On Fri, Jan 24, 2014 at 10:53:02AM +0100, Jakub Hrozek wrote: > Hi, > > During further testing, Kaushik found out that requesting an ID that > doesn't match any configured ID mapping domain still emits strange error > messages: > > (Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]] > [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed > request(Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]] > [acctinfo_callback] (0x0100): Request processed. Returned 3,5,Internal > Error (Memory buffer error) > > This is related to https://fedorahosted.org/sssd/ticket/2200 > > I noticed that we treat any error from ID mapping functions as equally > fatal, including NO_DOMAIN. The attached patch treats NO_DOMAIN as if > search went through but found nothing. > > I have two questions I wasn't sure about: > * Is it OK to keep calling the label in users_get_send() and > groups_get_send() fail even if we use this label for "soft failure"? > I simply didn't want to make the patch bigger by renaming the label
given the fact that chances are high that this inconsistency is present in other parts as well I think it is acceptable, especially for 1.11. But please file a ticket to change this and maybe review the usage at other places as well. > > * sss_idmap_unix_to_sid() is also called in ad_account_can_shortcut() > where I didn't change anything, but in retrospective, I think it would > be nicer if ad_account_can_shortcut() simply returned a boolean. If > noone opposes, I'll prepare a patch for master only (or ask someone to > do that :-)) Since the return code is only used to print a debug message and to make sure that the boolean is set to false I agree that it can be skipped. bye, Sumit _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
