diff options
-rw-r--r-- | src/man/sssd-ldap.5.xml | 4 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.c | 8 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 2 |
4 files changed, 13 insertions, 3 deletions
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index be1d333a5..2e374ea12 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -934,6 +934,10 @@ they are looked up individually. </para> <para> + You can turn off dereference lookups completely by + setting the value to 0. + </para> + <para> A dereference lookup is a means of fetching all group members in a single LDAP call. Different LDAP servers may implement different diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index c3fe2ac5f..2edc7597c 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -1819,13 +1819,19 @@ int sdap_deref_search_recv(struct tevent_req *req, return EOK; } -bool sdap_has_deref_support(struct sdap_handle *sh) +bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts) { const char *deref_oids[][2] = { { LDAP_SERVER_ASQ_OID, "ASQ" }, { LDAP_CONTROL_X_DEREF, "OpenLDAP" }, { NULL, NULL } }; int i; + int deref_threshold; + + deref_threshold = dp_opt_get_int(opts->basic, SDAP_DEREF_THRESHOLD); + if (deref_threshold == 0) { + return false; + } for (i=0; deref_oids[i][0]; i++) { if (sdap_is_control_supported(sh, deref_oids[i][0])) { diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 4115f621e..9b5a30797 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -152,7 +152,7 @@ int sdap_get_generic_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sysdb_attrs ***reply_list); -bool sdap_has_deref_support(struct sdap_handle *sh); +bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts); struct tevent_req * sdap_deref_search_send(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index b3f6bb707..f887651d9 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1751,7 +1751,7 @@ static struct tevent_req *sdap_nested_group_process_send( state->member_index = 0; - if (sdap_has_deref_support(state->sh)) { + if (sdap_has_deref_support(state->sh, state->opts)) { state->derefctx = talloc_zero(state, struct sdap_deref_ctx); if (!state->derefctx) goto immediate; |