From 0d85b37ab0ede884408e68246ec21092c3718610 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 20 Jan 2010 11:21:50 +0100 Subject: Add new option ldap_referrals --- server/config/SSSDConfig.py | 1 + server/config/etc/sssd.api.d/sssd-ipa.conf | 1 + server/config/etc/sssd.api.d/sssd-ldap.conf | 1 + server/man/sssd-ldap.5.xml | 13 +++++++++++++ server/providers/ldap/ldap_common.c | 3 ++- server/providers/ldap/sdap.h | 1 + server/providers/ldap/sdap_async_connection.c | 11 +++++++++++ 7 files changed, 30 insertions(+), 1 deletion(-) (limited to 'server') diff --git a/server/config/SSSDConfig.py b/server/config/SSSDConfig.py index d31fbe2c..b08e9f4f 100644 --- a/server/config/SSSDConfig.py +++ b/server/config/SSSDConfig.py @@ -115,6 +115,7 @@ option_strings = { 'krb5_realm' : _('Kerberos realm'), 'ldap_krb5_keytab' : _('Kerberos service keytab'), 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'), + 'ldap_referrals' : _('Follow LDAP referrals'), # [provider/ldap/id] 'ldap_search_timeout' : _('Length of time to wait for a search request'), diff --git a/server/config/etc/sssd.api.d/sssd-ipa.conf b/server/config/etc/sssd.api.d/sssd-ipa.conf index 7a6cd873..7c1a8271 100644 --- a/server/config/etc/sssd.api.d/sssd-ipa.conf +++ b/server/config/etc/sssd.api.d/sssd-ipa.conf @@ -22,6 +22,7 @@ ldap_krb5_keytab = str, None ldap_krb5_init_creds = bool, None ldap_entry_usn = str, None ldap_rootdse_last_usn = str, None +ldap_referrals = bool, None [provider/ipa/id] ldap_search_timeout = int, None diff --git a/server/config/etc/sssd.api.d/sssd-ldap.conf b/server/config/etc/sssd.api.d/sssd-ldap.conf index 314f57fb..e6418ec7 100644 --- a/server/config/etc/sssd.api.d/sssd-ldap.conf +++ b/server/config/etc/sssd.api.d/sssd-ldap.conf @@ -18,6 +18,7 @@ ldap_krb5_keytab = str, None ldap_krb5_init_creds = bool, None ldap_entry_usn = str, None ldap_rootdse_last_usn = str, None +ldap_referrals = bool, None [provider/ldap/id] ldap_search_timeout = int, None diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml index affa2d1b..2737c24e 100644 --- a/server/man/sssd-ldap.5.xml +++ b/server/man/sssd-ldap.5.xml @@ -614,6 +614,19 @@ + + ldap_referrals (boolean) + + + Specifies whether automatic referral chasing should + be enabled. + + + Default: true + + + + diff --git a/server/providers/ldap/ldap_common.c b/server/providers/ldap/ldap_common.c index 74b478cc..15d44dc1 100644 --- a/server/providers/ldap/ldap_common.c +++ b/server/providers/ldap/ldap_common.c @@ -61,7 +61,8 @@ struct dp_option default_basic_opts[] = { { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, /* use the same parm name as the krb5 module so we set it only once */ { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING } + { "ldap_pwd_policy", DP_OPT_STRING, { "none" } , NULL_STRING }, + { "ldap_referrals", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE } }; struct sdap_attr_map generic_attr_map[] = { diff --git a/server/providers/ldap/sdap.h b/server/providers/ldap/sdap.h index a5b9e832..f32ce050 100644 --- a/server/providers/ldap/sdap.h +++ b/server/providers/ldap/sdap.h @@ -137,6 +137,7 @@ enum sdap_basic_opt { SDAP_KRB5_KINIT, SDAP_KRB5_REALM, SDAP_PWD_POLICY, + SDAP_REFERRALS, SDAP_OPTS_BASIC /* opts counter */ }; diff --git a/server/providers/ldap/sdap_async_connection.c b/server/providers/ldap/sdap_async_connection.c index 99cb3754..1ed6b3f8 100644 --- a/server/providers/ldap/sdap_async_connection.c +++ b/server/providers/ldap/sdap_async_connection.c @@ -57,6 +57,7 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, int ret = EOK; int msgid; struct ldap_cb_data *cb_data; + bool ldap_referrals; req = tevent_req_create(memctx, &state, struct sdap_connect_state); if (!req) return NULL; @@ -109,6 +110,16 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx, goto fail; } + /* Set Referral chasing */ + ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS); + lret = ldap_set_option(state->sh->ldap, LDAP_OPT_REFERRALS, + (ldap_referrals ? LDAP_OPT_ON : LDAP_OPT_OFF)); + if (lret != LDAP_OPT_SUCCESS) { + DEBUG(1, ("Failed to set referral chasing to %s\n", + (ldap_referrals ? "LDAP_OPT_ON" : "LDAP_OPT_OFF"))); + goto fail; + } + /* add connection callback */ state->sh->conncb = talloc_zero(state->sh, struct ldap_conncb); if (state->sh->conncb == NULL) { -- cgit