On Thu, Sep 26, 2013 at 07:24:03PM +0200, Jakub Hrozek wrote: > On Thu, Sep 26, 2013 at 11:22:06AM +0200, Sumit Bose wrote: > > Hi, > > > > the first two attached patches should fix > > https://fedorahosted.org/sssd/ticket/2093 and make > > https://fedorahosted.org/sssd/ticket/2080 invalid. The third fixes wrong > > return code in one of the functions I touched with in the other patches. > > > > bye, > > Sumit > > > + if (!ldb_dn_validate(dn)) { > > + DEBUG(SSSDBG_OP_FAILURE, ("Original DN [%s] is not a valid DN.\n", > > + orig_dn)); > > + ret = EINVAL; > > + goto done; > > + } > > + > > + if (ldb_dn_get_comp_num(dn) < 5) { > > + /* we are only interested in the member domain objects */ > > + ret = EOK; > > + goto done; > > + } > > + > > + val = ldb_dn_get_component_val(dn, 3); > > + if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) > > { > > + DEBUG(SSSDBG_TRACE_FUNC, > > + ("4th component is not 'trust', nothing to do.\n")); > > + ret = EOK; > > + goto done; > > + } > > + > > + val = ldb_dn_get_component_val(dn, 2); > > + if (strncasecmp("ad", (const char *) val->data, val->length) != 0) { > > + DEBUG(SSSDBG_TRACE_FUNC, > > + ("3rd component is not 'ad', nothing to do.\n")); > > + ret = EOK; > > + goto done; > > + } > > + > > + val = ldb_dn_get_component_val(dn, 1); > > + forest = talloc_strndup(mem_ctx, (const char *) val->data, > > val->length); > > + if (forest == NULL) { > > + DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed.\n")); > > + ret = ENOMEM; > > + goto done; > > + } > > I think there is an off-by-one error here. In my setup, the original DN > is: > > cn=AD.EXAMPLE.COM,cn=ad,cn=trusts,dc=ipatest,dc=example,dc=com > > But "val = ldb_dn_get_component_val(dn, 3);" is "ipatest" in my case, so > the strcmp never matches. So I think the indexes should say "2, 1, 0". > > It would also be nice to print the original DN in a DEBUG message.
ah, sorry, I should have said that Alexander's latest FreeIPA patches are needed here. They will store the member domains below the forest root object, e.g. cn=member.dom,cn=AD.EXAMPLE.COM,cn=ad,cn=trusts,dc=ipatest,dc=example,dc=com For those domains the patch will set the forest name which in this case is AD.EXAMPLE.COM. bye, Sumit > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
