From 6c4e8869ba6121ddbc6e1eca880c39b0af3391e0 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 25 Oct 2017 11:38:55 +0300 Subject: [PATCH 15/17] configure.ac: detect extended NSS API provided by SSSD SSSD exposes an extended NSS API via libsss_nss_idmap. This API allows to query getpwnam()/getgrnam()/getgruid()/getpwuid()/getgrouplist() information with a timeout per request. As result, an application has possibility to cancel too long request. This API also allows to ignore SSSD cache or invalidate it when requesting certain information. slapi-nis needs this functionality when invalidating own entries as result of changes done by other LDAP clients in the areas which slapi-nis doesn't track directly. For example, an update of ID override in the Default Trust View should invalidate user or group entry for that AD object. Since retrieval of the user/group information relies on SSSD, SSSD needs to be notified that there is a change in ID override and evict the entry from its cache as well. --- configure.ac | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/configure.ac b/configure.ac index f82a47e..a958607 100644 --- a/configure.ac +++ b/configure.ac @@ -361,8 +361,13 @@ if test "x$use_nsswitch" != xno ; then SSS_NSS_IDMAP_LIBS= fi fi + AC_SUBST(SSS_NSS_IDMAP_CFLAGS) AC_SUBST(SSS_NSS_IDMAP_LIBS) + AC_CHECK_LIB(sss_nss_idmap,sss_nss_getpwnam_timeout) + if test "x$ac_cv_lib_sss_nss_idmap_sss_nss_getpwnam_timeout" = xyes ; then + AC_DEFINE(USE_SSS_NSS_TIMEOUT,1,[Use extended NSS API provided by SSSD]) + fi if test "x$use_pam" != xno ; then AC_CHECK_HEADERS(security/pam_appl.h) @@ -384,6 +389,7 @@ if test "x$use_nsswitch" != xno ; then fi AC_DEFINE(USE_NSSWITCH,1,[Use nsswitch API to lookup users and groups not found in the LDAP tree]) fi +AM_CONDITIONAL([USE_SSS_NSS_TIMEOUT], [test "x$ac_cv_lib_sss_nss_idmap_sss_nss_getpwnam_timeout" = xyes]) use_idviews=true AC_ARG_WITH(idviews, -- 2.13.6