diff options
author | Sumit Bose <sbose@redhat.com> | 2015-04-29 15:21:17 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-06 10:43:54 +0200 |
commit | 35b178d02dfd293778aefbc0b465a5a3a4b6cd8f (patch) | |
tree | ba944c785b61be8c9442c85c8962e152a58a74ec /src/lib | |
parent | 3fe2e555edd3963d72483600e5d9616873afd00a (diff) | |
download | sssd-35b178d02dfd293778aefbc0b465a5a3a4b6cd8f.tar.gz sssd-35b178d02dfd293778aefbc0b465a5a3a4b6cd8f.tar.xz sssd-35b178d02dfd293778aefbc0b465a5a3a4b6cd8f.zip |
NSS: check for overrides before calling backend
Currently the flag that the input data in a user or group lookup request
might be an override value is only set if no cached entry was found. If
the cached entry of an object with overrides is expired and a request
with the override value as input is processed the flag is not set and
the backend might not be able to find the right entry on the server.
Typically this should not happen because of mid-point refreshes. To
reproduce this create a FreeIPA user and override the login name for a
specific view. On a client which has this view applied call
getent passwd overridename
sss_cache -E
getent passwd overridename
The second getent command will still show the right output but in the
logs a
[sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error
code: 3 errno: 0 error message: Account info lookup failed
message can be found for the second request.
Related to https://fedorahosted.org/sssd/ticket/2642
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/lib')
0 files changed, 0 insertions, 0 deletions