On Tue, 2012-01-17 at 08:34 +0100, Jan Zelený wrote: > > On Mon, 2012-01-16 at 16:52 -0500, Stephen Gallagher wrote: > > > Fixes https://fedorahosted.org/sssd/ticket/967 > > > > > > Provides a workaround to two server problems: > > > > > > OpenLDAP: This server will report that the paging control is available > > > in the RootDSE, even if it is disabled. This allows SSSD to continue to > > > function against such servers. > > > https://bugzilla.redhat.com/show_bug.cgi?id=728212 > > > > > > 389: This server only supports a single paging control active on a > > > connection at a time. This means that if we have a busy system (or just > > > bad luck) we'll get denied trying to run simultaneous requests. > > > https://bugzilla.redhat.com/show_bug.cgi?id=782221 > > > _______________________________________________ > > > sssd-devel mailing list > > > sssd-devel@lists.fedorahosted.org > > > https://fedorahosted.org/mailman/listinfo/sssd-devel > > > > I see no patch attached. > > Me neither, but JR's comment suggests that it is available somewhere. > Nevertheless I can't find it anywhere.
JR had a copy that I sent to him via pastebin. Patch attached this time.
From 8e18dfced789cd3e073c20a1d32552b09f3868ce Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Mon, 16 Jan 2012 16:27:01 -0500 Subject: [PATCH] LDAP: Add option to disable paging control Fixes https://fedorahosted.org/sssd/ticket/967 --- src/config/SSSDConfig.py | 2 ++ src/config/etc/sssd.api.d/sssd-ipa.conf | 1 + src/config/etc/sssd.api.d/sssd-ldap.conf | 1 + src/man/sssd-ldap.5.xml | 24 ++++++++++++++++++++++++ src/providers/ipa/ipa_common.c | 3 ++- src/providers/ipa/ipa_common.h | 2 +- src/providers/ldap/ldap_common.c | 3 ++- src/providers/ldap/sdap.h | 1 + src/providers/ldap/sdap_async.c | 8 ++++++-- 9 files changed, 40 insertions(+), 5 deletions(-) diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 44bfb69f532adbcce88f2f0e5786987e21e69e7b..7e514aff8e0570a8e206890033d434d7f0e03e9d 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -163,6 +163,8 @@ option_strings = { 'ldap_connection_expiration_timeout' : _('How long to retain a connection to the LDAP server before disconnecting'), + 'ldap_disable_paging' : _('Disable the LDAP paging control'), + # [provider/ldap/id] 'ldap_search_timeout' : _('Length of time to wait for a search request'), 'ldap_enumeration_search_timeout' : _('Length of time to wait for a enumeration request'), diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index f6bf2497e8947edb4f2237d0c5a80bb0f26e0678..97e7ceedb424bfb8f09c54cc3d4b06b8ea2498c6 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -41,6 +41,7 @@ ldap_deref = str, None, false ldap_page_size = int, None, false ldap_deref_threshold = int, None, false ldap_connection_expire_timeout = int, None, false +ldap_disable_paging = bool, None, false [provider/ipa/id] ldap_search_timeout = int, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 9a89bfe2dc967d82f0dfb2870326ccb8408350e3..0853ae5a7f3e2dc17cf96b735f5f89e471160404 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -33,6 +33,7 @@ ldap_deref_threshold = int, None, false ldap_sasl_canonicalize = bool, None, false ldap_sasl_minssf = int, None, false ldap_connection_expire_timeout = int, None, false +ldap_disable_paging = bool, None, false [provider/ldap/id] ldap_search_timeout = int, None, false diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 1f759025d2677e5affc7a51ab8570106ad463796..fca13f8da723dba8d44e692ed9bd541bf6070222 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -996,6 +996,30 @@ </varlistentry> <varlistentry> + <term>ldap_disable_paging</term> + <listitem> + <para> + Disable the LDAP paging control. This option + should be used if the LDAP server reports that it + supports the LDAP paging control in its RootDSE + but it is not enabled or does not behave properly. + </para> + <para> + Example: OpenLDAP servers with the paging control + module installed on the server but not enabled + will report it in the RootDSE but be unable to use + it. + </para> + <para> + Example: 389 DS has a bug where it can only + support a one paging control at a time on a single + connection. On busy clients, this can result in + some requests being denied. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ldap_deref_threshold (integer)</term> <listitem> <para> diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 4f90b1853589197f6299708b20eb5bd61f2c4bab..ec3e62887e7365bc6687f58656cab14458a4a598 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -104,7 +104,8 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, - { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER } + { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, + { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE } }; struct sdap_attr_map ipa_attr_map[] = { diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 577e3e19624c56159fb4c2a6b5b188ebe284b4bd..98e02babf6d3a3f208e5555abcf5c7dd8e50bb3f 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 56 +#define IPA_OPTS_BASIC_TEST 57 /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 71921963a768a9975eca6432025704e06f28a2b8..5f6a63085fc5a2fb8b665cb7e0ae972e41650321 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -94,7 +94,8 @@ struct dp_option default_basic_opts[] = { { "ldap_page_size", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER }, { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER }, { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, - { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER } + { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, + { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE } }; struct sdap_attr_map generic_attr_map[] = { diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index da328d27caa5e01ce0b6ad6ea5effbc69a4ade4b..74e09195ea4b4c9f92e888336d0973c84c69c21f 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -205,6 +205,7 @@ enum sdap_basic_opt { SDAP_DEREF_THRESHOLD, SDAP_SASL_CANONICALIZE, SDAP_EXPIRE_TIMEOUT, + SDAP_DISABLE_PAGING, SDAP_OPTS_BASIC /* opts counter */ }; diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 0719f74be6b8b167f00a69abcd13a98ea36fc2e1..c2f616bef13744916d2b0c5bab92524566959af9 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -978,6 +978,7 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) int optret; errno_t ret; int msgid; + bool disable_paging; LDAPControl *page_control = NULL; @@ -999,8 +1000,11 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) } } - if (sdap_is_control_supported(state->sh, - LDAP_CONTROL_PAGEDRESULTS)) { + disable_paging = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_PAGING); + + if (!disable_paging + && sdap_is_control_supported(state->sh, + LDAP_CONTROL_PAGEDRESULTS)) { lret = ldap_create_page_control(state->sh->ldap, state->sh->page_size, state->cookie.bv_val ? -- 1.7.7.5
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
