LDAP Server: Enable LDAP Referral following [#1960962]

Hi,

I've attached a patch, that enables ldap module, to follow referrals given from the LDAP servers.

F.ex. if you have a several windows domains, that thrust each other - then they each have their own part of the forest (dc=tree1,dc=example,dc=com and dc=tree2,dc=example,dc=com) - and if you then try to lookup a user in tree1, using server responsible for tree2 - it'll give you an LDAP referral, enabling you to look up users in all trees - by just adding one server to the ldap servers list (it has to be able to connect to ALL servers using same binddn though).

The patch is developed by another consultancy - which didn't upstream it, so I was asked to fix it up for latest ldap module version and upstream it if possible :)

Development is sponsored by Københavns Kommune, Denmark (Copenhagen municipality).

Comment	File	Size	Author
#4	ldap-7.x-2.0-beta4-followreferral.patch	73.09 KB	klavs
#4
#2	ldap-7.x-2.0-beta4-ldap-followref.patch	2.05 KB	klavs
#2
	ldap-7.x-2.0-beta4-ldap-followref.patch	2.05 KB	klavs

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

johnbarclay CreditAttribution: johnbarclay commented 4 April 2013 at 17:26

Title:	Patch: Enable LDAP Referral following	» LDAP Server: Enable LDAP Referral following
Version:	7.x-2.0-beta4	» 7.x-2.x-dev
Status:	Active	» Needs work

This looks good. Appreciate the follow up with the patch. Given the level of testing and the closeness to a release canditate, this should be altered to opt into referral following. A property named "followReferrals" in LdapServer and LdapServerAdmin classes following the same pattern as the tls boolean field would take care of the configuration part of this.

Comment #2

klavs CreditAttribution: klavs commented 11 April 2013 at 14:26

File	Size
ldap-7.x-2.0-beta4-ldap-followref.patch	2.05 KB

Updated patch - now sets an option for allowing this, and includes updated .install to update database schema.

Comment #3

johnbarclay CreditAttribution: johnbarclay commented 12 April 2013 at 03:59

I think you uploaded the old patch again by mistake. I definately want to commit this. I think it should default to on for new installs and off for existing ones, but I'll take care of that when I apply the patch.

Comment #4

klavs CreditAttribution: klavs commented 12 April 2013 at 06:37

File	Size
ldap-7.x-2.0-beta4-followreferral.patch	73.09 KB

My bad.. :)

Correct patch attached.

Comment #5

johnbarclay CreditAttribution: johnbarclay commented 14 April 2013 at 03:56

Status:

Needs work

» Needs review

I made some changes to deal with servers that have php ldap extension, but not the ldap_set_rebind_proc function. My dev server has ldap extension, but not that function so it broke some simpletests.

Anyway these two commits pass simpletests and are committed to 7.x-2.x-dev.:

http://drupalcode.org/project/ldap.git/commitdiff/cc428f5869240e787adf56...
http://drupalcode.org/project/ldap.git/commitdiff/6ec8a7fd3d929dbf0c8db0...