summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2015-06-17 21:35:22 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-06-22 11:03:59 +0200
commitcc437c90f6848e4cbf7b1607411f7130d0326c6f (patch)
tree251c44b5096478da06fda9051c89b6bcc76b4343
parent5d0cae396c75aaedcc8e41542e6e8504700b6ac8 (diff)
downloadsssd-rhel-6.7.zip
sssd-rhel-6.7.tar.gz
sssd-rhel-6.7.tar.xz
SDAP: Remove user from cache for missing user in LDAPrhel-6.7
Function sysdb_get_real_name overrode reurned code LDAP and thus user was not removed from cache after removing it from LDAP. This patch also do not try to set initgroups flag if user does not exist. It reduce some error message. Resolves: https://fedorahosted.org/sssd/ticket/2681 Reviewed-by: Michal Židek <mzidek@redhat.com> (cherry picked from commit 9fc96a4a2b07b92585b02dba161ab1eb2dbdad98)
-rw-r--r--src/providers/ldap/ldap_id.c47
1 files changed, 26 insertions, 21 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index a53a7d7..4ebcd51 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -1142,32 +1142,37 @@ static void groups_by_user_done(struct tevent_req *subreq)
}
state->sdap_ret = ret;
- if (ret && ret != ENOENT) {
- state->dp_error = dp_error;
- tevent_req_error(req, ret);
- return;
- }
-
- /* state->name is still the name used for the original request. The cached
- * object might have a different name, e.g. a fully-qualified name. */
- ret = sysdb_get_real_name(state, state->domain, state->name, &cname);
- if (ret != EOK) {
- cname = state->name;
- DEBUG(SSSDBG_OP_FAILURE, "Failed to canonicalize name, using [%s].\n",
- cname);
+ if (ret == EOK || ret == ENOENT) {
+ /* state->name is still the name used for the original req. The cached
+ * object might have a different name, e.g. a fully-qualified name. */
+ ret = sysdb_get_real_name(state, state->domain, state->name, &cname);
+ if (ret != EOK) {
+ cname = state->name;
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to canonicalize name, using [%s].\n", cname);
+ }
}
- if (ret == ENOENT && state->noexist_delete == true) {
- ret = sysdb_delete_user(state->domain, cname, 0);
- if (ret != EOK && ret != ENOENT) {
+ switch (state->sdap_ret) {
+ case ENOENT:
+ if (state->noexist_delete == true) {
+ ret = sysdb_delete_user(state->domain, cname, 0);
+ if (ret != EOK && ret != ENOENT) {
+ tevent_req_error(req, ret);
+ return;
+ }
+ }
+ break;
+ case EOK:
+ ret = set_initgroups_expire_attribute(state->domain, cname);
+ if (ret != EOK) {
+ state->dp_error = DP_ERR_FATAL;
tevent_req_error(req, ret);
return;
}
- }
-
- ret = set_initgroups_expire_attribute(state->domain, cname);
- if (ret != EOK) {
- state->dp_error = DP_ERR_FATAL;
+ break;
+ default:
+ state->dp_error = dp_error;
tevent_req_error(req, ret);
return;
}