summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-01-20 11:21:50 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-02-02 14:41:40 -0500
commit0d85b37ab0ede884408e68246ec21092c3718610 (patch)
tree5588fe771a798ce02633233c795d34a773debc1f
parent7c8f422495347e6ff829246ebf5d7faad9f6d160 (diff)
downloadsssd-0d85b37ab0ede884408e68246ec21092c3718610.tar.gz
sssd-0d85b37ab0ede884408e68246ec21092c3718610.tar.bz2
sssd-0d85b37ab0ede884408e68246ec21092c3718610.zip
Add new option ldap_referrals
-rw-r--r--server/config/SSSDConfig.py1
-rw-r--r--server/config/etc/sssd.api.d/sssd-ipa.conf1
-rw-r--r--server/config/etc/sssd.api.d/sssd-ldap.conf1
-rw-r--r--server/man/sssd-ldap.5.xml13
-rw-r--r--server/providers/ldap/ldap_common.c3
-rw-r--r--server/providers/ldap/sdap.h1
-rw-r--r--server/providers/ldap/sdap_async_connection.c11
7 files changed, 30 insertions, 1 deletions
diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py
index d31fbe2c..b08e9f4f 100644
--- a/server/config/SSSDConfig.py
+++ b/server/config/SSSDConfig.py
@@ -115,6 +115,7 @@ option_strings = {
'krb5_realm' : _('Kerberos realm'),
'ldap_krb5_keytab' : _('Kerberos service keytab'),
'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'),
+ 'ldap_referrals' : _('Follow LDAP referrals'),
# [provider/ldap/id]
'ldap_search_timeout' : _('Length of time to wait for a search request'),
diff --git a/server/config/etc/sssd.api.d/sssd-ipa.conf b/server/config/etc/sssd.api.d/sssd-ipa.conf
index 7a6cd873..7c1a8271 100644
--- a/server/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/server/config/etc/sssd.api.d/sssd-ipa.conf
@@ -22,6 +22,7 @@ ldap_krb5_keytab = str, None
ldap_krb5_init_creds = bool, None
ldap_entry_usn = str, None
ldap_rootdse_last_usn = str, None
+ldap_referrals = bool, None
[provider/ipa/id]
ldap_search_timeout = int, None
diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf
index 314f57fb..e6418ec7 100644
--- a/server/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/server/config/etc/sssd.api.d/sssd-ldap.conf
@@ -18,6 +18,7 @@ ldap_krb5_keytab = str, None
ldap_krb5_init_creds = bool, None
ldap_entry_usn = str, None
ldap_rootdse_last_usn = str, None
+ldap_referrals = bool, None
[provider/ldap/id]
ldap_search_timeout = int, None
diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml
index affa2d1b..2737c24e 100644
--- a/server/man/sssd-ldap.5.xml
+++ b/server/man/sssd-ldap.5.xml
@@ -614,6 +614,19 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>ldap_referrals (boolean)</term>
+ <listitem>
+ <para>
+ Specifies whether automatic referral chasing should
+ be enabled.
+ </para>
+ <para>
+ Default: true
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</para>
</refsect1>
diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c
index 74b478cc..15d44dc1 100644
--- a/server/providers/ldap/ldap_common.c
+++ b/server/providers/ldap/ldap_common.c
@@ -61,7 +61,8 @@ struct dp_option default_basic_opts[] = {
{ "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
/* use the same parm name as the krb5 module so we set it only once */
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING }
+ { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING },
+ { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }
};
struct sdap_attr_map generic_attr_map[] = {
diff --git a/server/providers/ldap/sdap.h b/server/providers/ldap/sdap.h
index a5b9e832..f32ce050 100644
--- a/server/providers/ldap/sdap.h
+++ b/server/providers/ldap/sdap.h
@@ -137,6 +137,7 @@ enum sdap_basic_opt {
SDAP_KRB5_KINIT,
SDAP_KRB5_REALM,
SDAP_PWD_POLICY,
+ SDAP_REFERRALS,
SDAP_OPTS_BASIC /* opts counter */
};
diff --git a/server/providers/ldap/sdap_async_connection.c b/server/providers/ldap/sdap_async_connection.c
index 99cb3754..1ed6b3f8 100644
--- a/server/providers/ldap/sdap_async_connection.c
+++ b/server/providers/ldap/sdap_async_connection.c
@@ -57,6 +57,7 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx,
int ret = EOK;
int msgid;
struct ldap_cb_data *cb_data;
+ bool ldap_referrals;
req = tevent_req_create(memctx, &state, struct sdap_connect_state);
if (!req) return NULL;
@@ -109,6 +110,16 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx,
goto fail;
}
+ /* Set Referral chasing */
+ ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS);
+ lret = ldap_set_option(state->sh->ldap, LDAP_OPT_REFERRALS,
+ (ldap_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF));
+ if (lret != LDAP_OPT_SUCCESS) {
+ DEBUG(1, ("Failed to set referral chasing to %s\n",
+ (ldap_referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF")));
+ goto fail;
+ }
+
/* add connection callback */
state->sh->conncb = talloc_zero(state->sh, struct ldap_conncb);
if (state->sh->conncb == NULL) {