From 86c2e80de2243c3bd7691657086f1a182e7fc45c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 16 Dec 2013 18:36:12 +0100 Subject: LDAP: Detect the presence of POSIX attributes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the schema is set to AD and ID mapping is not used, there is a one-time check ran when searching for users to detect the presence of POSIX attributes in LDAP. If this check fails, the search fails as if no entry was found and returns a special error code. The sdap_server_opts structure is filled every time a client connects to a server so the posix check boolean is reset to false again on connecting to the server. It might be better to move the check to where the rootDSE is retrieved, but the check depends on several features that are not known to the code that retrieves the rootDSE (or the connection code for example) such as what the attribute mappings are or the authentication method that should be used. Reviewed-by: Sumit Bose Reviewed-by: Pavel Březina (cherry picked from commit e81deec535d11912b87954c81a1edd768c1386c9) --- src/util/util_errors.c | 1 + src/util/util_errors.h | 1 + 2 files changed, 2 insertions(+) (limited to 'src/util') diff --git a/src/util/util_errors.c b/src/util/util_errors.c index 633257e8d..c9b507557 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -52,6 +52,7 @@ struct err_string error_to_str[] = { { "Domain not found" }, /* ERR_DOMAIN_NOT_FOUND */ { "Missing configuration file" }, /* ERR_MISSING_CONF */ { "Malformed search filter" }, /* ERR_INVALID_FILTER, */ + { "No POSIX attributes detected" }, /* ERR_NO_POSIX */ }; diff --git a/src/util/util_errors.h b/src/util/util_errors.h index 133208503..3dd94af1f 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -74,6 +74,7 @@ enum sssd_errors { ERR_DOMAIN_NOT_FOUND, ERR_MISSING_CONF, ERR_INVALID_FILTER, + ERR_NO_POSIX, ERR_LAST /* ALWAYS LAST */ }; -- cgit