summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-09-18 14:24:38 -0400
committerJakub Hrozek <jhrozek@redhat.com>2012-09-24 15:00:11 +0200
commite6ba224432bfcd64802222a3544bc38c179727cd (patch)
tree0f135fd9dfebc8584f331232f5f5be941fba4084
parent99c99e557020775714f028b28a147edda290c783 (diff)
downloadsssd-e6ba224432bfcd64802222a3544bc38c179727cd.tar.gz
sssd-e6ba224432bfcd64802222a3544bc38c179727cd.tar.bz2
sssd-e6ba224432bfcd64802222a3544bc38c179727cd.zip
AD: Detect domain controller compatibility version
-rw-r--r--src/providers/ldap/sdap.c30
-rw-r--r--src/providers/ldap/sdap.h13
-rw-r--r--src/providers/ldap/sdap_async.c1
3 files changed, 44 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 11ba9cf3..5c4a0055 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -903,6 +903,7 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
char *endptr = NULL;
int ret;
int i;
+ uint32_t dc_level;
so = talloc_zero(memctx, struct sdap_server_opts);
if (!so) {
@@ -974,6 +975,35 @@ int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
}
}
}
+
+ /* Detect Active Directory version if available */
+ ret = sysdb_attrs_get_uint32_t(rootdse,
+ SDAP_ROOTDSE_ATTR_AD_VERSION,
+ &dc_level);
+ if (ret == EOK) {
+ /* Validate that the DC level matches an expected value */
+ switch(dc_level) {
+ case DS_BEHAVIOR_WIN2000:
+ case DS_BEHAVIOR_WIN2003:
+ case DS_BEHAVIOR_WIN2008:
+ case DS_BEHAVIOR_WIN2008R2:
+ case DS_BEHAVIOR_WIN2012:
+ opts->dc_functional_level = dc_level;
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ ("Setting AD compatibility level to [%d]\n",
+ opts->dc_functional_level));
+ break;
+ default:
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Received invalid value for AD compatibility level. "
+ "Continuing without AD performance enhancements\n"));
+ }
+ } else if (ret != ENOENT) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Error detecting Active Directory compatibility level "
+ "(%s). Continuing without AD performance enhancements\n",
+ strerror(ret)));
+ }
}
if (!last_usn_name) {
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 01c33e42..d844ad63 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -129,6 +129,7 @@ struct sdap_ppolicy_data {
#define SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS "namingContexts"
#define SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT "defaultNamingContext"
+#define SDAP_ROOTDSE_ATTR_AD_VERSION "domainControllerFunctionality"
#define SDAP_IPA_USN "entryUSN"
#define SDAP_IPA_LAST_USN "lastUSN"
@@ -364,6 +365,17 @@ struct sdap_search_base {
const char *filter;
};
+/* Values from
+ * http://msdn.microsoft.com/en-us/library/cc223272%28v=prot.13%29.aspx
+ */
+enum dc_functional_level {
+ DS_BEHAVIOR_WIN2000 = 0,
+ DS_BEHAVIOR_WIN2003 = 2,
+ DS_BEHAVIOR_WIN2008 = 3,
+ DS_BEHAVIOR_WIN2008R2 = 4,
+ DS_BEHAVIOR_WIN2012 = 5
+};
+
struct sdap_options {
struct dp_option *basic;
struct sdap_attr_map *gen_map;
@@ -397,6 +409,7 @@ struct sdap_options {
struct sdap_search_base **autofs_search_bases;
bool support_matching_rule;
+ enum dc_functional_level dc_functional_level;
};
struct sdap_server_opts {
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 42c8dd68..e0440625 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -855,6 +855,7 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx,
"supportedFeatures",
"supportedLDAPVersion",
"supportedSASLMechanisms",
+ SDAP_ROOTDSE_ATTR_AD_VERSION,
SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT,
SDAP_IPA_LAST_USN, SDAP_AD_LAST_USN,
NULL