diff options
-rw-r--r-- | src/config/SSSDConfig.py | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 1 | ||||
-rw-r--r-- | src/man/sssd-ldap.5.xml | 14 | ||||
-rw-r--r-- | src/providers/ipa/ipa_common.c | 3 | ||||
-rw-r--r-- | src/providers/ipa/ipa_common.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.c | 3 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.c | 3 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 4 |
9 files changed, 28 insertions, 5 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 02f76af28..b613cfe4e 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -140,6 +140,7 @@ option_strings = { 'ldap_krb5_ticket_lifetime' : _('Lifetime of TGT for LDAP connection'), 'ldap_deref' : _('How to dereference aliases'), 'ldap_dns_service_name' : _('Service name for DNS service lookups'), + 'ldap_page_size' : _('The number of records to retrieve in a single LDAP query'), 'ldap_entry_usn' : _('entryUSN attribute'), 'ldap_rootdse_last_usn' : _('lastUSN attribute'), diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 8672f0b24..e568c74d3 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -27,6 +27,7 @@ ldap_referrals = bool, None, false ldap_krb5_ticket_lifetime = int, None, false ldap_dns_service_name = str, None, false ldap_deref = str, None, false +ldap_page_size = int, None, false [provider/ldap/id] ldap_search_timeout = int, None, false diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 9d585e2ae..49c9e4915 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -855,6 +855,20 @@ </varlistentry> <varlistentry> + <term>ldap_page_size (integer)</term> + <listitem> + <para> + Specify the number of records to retrieve from + LDAP in a single request. Some LDAP servers + enforce a maximum limit per-request. + </para> + <para> + Default: 1000 + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_tls_reqcert (string)</term> <listitem> <para> diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 7ba4fd5a4..a0c728ef4 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -93,7 +93,8 @@ struct dp_option ipa_def_ldap_opts[] = { /* Do not include ldap_auth_disable_tls_never_use_in_production in the * manpages or SSSDConfig API */ - { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE } + { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER } }; struct sdap_attr_map ipa_attr_map[] = { diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 12a492707..02c4276ca 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 49 +#define IPA_OPTS_BASIC_TEST 50 /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 11c4491f9..12028b013 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -86,7 +86,8 @@ struct dp_option default_basic_opts[] = { /* Do not include ldap_auth_disable_tls_never_use_in_production in the * manpages or SSSDConfig API */ - { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE } + { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER } }; struct sdap_attr_map generic_attr_map[] = { diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index c06b8a3b7..0f6b75504 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -77,6 +77,7 @@ struct sdap_handle { bool connected; /* Authentication ticket expiration time (if any) */ time_t expire_time; + ber_int_t page_size; struct sdap_fd_events *sdap_fd_events; @@ -192,6 +193,7 @@ enum sdap_basic_opt { SDAP_CHPASS_DNS_SERVICE_NAME, SDAP_ENUM_SEARCH_TIMEOUT, SDAP_DISABLE_AUTH_TLS, + SDAP_PAGE_SIZE, SDAP_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index ebb68cf68..5e05cb742 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -880,7 +880,6 @@ static errno_t sdap_get_generic_step(struct tevent_req *req) errno_t ret; int msgid; - ber_int_t page_size = 1000; LDAPControl *page_control = NULL; LDAPControl *m_controls[2] = { NULL, NULL }; @@ -905,7 +904,7 @@ static errno_t sdap_get_generic_step(struct tevent_req *req) if (sdap_is_control_supported(state->sh, LDAP_CONTROL_PAGEDRESULTS)) { lret = ldap_create_page_control(state->sh->ldap, - page_size, + state->sh->page_size, state->cookie.bv_val ? &state->cookie : NULL, diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 500e5f886..40ed585c6 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -108,6 +108,10 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, talloc_zfree(req); return NULL; } + + state->sh->page_size = dp_opt_get_int(state->opts->basic, + SDAP_PAGE_SIZE); + /* Initialize LDAP handler */ lret = ldap_initialize(&state->sh->ldap, uri); if (lret != LDAP_SUCCESS) { |