diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-05-14 18:00:10 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-09 15:04:43 +0200 |
commit | 0b9e98122091c5bb6232ea4746decb6fbe2d68c0 (patch) | |
tree | eba8755e80ab04a315a0385d4cea46fac079ebbe /src/providers/ldap/sdap.c | |
parent | 6ed0eb3bf1b322a246aad6c3e02a7c3b4619d867 (diff) | |
download | sssd-0b9e98122091c5bb6232ea4746decb6fbe2d68c0.tar.gz sssd-0b9e98122091c5bb6232ea4746decb6fbe2d68c0.tar.xz sssd-0b9e98122091c5bb6232ea4746decb6fbe2d68c0.zip |
Adding option to disable retrieving large AD groups.sssd-1.9.2-113.el6
This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"
https://fedorahosted.org/sssd/ticket/1823
Diffstat (limited to 'src/providers/ldap/sdap.c')
-rw-r--r-- | src/providers/ldap/sdap.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 371121b2c..bfe3baa56 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -97,7 +97,8 @@ int sdap_get_map(TALLOC_CTX *memctx, int sdap_parse_entry(TALLOC_CTX *memctx, struct sdap_handle *sh, struct sdap_msg *sm, struct sdap_attr_map *map, int attrs_num, - struct sysdb_attrs **_attrs, char **_dn) + struct sysdb_attrs **_attrs, char **_dn, + bool disable_range_retrieval) { struct sysdb_attrs *attrs; BerElement *ber = NULL; @@ -192,23 +193,27 @@ int sdap_parse_entry(TALLOC_CTX *memctx, while (str) { base64 = false; - ret = sdap_parse_range(tmp_ctx, str, &base_attr, &range_offset); - if (ret == EAGAIN) { + ret = sdap_parse_range(tmp_ctx, str, &base_attr, &range_offset, + disable_range_retrieval); + switch(ret) { + case EAGAIN: /* This attribute contained range values and needs more to * be retrieved */ /* TODO: return the set of attributes that need additional retrieval * For now, we'll continue below and treat it as regular values. */ - - } else if (ret != EOK) { + /* FALLTHROUGH */ + case ECANCELED: + /* FALLTHROUGH */ + case EOK: + break; + default: DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not determine if attribute [%s] was ranged\n", - str)); + ("Could not determine if attribute [%s] was ranged\n", str)); goto done; } - if (map) { for (a = 1; a < attrs_num; a++) { /* check if this attr is valid with the chosen schema */ @@ -232,6 +237,11 @@ int sdap_parse_entry(TALLOC_CTX *memctx, store = true; } + if (ret == ECANCELED) { + ret = EOK; + store = false; + } + if (store) { vals = ldap_get_values_len(sh->ldap, sm->msg, str); if (!vals) { |