From aa89df2040593f9120196ec440d2dc6d9f860d55 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 26 Jan 2011 17:51:02 +0100 Subject: Do not fail if attributes are empty Currently we fail if attributes are empty. But there are some use cases where requested attributes are empty. E.g Active Directory uses an empty member attribute to indicate that a subset of the members are in a range sub-attribute. --- src/providers/ldap/sdap.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index ea2eabe7..95c39a0c 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -185,34 +185,47 @@ int sdap_parse_entry(TALLOC_CTX *memctx, name = map[a].sys_name; } else { store = false; + name = NULL; } } else { name = str; store = true; } + if (strstr(str, ";range=") != NULL) { + DEBUG(1, ("Attribute [%s] has range sub-attribute " + "which is currently not supported, skipping.\n", str)); + store = false; + } + if (store) { vals = ldap_get_values_len(sh->ldap, sm->msg, str); if (!vals) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); - DEBUG(1, ("LDAP Library error: %d(%s)", - lerrno, ldap_err2string(lerrno))); - ret = EIO; - goto fail; - } - if (!vals[0]) { - DEBUG(1, ("Missing value after ldap_get_values() ??\n")); - ret = EINVAL; - goto fail; - } - for (i = 0; vals[i]; i++) { - v.data = (uint8_t *)vals[i]->bv_val; - v.length = vals[i]->bv_len; + if (lerrno != LDAP_SUCCESS) { + DEBUG(1, ("LDAP Library error: %d(%s)", + lerrno, ldap_err2string(lerrno))); + ret = EIO; + goto fail; + } + + DEBUG(5, ("Attribute [%s] has no values, skipping.\n", str)); - ret = sysdb_attrs_add_val(attrs, name, &v); - if (ret) goto fail; + } else { + if (!vals[0]) { + DEBUG(1, ("Missing value after ldap_get_values() ??\n")); + ret = EINVAL; + goto fail; + } + for (i = 0; vals[i]; i++) { + v.data = (uint8_t *)vals[i]->bv_val; + v.length = vals[i]->bv_len; + + ret = sysdb_attrs_add_val(attrs, name, &v); + if (ret) goto fail; + } + ldap_value_free_len(vals); } - ldap_value_free_len(vals); } ldap_memfree(str); -- cgit