diff options
| -rw-r--r-- | src/providers/ad/ad_id.c | 11 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_common.h | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_id_op.c | 15 |
3 files changed, 24 insertions, 4 deletions
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index f09b9c6fe..20f9c23fa 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -118,6 +118,14 @@ ad_handle_acct_info_done(struct tevent_req *subreq) struct ad_handle_acct_info_state); ret = sdap_handle_acct_req_recv(subreq, &dp_error, &err, &sdap_err); + if (dp_error == DP_ERR_OFFLINE + && state->conn[state->cindex]->ignore_mark_offline) { + /* This is a special case: GC does not work. + * We need to Fall back to ldap + */ + ret = EOK; + sdap_err = ENOENT; + } talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); @@ -192,9 +200,12 @@ get_conn_list(struct be_req *breq, struct ad_id_ctx *ad_ctx, /* Always try GC first */ clist[0] = ad_ctx->gc_ctx; if (IS_SUBDOMAIN(dom) == true) { + clist[0]->ignore_mark_offline = false; /* Subdomain users are only present in GC. */ break; } + /* fall back to ldap if gc is not available */ + clist[0]->ignore_mark_offline = true; /* With root domain users we have the option to * fall back to LDAP in case ie POSIX attributes diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 0d565fc63..fb9a34c60 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -52,6 +52,8 @@ struct sdap_id_conn_ctx { struct sdap_id_conn_cache *conn_cache; /* dlinklist pointers */ struct sdap_id_conn_ctx *prev, *next; + /* do not go offline, try another connection */ + bool ignore_mark_offline; }; struct sdap_id_ctx { diff --git a/src/providers/ldap/sdap_id_op.c b/src/providers/ldap/sdap_id_op.c index 52cf78569..5e166e19f 100644 --- a/src/providers/ldap/sdap_id_op.c +++ b/src/providers/ldap/sdap_id_op.c @@ -553,10 +553,17 @@ static void sdap_id_op_connect_done(struct tevent_req *subreq) } if (ret != EOK && !can_retry) { - /* be is going offline as there is no more servers to try */ - DEBUG(1, ("Failed to connect, going offline (%d [%s])\n", - ret, strerror(ret))); - be_mark_offline(conn_cache->id_conn->id_ctx->be); + if (conn_cache->id_conn->ignore_mark_offline) { + DEBUG(SSSDBG_TRACE_FUNC, + ("Failed to connect to server, but ignore mark offline " + "is enabled.\n")); + } else { + /* be is going offline as there is no more servers to try */ + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to connect, going offline (%d [%s])\n", + ret, strerror(ret))); + be_mark_offline(conn_cache->id_conn->id_ctx->be); + } is_offline = true; } |