diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-28 18:07:52 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-01 13:44:30 +0200 |
| commit | 5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9 (patch) | |
| tree | 00bbf7933ca6d975b2272de7049f3d54d23fb4df | |
| parent | 0fafb51756913e78dbf523a69fc3a4ef2bac54ec (diff) | |
| download | sssd-5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9.tar.gz sssd-5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9.tar.xz sssd-5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9.zip | |
LDAP: Enable tokenGroups with Windows Server 2003
According to Microsoft documentation, the tokenGroups attribute is
available since Windows 2000:
http://msdn.microsoft.com/en-us/library/cc220937.aspx
We were not able to test against Windows 2000, though, as we don't have
that OS around, so this patch only changes the compatibility level to
2003.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 2eecdf9a3..62e76cc4a 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2907,7 +2907,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008 + if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2003 && dp_opt_get_bool(state->opts->basic, SDAP_AD_USE_TOKENGROUPS)) { /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. @@ -3008,7 +3008,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: - if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008 + if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2003 && dp_opt_get_bool(state->opts->basic, SDAP_AD_USE_TOKENGROUPS)) { ret = sdap_ad_tokengroups_initgroups_recv(subreq); |