diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-02-22 15:27:55 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-27 00:27:24 +0100 |
commit | 0aaf4a3eb0ab9a80d8a0b7b673dcc6624a29e8ad (patch) | |
tree | f5ee4ad9bda57e1b2287b458db024b10f0fe9994 /src/providers | |
parent | f6d33cba3a810aa3af53cdefb7201ddccc302dc6 (diff) | |
download | sssd-0aaf4a3eb0ab9a80d8a0b7b673dcc6624a29e8ad.tar.gz sssd-0aaf4a3eb0ab9a80d8a0b7b673dcc6624a29e8ad.tar.xz sssd-0aaf4a3eb0ab9a80d8a0b7b673dcc6624a29e8ad.zip |
sdap_fill_memberships: continue if a member is not foud in sysdb
https://fedorahosted.org/sssd/ticket/1755
sdap_find_entry_by_origDN() may return ENOENT in these
non-error scenarios:
If a member is out of scope of configured nesting level, sssd
produces few noise lines indicating failure.
The worse case is when a member is outside of configured search
bases. In this case we save the group with incomplete membership,
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index b82c157e5..dbb5037b8 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -217,10 +217,14 @@ static int sdap_fill_memberships(struct sysdb_attrs *group_attrs, ret = sdap_find_entry_by_origDN(el->values, ctx, domain, (char *)values[i].data, (char **)&el->values[j].data); + if (ret == ENOENT) { + /* member may be outside of the configured search bases + * or out of scope of nesting limit */ + DEBUG(SSSDBG_MINOR_FAILURE, ("Member [%s] was not found in " + "cache. Is it out of scope?\n", (char *)values[i].data)); + continue; + } if (ret != EOK) { - /* This should never return ENOENT - * -> fail if it does - */ goto done; } |