Hi, if an entry is removed from LDAP and searched by SID, the SID lookup code doesn't handle ENOENT and doesn't remove the stray entry from cache. The attached patch fixes that.
>From 9d8f852f83c3189b94323bf359a78df8866f2fbf Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Thu, 10 Oct 2013 19:21:07 +0200 Subject: [PATCH] LDAP: Delete entry by SID if not found
In case the entry was deleted from the server, the search didn't notice and kept returning the cached data. --- src/providers/ldap/ldap_id.c | 45 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 59dfd0a5d41fa9adc14ab1297563cfe499a4b675..b863329c28c30701f28b41cfb8a882a150595df6 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1547,16 +1547,55 @@ static void get_user_and_group_users_done(struct tevent_req *subreq) struct get_user_and_group_state *state = tevent_req_data(req, struct get_user_and_group_state); int ret; + struct ldb_result *res; ret = users_get_recv(subreq, &state->dp_error, &state->sdap_ret); talloc_zfree(subreq); - if (ret == EOK) { /* Matching user found */ - tevent_req_done(req); - } else { + if (ret != EOK) { tevent_req_error(req, ret); + return; } + if (state->sdap_ret == ENOENT) { + /* The search ran to completion, but nothing was found. + * Delete the existing entry, if any. */ + ret = sysdb_search_object_by_sid(state, state->sysdb, + state->domain, + state->filter_val, + NULL, &res); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cache request failed\n")); + tevent_req_error(req, ret); + return; + } + + if (res->count > 1) { + DEBUG(SSSDBG_FATAL_FAILURE, ("getbysid call returned more than one " \ + "result !?!\n")); + tevent_req_error(req, EIO); + return; + } + + if (res->count == 0) { + /* No existing entry. Just quit. */ + tevent_req_done(req); + return; + } + + ret = sysdb_delete_entry(state->sysdb, res->msgs[0]->dn, true); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Could not delete existing entry!\n")); + tevent_req_error(req, ret); + return; + } + } else if (state->sdap_ret != EOK) { + tevent_req_error(req, EIO); + return; + } + + /* Both ret and sdap->ret are EOK. Matching user found */ + tevent_req_done(req); return; } -- 1.8.3.1
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel