diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-05-14 18:00:10 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-23 11:45:38 +0200 |
commit | 6263578b03a52b3ec3a2e33e097554241780fc20 (patch) | |
tree | 44144d1017026806d48354780e5ef71ebfc6b04e /src/providers/ldap/sdap.c | |
parent | b0ab39364df453d4ec65d7d6e05a6530895ce3a6 (diff) | |
download | sssd-6263578b03a52b3ec3a2e33e097554241780fc20.tar.gz sssd-6263578b03a52b3ec3a2e33e097554241780fc20.tar.xz sssd-6263578b03a52b3ec3a2e33e097554241780fc20.zip |
Adding option to disable retrieving large AD groups.
This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"
https://fedorahosted.org/sssd/ticket/1823
Diffstat (limited to 'src/providers/ldap/sdap.c')
-rw-r--r-- | src/providers/ldap/sdap.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 3a820f62f..daa081ce7 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -95,7 +95,8 @@ int sdap_get_map(TALLOC_CTX *memctx, int sdap_parse_entry(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_msg *sm, struct sdap_attr_map *map, int attrs_num, - struct sysdb_attrs **_attrs, char **_dn) + struct sysdb_attrs **_attrs, char **_dn, + bool disable_range_retrieval) { struct sysdb_attrs *attrs; BerElement *ber = NULL; @@ -190,23 +191,27 @@ int sdap_parse_entry(TALLOC_CTX *memctx, while (str) { base64 = false; - ret = sdap_parse_range(tmp_ctx, str, &base_attr, &range_offset); - if (ret == EAGAIN) { + ret = sdap_parse_range(tmp_ctx, str, &base_attr, &range_offset, + disable_range_retrieval); + switch(ret) { + case EAGAIN: /* This attribute contained range values and needs more to * be retrieved */ /* TODO: return the set of attributes that need additional retrieval * For now, we'll continue below and treat it as regular values. */ - - } else if (ret != EOK) { + /* FALLTHROUGH */ + case ECANCELED: + /* FALLTHROUGH */ + case EOK: + break; + default: DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not determine if attribute [%s] was ranged\n", - str)); + ("Could not determine if attribute [%s] was ranged\n", str)); goto done; } - if (map) { for (a = 1; a < attrs_num; a++) { /* check if this attr is valid with the chosen schema */ @@ -230,6 +235,11 @@ int sdap_parse_entry(TALLOC_CTX *memctx, store = true; } + if (ret == ECANCELED) { + ret = EOK; + store = false; + } + if (store) { vals = ldap_get_values_len(sh->ldap, sm->msg, str); if (!vals) { |