[389-commits] ldap/servers

Mark Reynolds mreynolds at fedoraproject.org
Fri Apr 27 19:59:55 UTC 2012 

 ldap/servers/plugins/replication/repl5_agmt.c |   23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

New commits:
commit d4327cffcb79d2b4c46f4d31b4477e29a9ea0de0
Author: Mark Reynolds <mareynol at redhat.com>
Date:   Fri Apr 27 13:53:31 2012 -0400

    Ticket #214 - Adding Replication agreement should complain if required nsds5ReplicaCredentials not supplied
    
    Bug Description:  the server allows you to add replication agreements for SIMPLE & SASL/DIGEST-MD5 without
                      supplying a bind DN or password.  The console enforces this, but not through the command line.
    
    Fix Description:  If the authentication method is not SSL Client Auth or SASL/GSSAPI, then make sure a
                      bind DN and password are supplied.
    
    https://fedorahosted.org/389/ticket/214
    
    Reviewed by: Noriko!

diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
index bfde962..cdd074e 100644
--- a/ldap/servers/plugins/replication/repl5_agmt.c
+++ b/ldap/servers/plugins/replication/repl5_agmt.c
@@ -219,6 +219,26 @@ agmt_is_valid(Repl_Agmt *ra)
 						slapi_sdn_get_dn(ra->dn), type_nsds5TransportInfo, type_nsds5ReplicaBindMethod);
 		return_value = 0;
 	}
+	/*
+	 * If we are not using GSSAPI or SSL Client Auth, then a bind dn and password must be present
+	 */
+	if(BINDMETHOD_SASL_GSSAPI != ra->bindmethod && BINDMETHOD_SSL_CLIENTAUTH != ra->bindmethod){
+		if(strcmp(ra->binddn,"") == 0 || ra->creds->bv_val == NULL){
+			char *auth_mech;
+
+			if(ra->bindmethod == BINDMETHOD_SIMPLE_AUTH){
+				auth_mech = "SIMPLE";
+			} else if (ra->bindmethod == BINDMETHOD_SASL_DIGEST_MD5){
+				auth_mech = "SASL/DIGEST-MD5";
+			} else {
+				auth_mech = "Unknown";
+			}
+			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Replication agreement \"%s\" "
+				"is malformed: a bind DN and password must be supplied for authentication "
+				"method \"%s\"\n", slapi_sdn_get_dn(ra->dn), auth_mech);
+			return_value = 0;
+		}
+	}
 	return return_value;
 }
 
@@ -227,10 +247,9 @@ Repl_Agmt *
 agmt_new_from_entry(Slapi_Entry *e)
 {
 	Repl_Agmt *ra;
-	char *tmpstr;
 	Slapi_Attr *sattr;
+	char *tmpstr;
 	char **denied_attrs = NULL;
-
 	char *auto_initialize = NULL;
 	char *val_nsds5BeginReplicaRefresh = "start";

More information about the 389-commits mailing list