Add last usn checking after reconnection

When reconnecting to the LDAP server supporting USNs (either because of new incomming
id operation or invokation of callback responsible for checking status
of the backend), detect whether the highest USN is lower than the one
SSSD has recorded. If so, setup enumeration/cleanup to refresh
potentionally changed account information in the SSSD cache.

Related ticket:
https://fedorahosted.org/sssd/ticket/734

1 files changed, 16 insertions, 1 deletions

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index e2f08494..de618333 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -710,8 +710,13 @@ static void sdap_check_online_done(struct tevent_req *req)
     int ret;
     int dp_err = DP_ERR_FATAL;
     bool can_retry;
+    struct sdap_id_ctx *ctx;
+    struct sdap_server_opts *srv_opts;
+
+    ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_ID].pvt_bet_data,
+                          struct sdap_id_ctx);
 
-    ret = sdap_cli_connect_recv(req, NULL, &can_retry, NULL, NULL);
+    ret = sdap_cli_connect_recv(req, NULL, &can_retry, NULL, &srv_opts);
     talloc_zfree(req);
 
     if (ret != EOK) {
@@ -720,6 +725,16 @@ static void sdap_check_online_done(struct tevent_req *req)
         }
     } else {
         dp_err = DP_ERR_OK;
+
+        if (strcmp(srv_opts->server_id, ctx->srv_opts->server_id) == 0 &&
+            srv_opts->supports_usn &&
+            ctx->srv_opts->last_usn > srv_opts->last_usn) {
+            ctx->srv_opts->max_user_value = 0;
+            ctx->srv_opts->max_group_value = 0;
+            ctx->srv_opts->last_usn = srv_opts->last_usn;
+        }
+
+        sdap_steal_server_opts(ctx, &srv_opts);
     }
 
     sdap_handler_done(be_req, dp_err, 0, NULL);