-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/20/2010 06:48 AM, Sumit Bose wrote:
Hi,
these two patches are a first step to handle LDAP referrals. The first
patch changes the way we add a file descriptor event to the event loop.
Currently it was extracted from the LDAP handle. But here only the fd to
the 'primary' LDAP server is stored. If a referral is found and
LDAP_OPT_REFERRALS is set to LDAP_OPT_ON the openLDAP library will open
new connections to the new LDAP servers automatically. To keep track of
the activity on these connection we need to add the new fds to the event
loop, too.
To get the fds this patch introduces a connection callback where the fd
is extracted from the provided data and added to the event loop. There
is another callback which removes the fd from the event loop when
ldap_unbind is called.
The second patch adds the config option ldap_referrals to switch the
referral chasing on and off.
Authentication with referrals currently work under the following
conditions:
- the DN of the user is the same on both LDAP servers
- the LDAP server is RHDS/FDS/389, openLDAP does not return the
'Referral' error code when binding to a referral object
bye,
Sumit
Nack.
Patch 0001:
Please use talloc_get_type() instead of casting lc_arg to (struct
ldap_cb_data *). This is safer, as talloc_get_type() will return NULL if
it is not in fact of type "struct ldap_cb_data". I'd rather see an
easy-to-track segfault than have us potentially clobbering data.
Patch 0002:
You need to add the new option to the SSSDConfig API as well, please.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAktfMqsACgkQeiVVYja6o6P3MQCeNV0ZBLfpS9Dyltq9xNjgAulh
WgYAnjrtdahnLRBGBMiHZWFVlLa0/m5L
=d2+L
-----END PGP SIGNATURE-----