On Thu, 2012-02-23 at 14:08 -0500, Stephen Gallagher wrote: > On Thu, 2012-02-23 at 11:34 +0100, Jakub Hrozek wrote: > > On Wed, Feb 22, 2012 at 09:04:37AM -0500, Stephen Gallagher wrote: > > > On Wed, 2012-02-22 at 12:22 +0100, Jakub Hrozek wrote: > > > > On Tue, Feb 21, 2012 at 09:31:13PM -0500, Stephen Gallagher wrote: > > > > > The paging control can cause issues on servers that put limits on > > > > > how many paging controls can be active at one time (on some > > > > > servers, it is limited to one per connection). We need to reduce > > > > > our usage so that we only activate the paging control when making > > > > > a request that may return an arbitrary number of results. > > > > > > > > > > This is the first step to solving > > > > > https://fedorahosted.org/sssd/ticket/1202 but I wanted to get this > > > > > patch > > > > > on the list immediately since it changes the semantics of > > > > > sdap_get_generic_send() (and is therefore likely to need merging with > > > > > other in-progress patches). > > > > > > > > > > Please review immediately. > > > > > > > > > > > > > > > I am still working on the second half of the fix for 1202, which will > > > > > involve serializing requests that require the paging control to ensure > > > > > that we only run one paged request at a time. > > > > > > > > I'm not sure this would work for deref because deref searches hardcode > > > > the scope to LDAP_SCOPE_BASE, but this check: > > > > > > > > + > > > > + /* Be extra careful and never allow paging for BASE searches, > > > > + * even if requested. > > > > + */ > > > > + if (scope == LDAP_SCOPE_BASE) { > > > > + state->allow_paging = false; > > > > + } else { > > > > + state->allow_paging = allow_paging; > > > > + } > > > > + > > > > > > > > Would reset paging to false. > > > > > > > > > Good catch. That's mostly in there so I don't have to have ugly checks > > > on every scope for multiple search base routines. I added a new > > > additional check after that for whether the serverctrls argument > > > contains an ASQ or X_DEREF control and force the allow_paging option to > > > true if so. > > > > > > New patch attached. > > > > This doesn't work, at the time of the check state->serverctrls is still > > NULL. You need to either check just "serverctrls" or move the check > > later after state->serverctrls is assigned. > > Oops, that was stupid. > > New patch attached.
Rebased atop the current master (including Jakub's autofs search base patch).
From 6a89b543bba9c2e6e4150bf6ce46f1874d81ec02 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <sgall...@redhat.com> Date: Tue, 21 Feb 2012 21:03:26 -0500 Subject: [PATCH] LDAP: Only use paging control on requests for multiple entries The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one --- src/providers/ipa/ipa_config.c | 3 +- src/providers/ipa/ipa_hbac_rules.c | 3 +- src/providers/ipa/ipa_hbac_services.c | 6 ++- src/providers/ipa/ipa_hosts.c | 6 ++- src/providers/ipa/ipa_netgroups.c | 15 ++++----- src/providers/ipa/ipa_selinux_maps.c | 3 +- src/providers/ldap/sdap_access.c | 3 +- src/providers/ldap/sdap_async.c | 45 ++++++++++++++++++++++++--- src/providers/ldap/sdap_async.h | 3 +- src/providers/ldap/sdap_async_autofs.c | 5 ++- src/providers/ldap/sdap_async_groups.c | 15 ++++++--- src/providers/ldap/sdap_async_initgroups.c | 18 +++++++---- src/providers/ldap/sdap_async_netgroups.c | 6 ++- src/providers/ldap/sdap_async_services.c | 3 +- src/providers/ldap/sdap_async_users.c | 3 +- src/providers/ldap/sdap_sudo.c | 3 +- 16 files changed, 100 insertions(+), 40 deletions(-) diff --git a/src/providers/ipa/ipa_config.c b/src/providers/ipa/ipa_config.c index 62a9a485d19efa0c77abb433ec7e576dc2e63599..2afa3d326770d90370abbcee31f8d8af61a1ad85 100644 --- a/src/providers/ipa/ipa_config.c +++ b/src/providers/ipa/ipa_config.c @@ -88,7 +88,8 @@ ipa_get_config_send(TALLOC_CTX *mem_ctx, LDAP_SCOPE_SUBTREE, IPA_CONFIG_FILTER, state->attrs, NULL, 0, dp_opt_get_int(opts->basic, - SDAP_ENUM_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT), + false); if (subreq == NULL) { ret = ENOMEM; goto done; diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c index c07cf332b3a509fcf3c142253db269d815268e79..49dcdfa0a345b1af7e155ff86db7e2f584992f0e 100644 --- a/src/providers/ipa/ipa_hbac_rules.c +++ b/src/providers/ipa/ipa_hbac_rules.c @@ -233,7 +233,8 @@ ipa_hbac_rule_info_next(struct tevent_req *req, state->cur_filter, state->attrs, NULL, 0, dp_opt_get_int(state->opts->basic, - SDAP_ENUM_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT), + true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_get_generic_send failed.\n")); return ENOMEM; diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c index 3bbdc8ba1216b118425f58596694a51dbc798394..4f0f5f7b1127a01f27ec4703dee7f73cd565dd91 100644 --- a/src/providers/ipa/ipa_hbac_services.c +++ b/src/providers/ipa/ipa_hbac_services.c @@ -154,7 +154,8 @@ static errno_t ipa_hbac_service_info_next(struct tevent_req *req, state->cur_filter, state->attrs, NULL, 0, dp_opt_get_int(state->opts->basic, - SDAP_ENUM_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT), + true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting service info\n")); return EIO; @@ -267,7 +268,8 @@ ipa_hbac_servicegroup_info_next(struct tevent_req *req, base->basedn, base->scope, state->cur_filter, state->attrs, NULL, 0, dp_opt_get_int(state->opts->basic, - SDAP_ENUM_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT), + true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting servicegroup info\n")); return EIO; diff --git a/src/providers/ipa/ipa_hosts.c b/src/providers/ipa/ipa_hosts.c index e939ab7f17ea837de12889543e192fac1b659c23..5e41c1ee20e4b86a1633af0ef5f692e1473c8ffb 100644 --- a/src/providers/ipa/ipa_hosts.c +++ b/src/providers/ipa/ipa_hosts.c @@ -169,7 +169,8 @@ static errno_t ipa_host_info_next(struct tevent_req *req, state->attrs, state->map, state->map_num_attrs, dp_opt_get_int(state->opts->basic, - SDAP_ENUM_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT), + true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting host info\n")); talloc_zfree(state->cur_filter); @@ -311,7 +312,8 @@ static errno_t ipa_hostgroup_info_next(struct tevent_req *req, state->cur_filter, state->attrs, hostgroup_map, HOSTGROUP_MAP_ATTRS_COUNT, dp_opt_get_int(state->opts->basic, - SDAP_ENUM_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT), + true); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error requesting hostgroup info\n")); talloc_zfree(state->cur_filter); diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 647818fa7b31d630cb427acfbc661cbc1daf75f5..5acab31f8f61660caaaf2d15c31fc27be45f27f5 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -269,7 +269,8 @@ static errno_t ipa_netgr_next_base(struct tevent_req *req) netgr_bases[state->netgr_base_iter]->scope, state->filter, state->attrs, state->opts->netgroup_map, IPA_OPTS_NETGROUP, - state->timeout); + state->timeout, + true); if (!subreq) { return ENOMEM; } @@ -449,7 +450,7 @@ static int ipa_netgr_fetch_netgroups(struct ipa_get_netgroups_state *state, bases[state->netgr_base_iter]->basedn, bases[state->netgr_base_iter]->scope, filter, state->attrs, state->opts->netgroup_map, - IPA_OPTS_NETGROUP, state->timeout); + IPA_OPTS_NETGROUP, state->timeout, true); state->current_entity = ENTITY_NG; if (subreq == NULL) { @@ -489,9 +490,8 @@ static int ipa_netgr_fetch_users(struct ipa_get_netgroups_state *state, dp_opt_get_string(state->opts->basic, SDAP_USER_SEARCH_BASE), LDAP_SCOPE_SUBTREE, - filter, attrs, - state->opts->user_map, - SDAP_OPTS_USER, state->timeout); + filter, attrs, state->opts->user_map, + SDAP_OPTS_USER, state->timeout, true); state->current_entity = ENTITY_USER; if (subreq == NULL) { @@ -537,9 +537,8 @@ static int ipa_netgr_fetch_hosts(struct ipa_get_netgroups_state *state, subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, bases[state->host_base_iter]->basedn, bases[state->host_base_iter]->scope, - filter, attrs, - state->opts->host_map, - IPA_OPTS_HOST, state->timeout); + filter, attrs, state->opts->host_map, + IPA_OPTS_HOST, state->timeout, true); state->current_entity = ENTITY_HOST; if (subreq == NULL) { diff --git a/src/providers/ipa/ipa_selinux_maps.c b/src/providers/ipa/ipa_selinux_maps.c index 87650f6ce80dce2fb2d16bdea2227bc1a025a501..d642da7d013fd1ca0eabdd3905cf8e3ebe2c887e 100644 --- a/src/providers/ipa/ipa_selinux_maps.c +++ b/src/providers/ipa/ipa_selinux_maps.c @@ -133,7 +133,8 @@ ipa_selinux_get_maps_next(struct tevent_req *req, state->opts->selinuxuser_map, IPA_OPTS_SELINUX_USERMAP, dp_opt_get_int(state->opts->basic, - SDAP_ENUM_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT), + true); if (subreq == NULL) { return ENOMEM; } diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index 287ba1254f25110fc85bbf5a18e77e2f7fa15029..1e923fd32681ca36d3fb1d8e250a29cfe1957c8b 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -940,7 +940,8 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) state->filter, NULL, NULL, 0, dp_opt_get_int(state->sdap_ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (subreq == NULL) { DEBUG(1, ("Could not start LDAP communication\n")); state->pam_status = PAM_SYSTEM_ERR; diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 2b9268de4459136a97f48c6d4cd4a769a1d80643..306d76227b0add6dd4ad9a675dcfbb2b359544f6 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -870,7 +870,8 @@ struct tevent_req *sdap_get_rootdse_send(TALLOC_CTX *memctx, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, NULL, 0, dp_opt_get_int(state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { talloc_zfree(req); return NULL; @@ -1023,6 +1024,7 @@ struct sdap_get_generic_ext_state { sdap_parse_cb parse_cb; void *cb_data; + bool allow_paging; }; static errno_t sdap_get_generic_ext_step(struct tevent_req *req); @@ -1045,6 +1047,7 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx, LDAPControl **clientctrls, int sizelimit, int timeout, + bool allow_paging, sdap_parse_cb parse_cb, void *cb_data) { @@ -1052,6 +1055,7 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx, struct sdap_get_generic_ext_state *state; struct tevent_req *req; int i; + LDAPControl *control; req = tevent_req_create(memctx, &state, struct sdap_get_generic_ext_state); if (!req) return NULL; @@ -1073,6 +1077,35 @@ sdap_get_generic_ext_send(TALLOC_CTX *memctx, state->cb_data = cb_data; state->clientctrls = clientctrls; + + /* Be extra careful and never allow paging for BASE searches, + * even if requested. + */ + if (scope == LDAP_SCOPE_BASE) { + state->allow_paging = false; + } else { + state->allow_paging = allow_paging; + } + + /* Also check for deref/asq requests and force + * paging on for those requests + */ + /* X-DEREF */ + control = ldap_control_find(LDAP_CONTROL_X_DEREF, + serverctrls, + NULL); + if (control) { + state->allow_paging = true; + } + + /* ASQ */ + control = ldap_control_find(LDAP_SERVER_ASQ_OID, + serverctrls, + NULL); + if (control) { + state->allow_paging = true; + } + for (state->nserverctrls=0; serverctrls && serverctrls[state->nserverctrls]; state->nserverctrls++) ; @@ -1135,6 +1168,7 @@ static errno_t sdap_get_generic_ext_step(struct tevent_req *req) disable_paging = dp_opt_get_bool(state->opts->basic, SDAP_DISABLE_PAGING); if (!disable_paging + && state->allow_paging && sdap_is_control_supported(state->sh, LDAP_CONTROL_PAGEDRESULTS)) { lret = ldap_create_page_control(state->sh->ldap, @@ -1347,7 +1381,8 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx, const char **attrs, struct sdap_attr_map *map, int map_num_attrs, - int timeout) + int timeout, + bool allow_paging) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; @@ -1361,7 +1396,7 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx, subreq = sdap_get_generic_ext_send(state, ev, opts, sh, search_base, scope, filter, attrs, false, NULL, - NULL, 0, timeout, + NULL, 0, timeout, allow_paging, sdap_get_generic_parse_entry, state); if (!subreq) { talloc_zfree(req); @@ -1495,7 +1530,7 @@ sdap_x_deref_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, - sdap_x_deref_parse_entry, + true, sdap_x_deref_parse_entry, state); if (!subreq) { talloc_zfree(req); @@ -1720,7 +1755,7 @@ sdap_asq_search_send(TALLOC_CTX *memctx, struct tevent_context *ev, subreq = sdap_get_generic_ext_send(state, ev, opts, sh, base_dn, LDAP_SCOPE_BASE, NULL, attrs, false, state->ctrls, NULL, 0, timeout, - sdap_asq_search_parse_entry, + true, sdap_asq_search_parse_entry, state); if (!subreq) { talloc_zfree(req); diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 47d1014925932ae93c5c9d4c45b78d3babe394dd..870f153107d91ba7fa32a6c59a9c9a20907a989d 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -171,7 +171,8 @@ struct tevent_req *sdap_get_generic_send(TALLOC_CTX *memctx, const char **attrs, struct sdap_attr_map *map, int map_num_attrs, - int timeout); + int timeout, + bool allow_paging); int sdap_get_generic_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *reply_count, struct sysdb_attrs ***reply_list); diff --git a/src/providers/ldap/sdap_async_autofs.c b/src/providers/ldap/sdap_async_autofs.c index 9025fe993f70d4fc1ae999a812b645f0183e6dde..ea034c2f541dd042cfa5559de2b2def5dcd64f4f 100644 --- a/src/providers/ldap/sdap_async_autofs.c +++ b/src/providers/ldap/sdap_async_autofs.c @@ -309,7 +309,7 @@ automntmaps_process_members_next_base(struct tevent_req *req) state->filter, state->attrs, state->opts->autofs_entry_map, SDAP_OPTS_AUTOFS_ENTRY, - state->timeout); + state->timeout, true); if (!subreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot start search for entries\n")); return EIO; @@ -492,7 +492,8 @@ sdap_get_automntmap_next_base(struct tevent_req *req) state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->autofs_mobject_map, SDAP_OPTS_AUTOFS_MAP, - state->timeout); + state->timeout, + false); if (!subreq) { return EIO; } diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index aefe3538587a89816ea0750a0b49ef0e863d7965..d58ed468c29af27cc0ac6d705995377ca8d25369 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -746,7 +746,8 @@ sdap_process_missing_member_2307bis(struct tevent_req *req, grp_state->opts->user_map, SDAP_OPTS_USER, dp_opt_get_int(grp_state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { return ENOMEM; } @@ -1109,7 +1110,8 @@ next: state->opts->user_map, SDAP_OPTS_USER, dp_opt_get_int(state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1258,7 +1260,8 @@ static errno_t sdap_get_groups_next_base(struct tevent_req *req) state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, - state->timeout); + state->timeout, + state->enumeration); /* If we're enumerating, we need paging */ if (!subreq) { return ENOMEM; } @@ -2537,7 +2540,8 @@ static errno_t sdap_nested_group_lookup_user(struct tevent_req *req, state->opts->user_map, SDAP_OPTS_USER, dp_opt_get_int(state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { talloc_free(sdap_attrs); return EIO; @@ -2618,7 +2622,8 @@ static errno_t sdap_nested_group_lookup_group(struct tevent_req *req) state->opts->group_map, SDAP_OPTS_GROUP, dp_opt_get_int(state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { talloc_free(sdap_attrs); return EIO; diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 683e51166f7744f3fec47ee084f3dfe9526e0fd6..2f8e1ef624968eb1f8218b6ad1d8c924e5fd6cbf 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -380,7 +380,8 @@ static errno_t sdap_initgr_rfc2307_next_base(struct tevent_req *req) state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, - state->timeout); + state->timeout, + true); if (!subreq) { return ENOMEM; } @@ -774,7 +775,8 @@ static errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req) state->filter, state->grp_attrs, state->opts->group_map, SDAP_OPTS_GROUP, dp_opt_get_int(state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { return ENOMEM; } @@ -904,7 +906,8 @@ static void sdap_initgr_nested_search(struct tevent_req *subreq) state->opts->group_map, SDAP_OPTS_GROUP, dp_opt_get_int(state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1510,7 +1513,8 @@ static errno_t sdap_initgr_rfc2307bis_next_base(struct tevent_req *req) state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, - state->timeout); + state->timeout, + true); if (!subreq) { talloc_zfree(req); return ENOMEM; @@ -2154,7 +2158,8 @@ static errno_t rfc2307bis_nested_groups_next_base(struct tevent_req *req) state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->group_map, SDAP_OPTS_GROUP, - state->timeout); + state->timeout, + true); if (!subreq) { return ENOMEM; } @@ -2472,7 +2477,8 @@ static errno_t sdap_get_initgr_next_base(struct tevent_req *req) state->user_search_bases[state->user_base_iter]->scope, state->filter, state->user_attrs, state->opts->user_map, SDAP_OPTS_USER, - state->timeout); + state->timeout, + false); if (!subreq) { return ENOMEM; } diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index 37aa2f112d88834162135c29b8294af90898f922..931a1f86a1ad03dcfa87bf443f52b5031f0d9254 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -432,7 +432,8 @@ static errno_t netgr_translate_members_ldap_step(struct tevent_req *req) cn_attr, state->opts->netgroup_map, SDAP_OPTS_NETGROUP, dp_opt_get_int(state->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_SEARCH_TIMEOUT), + false); if (!subreq) { DEBUG(1, ("sdap_get_generic_send failed.\n")); return ENOMEM; @@ -621,7 +622,8 @@ static errno_t sdap_get_netgroups_next_base(struct tevent_req *req) state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->netgroup_map, SDAP_OPTS_NETGROUP, - state->timeout); + state->timeout, + false); if (!subreq) { return ENOMEM; } diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c index 5bc044630f1bdeded945d1878f02aa2acc55c3dd..783861c70bdfe472855758236cdc80b906097a08 100644 --- a/src/providers/ldap/sdap_async_services.c +++ b/src/providers/ldap/sdap_async_services.c @@ -148,7 +148,8 @@ sdap_get_services_next_base(struct tevent_req *req) state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->service_map, SDAP_OPTS_SERVICES, - state->timeout); + state->timeout, + state->enumeration); /* If we're enumerating, we need paging */ if (!subreq) { return ENOMEM; } diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index a8595ac8919c673df99aa91bf606bb3287cd97e2..57540749cc155c4300016a3b097c098c5afa3990 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -477,7 +477,8 @@ static errno_t sdap_get_users_next_base(struct tevent_req *req) state->search_bases[state->base_iter]->scope, state->filter, state->attrs, state->opts->user_map, SDAP_OPTS_USER, - state->timeout); + state->timeout, + state->enumeration); /* If we're enumerating, we need paging */ if (!subreq) { return ENOMEM; } diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 4aaf04ceda9fb917c4af6c6e41f6f2cef9237777..02d4f17bc5e01404156e0e8f9290ff620df8aa3f 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -514,7 +514,8 @@ static errno_t sdap_sudo_load_sudoers_next_base(struct tevent_req *req) state->attrs, state->opts->sudorule_map, SDAP_OPTS_SUDO, - state->timeout); + state->timeout, + true); if (subreq == NULL) { return ENOMEM; } -- 1.7.7.6
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
