* gpgkeys_ldap.c (find_basekeyspacedn): Use LDAP_SCOPE_BASE along with a

full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to find the pgpServerInfo object. Some LDAP setups don't like the search. (main): Stop binding to the server since it seems no server really requires it, and some require it not be there.
2025-01-10 13:04:23 +01:00 · 2004-08-23 03:13:27 +00:00 · 2004-08-23 03:13:27 +00:00 · 4615a538bf
commit 4615a538bf
parent b9167cb0d8
2 changed files with 33 additions and 7 deletions
--- a/keyserver/ChangeLog
+++ b/keyserver/ChangeLog
@ -1,3 +1,12 @@
+2004-08-22  David Shaw  <dshaw@jabberwocky.com>
+
+	* gpgkeys_ldap.c (find_basekeyspacedn): Use LDAP_SCOPE_BASE along
+	with a full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to
+	find the pgpServerInfo object.  Some LDAP setups don't like the
+	search.
+	(main): Stop binding to the server since it seems no server really
+	requires it, and some require it not be there.
+
 2004-07-29  David Shaw  <dshaw@jabberwocky.com>

 	* gpgkeys_ldap.c (main): Add "debug" option.  This is only really
--- a/keyserver/gpgkeys_ldap.c
+++ b/keyserver/gpgkeys_ldap.c
@ -1423,17 +1423,27 @@ find_basekeyspacedn(void)
 	    {
 	      char **vals;
 	      LDAPMessage *si_res;
-	      err=ldap_search_s(ldap,context[i],LDAP_SCOPE_ONELEVEL,
-				"(cn=pgpServerInfo)",attr,0,&si_res);
-	      if(err!=LDAP_SUCCESS)
+	      char *object;
+
+	      object=malloc(17+strlen(context[i])+1);
+	      if(!object)
+		return -1;
+
+	      strcpy(object,"cn=pgpServerInfo,");
+	      strcat(object,context[i]);
+
+	      err=ldap_search_s(ldap,object,LDAP_SCOPE_BASE,
+				"(objectClass=*)",attr,0,&si_res);
+	      free(object);
+
+	      if(err==LDAP_NO_SUCH_OBJECT)
+		continue;
+	      else if(err!=LDAP_SUCCESS)
 		return err;

 	      vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN");
 	      if(vals)
 		{
-		  /* This is always "OU=ACTIVE,O=PGP KEYSPACE,C=US", but
-		     it might not be in the future. */
-
 		  basekeyspacedn=strdup(vals[0]);
 		  ldap_value_free(vals);
 		}
@ -1479,6 +1489,9 @@ find_basekeyspacedn(void)
      if(err!=LDAP_SUCCESS)
 	return err;

+      /* For the LDAP keyserver, this is always "OU=ACTIVE,O=PGP
+	 KEYSPACE,C=US", but it might not be in the future. */
+
      vals=ldap_get_values(ldap,si_res,"baseKeySpaceDN");
      if(vals)
 	{
@ -1908,9 +1921,12 @@ main(int argc,char *argv[])
 	}
    }

+#if 0
  /* The LDAP keyserver doesn't require this, but it might be useful
     if someone stores keys on a V2 LDAP server somewhere.  (V3
-     doesn't require a bind). */
+     doesn't require a bind).  Leave this out for now since it is not
+     clear if anyone server we're likely to use really cares, plus
+     there are some servers that don't allow it. */

  err=ldap_simple_bind_s(ldap,NULL,NULL);
  if(err!=0)
@ -1922,6 +1938,7 @@ main(int argc,char *argv[])
    }
  else
    bound=1;
+#endif

  switch(action)
    {