From 6982bad11a9cabe91bc17841a697a2ea7d21c2ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Mon, 10 Feb 2020 19:19:44 +0100 Subject: [PATCH 1/2] s3-libads: use dns name to open a ldap session MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Required for working certificate verification. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13124 Signed-off-by: Björn Baumbach Reviewed-by: Bjoern Jacke Autobuild-User(master): Björn Baumbach Autobuild-Date(master): Thu Mar 5 12:29:26 UTC 2020 on sn-devel-184 (cherry picked from commit e45e0912d99335f4feec7f937180ea21f7f62a72) --- source3/libads/ldap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 8ad76ed0ae9..8adfb15fb55 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -669,7 +669,7 @@ got_connection: /* Otherwise setup the TCP LDAP session */ - ads->ldap.ld = ldap_open_with_timeout(addr, + ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, &ads->ldap.ss, ads->ldap.port, lp_ldap_timeout()); if (ads->ldap.ld == NULL) { -- 2.26.2 From f5b83cb2c1fdc3b76b0723b2ab6c25337167947f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Wed, 3 Jun 2020 19:40:59 +0200 Subject: [PATCH 2/2] s3-libads: use ldap_init_fd() to initialize a ldap session if possible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the known ip address of the ldap server to open the connection and initialize the ldap session with ldap_init_fd(). This avoid unnecessary DNS lookups which might block or prevent the successful connection. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13124 Signed-off-by: Björn Baumbach Reviewed-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit c8080bbd708eaa3212fa516861ac9e3b267989a0) --- source3/libads/ldap.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 8adfb15fb55..b071f2c2733 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -92,7 +92,23 @@ static void gotalarm_sig(int signum) return NULL; } -#ifdef HAVE_LDAP_INITIALIZE +#ifdef HAVE_LDAP_INIT_FD + { + int fd = -1; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + + status = open_socket_out(ss, port, to, &fd); + if (!NT_STATUS_IS_OK(status)) { + return NULL; + } + +/* define LDAP_PROTO_TCP from openldap.h if required */ +#ifndef LDAP_PROTO_TCP +#define LDAP_PROTO_TCP 1 +#endif + ldap_err = ldap_init_fd(fd, LDAP_PROTO_TCP, uri, &ldp); + } +#elif defined(HAVE_LDAP_INITIALIZE) ldap_err = ldap_initialize(&ldp, uri); #else ldp = ldap_open(server, port); -- 2.26.2