summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeiko Schlichting <heiko@fu-berlin.de>2014-04-23 07:30:41 -0700
committerTodd Lyons <tlyons@exim.org>2014-04-23 08:11:31 -0700
commitdeae092e544ecfb3d8a362a260fc00ec01f0883f (patch)
tree27d848b299ed172ddde4c8b6a10163eb28dcd1f2
parent44649fdb169979af3c5a08b10889d1ecee48a469 (diff)
Bug 1453: Add SERVERS ldap server list override
-rw-r--r--doc/doc-docbook/spec.xfpt9
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--doc/doc-txt/NewStuff4
-rw-r--r--src/src/lookups/ldap.c10
4 files changed, 22 insertions, 4 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 3542557c4..6f0a16f37 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -7198,6 +7198,7 @@ them. The following names are recognized:
&`USER `& set the DN, for authenticating the LDAP bind
&`PASS `& set the password, likewise
&`REFERRALS `& set the referrals parameter
+&`SERVERS `& set alternate server list for this query only
&`SIZE `& set the limit for the number of entries returned
&`TIME `& set the maximum waiting time for a query
.endd
@@ -7219,6 +7220,14 @@ Netscape SDK; for OpenLDAP no action is taken.
The TIME parameter (also a number of seconds) is passed to the server to
set a server-side limit on the time taken to complete a search.
+The SERVERS parameter allows you to specify an alternate list of ldap servers
+to use for an individual lookup. The global ldap_servers option provides a
+default list of ldap servers, and a single lookup can specify a single ldap
+server to use. But when you need to do a lookup with a list of servers that is
+different than the default list (maybe different order, maybe a completely
+different set of servers), the SERVERS parameter allows you to specify this
+alternate list.
+
Here is an example of an LDAP query in an Exim lookup that uses some of these
values. This is a single line, folded to fit on the page:
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 6252956a6..30b27a012 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -87,6 +87,9 @@ JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455.
JH/14 New options dnssec_request_domains, dnssec_require_domains on the
dnslookup router (applying to the forward lookup).
+TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list
+ of ldap servers used for a specific lookup. Patch provided by Heiko
+ Schlichting.
Exim version 4.82
-----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index c168cf2a7..bfbfc7150 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -32,6 +32,10 @@ Version 4.83
is split from the encryption operation. The default remains that a failed
verification cancels the encryption.
+ 6. New SERVERS override of default ldap server list. In the ACLs, an ldap
+ lookup can now set a list of servers to use that is different from the
+ default list.
+
Version 4.82
------------
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 27780db49..f77229ded 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -1133,6 +1133,7 @@ uschar *url = ldap_url;
uschar *p;
uschar *user = NULL;
uschar *password = NULL;
+uschar *local_servers = NULL;
uschar *server, *list;
uschar buffer[512];
@@ -1161,6 +1162,7 @@ while (strncmpic(url, US"ldap", 4) != 0)
else if (strncmpic(name, US"TIME=", namelen) == 0) timelimit = Uatoi(value);
else if (strncmpic(name, US"CONNECT=", namelen) == 0) tcplimit = Uatoi(value);
else if (strncmpic(name, US"NETTIME=", namelen) == 0) tcplimit = Uatoi(value);
+ else if (strncmpic(name, US"SERVERS=", namelen) == 0) local_servers = value;
/* Don't know if all LDAP libraries have LDAP_OPT_DEREF */
@@ -1288,16 +1290,16 @@ if (Ustrncmp(p, "://", 3) != 0)
/* No default servers, or URL contains a server name: just one attempt */
-if (eldap_default_servers == NULL || p[3] != '/')
+if ((eldap_default_servers == NULL && local_servers == NULL) || p[3] != '/')
{
return perform_ldap_search(url, NULL, 0, search_type, res, errmsg,
&defer_break, user, password, sizelimit, timelimit, tcplimit, dereference,
referrals);
}
-/* Loop through the default servers until OK or FAIL */
-
-list = eldap_default_servers;
+/* Loop through the default servers until OK or FAIL. Use local_servers list
+ * if defined in the lookup, otherwise use the global default list */
+list = (local_servers == NULL) ? eldap_default_servers : local_servers;
while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
{
int rc;