diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-10-23 18:05:58 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-25 15:37:56 +0200 |
commit | d67a80baf0bdc888297d3587c98f8a12d4827ebc (patch) | |
tree | 34aa7815cdfb10989d036c13e15072dcf75efdbc /src/providers/ad | |
parent | 3a3fd60043234038c6ff6584a5b92fb757c4afe1 (diff) | |
download | sssd-d67a80baf0bdc888297d3587c98f8a12d4827ebc.tar.gz sssd-d67a80baf0bdc888297d3587c98f8a12d4827ebc.tar.xz sssd-d67a80baf0bdc888297d3587c98f8a12d4827ebc.zip |
AD: fall back to LDAP if GC is not available.
AD provider went offline if the Global Catalog could not be connected although
there was also the LDAP port available. With this patch, AD provider will
fall back to the LDAP port before going offline.
New boolean flag ignore_mark_offline was added to structure sdap_id_conn_ctx
If this flag is enabled function be_mark_offline will not be called.
Resolves:
https://fedorahosted.org/sssd/ticket/2104
Diffstat (limited to 'src/providers/ad')
-rw-r--r-- | src/providers/ad/ad_id.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index f09b9c6fe..20f9c23fa 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -118,6 +118,14 @@ ad_handle_acct_info_done(struct tevent_req *subreq) struct ad_handle_acct_info_state); ret = sdap_handle_acct_req_recv(subreq, &dp_error, &err, &sdap_err); + if (dp_error == DP_ERR_OFFLINE + && state->conn[state->cindex]->ignore_mark_offline) { + /* This is a special case: GC does not work. + * We need to Fall back to ldap + */ + ret = EOK; + sdap_err = ENOENT; + } talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); @@ -192,9 +200,12 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, /* Always try GC first */ clist[0] = ad_ctx->gc_ctx; if (IS_SUBDOMAIN(dom) == true) { + clist[0]->ignore_mark_offline = false; /* Subdomain users are only present in GC. */ break; } + /* fall back to ldap if gc is not available */ + clist[0]->ignore_mark_offline = true; /* With root domain users we have the option to * fall back to LDAP in case ie POSIX attributes |