From 2c62da337e31217d03f5bf0f768b574d166bb2fe Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Tue, 12 Jun 2012 20:29:26 -0400
Subject: LDAP: Auto-detect support for the ldap match rule

This patch extends the RootDSE lookup so that we will perform a
second request to test whether the match rule syntax can be used.

If both groups and initgroups are disabled in the configuration,
this lookup request can be skipped.
---
 src/providers/ldap/sdap_async_initgroups.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/providers/ldap/sdap_async_initgroups.c')

diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 2f146b01..8a837bcc 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2665,7 +2665,9 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
             return;
         }
 
-        if (dp_opt_get_bool(state->opts->basic, SDAP_AD_MATCHING_RULE_INITGROUPS)) {
+        if (state->opts->support_matching_rule
+                && dp_opt_get_bool(state->opts->basic,
+                                   SDAP_AD_MATCHING_RULE_INITGROUPS)) {
             /* Take advantage of AD's extensibleMatch filter to look up
              * all parent groups in a single request.
              */
-- 
cgit