summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2014-08-28 18:07:52 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-09-01 13:44:30 +0200
commit5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9 (patch)
tree00bbf7933ca6d975b2272de7049f3d54d23fb4df
parent0fafb51756913e78dbf523a69fc3a4ef2bac54ec (diff)
downloadsssd-5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9.tar.gz
sssd-5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9.tar.xz
sssd-5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9.zip
LDAP: Enable tokenGroups with Windows Server 2003
According to Microsoft documentation, the tokenGroups attribute is available since Windows 2000: http://msdn.microsoft.com/en-us/library/cc220937.aspx We were not able to test against Windows 2000, though, as we don't have that OS around, so this patch only changes the compatibility level to 2003. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 2eecdf9a3..62e76cc4a 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2907,7 +2907,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
return;
}
- if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008
+ if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2003
&& dp_opt_get_bool(state->opts->basic, SDAP_AD_USE_TOKENGROUPS)) {
/* Take advantage of AD's tokenGroups mechanism to look up all
* parent groups in a single request.
@@ -3008,7 +3008,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
case SDAP_SCHEMA_RFC2307BIS:
case SDAP_SCHEMA_AD:
- if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008
+ if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2003
&& dp_opt_get_bool(state->opts->basic, SDAP_AD_USE_TOKENGROUPS)) {
ret = sdap_ad_tokengroups_initgroups_recv(subreq);