[SSSD] [PATCH] AD: Always refresh LDAP subdomain list

Sat, 14 Dec 2013 13:19:46 -0800 

Hi,

I found this bug when testing the GC patches. Previously, when SSSD was
started, but subdomains list was up-to-date, the ad_ctx was not
initialized for the subdomain.

I was also thinking whether we should re-initialize the domain-realm
mappings after sssd startup, the way we re-initialize kdcinfo files. I
don't think it's strictly necessary because if someone deletes a file in
/var/lib/sss/pubconf, he should keep the broken pieces, but perhaps we
should be at least aware..

>From bc11f84f44f79c8441030af3b59043847642bd75 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Fri, 13 Dec 2013 19:11:47 +0100
Subject: [PATCH] AD: Always refresh LDAP subdomain list

Previously, if no changes were done to the list of subdomains, the SSSD
didn't update its list of sdap_domain mappings for the new subdomain.
This resulted in errors as no id_ctx was present for the subdomain
during lookup.
---
 src/providers/ad/ad_subdomains.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index 
100fb13e99f7bf4b3946b1f5c5f9c626674bfb46..1a7287844b08a19f712ae48963325a2d69334d30
 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -619,6 +619,9 @@ static void ad_subdomains_get_slave_domain_done(struct 
tevent_req *req)
         goto done;
     }
 
+    DEBUG(SSSDBG_TRACE_LIBS, ("There are %schanges\n",
+                    refresh_has_changes ? "" : "no "));
+
     if (refresh_has_changes) {
         ret = sysdb_update_subdomains(ctx->sd_ctx->be_ctx->domain);
         if (ret != EOK) {
@@ -626,12 +629,6 @@ static void ad_subdomains_get_slave_domain_done(struct 
tevent_req *req)
             goto done;
         }
 
-        ret = ads_store_sdap_subdom(ctx->sd_ctx, ctx->sd_ctx->be_ctx->domain);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_OP_FAILURE, ("ads_store_sdap_subdom failed.\n"));
-            goto done;
-        }
-
         ret = sss_write_domain_mappings(ctx->sd_ctx->be_ctx->domain, false);
         if (ret != EOK) {
             DEBUG(SSSDBG_MINOR_FAILURE,
@@ -640,6 +637,12 @@ static void ad_subdomains_get_slave_domain_done(struct 
tevent_req *req)
         }
     }
 
+    ret = ads_store_sdap_subdom(ctx->sd_ctx, ctx->sd_ctx->be_ctx->domain);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("ads_store_sdap_subdom failed.\n"));
+        goto done;
+    }
+
     ret = EOK;
 done:
     if (ret == EOK) {
-- 
1.8.4.2


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to