diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2014-01-05 21:36:09 +0100 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2014-01-05 21:36:14 +0100 |
| commit | be94912a9d236bbe3d5b0e17b771727b0054906d (patch) | |
| tree | 39f05104307bacb105f3b6aa9231eb16d155299e /nslcd | |
| parent | 0d3fa5d2621e771283c75f10cb4d3cba9a56be52 (diff) | |
Support blanking the member attribute
This allows remapping the member attribute to an empty string which
removes support for that attribute. This can reduce the number of search
operations if the attribute is not used.
Diffstat (limited to 'nslcd')
| -rw-r--r-- | nslcd/attmap.c | 6 | ||||
| -rw-r--r-- | nslcd/group.c | 8 |
2 files changed, 11 insertions, 3 deletions
diff --git a/nslcd/attmap.c b/nslcd/attmap.c index 08130fa..1911273 100644 --- a/nslcd/attmap.c +++ b/nslcd/attmap.c @@ -2,7 +2,7 @@ attmap.c - attribute mapping values and functions This file is part of the nss-pam-ldapd library. - Copyright (C) 2007, 2008, 2009, 2010, 2011, 2012 Arthur de Jong + Copyright (C) 2007-2014 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -217,6 +217,7 @@ const char *attmap_set_mapping(const char **var, const char *value) (note that this needs to match the functionality in the specific lookup module) */ if ((var != &attmap_group_userPassword) && + (var != &attmap_group_member) && (var != &attmap_passwd_userPassword) && (var != &attmap_passwd_gidNumber) && (var != &attmap_passwd_gecos) && @@ -231,6 +232,9 @@ const char *attmap_set_mapping(const char **var, const char *value) (var != &attmap_shadow_shadowExpire) && (var != &attmap_shadow_shadowFlag)) return NULL; + /* the member attribute may only be set to an empty string */ + if ((var == attmap_group_member) && (strcmp(value, "\"\"") != 0)) + return NULL; } /* check if the value will be changed */ if ((*var == NULL) || (strcmp(*var, value) != 0)) diff --git a/nslcd/group.c b/nslcd/group.c index 5ce6730..1455930 100644 --- a/nslcd/group.c +++ b/nslcd/group.c @@ -123,7 +123,8 @@ static int mkfilter_group_bymember(MYLDAP_SESSION *session, if (myldap_escape(uid, safeuid, sizeof(safeuid))) return -1; /* try to translate uid to DN */ - if (uid2dn(session, uid, dn, sizeof(dn)) == NULL) + if ((strcasecmp(attmap_group_member, "\"\"") == 0) || + (uid2dn(session, uid, dn, sizeof(dn)) == NULL)) return mysnprintf(buffer, buflen, "(&%s(%s=%s))", group_filter, attmap_group_memberUid, safeuid); /* escape DN */ @@ -227,6 +228,9 @@ static void getmembers(MYLDAP_ENTRY *entry, MYLDAP_SESSION *session, if (isvalidname(values[i])) set_add(members, values[i]); } + /* skip rest if attmap_group_member is blank */ + if (strcasecmp(attmap_group_member, "\"\"") == 0) + return; /* add the member values */ values = myldap_get_values(entry, attmap_group_member); if (values != NULL) @@ -423,7 +427,7 @@ int nslcd_group_bymember(TFILE *fp, MYLDAP_SESSION *session) log_log(LOG_WARNING, "nslcd_group_bymember(): filter buffer too small"); return -1; } - if (nslcd_cfg->nss_nested_groups) + if ((nslcd_cfg->nss_nested_groups) && (strcasecmp(attmap_group_member, "\"\"") != 0)) { seen = set_new(); tocheck = set_new(); |