DWORD
VmDirSASLSRPBindExt1(
LDAP** ppLd,
PCSTR pszURI,
PCSTR pszUPN,
PCSTR pszPass,
int iTimeout
)
{
DWORD dwError = 0;
int retVal = 0;
PSTR pszLowerCaseUPN = NULL;
LDAP* pLd = NULL;
const int ldapVer = LDAP_VERSION3;
const int iSaslNoCanon = 1;
VMDIR_SASL_INTERACTIVE_DEFAULT srpDefault = {0};
int iCnt = 0;
struct timeval optTimeout={0};
optTimeout.tv_usec = 0;
optTimeout.tv_sec = iTimeout;
if ( ppLd == NULL || pszURI == NULL || pszUPN == NULL || pszPass == NULL )
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirAllocASCIIUpperToLower( pszUPN, &pszLowerCaseUPN );
BAIL_ON_VMDIR_ERROR(dwError);
srpDefault.pszAuthName = pszLowerCaseUPN;
srpDefault.pszPass = pszPass;
for (iCnt=0; iCnt<2; iCnt++)
{
retVal = ldap_initialize( &pLd, pszURI);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
retVal = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
// turn off SASL hostname canonicalization for SRP mech
retVal = ldap_set_option(pLd, LDAP_OPT_X_SASL_NOCANON, &iSaslNoCanon);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
if (iTimeout > 0)
{
// timeout connect
retVal = ldap_set_option(pLd, LDAP_OPT_NETWORK_TIMEOUT, (void *)&optTimeout);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
}
retVal = ldap_sasl_interactive_bind_s( pLd,
NULL,
"SRP",
NULL,
NULL,
LDAP_SASL_QUIET,
_VmDirSASLSRPInteraction,
&srpDefault);
if (retVal == LDAP_SERVER_DOWN || retVal == LDAP_TIMEOUT)
{
VmDirSleep(50); // pause 50 ms
if ( pLd )
{
ldap_unbind_ext_s(pLd, NULL, NULL);
pLd = NULL;
}
continue; // if transient network error, retry once.
}
else
{
break;
}
}
BAIL_ON_SIMPLE_LDAP_ERROR(retVal); // bail ldap_sasl_interactive_bind_s failure.
*ppLd = pLd;
cleanup:
VMDIR_SAFE_FREE_MEMORY(pszLowerCaseUPN);
return dwError;
ldaperror:
VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLSRPBind failed. (%d)(%s)",
retVal, ldap_err2string(retVal) );
dwError = VmDirMapLdapError(retVal);
error:
if (retVal == 0)
{
VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLSRPBind failed. (%u)", dwError);
}
if ( pLd )
{
ldap_unbind_ext_s( pLd, NULL, NULL);
}
goto cleanup;
}
DWORD
VmDirSrvSetupHostInstance(
PCSTR pszFQDomainName,
PCSTR pszUsername,
PCSTR pszPassword,
PCSTR pszSiteName,
PCSTR pszReplURI,
UINT32 firstReplCycleMode
)
{
DWORD dwError = 0;
PCSTR pszDelObjsContainerName = "Deleted Objects";
PCSTR pszConfigContainerName = VMDIR_CONFIGURATION_CONTAINER_NAME;
PCSTR pszCAContainerName = VMDIR_CA_CONTAINER_NAME;
PCSTR pszSitesContainerName = VMDIR_SITES_RDN_VAL;
PCSTR pszSiteContainerName = "Default-First-Site";
PCSTR pszServersContainerName = VMDIR_SERVERS_CONTAINER_NAME;
PCSTR pszReplAgrsContainerName = VMDIR_REPL_AGRS_CONTAINER_NAME;
PCSTR pszDCsContainerName = VMDIR_DOMAIN_CONTROLLERS_RDN_VAL;
PCSTR pszComputersContainerName = VMDIR_COMPUTERS_RDN_VAL;
PCSTR pszMSAsContainerName = VMDIR_MSAS_RDN_VAL;
PSTR pszDomainDN = NULL;
PSTR pszDelObjsContainerDN = NULL; // CN=Deleted Objects,<domain DN>
PSTR pszConfigContainerDN = NULL; // CN=Configuration,<domain DN>
PSTR pszCAContainerDN = NULL; // CN=Certificate-Authorities,CN=Configuration,<domain DN>
PSTR pszSitesContainerDN = NULL; // CN=Sites,<configuration DN>
PSTR pszSiteContainerDN = NULL; // CN=<Site-Name>,<Sites container DN>
PSTR pszServersContainerDN = NULL; // CN=Servers,<Site container DN>
PSTR pszServerDN = NULL; // CN=<fully qualified host name>,<Servers container DN>
PSTR pszReplAgrsContainerDN = NULL; // CN=Replication Agreements,<Server DN>
PSTR pszReplAgrDN = NULL; // labeledURI=<ldap://192.165.226.127>,<ReplAgrsContainerDN>
PSTR pszDCsContainerDN = NULL; // OU=Domain Controllers,<domain DN>
PSTR pszComputersContainerDN = NULL; // OU=Computers,<domain DN>
PSTR pszDCAccountDN = NULL; // CN=<fully qualified host name>,OU=Domain Controllers,<domain DN>
PSTR pszDCAccountUPN = NULL; // <hostname>@<domain name>
PSTR pszComputerAccountDN = NULL; // CN=<fully qualified host name>,OU=Domain Computers,<domain DN>
PSTR pszMSAsDN = NULL; // CN=<Managed Service Accounts>,<domain DN>
PSTR pszUpperCaseFQDomainName = NULL;
PSTR pszLowerCaseHostName = NULL;
PSTR pszDefaultAdminDN = NULL;
PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
char pszHostName[VMDIR_MAX_HOSTNAME_LEN];
VDIR_BERVALUE bv = VDIR_BERVALUE_INIT;
BOOLEAN bInLockReplCycle = FALSE;
PVMDIR_REPLICATION_AGREEMENT pReplAgr = NULL;
BOOLEAN bInLock = FALSE;
PSTR pszUserDN = NULL;
PCSTR pszUsersContainerName = "Users";
PSTR pszUsersContainerDN = NULL; // CN=Users,<domain DN>
VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Setting up a host instance (%s).",
VDIR_SAFE_STRING(pszFQDomainName));
if (pszSiteName)
{
pszSiteContainerName = pszSiteName;
}
// If joining another node, copy schema from the partner first.
if (!IsNullOrEmptyString(pszReplURI))
{
dwError = VmDirCopyPartnerSchema(
pszFQDomainName,
pszUsername,
pszPassword,
pszReplURI);
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirSchemaCtxAcquire( &pSchemaCtx );
BAIL_ON_VMDIR_ERROR(dwError);
// Construct important DNs and create the persisted DSE Root entry
// Domain DN
dwError = VmDirSrvCreateDomainDN( pszFQDomainName, &pszDomainDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Deleted objects container DN
dwError = VmDirSrvCreateDN( pszDelObjsContainerName, pszDomainDN, &pszDelObjsContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Configuration container DN
dwError = VmDirSrvCreateDN( pszConfigContainerName, pszDomainDN, &pszConfigContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Domain Controllers container DN
dwError = VmDirAllocateStringAVsnprintf(&pszDCsContainerDN, "%s=%s,%s", ATTR_OU, pszDCsContainerName, pszDomainDN);
BAIL_ON_VMDIR_ERROR(dwError);
// Domain Computers container DN
dwError = VmDirAllocateStringAVsnprintf(&pszComputersContainerDN, "%s=%s,%s", ATTR_OU, pszComputersContainerName, pszDomainDN);
BAIL_ON_VMDIR_ERROR(dwError);
// Sites container DN
dwError = VmDirSrvCreateDN( pszSitesContainerName, pszConfigContainerDN, &pszSitesContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Certificate-Authorities container DN
dwError = VmDirSrvCreateDN( pszCAContainerName, pszConfigContainerDN, &pszCAContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Particular site container DN
dwError = VmDirSrvCreateDN( pszSiteContainerName, pszSitesContainerDN, &pszSiteContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Servers within the site container DN
dwError = VmDirSrvCreateDN( pszServersContainerName, pszSiteContainerDN, &pszServersContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
// This server DN
// vdcpromo sets this key.
dwError = VmDirGetRegKeyValue( VMDIR_CONFIG_PARAMETER_KEY_PATH,
VMDIR_REG_KEY_DC_ACCOUNT,
pszHostName,
sizeof(pszHostName)-1);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocASCIIUpperToLower( pszHostName, &pszLowerCaseHostName );
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSrvCreateDN( pszLowerCaseHostName, pszServersContainerDN, &pszServerDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Domain controller account DN
dwError = VmDirSrvCreateDN( pszLowerCaseHostName, pszDCsContainerDN, &pszDCAccountDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Domain controller account UPN
dwError = VmDirAllocASCIILowerToUpper( pszFQDomainName, &pszUpperCaseFQDomainName );
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringAVsnprintf(&pszDCAccountUPN, "%s@%s", pszLowerCaseHostName, pszUpperCaseFQDomainName );
BAIL_ON_VMDIR_ERROR(dwError);
// Computer account DN
dwError = VmDirSrvCreateDN( pszLowerCaseHostName, pszComputersContainerDN, &pszComputerAccountDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Replication agreements container DN
dwError = VmDirSrvCreateDN( pszReplAgrsContainerName, pszServerDN, &pszReplAgrsContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Managed Service Accounts container DN
dwError = VmDirSrvCreateDN( pszMSAsContainerName, pszDomainDN, &pszMSAsDN );
BAIL_ON_VMDIR_ERROR(dwError);
// Default administrator DN
dwError = VmDirAllocateStringAVsnprintf( &pszDefaultAdminDN, "cn=%s,cn=%s,%s",
pszUsername, pszUsersContainerName, pszDomainDN );
BAIL_ON_VMDIR_ERROR(dwError);
if (firstReplCycleMode != FIRST_REPL_CYCLE_MODE_USE_COPIED_DB)
{
// Modify persisted DSE Root entry
dwError = VmDirSrvModifyPersistedDSERoot( pSchemaCtx, pszDomainDN, pszConfigContainerDN, SCHEMA_NAMING_CONTEXT_DN,
SUB_SCHEMA_SUB_ENTRY_DN, pszServerDN, pszDefaultAdminDN,
pszDCAccountDN, pszDCAccountUPN, pszDelObjsContainerDN,
(PSTR) pszSiteContainerName );
}
BAIL_ON_VMDIR_ERROR(dwError);
// set gVmdirServerGlobals.bvDefaultAdminDN
dwError = VmDirAllocateBerValueAVsnprintf(
&gVmdirServerGlobals.bvDefaultAdminDN,
"%s",
pszDefaultAdminDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirNormalizeDN( &gVmdirServerGlobals.bvDefaultAdminDN, pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
// set systemDomainDN
dwError = VmDirAllocateBerValueAVsnprintf(
&gVmdirServerGlobals.systemDomainDN,
"%s",
pszDomainDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirNormalizeDN( &gVmdirServerGlobals.systemDomainDN, pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
// set serverObjDN
dwError = VmDirAllocateBerValueAVsnprintf(
&gVmdirServerGlobals.serverObjDN,
"%s",
pszServerDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirNormalizeDN( &gVmdirServerGlobals.serverObjDN, pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
// set dcAccountDN
dwError = VmDirAllocateBerValueAVsnprintf(
&gVmdirServerGlobals.dcAccountDN,
"%s",
pszDCAccountDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirNormalizeDN( &gVmdirServerGlobals.dcAccountDN, pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
// set dcAccountUPN
dwError = VmDirAllocateBerValueAVsnprintf(
&gVmdirServerGlobals.dcAccountUPN,
"%s",
pszDCAccountUPN);
BAIL_ON_VMDIR_ERROR(dwError);
// Set replInterval and replPageSize
gVmdirServerGlobals.replInterval = VmDirStringToIA(VMDIR_DEFAULT_REPL_INTERVAL);
gVmdirServerGlobals.replPageSize = VmDirStringToIA(VMDIR_DEFAULT_REPL_PAGE_SIZE);
// Set utdVector
VmDirFreeBervalContent(&bv);
bv.lberbv.bv_val = "";
bv.lberbv.bv_len = 0;
dwError = VmDirBervalContentDup( &bv, &gVmdirServerGlobals.utdVector );
BAIL_ON_VMDIR_ERROR(dwError);
// Set delObjsContainerDN
VmDirFreeBervalContent(&bv);
bv.lberbv.bv_val = pszDelObjsContainerDN;
bv.lberbv.bv_len = VmDirStringLenA( bv.lberbv.bv_val );
dwError = VmDirBervalContentDup( &bv, &gVmdirServerGlobals.delObjsContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirNormalizeDN(&gVmdirServerGlobals.delObjsContainerDN, pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirAllocateStringA( pszSiteContainerName, &gVmdirServerGlobals.pszSiteName);
BAIL_ON_VMDIR_ERROR(dwError);
// Create Administrator DN
dwError = VmDirSrvCreateDN( pszUsersContainerName, pszDomainDN, &pszUsersContainerDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirSrvCreateUserDN( pszUsername, pszUsersContainerDN, &pszUserDN);
BAIL_ON_VMDIR_ERROR(dwError);
// set DomainControllerGroupDN for first,second+ host setup
dwError = VmDirAllocateBerValueAVsnprintf(
&gVmdirServerGlobals.bvDCGroupDN,
"cn=%s,cn=%s,%s",
VMDIR_DC_GROUP_NAME,
VMDIR_BUILTIN_CONTAINER_NAME,
pszDomainDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvDCGroupDN), pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
// set DCClientGroupDN for first,second+ host setup
dwError = VmDirAllocateBerValueAVsnprintf(
&gVmdirServerGlobals.bvDCClientGroupDN,
"cn=%s,cn=%s,%s",
VMDIR_DCCLIENT_GROUP_NAME,
VMDIR_BUILTIN_CONTAINER_NAME,
pszDomainDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvDCClientGroupDN), pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
// set ServicesRootDN for first,second+ host setup
dwError = VmDirAllocateBerValueAVsnprintf(
&gVmdirServerGlobals.bvServicesRootDN,
"cn=%s,%s",
VMDIR_SERVICES_CONTAINER_NAME,
pszDomainDN);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvServicesRootDN), pSchemaCtx);
BAIL_ON_VMDIR_ERROR(dwError);
if (IsNullOrEmptyString(pszReplURI)) // 1st directory instance is being setup
{
// Set gVmdirServerGlobals.serverId FIRST, so that correct SID can be generated for the objects added subsequently.
gVmdirServerGlobals.serverId = 1;
dwError = VmDirSrvSetupDomainInstance( pSchemaCtx, TRUE, TRUE, pszFQDomainName, pszDomainDN, pszUsername,
pszPassword );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Deleted Objects container
dwError = VmDirSrvCreateContainerWithEID( pSchemaCtx, pszDelObjsContainerDN, pszDelObjsContainerName,
DEL_ENTRY_CONTAINER_ENTRY_ID );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Domain Controllers container
dwError = VmDirSrvCreateOUContainer( pSchemaCtx, pszDCsContainerDN, pszDCsContainerName );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Computers container
dwError = VmDirSrvCreateOUContainer( pSchemaCtx, pszComputersContainerDN, pszComputersContainerName );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Managed Service Accounts container
dwError = VmDirSrvCreateContainer( pSchemaCtx, pszMSAsDN, pszMSAsContainerName );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Configuration container
dwError = VmDirSrvCreateConfigContainer( pSchemaCtx, pszConfigContainerDN, pszConfigContainerName );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Certificate-Authorities container
dwError = VmDirSrvCreateContainer( pSchemaCtx, pszCAContainerDN, pszCAContainerName );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Sites container
dwError = VmDirSrvCreateContainer( pSchemaCtx, pszSitesContainerDN, pszSitesContainerName );
BAIL_ON_VMDIR_ERROR(dwError);
/*
// Create Site-Name container
dwError = VmDirSrvCreateContainer( pSchemaCtx, pszSiteContainerDN, pszSiteContainerName );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Servers container
dwError = VmDirSrvCreateContainer( pSchemaCtx, pszServersContainerDN, pszServersContainerName );
BAIL_ON_VMDIR_ERROR(dwError);
*/
// Create Site-Name container, Servers container, and THE Server object
dwError = VmDirSrvCreateServerObj( pSchemaCtx );
BAIL_ON_VMDIR_ERROR(dwError);
// Create Replication Agreements container
dwError = VmDirSrvCreateReplAgrsContainer( pSchemaCtx );
BAIL_ON_VMDIR_ERROR(dwError);
// 1st replica => no replication agreements => 1st replication cycle done
VMDIR_LOCK_MUTEX(bInLockReplCycle, gVmdirGlobals.replCycleDoneMutex);
VmDirConditionSignal(gVmdirGlobals.replCycleDoneCondition);
VMDIR_UNLOCK_MUTEX(bInLockReplCycle, gVmdirGlobals.replCycleDoneMutex);
}
else
{
dwError = VmDirAllocateStringAVsnprintf( &pszReplAgrDN, "labeledURI=%s,%s", pszReplURI, pszReplAgrsContainerDN );
BAIL_ON_VMDIR_ERROR(dwError);
dwError = VmDirConstructReplAgr( pSchemaCtx, pszReplURI,
VMDIR_DEFAULT_REPL_LAST_USN_PROCESSED, pszReplAgrDN, &pReplAgr );
BAIL_ON_VMDIR_ERROR(dwError);
gFirstReplCycleMode = firstReplCycleMode;
VMDIR_LOCK_MUTEX(bInLock, gVmdirGlobals.replAgrsMutex);
pReplAgr->next = gVmdirReplAgrs;
gVmdirReplAgrs = pReplAgr; // ownership transfer
// wake up replication thread waiting on the existence
// of a replication agreement.
VmDirConditionSignal(gVmdirGlobals.replAgrsCondition);
VMDIR_UNLOCK_MUTEX(bInLock, gVmdirGlobals.replAgrsMutex);
}
cleanup:
if (pSchemaCtx)
{
VmDirSchemaCtxRelease(pSchemaCtx);
}
VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
VMDIR_SAFE_FREE_MEMORY(pszDelObjsContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszConfigContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszCAContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszSitesContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszSiteContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszServersContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszServerDN);
VMDIR_SAFE_FREE_MEMORY(pszReplAgrsContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszReplAgrDN);
VMDIR_SAFE_FREE_MEMORY(pszDCsContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszDCAccountDN);
VMDIR_SAFE_FREE_MEMORY(pszDCAccountUPN);
VMDIR_SAFE_FREE_MEMORY(pszComputersContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszComputerAccountDN);
VMDIR_SAFE_FREE_MEMORY(pszMSAsDN);
VMDIR_SAFE_FREE_MEMORY(pszUpperCaseFQDomainName);
VMDIR_SAFE_FREE_MEMORY(pszUsersContainerDN);
VMDIR_SAFE_FREE_MEMORY(pszUserDN);
VMDIR_SAFE_FREE_MEMORY(pszDefaultAdminDN);
VMDIR_SAFE_FREE_MEMORY(pszLowerCaseHostName);
VmDirFreeBervalContent(&bv);
return dwError;
error:
VmDirLog(LDAP_DEBUG_ANY, "VmDirSrvSetupHostInstance failed. Error(%u)", dwError);
goto cleanup;
}
DWORD
VmDirSASLSRPBind(
LDAP** ppLd,
PCSTR pszURI,
PCSTR pszUPN,
PCSTR pszPass
)
{
DWORD dwError = 0;
int retVal = 0;
PSTR pszLowerCaseUPN = NULL;
LDAP* pLd = NULL;
const int ldapVer = LDAP_VERSION3;
VMDIR_SASL_INTERACTIVE_DEFAULT srpDefault = {0};
int iCnt = 0;
if ( ppLd == NULL || pszURI == NULL || pszUPN == NULL || pszPass == NULL )
{
dwError = VMDIR_ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = VmDirAllocASCIIUpperToLower( pszUPN, &pszLowerCaseUPN );
BAIL_ON_VMDIR_ERROR(dwError);
srpDefault.pszAuthName = pszLowerCaseUPN;
srpDefault.pszPass = pszPass;
for (iCnt=0; iCnt<2; iCnt++)
{
retVal = ldap_initialize( &pLd, pszURI);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
retVal = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer);
BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
retVal = ldap_sasl_interactive_bind_s( pLd,
NULL,
"SRP",
NULL,
NULL,
LDAP_SASL_QUIET,
_VmDirSASLSRPInteraction,
&srpDefault);
if (retVal == LDAP_SERVER_DOWN)
{
VmDirSleep(50); // pause 50 ms
if ( pLd )
{
ldap_unbind_ext_s(pLd, NULL, NULL);
pLd = NULL;
}
continue; // if transient network error, retry once.
}
else
{
break;
}
}
BAIL_ON_SIMPLE_LDAP_ERROR(retVal); // bail ldap_sasl_interactive_bind_s failure.
*ppLd = pLd;
cleanup:
VMDIR_SAFE_FREE_MEMORY(pszLowerCaseUPN);
return dwError;
ldaperror:
VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLSRPBind failed. (%d)(%s)",
retVal, ldap_err2string(retVal) );
dwError = VmDirMapLdapError(retVal);
error:
if (retVal == 0)
{
VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "_VmDirSASLSRPBind failed. (%u)", dwError);
}
if ( pLd )
{
ldap_unbind_ext_s( pLd, NULL, NULL);
}
goto cleanup;
}
