aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr/ks-engine-ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'dirmngr/ks-engine-ldap.c')
-rw-r--r--dirmngr/ks-engine-ldap.c20
1 files changed, 18 insertions, 2 deletions
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 6bf19cb1f..3a71af2d8 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -338,6 +338,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
int port; /* Port to use. */
int use_tls; /* 1 = starttls, 2 = ldap-over-tls */
int use_ntds; /* Use Active Directory authentication. */
+ int use_areconly; /* Lookup only via A record (Windows). */
const char *bindname;
const char *password;
const char *basedn_arg;
@@ -365,6 +366,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
basedn_arg = server->base;
use_tls = server->starttls? 1 : server->ldap_over_tls? 2 : 0;
use_ntds = server->ntds;
+ use_areconly = server->areconly;
}
else
{
@@ -375,6 +377,7 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
basedn_arg = uri->path;
use_tls = uri->use_tls ? 1 : 0;
use_ntds = uri->ad_current;
+ use_areconly = 0;
}
if (!port)
@@ -392,13 +395,14 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
}
if (opt.verbose)
- log_info ("ldap connect to '%s:%d:%s:%s:%s:%s%s'\n",
+ log_info ("ldap connect to '%s:%d:%s:%s:%s:%s%s%s'\n",
host, port,
basedn_arg ? basedn_arg : "",
bindname ? bindname : "",
password ? "*****" : "",
use_tls == 1? "starttls" : use_tls == 2? "ldaptls" : "plain",
- use_ntds ? ",ntds":"");
+ use_ntds ? ",ntds":"",
+ use_areconly? ",areconly":"");
/* If the uri specifies a secure connection and we don't support
@@ -427,6 +431,18 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
host, port, ldap_err2string (lerr));
goto out;
}
+ if (use_areconly)
+ {
+ lerr = ldap_set_option (ldap_conn, LDAP_OPT_AREC_EXCLUSIVE, LDAP_OPT_ON);
+ if (lerr != LDAP_SUCCESS)
+ {
+ log_error ("ks-ldap: unable to set LDAP_OPT_AREC_EXLUSIVE: %s\n",
+ ldap_err2string (lerr));
+ err = ldap_err_to_gpg_err (lerr);
+ goto out;
+ }
+ }
+
#else /* Unix */
tmpstr = xtryasprintf ("%s://%s:%d",
use_tls == 2? "ldaps" : "ldap",
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 10:56:03 +0000