciate the follow up with the patch. Given the level of testing and the closeness to a release canditate, this should be altered to opt into referral following. A property named "followReferrals" in LdapServer and LdapServerAdmin classes following the same pattern as the tls boolean field would take care of the configuration part of this.
Comment #2
klavs CreditAttribution: klavs commentedUpdated patch - now sets an option for allowing this, and includes updated .install to update database schema.
Comment #3
johnbarclay CreditAttribution: johnbarclay commentedI think you uploaded the old patch again by mistake. I definately want to commit this. I think it should default to on for new installs and off for existing ones, but I'll take care of that when I apply the patch.
Comment #4
klavs CreditAttribution: klavs commentedMy bad.. :)
Correct patch attached.
Comment #5
johnbarclay CreditAttribution: johnbarclay commentedI made some changes to deal with servers that have php ldap extension, but not the ldap_set_rebind_proc function. My dev server has ldap extension, but not that function so it broke some simpletests.
Anyway these two commits pass simpletests and are committed to 7.x-2.x-dev.:
http://drupalcode.org/project/ldap.git/commitdiff/cc428f5869240e787adf56...
http://drupalcode.org/project/ldap.git/commitdiff/6ec8a7fd3d929dbf0c8db0...
Comment #6
johnbarclay CreditAttribution: johnbarclay commented