SDAP: Deref needn't be treated as critical

The command line utility ldapsearch does not set option LDAP_CONTROL_X_DEREF as
critical.

sssd performes similar ldap search as following command:
  sh-4.2$ ldapsearch -x -LLL -h 172.17.0.7 \
           -b 'cn=ref_grp1,ou=qagroup,dc=example,dc=com'
           -E '!deref=member:objectClass,cn,userPassword,gidNumber,member,modifyTimestamp,modifyTimestamp,uid' \
            objectClass,cn,userPassword,gidNumber,member,modifyTimestamp,modifyTimestamp,uid
Critical extension is unavailable (12)
Additional information: critical control unavailable in context

The most important is "exclamation mark" before extensions. It indicates
criticality. This caused problem when openldap server was older
openldap-2.4.23-34.el6. Dereference is performed successfully if extension is
not critical:  -E 'deref=member:objectClass ...

Resolves:
https://fedorahosted.org/sssd/ticket/2383

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 4100f6d14..3c58f7518 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -1736,7 +1736,7 @@ static int sdap_x_deref_create_control(struct sdap_handle *sh,
     }
 
     ret = sdap_control_create(sh, LDAP_CONTROL_X_DEREF,
-                              1, &derefval, 1, ctrl);
+                              0, &derefval, 1, ctrl);
     ldap_memfree(derefval.bv_val);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "sss_ldap_control_create failed\n");