From f2c33281a740aea165a7c9dc32f3aee8fb139f36 Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Fri, 22 Feb 2013 15:27:55 +0100
Subject: sdap_fill_memberships: continue if a member is not foud in sysdb

https://fedorahosted.org/sssd/ticket/1755

sdap_find_entry_by_origDN() may return ENOENT in these
non-error scenarios:

If a member is out of scope of configured nesting level, sssd
produces few noise lines indicating failure.

The worse case is when a member is outside of configured search
bases. In this case we save the group with incomplete membership,
---
 src/providers/ldap/sdap_async_groups.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'src/providers/ldap/sdap_async_groups.c')

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 76c077d8..d7885e6b 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -219,10 +219,14 @@ static int sdap_fill_memberships(struct sysdb_attrs *group_attrs,
             ret = sdap_find_entry_by_origDN(el->values, ctx, domain,
                                             (char *)values[i].data,
                                             (char **)&el->values[j].data);
+            if (ret == ENOENT) {
+                /* member may be outside of the configured search bases
+                 * or out of scope of nesting limit */
+                DEBUG(SSSDBG_MINOR_FAILURE, ("Member [%s] was not found in "
+                      "cache. Is it out of scope?\n", (char *)values[i].data));
+                continue;
+            }
             if (ret != EOK) {
-                /* This should never return ENOENT
-                 * -> fail if it does
-                 */
                 goto done;
             }
 
-- 
cgit