summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2014-08-01 12:11:54 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-08-11 16:01:26 +0200
commit6e6c099b02014d6e2ed97a057c6c521db9c30139 (patch)
treec7619fd0d860bd9158deb871bf7d83a5e0a69825
parent34e1d900fcb37a8e9f8b9c28467f37cd30ed854a (diff)
downloadsssd-6e6c099b02014d6e2ed97a057c6c521db9c30139.tar.gz
sssd-6e6c099b02014d6e2ed97a057c6c521db9c30139.tar.xz
sssd-6e6c099b02014d6e2ed97a057c6c521db9c30139.zip
ad initgroups: continue if resolved SID is still missing
https://fedorahosted.org/sssd/ticket/2389 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 983983dd1629ab33eab340a40d9ee83965a339c6)
-rw-r--r--src/providers/ldap/sdap_async_initgroups_ad.c19
1 files changed, 13 insertions, 6 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index f52952d97..394a5b0e9 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -1219,13 +1219,20 @@ sdap_ad_tokengroups_update_posix_members(TALLOC_CTX *mem_ctx,
goto done;
}
num_valid_groups++;
- } else if (ret == ENOENT && _missing != NULL) {
- /* we need to download this group */
- missing_sids[num_missing_sids] = talloc_steal(missing_sids, sid);
- num_missing_sids++;
+ } else if (ret == ENOENT) {
+ if (_missing != NULL) {
+ /* we need to download this group */
+ missing_sids[num_missing_sids] = talloc_steal(missing_sids,
+ sid);
+ num_missing_sids++;
+
+ DEBUG(SSSDBG_TRACE_FUNC, "Missing SID %s will be downloaded\n",
+ sid);
+ }
- DEBUG(SSSDBG_TRACE_FUNC, "Missing SID %s will be downloaded\n",
- sid);
+ /* else: We have downloaded missing groups but some of them may
+ * remained missing because they are outside of search base. We
+ * will just ignore them and continue with the next group. */
} else {
DEBUG(SSSDBG_MINOR_FAILURE, "Could not look up SID %s in sysdb: "
"[%s]\n", sid, strerror(ret));