From 4a1e58d85409fbb7a12ac244c3dbef8c0c1b15df Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Thu, 9 Aug 2012 14:38:23 +0200
Subject: SRV resolution for backup servers should not be permitted.

https://fedorahosted.org/sssd/ticket/1463
---
 src/providers/ldap/ldap_common.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/providers/ldap')

diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 1fc5ebb55..570ec9709 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -1116,7 +1116,7 @@ errno_t sdap_urls_init(struct be_ctx *ctx,
     char *srv_user_data;
     char **list = NULL;
     LDAPURLDesc *lud;
-    errno_t ret;
+    errno_t ret = 0;
     int i;
 
     tmp_ctx = talloc_new(NULL);
@@ -1135,6 +1135,14 @@ errno_t sdap_urls_init(struct be_ctx *ctx,
     /* now for each URI add a new server to the failover service */
     for (i = 0; list[i]; i++) {
         if (be_fo_is_srv_identifier(list[i])) {
+            if (!primary) {
+                DEBUG(SSSDBG_MINOR_FAILURE,
+                      ("Failed to add server [%s] to failover service: "
+                       "SRV resolution only allowed for primary servers!\n",
+                       list[i]));
+                continue;
+            }
+
             if (!dns_service_name) {
                 DEBUG(0, ("Missing DNS service name for service [%s].\n",
                           service_name));
-- 
cgit