summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2013-02-22 15:27:55 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-02-27 00:22:29 +0100
commitf2c33281a740aea165a7c9dc32f3aee8fb139f36 (patch)
treedb4f4e769721bd8e71c9de87fa0948ed5b6fc89c
parent24ee49904e91590e192983df16818567c060e12b (diff)
downloadsssd-f2c33281a740aea165a7c9dc32f3aee8fb139f36.tar.gz
sssd-f2c33281a740aea165a7c9dc32f3aee8fb139f36.tar.bz2
sssd-f2c33281a740aea165a7c9dc32f3aee8fb139f36.zip
sdap_fill_memberships: continue if a member is not foud in sysdb
https://fedorahosted.org/sssd/ticket/1755 sdap_find_entry_by_origDN() may return ENOENT in these non-error scenarios: If a member is out of scope of configured nesting level, sssd produces few noise lines indicating failure. The worse case is when a member is outside of configured search bases. In this case we save the group with incomplete membership,
-rw-r--r--src/providers/ldap/sdap_async_groups.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 76c077d8..d7885e6b 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -219,10 +219,14 @@ static int sdap_fill_memberships(struct sysdb_attrs *group_attrs,
ret = sdap_find_entry_by_origDN(el->values, ctx, domain,
(char *)values[i].data,
(char **)&el->values[j].data);
+ if (ret == ENOENT) {
+ /* member may be outside of the configured search bases
+ * or out of scope of nesting limit */
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Member [%s] was not found in "
+ "cache. Is it out of scope?\n", (char *)values[i].data));
+ continue;
+ }
if (ret != EOK) {
- /* This should never return ENOENT
- * -> fail if it does
- */
goto done;
}