summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-06-24 14:06:07 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-06-28 10:53:58 -0400
commit0daccb28ba9b40a20ac3494aea42ce68c7a92a31 (patch)
treefdab915b41a8e434a575900d3bcb6b5ff03b2eef /src/providers/ldap
parentb22c0449d1f4943944b8a4dd037f97a69192c6ca (diff)
downloadsssd-0daccb28ba9b40a20ac3494aea42ce68c7a92a31.tar.gz
sssd-0daccb28ba9b40a20ac3494aea42ce68c7a92a31.tar.bz2
sssd-0daccb28ba9b40a20ac3494aea42ce68c7a92a31.zip
Make RootDSE optional
In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/sdap_async.c4
-rw-r--r--src/providers/ldap/sdap_async_connection.c16
2 files changed, 17 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 25f8bcfd..18f2bc0c 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -689,7 +689,9 @@ static void sdap_get_rootdse_done(struct tevent_req *subreq)
}
if (num_results == 0 || !results) {
- DEBUG(2, ("No RootDSE for server ?!\n"));
+ DEBUG(2, ("RootDSE could not be retrieved. "
+ "Please check that anonymous access to RootDSE is allowed\n"
+ ));
tevent_req_error(req, ENOENT);
return;
}
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index a0224a1c..fd1cc8c7 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -1052,8 +1052,20 @@ static void sdap_cli_rootdse_done(struct tevent_req *subreq)
return;
}
- tevent_req_error(req, ret);
- return;
+ else if (ret == ENOENT) {
+ /* RootDSE was not available on
+ * the server.
+ * Continue, and just assume that the
+ * features requested by the config
+ * work properly.
+ */
+ state->use_rootdse = false;
+ }
+
+ else {
+ tevent_req_error(req, ret);
+ return;
+ }
}
sasl_mech = dp_opt_get_string(state->opts->basic, SDAP_SASL_MECH);