On 11/11/2015 02:42 PM, Jakub Hrozek wrote:
Hi, I think it's a good idea to only say we don't handle services for IPA subdomains. But I also think it would be better to shortcut the request sooner, in ipa_subdomain_account_send() to avoid even sending an LDAP query.
Hi Jakub,
new patch is attached. During the testing... I found out, that I use wrong set up. Subdomains are connected to FreeIPA with trusted AD.
So... patch is here, but I would like set up my environment properly and then I will inform you :-)
Regards Petr
>From a7d1a734489434df07d7663deb201bac10f01891 Mon Sep 17 00:00:00 2001 From: Petr Cech <pc...@redhat.com> Date: Mon, 9 Nov 2015 09:51:05 -0500 Subject: [PATCH] IPA_PROVIDER: Explicit no handle of services Services for IPA subdomains aren't handled by SSSD. This patch add quick shortcut to avoid sending an LDAP query. Resolves: https://fedorahosted.org/sssd/ticket/2747 --- src/providers/ipa/ipa_subdomains_id.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 472985d4ab4f785aa9c4af94bf8021829ca1c3c8..66898eb136dd09da5ca034f0e7ba0f54b075fcab 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -81,6 +81,12 @@ struct tevent_req *ipa_subdomain_account_send(TALLOC_CTX *memctx, struct tevent_req *subreq; int ret; + if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_SERVICES) { + DEBUG(SSSDBG_OP_FAILURE, + "Services for IPA subdomains aren't handled by SSSD.\n"); + return NULL; + } + req = tevent_req_create(memctx, &state, struct ipa_subdomain_account_state); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n"); -- 2.4.3
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel