GPO: Do not ignore missing attrs for GPOs

We don't want to skip over a GPO that might properly be denying users. [sssd[be[a.foo.com]]] [sdap_sd_search_send] (0x0400): Searching entry [cn={2BA15B73-9524-419F-B4B7-185E1F0D3DCF},cn=policies,cn=system,DC=foo,DC=com] using SD [sssd[be[a.foo.com]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(objectclass=*)][cn={2BA15B73-9524-419F-B4B7-185E1F0D3DCF},cn=policies,cn=system,DC=lzb,DC=hq]. [sssd[be[a.foo.com]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT] [sssd[be[a.foo.com]]] [sdap_get_generic_op_finished] (0x0400): Search result: Referral(10), 0000202B: RefErr: DSID-0310063C, data 0, 1 access points ref 1: 'lzb.hq' [sssd[be[a.foo.com]]] [sdap_get_generic_op_finished] (0x1000): Ref: ldap://foo.com/cn=%7B2BA15B73-9524-419F-B4B7-185E1F0D3DCF%7D,cn=policies,cn=system,DC=foo,DC=com [sssd[be[a.foo.com]]] [ad_gpo_get_gpo_attrs_done] (0x0040): no attrs found for GPO; try next GPO. Resolves: https://fedorahosted.org/sssd/ticket/2629 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> (cherry picked from commit 03e5f1528184a558fd990e66f083157b404dce08) (cherry picked from commit 7c8c34c1ad152892f93d8e01336258bfd0bc35b9)
author: Lukas Slebodnik <lslebodn@redhat.com> 2015-04-29 09:17:18 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-04-30 09:45:04 +0200
commit: 4a6ad832d1e758e39a5561b7b8c9978e0ca260eb (patch)
tree: 9220c42d7d825c125b2a4f651a4742295ac24213
parent: 4ce5c5b3553aed1da5581760ad8b86c98afcea14 (diff)
download: sssd-4a6ad832d1e758e39a5561b7b8c9978e0ca260eb.tar.gz
sssd-4a6ad832d1e758e39a5561b7b8c9978e0ca260eb.tar.xz
sssd-4a6ad832d1e758e39a5561b7b8c9978e0ca260eb.zip
1 files changed, 9 insertions, 3 deletions
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index d9385a958..3809d07ac 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -3491,9 +3491,15 @@ ad_gpo_get_gpo_attrs_done(struct tevent_req *subreq)
     }
 
     if ((num_results < 1) || (results == NULL)) {
-        DEBUG(SSSDBG_OP_FAILURE, "no attrs found for GPO; try next GPO.\n");
-        state->gpo_index++;
-        ret = ad_gpo_get_gpo_attrs_step(req);
+        const char *gpo_dn = state->candidate_gpos[state->gpo_index]->gpo_dn;
+
+        DEBUG(SSSDBG_OP_FAILURE,
+              "BUG: No attrs found for GPO [%s]. This was likely caused by "
+              "the GPO entry being a referred to another domain controller."
+              " SSSD does not yet support this configuration. See upstream "
+              "ticket #2645 for more information.\n",
+              gpo_dn);
+        ret = ERR_INTERNAL;
         goto done;
     }
     else if (num_results > 1) {
author	Lukas Slebodnik <lslebodn@redhat.com>	2015-04-29 09:17:18 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-04-30 09:45:04 +0200
commit	4a6ad832d1e758e39a5561b7b8c9978e0ca260eb (patch)
tree	9220c42d7d825c125b2a4f651a4742295ac24213
parent	4ce5c5b3553aed1da5581760ad8b86c98afcea14 (diff)
download	sssd-4a6ad832d1e758e39a5561b7b8c9978e0ca260eb.tar.gz sssd-4a6ad832d1e758e39a5561b7b8c9978e0ca260eb.tar.xz sssd-4a6ad832d1e758e39a5561b7b8c9978e0ca260eb.zip