diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2016-02-23 11:02:42 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-03-01 16:38:52 +0100 |
| commit | 659232f194f83ec7c450ce89c3fd41e4e74409f2 (patch) | |
| tree | 1308a50c0411f0c49e90f67a3018eb9531086197 /src/providers/ldap | |
| parent | 012d334cec221d8abf86dffbbaf9649ec0a4b585 (diff) | |
| download | sssd-659232f194f83ec7c450ce89c3fd41e4e74409f2.tar.gz sssd-659232f194f83ec7c450ce89c3fd41e4e74409f2.tar.xz sssd-659232f194f83ec7c450ce89c3fd41e4e74409f2.zip | |
remove user certificate if not found on the server
If the user is not found by cert lookup when the user is already
cached, two things may happen:
1) cert was removed from the user object
2) user was removed
Instead of issuing another cert lookup we will just remove cert
attribute from the cache not touching the expiration timestamp so
the user may be updated later when needed.
Resolves:
https://fedorahosted.org/sssd/ticket/2934
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index b7cef4e13..8923e7e0c 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -529,6 +529,16 @@ static void users_get_done(struct tevent_req *subreq) */ break; + case BE_FILTER_CERT: + ret = sysdb_remove_cert(state->domain, state->name); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to remove user certificate" + "[%d]: %s\n", ret, sss_strerror(ret)); + tevent_req_error(req, ret); + return; + } + break; + default: tevent_req_error(req, EINVAL); return; |