Handle LDAP search references

LDAP search operation may return a search reference pointing to an LDAP resource. As the framework does not handle search references, skip these results to prevent result processing failures. Migrate operation crashed when the migrated DS contained search references. Now, it correctly skips these records and prints the failed references to user. https://fedorahosted.org/freeipa/ticket/1209
author: Martin Kosek <mkosek@redhat.com> 2011-06-01 18:04:24 +0200
committer: Martin Kosek <mkosek@redhat.com> 2011-06-10 08:34:27 +0200
commit: 6ee9480b7b52086edcda4a157754ebab2476b660 (patch)
tree: 392c774be2a4dedb56b034fb44b551be0cc16b76 /ipaserver
parent: 915235859cb67d4f350ff506b435586fd15505e7 (diff)
download: freeipa-6ee9480b7b52086edcda4a157754ebab2476b660.tar.gz
freeipa-6ee9480b7b52086edcda4a157754ebab2476b660.tar.xz
freeipa-6ee9480b7b52086edcda4a157754ebab2476b660.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 5556773c9..b0a5c2c2c 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -516,7 +516,7 @@ class ldap2(CrudBackend, Encoder):
     @decode_retval()
     def find_entries(self, filter=None, attrs_list=None, base_dn='',
             scope=_ldap.SCOPE_SUBTREE, time_limit=None, size_limit=None,
-            normalize=True):
+            normalize=True, search_refs=False):
         """
         Return a list of entries and indication of whteher the results where
         truncated ([(dn, entry_attrs)], truncated) matching specified search
@@ -530,6 +530,7 @@ class ldap2(CrudBackend, Encoder):
         time_limit -- time limit in seconds (default use IPA config values)
         size_limit -- size (number of entries returned) limit (default use IPA config values)
         normalize -- normalize the DN (default True)
+        search_refs -- allow search references to be returned (default skips these entries)
         """
         if normalize:
             base_dn = self.normalize_dn(base_dn)
@@ -564,7 +565,9 @@ class ldap2(CrudBackend, Encoder):
                 (objtype, res_list) = self.conn.result(id, 0)
                 if not res_list:
                     break
-                res.append(res_list[0])
+                if objtype == _ldap.RES_SEARCH_ENTRY or \
+                   (search_refs and objtype == _ldap.RES_SEARCH_REFERENCE):
+                    res.append(res_list[0])
         except (_ldap.ADMINLIMIT_EXCEEDED, _ldap.TIMELIMIT_EXCEEDED,
                 _ldap.SIZELIMIT_EXCEEDED), e:
             truncated = True
author	Martin Kosek <mkosek@redhat.com>	2011-06-01 18:04:24 +0200
committer	Martin Kosek <mkosek@redhat.com>	2011-06-10 08:34:27 +0200
commit	6ee9480b7b52086edcda4a157754ebab2476b660 (patch)
tree	392c774be2a4dedb56b034fb44b551be0cc16b76 /ipaserver
parent	915235859cb67d4f350ff506b435586fd15505e7 (diff)
download	freeipa-6ee9480b7b52086edcda4a157754ebab2476b660.tar.gz freeipa-6ee9480b7b52086edcda4a157754ebab2476b660.tar.xz freeipa-6ee9480b7b52086edcda4a157754ebab2476b660.zip