diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2012-05-23 05:50:36 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-31 15:46:28 -0400 |
commit | 6b81b6ada1010e65b447fc74453e236fb8791813 (patch) | |
tree | 62f63405ecfe14a5659fa42991b238f061e3676c /src/providers/ldap | |
parent | 64ddff90c7fcc02ccb06824ac93af7d5f361a88f (diff) | |
download | sssd-6b81b6ada1010e65b447fc74453e236fb8791813.tar.gz sssd-6b81b6ada1010e65b447fc74453e236fb8791813.tar.bz2 sssd-6b81b6ada1010e65b447fc74453e236fb8791813.zip |
Utilize attribute exclusion in LDAP initgroups
Previous patch added the possibility to exclude some attributes from a
map when building an attribute list to be sent to server. The original
reason for this functionality is the code handling LDAP initgroups. In
this code, there is no need to fetch members of groups in question. This
can save some performance since the list of members can be pretty long
in some cases. This case apllies only to RFC2307 and generic RFC2307bis,
it doesn't apply for IPA schema.
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 1911b1bb..50347b2b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -323,6 +323,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, { struct tevent_req *req; struct sdap_initgr_rfc2307_state *state; + const char **attr_filter; char *clean_name; errno_t ret; @@ -353,8 +354,17 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } + attr_filter = talloc_array(state, const char *, 2); + if (!attr_filter) { + talloc_free(req); + return NULL; + } + + attr_filter[0] = opts->group_map[SDAP_AT_GROUP_MEMBER].name; + attr_filter[1] = NULL; + ret = build_attrs_from_map(state, opts->group_map, SDAP_OPTS_GROUP, - NULL, &state->attrs, NULL); + attr_filter, &state->attrs, NULL); if (ret != EOK) { talloc_free(req); return NULL; @@ -1463,6 +1473,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( errno_t ret; struct tevent_req *req; struct sdap_initgr_rfc2307bis_state *state; + const char **attr_filter; char *clean_orig_dn; req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307bis_state); @@ -1495,8 +1506,17 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( return NULL; } + attr_filter = talloc_array(state, const char *, 2); + if (!attr_filter) { + ret = ENOMEM; + goto done; + } + + attr_filter[0] = opts->group_map[SDAP_AT_GROUP_MEMBER].name; + attr_filter[1] = NULL; + ret = build_attrs_from_map(state, opts->group_map, SDAP_OPTS_GROUP, - NULL, &state->attrs, NULL); + attr_filter, &state->attrs, NULL); if (ret != EOK) goto done; ret = sss_filter_sanitize(state, orig_dn, &clean_orig_dn); @@ -2105,6 +2125,7 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) { errno_t ret; TALLOC_CTX *tmp_ctx = NULL; + const char **attr_filter; char *clean_orig_dn; hash_key_t key; hash_value_t value; @@ -2168,8 +2189,17 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) goto done; } + attr_filter = talloc_array(state, const char *, 2); + if (!attr_filter) { + ret = ENOMEM; + goto done; + } + + attr_filter[0] = state->opts->group_map[SDAP_AT_GROUP_MEMBER].name; + attr_filter[1] = NULL; + ret = build_attrs_from_map(state, state->opts->group_map, SDAP_OPTS_GROUP, - NULL, &state->attrs, NULL); + attr_filter, &state->attrs, NULL); if (ret != EOK) { goto done; } |