On Fri, Jan 24, 2014 at 10:53:02AM +0100, Jakub Hrozek wrote:
> Hi,
>
> During further testing, Kaushik found out that requesting an ID that
> doesn't match any configured ID mapping domain still emits strange error
> messages:
>
> (Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]]
> [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed
> request(Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]]
> [acctinfo_callback] (0x0100): Request processed. Returned 3,5,Internal
> Error (Memory buffer error)
>
> This is related to https://fedorahosted.org/sssd/ticket/2200
>
> I noticed that we treat any error from ID mapping functions as equally
> fatal, including NO_DOMAIN. The attached patch treats NO_DOMAIN as if
> search went through but found nothing.
>
> I have two questions I wasn't sure about:
> * Is it OK to keep calling the label in users_get_send() and
> groups_get_send() fail even if we use this label for "soft failure"?
> I simply didn't want to make the patch bigger by renaming the label
>
> * sss_idmap_unix_to_sid() is also called in ad_account_can_shortcut()
> where I didn't change anything, but in retrospective, I think it would
> be nicer if ad_account_can_shortcut() simply returned a boolean. If
> noone opposes, I'll prepare a patch for master only (or ask someone to
> do that :-))
ACK.
I wonder if you want to fix a copy-and-paste error in the following
comment before push the patch?
> @@ -497,7 +513,19 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
> /* Convert the UID to its objectSID */
^
> err = sss_idmap_unix_to_sid(ctx->opts->idmap_ctx->map,
> gid, &sid);
bye,
Sumit
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
