Allow disabling LDAP referral chasing on Linux.

[iinuwa]

Before this, changing SessionOptions.ReferralChasing on Linux was ineffective, since we were passing ref int to OpenLDAP, which does not follow the pointer passed and interprets any non-zero value as "enabled".

This passes a boolean directly instead, which the library is able to detect properly.

This is a little bit of a hack, since it relies on the fact that OpenLDAP doesn't actually check for the correct value of LDAP_OPT_ON, which changes every time the program is run. Instead, it compares whether the passed value is 0 when cast to int *, which makes it false; passing any other value evaluates to true. Actually getting the correct value of LDAP_OPT_ON, I think would require a putting a get_ldap_opt_on() function in a native shim for OpenLDAP, which seems a little overkill. The documentation says

its value should either be LDAP_OPT_OFF or LDAP_OPT_ON

but maybe it's ok to fudge that.

Fixes #44826.

[iinuwa]

@danmoseley or @krwq, do you have any more feedback for this PR?

[danmoseley]

I do not. @buyaa-n @joperezr @krwq own this area and @joperezr is out. Can one of you please review this and merge as appropriate?

BTW these three folks are @dotnet/area-system-directoryservices

[jeffhandley]

@buyaa-n is also out right now; it looks good to me though.

The check failures look unrelated, but I'm going to rerun them once before merging.

[iinuwa]

One thing to note: this PR does not enable controlling the referral types followed (e.g. subordinate or external); it's all or nothing. I believe it is possible to configure the type of referrals followed by setting the LDAP_CONTROL_REFERRALS client control globally using the LDAP_OPT_CLIENT_CONTROLS, which is a NULL-terminated arrray of LDAPControls option on the LDAP handle.

I think that this can be handled in a separate PR though.

[krwq]

This conceptually looks good but I'm not really familiar with this space... I'm ok with merging this

[iinuwa]

@dotnet/area-system-directory-services: Thanks for looking this over! Do PRs in this area need to be approved by all three of you, or does the auto-merge label need to be set?

[krwq]

this test seems identical to the one below, can you join them together? [PlatformSpecific(TestPlatforms.Windows | TestPlatforms.Linux)] should work

[iinuwa]

They have the same content, but different inputs, since setting External is not supported on Linux but it is on Windows. Can we scope the InlineData attribute for each platform? (Sorry if that's obvious: I didn't see examples of this elsewhere.)

[krwq]

@iinuwa this change looks correct to me but I'm not too familiar with LDAP, @joperezr is but he's currently on vacation (until around August). We can go about it two ways:

• I merge this now (after the last comment) and ask @joperezr to take a second look after he's back from vacation in case he spots something we get it fixed later
• we wait with this PR for @joperezr to be back

considering this change is scoped to Linux and the referral chasing doesn't seem to work there I personally think it's acceptable to merge this. One thing to note is that we're really close to ask mode (branch locking before release - after that all changes need to be approved before merging to mitigate risk of breaking something) and that is making me slightly uncomfortable. @jeffhandley are you ok with me merging this now (after last comment related to tests) and @joperezr taking a second look later?