ldap: only search base of base_dn when checking connection

this should avoid most common size limitations. the search should also
complete quicker as fewer results need to be computed. note that this
way a configuration may be accepted, but the related sync job can
fail due to and exceeded size limit warning for some ldap servers
(such as 2.5.14+dfsg-0ubuntu0.22.04.2).

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This commit is contained in:
Stefan Sterz 2023-07-21 16:34:03 +02:00 committed by Wolfgang Bumiller
parent 92e02f6e33
commit c74167f528

View File

@ -177,11 +177,13 @@ impl Connection {
.await?
.success()
.context("LDAP bind failed, bind_dn or password could be incorrect")?;
}
// only search base to make sure the base_dn exists while avoiding most common size limits
let (_, _) = ldap
.search(
&self.config.base_dn,
Scope::Subtree,
Scope::Base,
"(objectClass=*)",
vec!["*"],
)
@ -189,18 +191,8 @@ impl Connection {
.success()
.context("Could not search LDAP realm, base_dn could be incorrect")?;
if self.config.bind_dn.is_some() {
let _: Result<(), _> = ldap.unbind().await; // ignore errors, search succeeded already
} else {
let (_, _) = ldap
.search(
&self.config.base_dn,
Scope::Subtree,
"(objectClass=*)",
vec!["*"],
)
.await?
.success()
.context("Could not search LDAP realm, base_dn could be incorrect")?;
}
Ok(())