Add comment explaining the previous fix.

[samba.git] / source / libads / ldap.c

diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index a83477394304c924cd01394b629e0a25c7395e5a..d8a117888eaefe4a0cce045f74f034f183a5b6e2 100644 (file)
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -118,6 +118,16 @@ static int ldap_search_with_timeout(LDAP *ld,
        if (gotalarm != 0)
                return LDAP_TIMELIMIT_EXCEEDED;
 
+       /*
+        * A bug in OpenLDAP means ldap_search_ext_s can return
+        * LDAP_SUCCESS but with a NULL res pointer. Cope with
+        * this. See bug #6279 for details. JRA.
+        */
+
+       if (*res == NULL) {
+               return LDAP_TIMELIMIT_EXCEEDED;
+       }
+
        return result;
 }
 
@@ -162,6 +172,11 @@ bool ads_closest_dc(ADS_STRUCT *ads)
                return True;
        }
 
+       if (ads->config.client_site_name == NULL) {
+               DEBUG(10,("ads_closest_dc: client belongs to no site\n"));
+               return True;
+       }
+
        DEBUG(10,("ads_closest_dc: %s is not the closest DC\n", 
                ads->config.ldap_server_name));
 
@@ -267,10 +282,12 @@ bool ads_try_connect(ADS_STRUCT *ads, const char *server )
 
 static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
 {
+       const char *c_domain;
        const char *c_realm;
        int count, i=0;
        struct ip_service *ip_list;
        const char *realm;
+       const char *domain;
        bool got_realm = False;
        bool use_own_domain = False;
        char *sitename;
@@ -292,6 +309,8 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
        if (c_realm && *c_realm)
                got_realm = True;
 
+ again:
+
        /* we need to try once with the realm name and fallback to the
           netbios domain name if we fail (if netbios has not been disabled */
 
@@ -308,13 +327,42 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
                return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
        }
 
+       if ( use_own_domain ) {
+               c_domain = lp_workgroup();
+       } else {
+               c_domain = ads->server.workgroup;
+       }
+
        realm = c_realm;
+       domain = c_domain;
 
-       sitename = sitename_fetch(realm);
+       /*
+        * In case of LDAP we use get_dc_name() as that
+        * creates the custom krb5.conf file
+        */
+       if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+               fstring srv_name;
+               struct sockaddr_storage ip_out;
+
+               DEBUG(6,("ads_find_dc: (ldap) looking for %s '%s'\n",
+                       (got_realm ? "realm" : "domain"), realm));
+
+               if (get_dc_name(domain, realm, srv_name, &ip_out)) {
+                       /*
+                        * we call ads_try_connect() to fill in the
+                        * ads->config details
+                        */
+                       if (ads_try_connect(ads, srv_name)) {
+                               return NT_STATUS_OK;
+                       }
+               }
 
- again:
+               return NT_STATUS_NO_LOGON_SERVERS;
+       }
 
-       DEBUG(6,("ads_find_dc: looking for %s '%s'\n",
+       sitename = sitename_fetch(realm);
+
+       DEBUG(6,("ads_find_dc: (cldap) looking for %s '%s'\n",
                (got_realm ? "realm" : "domain"), realm));
 
        status = get_sorted_dc_list(realm, sitename, &ip_list, &count, got_realm);
@@ -481,9 +529,8 @@ got_connection:
 
        /* cache the successful connection for workgroup and realm */
        if (ads_closest_dc(ads)) {
-               print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
-               saf_store( ads->server.workgroup, addr);
-               saf_store( ads->server.realm, addr);
+               saf_store( ads->server.workgroup, ads->config.ldap_server_name);
+               saf_store( ads->server.realm, ads->config.ldap_server_name);
        }
 
        ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);