diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-12-03 20:45:44 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-12-19 17:42:05 +0100 |
| commit | 97d3ef21d9f293f0b4bc0cc38b37f4e3d54d3572 (patch) | |
| tree | b2e97ab5ca1c1910edc2a91009bbee4639f6a8e7 /src/providers/ad/ad_id.c | |
| parent | 4cd1cb275a09a188dce1eeccecc868a854a13b77 (diff) | |
| download | sssd-97d3ef21d9f293f0b4bc0cc38b37f4e3d54d3572.tar.gz sssd-97d3ef21d9f293f0b4bc0cc38b37f4e3d54d3572.tar.xz sssd-97d3ef21d9f293f0b4bc0cc38b37f4e3d54d3572.zip | |
AD: Add a utility function to create list of connections
ad_id.c and ad_access.c used the same block of code. With the upcoming
option to disable GC lookups, we should unify the code in a function to
avoid breaking one of the code paths.
The same applies for the LDAP connection to the trusted AD DC.
Includes a unit test.
Diffstat (limited to 'src/providers/ad/ad_id.c')
| -rw-r--r-- | src/providers/ad/ad_id.c | 29 |
1 files changed, 8 insertions, 21 deletions
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index cf71b172d..e47c41863 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -188,12 +188,6 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom, struct be_acct_req *ar) { struct sdap_id_conn_ctx **clist; - struct sdap_domain *sdom; - struct ad_id_ctx *subdom_id_ctx; - - /* LDAP, GC, sentinel */ - clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 3); - if (clist == NULL) return NULL; switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ @@ -201,24 +195,17 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, case BE_REQ_USER_AND_GROUP: /* get SID */ case BE_REQ_GROUP: /* group */ case BE_REQ_INITGROUPS: /* init groups for user */ - /* Always try GC first */ - clist[0] = ad_ctx->gc_ctx; - if (IS_SUBDOMAIN(dom) == true) { - clist[0]->ignore_mark_offline = false; - /* Subdomain users are only present in GC. */ - break; - } - /* fall back to ldap if gc is not available */ - clist[0]->ignore_mark_offline = true; - - /* With root domain users we have the option to - * fall back to LDAP in case ie POSIX attributes - * are used but not replicated to GC - */ - clist[1] = ad_ctx->ldap_ctx; + clist = ad_gc_conn_list(breq, ad_ctx, dom); + if (clist == NULL) return NULL; break; + default: + /* Requests for other object should only contact LDAP by default */ + clist = talloc_zero_array(breq, struct sdap_id_conn_ctx *, 2); + if (clist == NULL) return NULL; + clist[0] = ad_ctx->ldap_ctx; + clist[1] = NULL; break; } |