diff --git a/contrib/bin/fusiondirectory-setup b/contrib/bin/fusiondirectory-setup
index bf6c0256ec7e101d67a0d83027ed4c4324fa5111..def2222a97c7f7e0931adaa24fc6bfc0d2570463 100644
--- a/contrib/bin/fusiondirectory-setup
+++ b/contrib/bin/fusiondirectory-setup
@@ -739,14 +739,18 @@ sub get_ldap_connexion {
my @locs = $twig->root->first_child('main')->children('location');
my %locations = ();
foreach my $loc (@locs) {
+ $loc->lc_attnames();
my $ref = $loc->first_child('referral');
+ # Ignore case
+ $ref->lc_attnames();
$locations{$loc->{'att'}->{'name'}} = {
'tls' => 0,
- 'uri' => $ref->{'att'}->{'URI'},
- 'bind_dn' => $ref->{'att'}->{'adminDn'},
- 'bind_pwd' => $ref->{'att'}->{'adminPassword'}
+ 'uri' => $ref->{'att'}->{'uri'},
+ 'base' => $ref->{'att'}->{'base'} or $loc->{'att'}->{'base'} or '',
+ 'bind_dn' => $ref->{'att'}->{'admindn'},
+ 'bind_pwd' => $ref->{'att'}->{'adminpassword'}
};
- if (defined $loc->{'att'}->{'ldapTLS'} and $loc->{'att'}->{'ldapTLS'} =~ m/true/i) {
+ if (defined $loc->{'att'}->{'ldaptls'} and $loc->{'att'}->{'ldaptls'} =~ m/true/i) {
$locations{$loc->{'att'}->{'name'}}->{'tls'} = 1
}
}
@@ -761,7 +765,11 @@ sub get_ldap_connexion {
$location = $answer;
}
- if ($locations{$location}->{'uri'} =~ qr|^(.*)/([^/]+)$|) {
+ if ($locations{$location}->{'base'} ne '') {
+ $uri = $locations{$location}->{'uri'};
+ $base = $locations{$location}->{'base'};
+ } elsif ($locations{$location}->{'uri'} =~ qr|^(.*)/([^/]+)$|) {
+ # Format from FD<1.3
$uri = $1;
$base = $2;
} else {
diff --git a/contrib/fusiondirectory.conf b/contrib/fusiondirectory.conf
index aed6e126fb5a4a8d06a0a813504749c2ab53510c..46378f26383236038c00fffea56ad7d2c3ec6a45 100644
--- a/contrib/fusiondirectory.conf
+++ b/contrib/fusiondirectory.conf
@@ -33,7 +33,7 @@
ldapTLS="TRUE"
{/if}
>
- <referral URI="{$cv.connection}/{$cv.base}"
+ <referral URI="{$cv.connection}" base="{$cv.base}"
adminDn="{$cv.admin}"
adminPassword="{$cv.password}" />
</location>
diff --git a/contrib/man/fusiondirectory.conf.5 b/contrib/man/fusiondirectory.conf.5
index 9a8b54e796b2b0552d9daa1d15bbaa3ca3a45976..9544d1f1654d909940cae74a586202cd8d3d85e7 100644
--- a/contrib/man/fusiondirectory.conf.5
+++ b/contrib/man/fusiondirectory.conf.5
@@ -182,7 +182,7 @@ Example layout:
\& forceSSL="TRUE"
\& ...
\&
-\& <referral uri="ldaps://ldap.example.net:636/dc=example,dc=net"
+\& <referral uri="ldaps://ldap.example.net:636" base="dc=example,dc=net"
\& admin="cn=fusiondirectory\-admin,dc=example,dc=net"
\& password="secret" />
\&
@@ -256,12 +256,12 @@ For every location you define inside your fusiondirectory.conf, you need at leas
Example:
.PP
.Vb 3
-\& <referral uri="ldap://ldap.example.net/dc=example,dc=net"
+\& <referral uri="ldap://ldap.example.net" base="dc=example,dc=net"
\& admin="cn=fusiondirectory\-admin,dc=example,dc=net"
\& password="secret" />
.Ve
.PP
-uri is a valid \s-1LDAP\s0 uri extendet by the base this referral is responsible for. admin is the \s-1DN\s0 which has the permission to write \s-1LDAP\s0 entries. And password is the corresponding password for this \s-1DN.\s0
+uri is a valid \s-1LDAP\s0 uri. base is the base this referral is responsible for. admin is the \s-1DN\s0 which has the permission to write \s-1LDAP\s0 entries. And password is the corresponding password for this \s-1DN.\s0
You can define a set of referrals if you have several server to connect to.
.SH "BUGS"
.IX Header "BUGS"
diff --git a/contrib/man/fusiondirectory.conf.pod b/contrib/man/fusiondirectory.conf.pod
index 77cb1abb089d7d933ca31f7ae4bdc077c9423b21..406f2e720f45e991be552af3b058f7b5ca7d7011 100644
--- a/contrib/man/fusiondirectory.conf.pod
+++ b/contrib/man/fusiondirectory.conf.pod
@@ -43,7 +43,7 @@ Example layout:
forceSSL="TRUE"
...
- <referral uri="ldaps://ldap.example.net:636/dc=example,dc=net"
+ <referral uri="ldaps://ldap.example.net:636" base="dc=example,dc=net"
admin="cn=fusiondirectory-admin,dc=example,dc=net"
password="secret" />
@@ -138,11 +138,11 @@ For every location you define inside your fusiondirectory.conf, you need at leas
Example:
- <referral uri="ldap://ldap.example.net/dc=example,dc=net"
+ <referral uri="ldap://ldap.example.net" base="dc=example,dc=net"
admin="cn=fusiondirectory-admin,dc=example,dc=net"
password="secret" />
-uri is a valid LDAP uri extendet by the base this referral is responsible for. admin is the DN which has the permission to write LDAP entries. And password is the corresponding password for this DN.
+uri is a valid LDAP uri. base is the base this referral is responsible for. admin is the DN which has the permission to write LDAP entries. And password is the corresponding password for this DN.
You can define a set of referrals if you have several server to connect to.
=head1 BUGS
diff --git a/include/class_config.inc b/include/class_config.inc
index b4fe55e77483fb8cd0b083ec58a3093870468480..ef906ad81454cdcdbc2b7230638f72dff693c147 100644
--- a/include/class_config.inc
+++ b/include/class_config.inc
@@ -208,7 +208,18 @@ class config
/* Handle referral tags */
case 'REFERRAL':
if ($this->tags[$this->level - 2] == 'LOCATION') {
- $server = preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $attrs['URI']);
+ if (isset($attrs['BASE'])) {
+ $server = $attrs['URI'];
+ } elseif (isset($this->data['LOCATIONS'][$this->currentLocation]['BASE'])) {
+ /* Fallback on location base */
+ $server = $attrs['URI'];
+ $attrs['BASE'] = $this->data['LOCATIONS'][$this->currentLocation]['BASE'];
+ } else {
+ /* Format from FD<1.3 */
+ $server = preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $attrs['URI']);
+ $attrs['URI'] = $server;
+ $attrs['BASE'] = preg_replace('!^[^:]+://[^/]+/(.*)$!', '\\1', $attrs['URI']);
+ }
/* Add location elements */
if (!isset($this->data['LOCATIONS'][$this->currentLocation]['REFERRAL'])) {
@@ -355,36 +366,24 @@ class config
/* Sort referrals, if present */
if (isset($this->current['REFERRAL'])) {
- $bases = array();
$servers = array();
- foreach ($this->current['REFERRAL'] as $ref) {
- $server = preg_replace('%^(.*://[^/]+)/.*$%', '\\1', $ref['URI']);
- $base = preg_replace('%^.*://[^/]+/(.*)$%', '\\1', $ref['URI']);
-
- $bases[$base] = strlen($base);
- $servers[$base] = $server;
+ foreach ($this->current['REFERRAL'] as $server => $ref) {
+ $servers[$server] = strlen($ref['BASE']);
}
- asort($bases);
- reset($bases);
+ asort($servers);
+ reset($servers);
}
/* SERVER not defined? Load the one with the shortest base */
if (!isset($this->current['SERVER'])) {
- $this->current['SERVER'] = $servers[key($bases)];
- }
-
- /* BASE not defined? Load the one with the shortest base */
- if (!isset($this->current['BASE'])) {
- $this->current['BASE'] = key($bases);
+ $this->current['SERVER'] = key($servers);
}
/* Parse LDAP referral informations */
if (!isset($this->current['ADMINDN']) || !isset($this->current['ADMINPASSWORD'])) {
- $url = $this->current['SERVER'];
- $referral = $this->current['REFERRAL'][$url];
-
- $this->current['ADMINDN'] = $referral['ADMINDN'];
- $this->current['ADMINPASSWORD'] = $referral['ADMINPASSWORD'];
+ $this->current['BASE'] = $this->current['REFERRAL'][$this->current['SERVER']]['BASE'];
+ $this->current['ADMINDN'] = $this->current['REFERRAL'][$this->current['SERVER']]['ADMINDN'];
+ $this->current['ADMINPASSWORD'] = $this->current['REFERRAL'][$this->current['SERVER']]['ADMINPASSWORD'];
}
/* We need LDAPSIZELIMIT and LDAPSIZEIGNORE set before we connect to the ldap */
diff --git a/include/class_ldap.inc b/include/class_ldap.inc
index 234fc2ded13bf77ad21dc7f572a71e3a05fede22..fd3ed2ec74014fa19c2dd3336cbbf0df634e9210 100644
--- a/include/class_ldap.inc
+++ b/include/class_ldap.inc
@@ -751,8 +751,7 @@ class LDAP
if ($ignoreReferralBases) {
$found = FALSE;
foreach ($this->referrals as $ref) {
- $base = preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URI']);
- if ($base == $cdn) {
+ if ($ref['BASE'] == $cdn) {
$found = TRUE;
break;
}