From 9db6a8a3ff686c56c2a269ff2fb12ddb7ae390da Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 7 May 2015 11:16:54 +0200 Subject: IPA: do not fail if view name lookup failed on older versions Depending on the version 389ds return a different error code if the search for the view name failed because our dereference attribute ipaAssignedIDView is not known. Newer version return LDAP_UNAVAILABLE_CRITICAL_EXTENSION(12) which is translated to EOPNOTSUPP and older versions return LDAP_PROTOCOL_ERROR(2) which is returned as EIO. In both cases we have to assume that the server is not view aware and keep the view name unset. Resolves https://fedorahosted.org/sssd/ticket/2650 Reviewed-by: Jakub Hrozek --- src/providers/ipa/ipa_subdomains.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src/providers/ipa/ipa_subdomains.c') diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 0fe2a8dd6..44751e48c 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -1055,7 +1055,14 @@ static void ipa_get_view_name_done(struct tevent_req *req) ret = sdap_deref_search_with_filter_recv(req, ctx, &reply_count, &reply); talloc_zfree(req); if (ret != EOK) { - if (ret == EOPNOTSUPP) { + /* Depending on the version 389ds return a different error code if the + * search for the view name failed because our dereference attribute + * ipaAssignedIDView is not known. Newer version return + * LDAP_UNAVAILABLE_CRITICAL_EXTENSION(12) which is translated to + * EOPNOTSUPP and older versions return LDAP_PROTOCOL_ERROR(2) which + * is returned as EIO. In both cases we have to assume that the server + * is not view aware and keep the view name unset. */ + if (ret == EOPNOTSUPP || ret == EIO) { DEBUG(SSSDBG_TRACE_FUNC, "get_view_name request failed, looks " \ "like server does not support views.\n"); ret = ipa_check_master(ctx); -- cgit