diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-02-22 15:27:55 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-27 00:22:29 +0100 |
commit | f2c33281a740aea165a7c9dc32f3aee8fb139f36 (patch) | |
tree | db4f4e769721bd8e71c9de87fa0948ed5b6fc89c /src | |
parent | 24ee49904e91590e192983df16818567c060e12b (diff) | |
download | sssd-f2c33281a740aea165a7c9dc32f3aee8fb139f36.tar.gz sssd-f2c33281a740aea165a7c9dc32f3aee8fb139f36.tar.bz2 sssd-f2c33281a740aea165a7c9dc32f3aee8fb139f36.zip |
sdap_fill_memberships: continue if a member is not foud in sysdb
https://fedorahosted.org/sssd/ticket/1755
sdap_find_entry_by_origDN() may return ENOENT in these
non-error scenarios:
If a member is out of scope of configured nesting level, sssd
produces few noise lines indicating failure.
The worse case is when a member is outside of configured search
bases. In this case we save the group with incomplete membership,
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 76c077d8..d7885e6b 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -219,10 +219,14 @@ static int sdap_fill_memberships(struct sysdb_attrs *group_attrs, ret = sdap_find_entry_by_origDN(el->values, ctx, domain, (char *)values[i].data, (char **)&el->values[j].data); + if (ret == ENOENT) { + /* member may be outside of the configured search bases + * or out of scope of nesting limit */ + DEBUG(SSSDBG_MINOR_FAILURE, ("Member [%s] was not found in " + "cache. Is it out of scope?\n", (char *)values[i].data)); + continue; + } if (ret != EOK) { - /* This should never return ENOENT - * -> fail if it does - */ goto done; } |