ipa_range_check: Do not fail when no trusted domain is available

When building the domain to forest root map, we need to take the case
of IPA server having no trusted domains configured at all. Do not abort
the checks, but return an empty map instead.

Part of: https://fedorahosted.org/freeipa/ticket/4137

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

1 files changed, 10 insertions, 2 deletions

diff --git a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
index 9a51d4196..e9f69674c 100644
--- a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
+++ b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
@@ -173,6 +173,8 @@ static int build_domain_to_forest_root_map(struct domain_info **head,
     int search_result;
     int ret = 0;
 
+    LOG("Building forest root map \n");
+
     /* Set the base DN for the search to cn=ad, cn=trusts, $SUFFIX */
     ret = asprintf(&base, "cn=ad,cn=trusts,%s", ctx->base_dn);
     if (ret == -1) {
@@ -211,8 +213,14 @@ static int build_domain_to_forest_root_map(struct domain_info **head,
 
     ret = slapi_pblock_get(trusted_domain_search_pb, SLAPI_PLUGIN_INTOP_RESULT, &search_result);
     if (ret != 0 || search_result != LDAP_SUCCESS) {
-        LOG_FATAL("Internal search failed.\n");
-        ret = LDAP_OPERATIONS_ERROR;
+
+        /* If the search for the trusted domains fails,
+         * AD Trust support on IPA server is not available */
+
+        LOG("Empty forest root map as trusts are not enabled on this IPA server.\n");
+        ret = 0;
+        *head = NULL;
+
         goto done;
     }