rgw ldap: enforce simple_bind w/LDAPv3

Found by Harald Klein <hklein@redhat.com>.

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit 08d54291435e4d1cb5e02cda3951bc6e8510b0e2)

diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h
index a427ec46745e16680d5f89db4f942d53b0dcbaf2..925a1550d504a0c513512e503a56cdf5ab6be552 100644 (file)
--- a/src/rgw/rgw_ldap.h
+++ b/src/rgw/rgw_ldap.h
@@ -70,14 +70,22 @@ namespace rgw {
        (void) init();
        return bind();
       }
+      return -EINVAL;
     }
 
     int simple_bind(const char *dn, const std::string& pwd) {
       LDAP* tldap;
       int ret = ldap_initialize(&tldap, uri.c_str());
-      ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
       if (ret == LDAP_SUCCESS) {
-       (void) ldap_unbind(tldap);
+       unsigned long ldap_ver = LDAP_VERSION3;
+       ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
+                             (void*) &ldap_ver);
+       if (ret == LDAP_SUCCESS) {
+         ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
+         if (ret == LDAP_SUCCESS) {
+           (void) ldap_unbind(tldap);
+         }
+       }
       }
       return ret; // OpenLDAP client error space
     }