c8d1c1b SDAP: Detect schemaNamingContext from the rootDSE

Authored and Committed by jhrozek 5 years ago
    SDAP: Detect schemaNamingContext from the rootDSE
    
    Whether an attribute is replicated to the Global Catalog or not can be
    detected by checking the value of the isMemberOfPartialAttributeSet
    attribute:
    https://docs.microsoft.com/en-us/windows/desktop/ADSchema/a-ismemberofpartialattributeset
    
    This attribute is present in all objects with the objectClass
    attributeSchema in AD:
    https://docs.microsoft.com/en-us/windows/desktop/AD/characteristics-of-attributes
    
    And finally, the attributeSchema objects in AD are present in a schema
    naming context. The schema naming context is replicated to all DCs in the
    forest even though their own naming context might be different:
    https://docs.microsoft.com/en-us/windows/desktop/ad/naming-contexts-and-partitions
    
    Where the schema naming context is located is given by the
    schemaNamingContext attribute of the rootDSE.
    
    This patch is trivial on its own and just reads schemaNamingContext from
    the rootDSE and stores it in the sdap_options structure for later use.
    
    Related:
    https://pagure.io/SSSD/sssd/issue/3755
    
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    
        
file modified
+10 -0
file modified
+3 -0