On Tue, Jan 26, 2010 at 01:21:31PM -0500, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 01/20/2010 06:48 AM, Sumit Bose wrote:
> these two patches are a first step to handle LDAP referrals. The first
> patch changes the way we add a file descriptor event to the event loop.
> Currently it was extracted from the LDAP handle. But here only the fd to
> the 'primary' LDAP server is stored. If a referral is found and
> LDAP_OPT_REFERRALS is set to LDAP_OPT_ON the openLDAP library will open
> new connections to the new LDAP servers automatically. To keep track of
> the activity on these connection we need to add the new fds to the event
> loop, too.
> To get the fds this patch introduces a connection callback where the fd
> is extracted from the provided data and added to the event loop. There
> is another callback which removes the fd from the event loop when
> ldap_unbind is called.
> The second patch adds the config option ldap_referrals to switch the
> referral chasing on and off.
> Authentication with referrals currently work under the following
> - the DN of the user is the same on both LDAP servers
> - the LDAP server is RHDS/FDS/389, openLDAP does not return the
> 'Referral' error code when binding to a referral object
Please use talloc_get_type() instead of casting lc_arg to (struct
ldap_cb_data *). This is safer, as talloc_get_type() will return NULL if
it is not in fact of type "struct ldap_cb_data". I'd rather see an
easy-to-track segfault than have us potentially clobbering data.
You need to add the new option to the SSSDConfig API as well, please.
New versions attached.