Skip to content

Instantly share code, notes, and snippets.

@acdha
Created March 6, 2009 18:28
Show Gist options
  • Save acdha/75008 to your computer and use it in GitHub Desktop.
Save acdha/75008 to your computer and use it in GitHub Desktop.
Changes pam_ldap to retrieve only the attributes it needs, avoiding things like jpegPhoto which can be huge. See http://bugzilla.padl.com/show_bug.cgi?id=366 and http://improbable.org/chris/index.php?ID=201
--- ../libpam-ldap-180/pam_ldap.c 2008-04-17 10:26:14.000000000 -0400
+++ pam_ldap.c 2008-04-17 10:16:34.000000000 -0400
@@ -2484,6 +2484,19 @@
_get_user_info (pam_ldap_session_t * session, const char *user)
{
char filter[LDAP_FILT_MAXSIZ], escapedUser[LDAP_FILT_MAXSIZ];
+ char *test_attrs[] = {
+ "host",
+ "authorizedService",
+ "shadowExpire",
+ "shadowFlag",
+ "shadowInactive",
+ "shadowLastChange",
+ "shadowMax",
+ "shadowMin",
+ "shadowWarning",
+ "uidNumber",
+ NULL
+ };
int rc;
LDAPMessage *res, *msg;
pam_ssd_t *ssd, ssdummy;
@@ -2538,7 +2551,7 @@
}
rc = ldap_search_s (session->ld, ssd->base, ssd->scope,
- filter, NULL, 0, &res);
+ filter, test_attrs, 0, &res);
if (rc != LDAP_SUCCESS &&
rc != LDAP_TIMELIMIT_EXCEEDED && rc != LDAP_SIZELIMIT_EXCEEDED)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment