diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-28 18:07:52 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-14 11:39:30 +0200 |
commit | 442af10df5ece547f025e93c08a88ee240235682 (patch) | |
tree | af71b2caf6ef74847d171ae0bb0a1325811136b1 | |
parent | 7a2d5d5994ff706e57f91140eb11f6ee4730cf13 (diff) | |
download | sssd-442af10df5ece547f025e93c08a88ee240235682.tar.gz sssd-442af10df5ece547f025e93c08a88ee240235682.tar.xz sssd-442af10df5ece547f025e93c08a88ee240235682.zip |
LDAP: Enable tokenGroups with Windows Server 2003
According to Microsoft documentation, the tokenGroups attribute is
available since Windows 2000:
http://msdn.microsoft.com/en-us/library/cc220937.aspx
We were not able to test against Windows 2000, though, as we don't have
that OS around, so this patch only changes the compatibility level to
2003.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 5c2f2023696d1ff79c3c5d94b89e7ef9cd4159e9)
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index aba7ba42d..7ae7ed098 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2895,7 +2895,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { + if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2003) { /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. */ @@ -2995,7 +2995,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: - if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { + if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2003) { ret = sdap_ad_tokengroups_initgroups_recv(subreq); } else if (state->opts->support_matching_rule |