diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-10 14:50:43 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-13 10:01:12 -0400 |
commit | d42d371c00c83ae44b9d1c3e88ecbe0e01b112e6 (patch) | |
tree | 6907c5ab6191128a1a8a1adf430425fb933b5dea /src/providers/ldap/sdap_async_initgroups.c | |
parent | 97ae45d61d921f07e812620e0156aee02b7b83a7 (diff) | |
download | sssd-d42d371c00c83ae44b9d1c3e88ecbe0e01b112e6.tar.gz sssd-d42d371c00c83ae44b9d1c3e88ecbe0e01b112e6.tar.xz sssd-d42d371c00c83ae44b9d1c3e88ecbe0e01b112e6.zip |
LDAP: Add support for AD chain matching extension in initgroups
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 8524b1374..2f146b016 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2657,10 +2657,6 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: - /* TODO: AD uses a different member/memberof schema - * We need an AD specific call that is able to unroll - * nested groups by doing extensive recursive searches */ - ret = sysdb_attrs_get_string(state->orig_user, SYSDB_ORIG_DN, &orig_dn); @@ -2669,17 +2665,28 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - subreq = sdap_initgr_rfc2307bis_send( - state, state->ev, state->opts, state->sysdb, - state->dom, state->sh, - cname, orig_dn); + if (dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) { + /* Take advantage of AD's extensibleMatch filter to look up + * all parent groups in a single request. + */ + subreq = sdap_get_ad_match_rule_initgroups_send( + state, state->ev, state->opts, state->sysdb, + state->sh, cname, orig_dn, state->timeout); + } else { + subreq = sdap_initgr_rfc2307bis_send( + state, state->ev, state->opts, state->sysdb, + state->dom, state->sh, + cname, orig_dn); + } if (!subreq) { tevent_req_error(req, ENOMEM); return; } + talloc_steal(subreq, orig_dn); tevent_req_set_callback(subreq, sdap_get_initgr_done, req); break; + case SDAP_SCHEMA_IPA_V1: subreq = sdap_initgr_nested_send(state, state->ev, state->opts, state->sysdb, state->dom, state->sh, @@ -2730,7 +2737,11 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: - ret = sdap_initgr_rfc2307bis_recv(subreq); + if (dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) { + ret = sdap_get_ad_match_rule_initgroups_recv(subreq); + } else { + ret = sdap_initgr_rfc2307bis_recv(subreq); + } break; case SDAP_SCHEMA_IPA_V1: |