diff options
| author | Simo Sorce <ssorce@redhat.com> | 2009-10-29 15:02:41 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-10-29 16:05:13 -0400 |
| commit | 44685ff64447b7ad87c75aec478e5f21bd50b4b7 (patch) | |
| tree | b0c8b4e0054de890c006b0ad2486c99adbcc7b1c /server/providers/ldap/ldap_id.c | |
| parent | b79b1228de615c860df841670c9a882ca748f63a (diff) | |
| download | sssd_unused-44685ff64447b7ad87c75aec478e5f21bd50b4b7.tar.gz sssd_unused-44685ff64447b7ad87c75aec478e5f21bd50b4b7.tar.xz sssd_unused-44685ff64447b7ad87c75aec478e5f21bd50b4b7.zip | |
Add support to get rootDSE from the LDAP server.
Also fic sdap_get_generic_send() to be a bit more "generic" :-)
Also figs bugs within it.
This patch allow us 2 good things.
A) we check that the server effectively supports GSSAPI auth before we try to
use it.
B) against IPA it substantially cuts delays when the server is offline because
it uses a 5 second async timeout on the connection and doesn't try to do a
slow synchronous kinit+sasl_bind if the server is not even available.
Diffstat (limited to 'server/providers/ldap/ldap_id.c')
| -rw-r--r-- | server/providers/ldap/ldap_id.c | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/server/providers/ldap/ldap_id.c b/server/providers/ldap/ldap_id.c index 9fd0d4f1..7e69c3dc 100644 --- a/server/providers/ldap/ldap_id.c +++ b/server/providers/ldap/ldap_id.c @@ -147,7 +147,7 @@ static struct tevent_req *users_get_send(TALLOC_CTX *memctx, /* FIXME: add option to decide if tls should be used * or SASL/GSSAPI, etc ... */ - subreq = sdap_cli_connect_send(state, ev, ctx->opts); + subreq = sdap_cli_connect_send(state, ev, ctx->opts, &ctx->rootDSE); if (!subreq) { ret = ENOMEM; goto fail; @@ -185,9 +185,13 @@ static void users_get_connect_done(struct tevent_req *subreq) struct users_get_state); int ret; - ret = sdap_cli_connect_recv(subreq, state->ctx, &state->ctx->gsh); + ret = sdap_cli_connect_recv(subreq, state->ctx, + &state->ctx->gsh, &state->ctx->rootDSE); talloc_zfree(subreq); if (ret) { + if (ret == ENOTSUP) { + DEBUG(0, ("Authentication mechanism not Supported by server")); + } tevent_req_error(req, ret); return; } @@ -314,7 +318,7 @@ static struct tevent_req *groups_get_send(TALLOC_CTX *memctx, /* FIXME: add option to decide if tls should be used * or SASL/GSSAPI, etc ... */ - subreq = sdap_cli_connect_send(state, ev, ctx->opts); + subreq = sdap_cli_connect_send(state, ev, ctx->opts, &ctx->rootDSE); if (!subreq) { ret = ENOMEM; goto fail; @@ -352,9 +356,13 @@ static void groups_get_connect_done(struct tevent_req *subreq) struct groups_get_state); int ret; - ret = sdap_cli_connect_recv(subreq, state->ctx, &state->ctx->gsh); + ret = sdap_cli_connect_recv(subreq, state->ctx, + &state->ctx->gsh, &state->ctx->rootDSE); talloc_zfree(subreq); if (ret) { + if (ret == ENOTSUP) { + DEBUG(0, ("Authentication mechanism not Supported by server")); + } tevent_req_error(req, ret); return; } @@ -456,7 +464,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, /* FIXME: add option to decide if tls should be used * or SASL/GSSAPI, etc ... */ - subreq = sdap_cli_connect_send(state, ev, ctx->opts); + subreq = sdap_cli_connect_send(state, ev, ctx->opts, &ctx->rootDSE); if (!subreq) { ret = ENOMEM; goto fail; @@ -494,9 +502,13 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) struct groups_by_user_state); int ret; - ret = sdap_cli_connect_recv(subreq, state->ctx, &state->ctx->gsh); + ret = sdap_cli_connect_recv(subreq, state->ctx, + &state->ctx->gsh, &state->ctx->rootDSE); talloc_zfree(subreq); if (ret) { + if (ret == ENOTSUP) { + DEBUG(0, ("Authentication mechanism not Supported by server")); + } tevent_req_error(req, ret); return; } @@ -912,7 +924,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, /* FIXME: add option to decide if tls should be used * or SASL/GSSAPI, etc ... */ - subreq = sdap_cli_connect_send(state, ev, ctx->opts); + subreq = sdap_cli_connect_send(state, ev, ctx->opts, &ctx->rootDSE); if (!subreq) { ret = ENOMEM; goto fail; @@ -951,9 +963,13 @@ static void enum_users_connect_done(struct tevent_req *subreq) struct enum_users_state); int ret; - ret = sdap_cli_connect_recv(subreq, state->ctx, &state->ctx->gsh); + ret = sdap_cli_connect_recv(subreq, state->ctx, + &state->ctx->gsh, &state->ctx->rootDSE); talloc_zfree(subreq); if (ret) { + if (ret == ENOTSUP) { + DEBUG(0, ("Authentication mechanism not Supported by server")); + } tevent_req_error(req, ret); return; } @@ -1059,7 +1075,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, /* FIXME: add option to decide if tls should be used * or SASL/GSSAPI, etc ... */ - subreq = sdap_cli_connect_send(state, ev, ctx->opts); + subreq = sdap_cli_connect_send(state, ev, ctx->opts, &ctx->rootDSE); if (!subreq) { ret = ENOMEM; goto fail; @@ -1097,9 +1113,13 @@ static void enum_groups_connect_done(struct tevent_req *subreq) struct enum_groups_state); int ret; - ret = sdap_cli_connect_recv(subreq, state->ctx, &state->ctx->gsh); + ret = sdap_cli_connect_recv(subreq, state->ctx, + &state->ctx->gsh, &state->ctx->rootDSE); talloc_zfree(subreq); if (ret) { + if (ret == ENOTSUP) { + DEBUG(0, ("Authentication mechanism not Supported by server")); + } tevent_req_error(req, ret); return; } |