From 6263578b03a52b3ec3a2e33e097554241780fc20 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Tue, 14 May 2013 18:00:10 +0200
Subject: Adding option to disable retrieving large AD groups.

This commit adds new option ldap_disable_range_retrieval with default value
FALSE. If this option is enabled, large groups(>1500) will not be retrieved and
behaviour will be similar like was before commit ae8d047122c
"LDAP: Handle very large Active Directory groups"

https://fedorahosted.org/sssd/ticket/1823
---
 src/providers/ldap/sdap.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

(limited to 'src/providers/ldap/sdap.c')

diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 3a820f62f..daa081ce7 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -95,7 +95,8 @@ int sdap_get_map(TALLOC_CTX *memctx,
 int sdap_parse_entry(TALLOC_CTX *memctx,
                      struct sdap_handle *sh, struct sdap_msg *sm,
                      struct sdap_attr_map *map, int attrs_num,
-                     struct sysdb_attrs **_attrs, char **_dn)
+                     struct sysdb_attrs **_attrs, char **_dn,
+                     bool disable_range_retrieval)
 {
     struct sysdb_attrs *attrs;
     BerElement *ber = NULL;
@@ -190,23 +191,27 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
     while (str) {
         base64 = false;
 
-        ret = sdap_parse_range(tmp_ctx, str, &base_attr, &range_offset);
-        if (ret == EAGAIN) {
+        ret = sdap_parse_range(tmp_ctx, str, &base_attr, &range_offset,
+                               disable_range_retrieval);
+        switch(ret) {
+        case EAGAIN:
             /* This attribute contained range values and needs more to
              * be retrieved
              */
             /* TODO: return the set of attributes that need additional retrieval
              * For now, we'll continue below and treat it as regular values.
              */
-
-        } else if (ret != EOK) {
+            /* FALLTHROUGH */
+        case ECANCELED:
+            /* FALLTHROUGH */
+        case EOK:
+            break;
+        default:
             DEBUG(SSSDBG_MINOR_FAILURE,
-                  ("Could not determine if attribute [%s] was ranged\n",
-                   str));
+                  ("Could not determine if attribute [%s] was ranged\n", str));
             goto done;
         }
 
-
         if (map) {
             for (a = 1; a < attrs_num; a++) {
                 /* check if this attr is valid with the chosen schema */
@@ -230,6 +235,11 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
             store = true;
         }
 
+        if (ret == ECANCELED) {
+            ret = EOK;
+            store = false;
+        }
+
         if (store) {
             vals = ldap_get_values_len(sh->ldap, sm->msg, str);
             if (!vals) {
-- 
cgit