summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_async.c')
-rw-r--r--src/providers/ldap/sdap_async.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 7ac32b95a..afa2904f4 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -1384,6 +1384,10 @@ static void sdap_get_generic_ext_done(struct sdap_op *op,
ldap_memfree(errmsg);
tevent_req_error(req, EIO);
return;
+ } else if (result == LDAP_UNAVAILABLE_CRITICAL_EXTENSION) {
+ ldap_memfree(errmsg);
+ tevent_req_error(req, ENOTSUP);
+ return;
} else if (result != LDAP_SUCCESS && result != LDAP_NO_SUCH_OBJECT) {
DEBUG(SSSDBG_OP_FAILURE,
("Unexpected result from ldap: %s(%d), %s\n",
@@ -2054,6 +2058,7 @@ enum sdap_deref_type {
};
struct sdap_deref_search_state {
+ struct sdap_handle *sh;
size_t reply_count;
struct sdap_deref_attrs **reply;
enum sdap_deref_type deref_type;
@@ -2080,6 +2085,7 @@ sdap_deref_search_send(TALLOC_CTX *memctx,
req = tevent_req_create(memctx, &state, struct sdap_deref_search_state);
if (!req) return NULL;
+ state->sh = sh;
state->reply_count = 0;
state->reply = NULL;
@@ -2144,7 +2150,16 @@ static void sdap_deref_search_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret != EOK) {
DEBUG(2, ("dereference processing failed [%d]: %s\n", ret, strerror(ret)));
- sss_log(SSS_LOG_WARNING, "dereference processing failed : %s", strerror(ret));
+ if (ret == ENOTSUP) {
+ sss_log(SSS_LOG_WARNING,
+ "LDAP server claims to support deref, but deref search failed. "
+ "Disabling deref for further requests. You can permanently "
+ "disable deref by setting ldap_deref_threshold to 0 in domain "
+ "configuration.");
+ state->sh->disable_deref = true;
+ } else {
+ sss_log(SSS_LOG_WARNING, "dereference processing failed : %s", strerror(ret));
+ }
tevent_req_error(req, ret);
return;
}
@@ -2176,6 +2191,10 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
int i;
int deref_threshold;
+ if (sh->disable_deref) {
+ return false;
+ }
+
deref_threshold = dp_opt_get_int(opts->basic, SDAP_DEREF_THRESHOLD);
if (deref_threshold == 0) {
return false;
generated by cgit (git 2.34.1) at 2024-05-01 02:00:41 +0000