diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2015-06-17 21:35:22 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-19 19:48:35 +0200 |
commit | 9fc96a4a2b07b92585b02dba161ab1eb2dbdad98 (patch) | |
tree | 44609b350e9503416762e41fdc4db72cc0ba1e72 /src | |
parent | 827a016a07d5f911cc4195be89896a376fd71f59 (diff) | |
download | sssd-9fc96a4a2b07b92585b02dba161ab1eb2dbdad98.tar.gz sssd-9fc96a4a2b07b92585b02dba161ab1eb2dbdad98.tar.xz sssd-9fc96a4a2b07b92585b02dba161ab1eb2dbdad98.zip |
SDAP: Remove user from cache for missing user in LDAP
Function sysdb_get_real_name overrode reurned code LDAP
and thus user was not removed from cache after removing it from LDAP.
This patch also do not try to set initgroups flag if user
does not exist. It reduce some error message.
Resolves:
https://fedorahosted.org/sssd/ticket/2681
Reviewed-by: Michal Židek <mzidek@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 47 |
1 files changed, 26 insertions, 21 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index ff117d829..3245e1b12 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1172,32 +1172,37 @@ static void groups_by_user_done(struct tevent_req *subreq) } state->sdap_ret = ret; - if (ret && ret != ENOENT) { - state->dp_error = dp_error; - tevent_req_error(req, ret); - return; - } - - /* state->name is still the name used for the original request. The cached - * object might have a different name, e.g. a fully-qualified name. */ - ret = sysdb_get_real_name(state, state->domain, state->name, &cname); - if (ret != EOK) { - cname = state->name; - DEBUG(SSSDBG_OP_FAILURE, "Failed to canonicalize name, using [%s].\n", - cname); + if (ret == EOK || ret == ENOENT) { + /* state->name is still the name used for the original req. The cached + * object might have a different name, e.g. a fully-qualified name. */ + ret = sysdb_get_real_name(state, state->domain, state->name, &cname); + if (ret != EOK) { + cname = state->name; + DEBUG(SSSDBG_OP_FAILURE, + "Failed to canonicalize name, using [%s].\n", cname); + } } - if (ret == ENOENT && state->noexist_delete == true) { - ret = sysdb_delete_user(state->domain, cname, 0); - if (ret != EOK && ret != ENOENT) { + switch (state->sdap_ret) { + case ENOENT: + if (state->noexist_delete == true) { + ret = sysdb_delete_user(state->domain, cname, 0); + if (ret != EOK && ret != ENOENT) { + tevent_req_error(req, ret); + return; + } + } + break; + case EOK: + ret = set_initgroups_expire_attribute(state->domain, cname); + if (ret != EOK) { + state->dp_error = DP_ERR_FATAL; tevent_req_error(req, ret); return; } - } - - ret = set_initgroups_expire_attribute(state->domain, cname); - if (ret != EOK) { - state->dp_error = DP_ERR_FATAL; + break; + default: + state->dp_error = dp_error; tevent_req_error(req, ret); return; } |