Re: [SSSD] [PATCH] First step to handle LDAP referrals

Hi, these two patches are a first step to handle LDAP referrals. The first patch changes the way we add a file descriptor event to the event loop. Currently it was extracted from the LDAP handle. But here only the fd to the 'primary' LDAP server is stored. If a referral is found and LDAP_OPT_REFERRALS is set to LDAP_OPT_ON the openLDAP library will open new connections to the new LDAP servers automatically. To keep track of the activity on these connection we need to add the new fds to the event loop, too. To get the fds this patch introduces a connection callback where the fd is extracted from the provided data and added to the event loop. There is another callback which removes the fd from the event loop when ldap_unbind is called. The second patch adds the config option ldap_referrals to switch the referral chasing on and off. Authentication with referrals currently work under the following conditions: - the DN of the user is the same on both LDAP servers - the LDAP server is RHDS/FDS/389, openLDAP does not return the 'Referral' error code when binding to a referral object bye, Sumit

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAktfMqsACgkQeiVVYja6o6P3MQCeNV0ZBLfpS9Dyltq9xNjgAulh WgYAnjrtdahnLRBGBMiHZWFVlLa0/m5L =d2+L -----END PGP SIGNATURE-----