diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2014-08-07 16:20:20 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-09 11:57:52 +0200 |
commit | fc8d98c9f0bb26de7be732c3e542b85c8abdba53 (patch) | |
tree | e04879beb379c392c292aba8d26bdac5b662cc12 | |
parent | 983983dd1629ab33eab340a40d9ee83965a339c6 (diff) | |
download | sssd-fc8d98c9f0bb26de7be732c3e542b85c8abdba53.tar.gz sssd-fc8d98c9f0bb26de7be732c3e542b85c8abdba53.tar.xz sssd-fc8d98c9f0bb26de7be732c3e542b85c8abdba53.zip |
SDAP: Deref needn't be treated as critical
The command line utility ldapsearch does not set option LDAP_CONTROL_X_DEREF as
critical.
sssd performes similar ldap search as following command:
sh-4.2$ ldapsearch -x -LLL -h 172.17.0.7 \
-b 'cn=ref_grp1,ou=qagroup,dc=example,dc=com'
-E '!deref=member:objectClass,cn,userPassword,gidNumber,member,modifyTimestamp,modifyTimestamp,uid' \
objectClass,cn,userPassword,gidNumber,member,modifyTimestamp,modifyTimestamp,uid
Critical extension is unavailable (12)
Additional information: critical control unavailable in context
The most important is "exclamation mark" before extensions. It indicates
criticality. This caused problem when openldap server was older
openldap-2.4.23-34.el6. Dereference is performed successfully if extension is
not critical: -E 'deref=member:objectClass ...
Resolves:
https://fedorahosted.org/sssd/ticket/2383
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r-- | src/providers/ldap/sdap_async.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 4100f6d14..3c58f7518 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -1736,7 +1736,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh, } ret = sdap_control_create(sh, LDAP_CONTROL_X_DEREF, - 1, &derefval, 1, ctrl); + 0, &derefval, 1, ctrl); ldap_memfree(derefval.bv_val); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed\n"); |