diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2013-04-29 16:42:46 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-02 19:44:32 +0200 |
| commit | c45495c7a585da4de99e34c98223981a41cfd56d (patch) | |
| tree | a0f14c0309f377355cc4757bd662cd11f9ca8f22 /src/providers/ldap/sdap_async.c | |
| parent | b503cbdaf175f96da726a7679fafaebe0b27d004 (diff) | |
| download | sssd-c45495c7a585da4de99e34c98223981a41cfd56d.tar.gz sssd-c45495c7a585da4de99e34c98223981a41cfd56d.tar.xz sssd-c45495c7a585da4de99e34c98223981a41cfd56d.zip | |
LDAP: Only use paging control on requests for multiple entries
The paging control can cause issues on servers that put limits on how
many paging controls can be active at one time (on some servers, it is
limited to one per connection). We need to reduce our usage so that we
only activate the paging control when making a request that may return an
arbitrary number of results.
Diffstat (limited to 'src/providers/ldap/sdap_async.c')
| -rw-r--r-- | src/providers/ldap/sdap_async.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 6412666d0..1547e8850 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -681,7 +681,8 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, NULL, 0, dp_opt_get_int(state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { talloc_zfree(req); return NULL; @@ -757,6 +758,7 @@ struct sdap_get_generic_state { struct sdap_attr_map *map; int map_num_attrs; int timeout; + bool allow_paging; struct sdap_op *op; @@ -784,7 +786,8 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx, const char **attrs, struct sdap_attr_map *map, int map_num_attrs, - int timeout) + int timeout, + bool allow_paging) { errno_t ret; struct sdap_get_generic_state *state; @@ -810,6 +813,15 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx, state->cookie.bv_len = 0; state->cookie.bv_val = NULL; + /* Be extra careful and never allow paging for BASE searches, + * even if requested. + */ + if (scope == LDAP_SCOPE_BASE) { + state->allow_paging = false; + } else { + state->allow_paging = allow_paging; + } + ret = sdap_get_generic_step(req); if (ret != EOK) { tevent_req_error(req, ret); @@ -854,9 +866,9 @@ static errno_t sdap_get_generic_step(struct tevent_req *req) disable_paging = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_PAGING); - if (!disable_paging - && sdap_is_control_supported(state->sh, - LDAP_CONTROL_PAGEDRESULTS)) { + if (!disable_paging && state->allow_paging && + sdap_is_control_supported(state->sh, + LDAP_CONTROL_PAGEDRESULTS)) { lret = ldap_create_page_control(state->sh->ldap, state->sh->page_size, state->cookie.bv_val ? |