diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-08 08:47:33 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-10 11:34:46 -0400 |
| commit | ae8d047122c7ba8123f72b2eac68944868ac37d4 (patch) | |
| tree | 6a7be7127f9daf8732cc6fe7158c5da91c0cf3dd /src/providers/ldap/sdap_async.c | |
| parent | ca4b7b92738f3dd463914e3de5757cd98d37a983 (diff) | |
| download | sssd-ae8d047122c7ba8123f72b2eac68944868ac37d4.tar.gz sssd-ae8d047122c7ba8123f72b2eac68944868ac37d4.tar.xz sssd-ae8d047122c7ba8123f72b2eac68944868ac37d4.zip | |
LDAP: Handle very large Active Directory groups
Active Directory 2008R2 allows only 1500 group members to be
retrieved in a single lookup. However, when we hit such a
situation, we can take advantage of the ASQ lookups, which are not
similarly limited.
With this patch, we will add any members found by ASQ that were
not found by the initial lookup so we will end with a complete
group listing.
https://fedorahosted.org/sssd/ticket/783
Diffstat (limited to 'src/providers/ldap/sdap_async.c')
| -rw-r--r-- | src/providers/ldap/sdap_async.c | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index d505772c0..a8a12c3d3 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -1826,6 +1826,8 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, struct sdap_attr_map *map; int num_attrs; struct sdap_deref_attrs **res; + char *tmp; + char *dn; TALLOC_CTX *tmp_ctx; tmp_ctx = talloc_new(NULL); @@ -1848,6 +1850,20 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, res[mi]->attrs = NULL; } + + tmp = ldap_get_dn(sh->ldap, msg->msg); + if (!tmp) { + ret = EINVAL; + goto done; + } + + dn = talloc_strdup(tmp_ctx, tmp); + ldap_memfree(tmp); + if (!dn) { + ret = ENOMEM; + goto done; + } + /* Find all suitable maps in the list */ vals = ldap_get_values_len(sh->ldap, msg->msg, "objectClass"); for (mi =0; mi < state->num_maps; mi++) { @@ -1857,12 +1873,20 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, if (strncasecmp(state->maps[mi].map[0].name, vals[i]->bv_val, vals[i]->bv_len) == 0) { /* it's an entry of the right type */ + DEBUG(SSSDBG_TRACE_INTERNAL, + ("Matched objectclass [%s] on DN [%s], will use associated map\n", + state->maps[mi].map[0].name, dn)); map = state->maps[mi].map; num_attrs = state->maps[mi].num_attrs; break; } } - if (!map) continue; + if (!map) { + DEBUG(SSSDBG_TRACE_INTERNAL, + ("DN [%s] did not match the objectClass [%s]\n", + dn, state->maps[mi].map[0].name)); + continue; + } ret = sdap_parse_entry(res[mi], sh, msg, map, num_attrs, @@ -1871,7 +1895,6 @@ static errno_t sdap_asq_search_parse_entry(struct sdap_handle *sh, DEBUG(3, ("sdap_parse_entry failed [%d]: %s\n", ret, strerror(ret))); goto done; } - } ldap_value_free_len(vals); |