URL: https://github.com/SSSD/sssd/pull/248
Author: justin-stephenson
Title: #248: IPA: Improve s2n debug message for missing ipaNTSecurityIdentifier
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/248/head:pr248
git checkout pr248
From fb178cd4d7df1ad95ee35805df3d87f73b5b9267 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Tue, 25 Apr 2017 13:02:10 -0400
Subject: [PATCH] IPA: Improve s2n debug message for missing
ipaNTSecurityIdentifier
This patch improves the log message to be more information for
the SSSD user troubleshooting issues.
If the IDM POSIX group used for AD trust HBAC/SUDO operation is missing
the ipaNTSecurityIdentifier it can cause client s2n operations failures
resolving the group which resulted in the inability to login for the AD
user.
---
src/providers/ipa/ipa_s2n_exop.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 55ec904..f5f4401 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -2580,7 +2580,13 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
ret = sysdb_attrs_get_string(attrs->sysdb_attrs, SYSDB_SID_STR, &sid_str);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
- "Cannot find SID of object with override.\n");
+ "Cannot find SID of object.\n");
+ if (name != NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Object [%s] has no SID, please check the "
+ "ipaNTSecurityIdentifier attribute on the server-side.\n",
+ name);
+ }
goto done;
}
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
