Re: [Freeipa-devel] [PATCHES 0172-0176] ipa_range_check improvements

Thu, 17 Apr 2014 06:06:53 -0700 

On Thu, 17 Apr 2014, Tomas Babej wrote:

From ed60bd0e865aad85eb1ffa02d8aea7f76220c65c Mon Sep 17 00:00:00 2001

From: Tomas Babej <tba...@redhat.com>
Date: Wed, 16 Apr 2014 17:26:07 +0200
Subject: [PATCH] ipa_range_check: Do not fail when no trusted domain is
available

When building the domain to forest root map, we need to take the case
of IPA server having no trusted domains configured at all. Do not abort
the checks, but return an empty map instead.

Part of: https://fedorahosted.org/freeipa/ticket/4137
---
daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c 
b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
index 
e2affbd47dc54fb6180cffe842dc2395cf482f52..b05b121f0e9cbc6fb6422b4d50f96cb7e86cda07
 100644
--- a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
+++ b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
@@ -173,6 +173,8 @@ static int build_domain_to_forest_root_map(struct 
domain_info **head,
    int search_result;
    int ret = 0;

+    LOG("Building forest root map \n");
+
    /* Set the base DN for the search to cn=ad, cn=trusts, $SUFFIX */
    ret = asprintf(&base, "cn=ad,cn=trusts,%s", ctx->base_dn);
    if (ret == -1) {
@@ -211,8 +213,14 @@ static int build_domain_to_forest_root_map(struct 
domain_info **head,

    ret = slapi_pblock_get(trusted_domain_search_pb, SLAPI_PLUGIN_INTOP_RESULT, 
&search_result);
    if (ret != 0 || search_result != LDAP_SUCCESS) {
-        LOG_FATAL("Internal search failed.\n");
-        ret = LDAP_OPERATIONS_ERROR;
+
+        /* If the search for the trusted domains fails,
+         * AD Trust support on IPA server is not available */
+
+        LOG("No trusts support on IPA server.\n");

Please expand the message here, may be something like
  LOG("Empty forest root map as trusts are not enabled on this IPA server\n");


+        ret = 0;
+        *head = NULL;
+
        goto done;
    }

Otherwise ACK.

--
/ Alexander Bokovoy

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to