diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-02 13:41:26 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-21 17:04:17 +0200 |
commit | 20162352030d1c577bb69d44e967d2c5839e5c0e (patch) | |
tree | c91f6695551af10a91b9baefb4a8f0dd4f461426 | |
parent | ece345a74cec793e6d970a4955beb3d4a05935b3 (diff) | |
download | sssd-20162352030d1c577bb69d44e967d2c5839e5c0e.tar.gz sssd-20162352030d1c577bb69d44e967d2c5839e5c0e.tar.xz sssd-20162352030d1c577bb69d44e967d2c5839e5c0e.zip |
IPA: Do not allow the AD lookup code to set backend as offline in server mode
https://fedorahosted.org/sssd/ticket/2637
In server mode, we should not allow the AD lookups to set the backend
offline. Rather just let them report an error and deal with the error
separately.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index ad1743ae5..7c609ab6e 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -634,6 +634,7 @@ ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto fail; } + clist[1]->ignore_mark_offline = true; break; default: clist = talloc_zero_array(req, struct sdap_id_conn_ctx *, 2); @@ -642,6 +643,7 @@ ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx, goto fail; } clist[0] = ad_id_ctx->ldap_ctx; + clist[0]->ignore_mark_offline = true; clist[1] = NULL; } @@ -1037,7 +1039,11 @@ ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq) ret = ad_handle_acct_info_recv(subreq, &state->dp_error, NULL); talloc_zfree(subreq); - if (ret != EOK) { + if (ret == ERR_SUBDOM_INACTIVE) { + be_mark_dom_offline(state->obj_dom, be_req_get_be_ctx(state->be_req)); + tevent_req_error(req, ret); + return; + } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "AD lookup failed: %d\n", ret); tevent_req_error(req, ret); return; |