rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
70e9980ac6
sssd/0074-GPO-Do-not-ignore-missing-attrs-for-GPOs.patch

58 lines
2.5 KiB
Diff
Raw Blame History

From 7c8c34c1ad152892f93d8e01336258bfd0bc35b9 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Wed, 29 Apr 2015 09:17:18 +0200
Subject: [PATCH 74/99] GPO: Do not ignore missing attrs for GPOs
We don't want to skip over a GPO that might properly be denying
users.
[sssd[be[a.foo.com]]] [sdap_sd_search_send] (0x0400):
Searching entry [cn={2BA15B73-9524-419F-B4B7-185E1F0D3DCF},cn=policies,cn=system,DC=foo,DC=com] using SD
[sssd[be[a.foo.com]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with [(objectclass=*)][cn={2BA15B73-9524-419F-B4B7-185E1F0D3DCF},cn=policies,cn=system,DC=lzb,DC=hq].
[sssd[be[a.foo.com]]] [sdap_process_message] (0x4000):
Message type: [LDAP_RES_SEARCH_RESULT]
[sssd[be[a.foo.com]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Referral(10), 0000202B: RefErr: DSID-0310063C, data 0, 1 access points
ref 1: 'lzb.hq'
[sssd[be[a.foo.com]]] [sdap_get_generic_op_finished] (0x1000):
Ref: ldap://foo.com/cn=%7B2BA15B73-9524-419F-B4B7-185E1F0D3DCF%7D,cn=policies,cn=system,DC=foo,DC=com
[sssd[be[a.foo.com]]] [ad_gpo_get_gpo_attrs_done] (0x0040):
no attrs found for GPO; try next GPO.
Resolves:
https://fedorahosted.org/sssd/ticket/2629
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit 03e5f1528184a558fd990e66f083157b404dce08)
---
src/providers/ad/ad_gpo.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 990acf94ae6d8fbd8f0e512354d22e1d0a71c292..af864dfbe021438feceffd610cc0ad2b69ca670a 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -3497,9 +3497,15 @@ ad_gpo_get_gpo_attrs_done(struct tevent_req *subreq)
}
if ((num_results < 1) || (results == NULL)) {
- DEBUG(SSSDBG_OP_FAILURE, "no attrs found for GPO; try next GPO.\n");
- state->gpo_index++;
- ret = ad_gpo_get_gpo_attrs_step(req);
+ const char *gpo_dn = state->candidate_gpos[state->gpo_index]->gpo_dn;
+
+ DEBUG(SSSDBG_OP_FAILURE,
+ "BUG: No attrs found for GPO [%s]. This was likely caused by "
+ "the GPO entry being a referred to another domain controller."
+ " SSSD does not yet support this configuration. See upstream "
+ "ticket #2645 for more information.\n",
+ gpo_dn);
+ ret = ERR_INTERNAL;
goto done;
}
else if (num_results > 1) {
--
2.4.0
Reference in New Issue View Git Blame Copy Permalink