summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--server/man/sssd-ldap.5.xml5
-rw-r--r--server/providers/ldap/ldap_common.c12
2 files changed, 17 insertions, 0 deletions
diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml
index 2737c24e1..18af37b38 100644
--- a/server/man/sssd-ldap.5.xml
+++ b/server/man/sssd-ldap.5.xml
@@ -622,6 +622,11 @@
be enabled.
</para>
<para>
+ Please note that sssd only supports referral chasing
+ when it is compiled with OpenLDAP version 2.4.12 or
+ higher.
+ </para>
+ <para>
Default: true
</para>
</listitem>
diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c
index 15d44dc17..bd4294f83 100644
--- a/server/providers/ldap/ldap_common.c
+++ b/server/providers/ldap/ldap_common.c
@@ -217,6 +217,18 @@ int ldap_get_options(TALLOC_CTX *memctx,
goto done;
}
+
+#ifndef HAVE_LDAP_CONNCB
+ bool ldap_referrals;
+
+ ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS);
+ if (ldap_referrals) {
+ DEBUG(1, ("LDAP referrals are not supported, because the LDAP library "
+ "is too old, see sssd-ldap(5) for details.\n"));
+ ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false);
+ }
+#endif
+
/* schema type */
schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA);
if (strcasecmp(schema, "rfc2307") == 0) {