File 0004-SDAP-Continue_resolving_SID_even_if_some_fail.patch of Package sssd.openSUSE_Leap_42.1_Update
From 5001bab712149a27ab37697d487b3f51082df26d Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Thu, 10 Jul 2014 10:48:42 +0100
Subject: SDAP: Continue resolving SID even if some fail
Resolving groups obtained via Token-Groups in case of disabled ID mapping may
lead to failure as non-posix groups are not resolved. This patch amends
sdap_ad_resolve_sids_done() not to abruptly finish request if ENOENT is
returned.
Resolves:
https://fedorahosted.org/sssd/ticket/2345
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 1614e1b25a98ff2f03648c4bf61d750fb688285a)
Minor edits on DEBUG macro were been made by Luiz Angelo Daros de Luca <luizluca@tre-sc.jus.br>.
---
src/providers/ldap/sdap_async_initgroups_ad.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
Index: sssd-1.11.5.1/src/providers/ldap/sdap_async_initgroups_ad.c
===================================================================
--- sssd-1.11.5.1.orig/src/providers/ldap/sdap_async_initgroups_ad.c
+++ sssd-1.11.5.1/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -646,7 +646,12 @@ static void sdap_ad_resolve_sids_done(st
ret = groups_get_recv(subreq, &dp_error, &sdap_error);
talloc_zfree(subreq);
- if (ret != EOK || sdap_error != EOK || dp_error != DP_ERR_OK) {
+
+ if (ret == EOK && sdap_error == ENOENT && dp_error == DP_ERR_OK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Unable to resolve SID %s - will try next sid.\n",
+ state->current_sid));
+ } else if (ret != EOK || sdap_error != EOK || dp_error != DP_ERR_OK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to resolve SID %s [dp_error: %d, "
"sdap_error: %d, ret: %d]: %s\n", state->current_sid, dp_error,
sdap_error, ret, strerror(ret)));