From fbf7fe9a713948eaf5e47518c776f2ad664b9e46 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 2 Sep 2015 13:41:26 +0200
Subject: [PATCH 81/87] IPA: Do not allow the AD lookup code to set backend as
offline in server mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
https://fedorahosted.org/sssd/ticket/2637
In server mode, we should not allow the AD lookups to set the backend
offline. Rather just let them report an error and deal with the error
separately.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 20162352030d1c577bb69d44e967d2c5839e5c0e)
---
src/providers/ipa/ipa_subdomains_id.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
index 610b1c58b3b180201cfb5b22f870f8937673e02e..ff14b4a4c68cb5c6e9865a66931ee4ecd6e49211 100644
--- a/src/providers/ipa/ipa_subdomains_id.c
+++ b/src/providers/ipa/ipa_subdomains_id.c
@@ -633,6 +633,7 @@ ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto fail;
}
+ clist[1]->ignore_mark_offline = true;
break;
default:
clist = talloc_zero_array(req, struct sdap_id_conn_ctx *, 2);
@@ -641,6 +642,7 @@ ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx,
goto fail;
}
clist[0] = ad_id_ctx->ldap_ctx;
+ clist[0]->ignore_mark_offline = true;
clist[1] = NULL;
}
@@ -1036,7 +1038,11 @@ ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq)
ret = ad_handle_acct_info_recv(subreq, &state->dp_error, NULL);
talloc_zfree(subreq);
- if (ret != EOK) {
+ if (ret == ERR_SUBDOM_INACTIVE) {
+ be_mark_dom_offline(state->obj_dom, be_req_get_be_ctx(state->be_req));
+ tevent_req_error(req, ret);
+ return;
+ } else if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "AD lookup failed: %d\n", ret);
tevent_req_error(req, ret);
return;
--
2.4.3