diff options
author | Pavel Reichl <preichl@redhat.com> | 2014-07-10 10:48:42 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-07-21 11:48:53 +0200 |
commit | 5001bab712149a27ab37697d487b3f51082df26d (patch) | |
tree | 3d59b8e1e1b9c025de39b55002994218ec995d6a /src/providers/ldap | |
parent | deb0cc874606db31f454531c03d381fe0de76bd6 (diff) | |
download | sssd-5001bab712149a27ab37697d487b3f51082df26d.tar.gz sssd-5001bab712149a27ab37697d487b3f51082df26d.tar.xz sssd-5001bab712149a27ab37697d487b3f51082df26d.zip |
SDAP: Continue resolving SID even if some fail
Resolving groups obtained via Token-Groups in case of disabled ID mapping may
lead to failure as non-posix groups are not resolved. This patch amends
sdap_ad_resolve_sids_done() not to abruptly finish request if ENOENT is
returned.
Resolves:
https://fedorahosted.org/sssd/ticket/2345
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 1614e1b25a98ff2f03648c4bf61d750fb688285a)
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 7e79cea81..0ca8f2b04 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -648,7 +648,12 @@ static void sdap_ad_resolve_sids_done(struct tevent_req *subreq) ret = groups_get_recv(subreq, &dp_error, &sdap_error); talloc_zfree(subreq); - if (ret != EOK || sdap_error != EOK || dp_error != DP_ERR_OK) { + + if (ret == EOK && sdap_error == ENOENT && dp_error == DP_ERR_OK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Unable to resolve SID %s - will try next sid.\n", + state->current_sid); + } else if (ret != EOK || sdap_error != EOK || dp_error != DP_ERR_OK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to resolve SID %s [dp_error: %d, " "sdap_error: %d, ret: %d]: %s\n", state->current_sid, dp_error, sdap_error, ret, strerror(ret)); |