From bdd533146cb2da71b7c39ad0efa2e5baca7257eb Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Mon, 11 Apr 2016 12:31:05 +0200 Subject: GPO: Process GPOS in offline mode if ldap search failed Initgroup requests use global catalog for LDAP queries. Only port for global catalog is marked as offline if request fails due to problems with connection. However, GPO code uses standard LDAP port for retrieving of target DNs and other information. Previously, GPOs were processed in offline mode only if there were issues with connection to AD server. But connection can be cached and ldap search can still fail. Resolves: https://fedorahosted.org/sssd/ticket/2964 Reviewed-by: Jakub Hrozek --- src/providers/ad/ad_gpo.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'src') diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 3bd9ab037..3029ffe13 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -1821,6 +1821,26 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { ret = sdap_id_op_done(state->sdap_op, ret, &dp_error); + if (ret == EAGAIN && dp_error == DP_ERR_OFFLINE) { + DEBUG(SSSDBG_TRACE_FUNC, "Preparing for offline operation.\n"); + ret = process_offline_gpos(state, + state->user, + state->gpo_mode, + state->user_domain, + state->host_domain, + state->gpo_map_type); + + if (ret == EOK) { + DEBUG(SSSDBG_TRACE_FUNC, "process_offline_gpos succeeded\n"); + tevent_req_done(req); + goto done; + } else { + DEBUG(SSSDBG_OP_FAILURE, + "process_offline_gpos failed [%d](%s)\n", + ret, sss_strerror(ret)); + goto done; + } + } DEBUG(SSSDBG_OP_FAILURE, "Unable to get policy target's DN: [%d](%s)\n", -- cgit