SDAP: log expired accounts at lower severity level

Attempts to log into expired accounts were logged as SSSDBG_CRIT_FAILURE which is misleading as no real failures were happening. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Pavel Reichl <preichl@redhat.com> 2015-02-10 18:21:14 -0500
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-03-02 10:39:09 +0100
commit: c820e6db26426c9f74a0e8f8ff9d9cf79d57406a (patch)
tree: d196b4fa10d0e654798b2ea31a524886a3289fee /src/providers/ldap/sdap_access.c
parent: cfb6e8c83ce4800d2fc1f5383abef07ab2208092 (diff)
download: sssd-c820e6db26426c9f74a0e8f8ff9d9cf79d57406a.tar.gz
sssd-c820e6db26426c9f74a0e8f8ff9d9cf79d57406a.tar.xz
sssd-c820e6db26426c9f74a0e8f8ff9d9cf79d57406a.zip
1 files changed, 16 insertions, 4 deletions
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
index a6c882cae..52ea50ae2 100644
--- a/src/providers/ldap/sdap_access.c
+++ b/src/providers/ldap/sdap_access.c
@@ -668,26 +668,38 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx,
     } else {
         if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) {
             ret = sdap_account_expired_shadow(pd, user_entry);
-            if (ret != EOK) {
+            if (ret == ERR_ACCOUNT_EXPIRED) {
+                DEBUG(SSSDBG_TRACE_FUNC,
+                      "sdap_account_expired_shadow: %s.\n", sss_strerror(ret));
+            } else if (ret != EOK) {
                 DEBUG(SSSDBG_CRIT_FAILURE,
                       "sdap_account_expired_shadow failed.\n");
             }
         } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_AD) == 0) {
             ret = sdap_account_expired_ad(pd, user_entry);
-            if (ret != EOK) {
+            if (ret == ERR_ACCOUNT_EXPIRED || ret == ERR_ACCESS_DENIED) {
+                DEBUG(SSSDBG_TRACE_FUNC,
+                      "sdap_account_expired_ad: %s.\n", sss_strerror(ret));
+            } else if (ret != EOK) {
                 DEBUG(SSSDBG_CRIT_FAILURE, "sdap_account_expired_ad failed.\n");
             }
         } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_RHDS) == 0 ||
                    strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_IPA) == 0 ||
                    strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_389DS) == 0) {
             ret = sdap_account_expired_rhds(pd, user_entry);
-            if (ret != EOK) {
+            if (ret == ERR_ACCESS_DENIED) {
+                DEBUG(SSSDBG_TRACE_FUNC,
+                      "sdap_account_expired_rhds: %s.\n", sss_strerror(ret));
+            } else if (ret != EOK) {
                 DEBUG(SSSDBG_CRIT_FAILURE,
                       "sdap_account_expired_rhds failed.\n");
             }
         } else if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_NDS) == 0) {
             ret = sdap_account_expired_nds(pd, user_entry);
-            if (ret != EOK) {
+            if (ret == ERR_ACCESS_DENIED) {
+                DEBUG(SSSDBG_TRACE_FUNC,
+                      "sdap_account_expired_nds: %s.\n", sss_strerror(ret));
+            } else if (ret != EOK) {
                 DEBUG(SSSDBG_CRIT_FAILURE,
                       "sdap_account_expired_nds failed.\n");
             }
author	Pavel Reichl <preichl@redhat.com>	2015-02-10 18:21:14 -0500
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-03-02 10:39:09 +0100
commit	c820e6db26426c9f74a0e8f8ff9d9cf79d57406a (patch)
tree	d196b4fa10d0e654798b2ea31a524886a3289fee /src/providers/ldap/sdap_access.c
parent	cfb6e8c83ce4800d2fc1f5383abef07ab2208092 (diff)
download	sssd-c820e6db26426c9f74a0e8f8ff9d9cf79d57406a.tar.gz sssd-c820e6db26426c9f74a0e8f8ff9d9cf79d57406a.tar.xz sssd-c820e6db26426c9f74a0e8f8ff9d9cf79d57406a.zip