summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2011-03-07 13:38:43 +0100
committerStephen Gallagher <sgallagh@redhat.com>2011-04-19 14:56:30 -0400
commit743475e5d730f1438bff4bb086600186adfe8311 (patch)
treeb864a7b0305bb3865c625b9657b1d3c4b44c5326 /src/providers/ldap
parent44c90f21cfd661ef07e74002ae01481a69c22d98 (diff)
downloadsssd-743475e5d730f1438bff4bb086600186adfe8311.tar.gz
sssd-743475e5d730f1438bff4bb086600186adfe8311.tar.bz2
sssd-743475e5d730f1438bff4bb086600186adfe8311.zip
Add last usn checking after reconnection
When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_id.c17
-rw-r--r--src/providers/ldap/sdap_id_op.c15
2 files changed, 31 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index e2f08494..de618333 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -710,8 +710,13 @@ static void sdap_check_online_done(struct tevent_req *req)
int ret;
int dp_err = DP_ERR_FATAL;
bool can_retry;
+ struct sdap_id_ctx *ctx;
+ struct sdap_server_opts *srv_opts;
+
+ ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_ID].pvt_bet_data,
+ struct sdap_id_ctx);
- ret = sdap_cli_connect_recv(req, NULL, &can_retry, NULL, NULL);
+ ret = sdap_cli_connect_recv(req, NULL, &can_retry, NULL, &srv_opts);
talloc_zfree(req);
if (ret != EOK) {
@@ -720,6 +725,16 @@ static void sdap_check_online_done(struct tevent_req *req)
}
} else {
dp_err = DP_ERR_OK;
+
+ if (strcmp(srv_opts->server_id, ctx->srv_opts->server_id) == 0 &&
+ srv_opts->supports_usn &&
+ ctx->srv_opts->last_usn > srv_opts->last_usn) {
+ ctx->srv_opts->max_user_value = 0;
+ ctx->srv_opts->max_group_value = 0;
+ ctx->srv_opts->last_usn = srv_opts->last_usn;
+ }
+
+ sdap_steal_server_opts(ctx, &srv_opts);
}
sdap_handler_done(be_req, dp_err, 0, NULL);
diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c
index 6933b2bb..1f692a15 100644
--- a/src/providers/ldap/sdap_id_op.c
+++ b/src/providers/ldap/sdap_id_op.c
@@ -498,6 +498,7 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
tevent_req_callback_data(subreq, struct sdap_id_conn_data);
struct sdap_id_conn_cache *conn_cache = conn_data->conn_cache;
struct sdap_server_opts *srv_opts = NULL;
+ struct sdap_server_opts *current_srv_opts = NULL;
bool can_retry = false;
bool is_offline = false;
int ret;
@@ -527,6 +528,20 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq)
}
if (ret == EOK) {
+ current_srv_opts = conn_cache->id_ctx->srv_opts;
+ if (current_srv_opts) {
+ DEBUG(8, ("Old USN: %lu, New USN: %lu\n", current_srv_opts->last_usn, srv_opts->last_usn));
+
+ if (strcmp(srv_opts->server_id, current_srv_opts->server_id) == 0 &&
+ srv_opts->supports_usn &&
+ current_srv_opts->last_usn > srv_opts->last_usn) {
+ DEBUG(5, ("Server was probably re-initialized\n"));
+
+ current_srv_opts->max_user_value= 0;
+ current_srv_opts->max_group_value = 0;
+ current_srv_opts->last_usn = 0;
+ }
+ }
ret = sdap_id_conn_data_set_expire_timer(conn_data);
sdap_steal_server_opts(conn_cache->id_ctx, &srv_opts);
}