mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
* gpgkeys_ldap.c (find_basekeyspacedn): Use LDAP_SCOPE_BASE along with a
full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to find the pgpServerInfo object. Some LDAP setups don't like the search. (main): Stop binding to the server since it seems no server really requires it, and some require it not be there.
This commit is contained in:
David Shaw
parent
b9167cb0d8
commit
4615a538bf
2 changed files with 33 additions and 7 deletions
|
|
@ -1423,17 +1423,27 @@ find_basekeyspacedn(void)
|
|||
{
|
||||
char **vals;
|
||||
LDAPMessage *si_res;
|
||||
err=ldap_search_s(ldap,context[i],LDAP_SCOPE_ONELEVEL,
|
||||
"(cn=pgpServerInfo)",attr,0,&si_res);
|
||||
if(err!=LDAP_SUCCESS)
|
||||
char *object;
|
||||
|
||||
object=malloc(17+strlen(context[i])+1);
|
||||
if(!object)
|
||||
return -1;
|
||||
|
||||
strcpy(object,"cn=pgpServerInfo,");
|
||||
strcat(object,context[i]);
|
||||
|
||||
err=ldap_search_s(ldap,object,LDAP_SCOPE_BASE,
|
||||
"(objectClass=*)",attr,0,&si_res);
|
||||
free(object);
|
||||
|
||||
if(err==LDAP_NO_SUCH_OBJECT)
|
||||
continue;
|
||||
else if(err!=LDAP_SUCCESS)
|
||||
return err;
|
||||
|
||||
vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN");
|
||||
if(vals)
|
||||
{
|
||||
/* This is always "OU=ACTIVE,O=PGP KEYSPACE,C=US", but
|
||||
it might not be in the future. */
|
||||
|
||||
basekeyspacedn=strdup(vals[0]);
|
||||
ldap_value_free(vals);
|
||||
}
|
||||
|
|
@ -1479,6 +1489,9 @@ find_basekeyspacedn(void)
|
|||
if(err!=LDAP_SUCCESS)
|
||||
return err;
|
||||
|
||||
/* For the LDAP keyserver, this is always "OU=ACTIVE,O=PGP
|
||||
KEYSPACE,C=US", but it might not be in the future. */
|
||||
|
||||
vals=ldap_get_values(ldap,si_res,"baseKeySpaceDN");
|
||||
if(vals)
|
||||
{
|
||||
|
|
@ -1908,9 +1921,12 @@ main(int argc,char *argv[])
|
|||
}
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* The LDAP keyserver doesn't require this, but it might be useful
|
||||
if someone stores keys on a V2 LDAP server somewhere. (V3
|
||||
doesn't require a bind). */
|
||||
doesn't require a bind). Leave this out for now since it is not
|
||||
clear if anyone server we're likely to use really cares, plus
|
||||
there are some servers that don't allow it. */
|
||||
|
||||
err=ldap_simple_bind_s(ldap,NULL,NULL);
|
||||
if(err!=0)
|
||||
|
|
@ -1922,6 +1938,7 @@ main(int argc,char *argv[])
|
|||
}
|
||||
else
|
||||
bound=1;
|
||||
#endif
|
||||
|
||||
switch(action)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue