summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/config/SSSDConfig.py1
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf1
-rw-r--r--src/man/sssd-ldap.5.xml14
-rw-r--r--src/providers/ipa/ipa_common.c3
-rw-r--r--src/providers/ipa/ipa_common.h2
-rw-r--r--src/providers/ldap/ldap_common.c3
-rw-r--r--src/providers/ldap/sdap.h2
-rw-r--r--src/providers/ldap/sdap_async.c3
-rw-r--r--src/providers/ldap/sdap_async_connection.c4
9 files changed, 28 insertions, 5 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 02f76af28..b613cfe4e 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -140,6 +140,7 @@ option_strings = {
'ldap_krb5_ticket_lifetime' : _('Lifetime of TGT for LDAP connection'),
'ldap_deref' : _('How to dereference aliases'),
'ldap_dns_service_name' : _('Service name for DNS service lookups'),
+ 'ldap_page_size' : _('The number of records to retrieve in a single LDAP query'),
'ldap_entry_usn' : _('entryUSN attribute'),
'ldap_rootdse_last_usn' : _('lastUSN attribute'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 8672f0b24..e568c74d3 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -27,6 +27,7 @@ ldap_referrals = bool, None, false
ldap_krb5_ticket_lifetime = int, None, false
ldap_dns_service_name = str, None, false
ldap_deref = str, None, false
+ldap_page_size = int, None, false
[provider/ldap/id]
ldap_search_timeout = int, None, false
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 9d585e2ae..49c9e4915 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -855,6 +855,20 @@
</varlistentry>
<varlistentry>
+ <term>ldap_page_size (integer)</term>
+ <listitem>
+ <para>
+ Specify the number of records to retrieve from
+ LDAP in a single request. Some LDAP servers
+ enforce a maximum limit per-request.
+ </para>
+ <para>
+ Default: 1000
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ldap_tls_reqcert (string)</term>
<listitem>
<para>
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 7ba4fd5a4..a0c728ef4 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -93,7 +93,8 @@ struct dp_option ipa_def_ldap_opts[] = {
/* Do not include ldap_auth_disable_tls_never_use_in_production in the
* manpages or SSSDConfig API
*/
- { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }
+ { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+ { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }
};
struct sdap_attr_map ipa_attr_map[] = {
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 12a492707..02c4276ca 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -35,7 +35,7 @@ struct ipa_service {
/* the following defines are used to keep track of the options in the ldap
* module, so that if they change and ipa is not updated correspondingly
* this will trigger a runtime abort error */
-#define IPA_OPTS_BASIC_TEST 49
+#define IPA_OPTS_BASIC_TEST 50
/* the following define is used to keep track of the options in the krb5
* module, so that if they change and ipa is not updated correspondingly
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 11c4491f9..12028b013 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -86,7 +86,8 @@ struct dp_option default_basic_opts[] = {
/* Do not include ldap_auth_disable_tls_never_use_in_production in the
* manpages or SSSDConfig API
*/
- { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }
+ { "ldap_auth_disable_tls_never_use_in_production", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+ { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }
};
struct sdap_attr_map generic_attr_map[] = {
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index c06b8a3b7..0f6b75504 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -77,6 +77,7 @@ struct sdap_handle {
bool connected;
/* Authentication ticket expiration time (if any) */
time_t expire_time;
+ ber_int_t page_size;
struct sdap_fd_events *sdap_fd_events;
@@ -192,6 +193,7 @@ enum sdap_basic_opt {
SDAP_CHPASS_DNS_SERVICE_NAME,
SDAP_ENUM_SEARCH_TIMEOUT,
SDAP_DISABLE_AUTH_TLS,
+ SDAP_PAGE_SIZE,
SDAP_OPTS_BASIC /* opts counter */
};
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index ebb68cf68..5e05cb742 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -880,7 +880,6 @@ static errno_t sdap_get_generic_step(struct tevent_req *req)
errno_t ret;
int msgid;
- ber_int_t page_size = 1000;
LDAPControl *page_control = NULL;
LDAPControl *m_controls[2] = { NULL, NULL };
@@ -905,7 +904,7 @@ static errno_t sdap_get_generic_step(struct tevent_req *req)
if (sdap_is_control_supported(state->sh,
LDAP_CONTROL_PAGEDRESULTS)) {
lret = ldap_create_page_control(state->sh->ldap,
- page_size,
+ state->sh->page_size,
state->cookie.bv_val ?
&state->cookie :
NULL,
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 500e5f886..40ed585c6 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -108,6 +108,10 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx,
talloc_zfree(req);
return NULL;
}
+
+ state->sh->page_size = dp_opt_get_int(state->opts->basic,
+ SDAP_PAGE_SIZE);
+
/* Initialize LDAP handler */
lret = ldap_initialize(&state->sh->ldap, uri);
if (lret != LDAP_SUCCESS) {