[SSSD] [PATCH] GPO: Process GPOS in offline mode if ldap search failed

[Lukas Slebodnik]

ehlo,

attached patch should fix #2964.
BTW it worked previously because there was a bug in marking
domain as offline.

So this bug was revealed with fix of another bug :-)
0561d532cf76b035b73cfed929a6896071dac407

LS

>From c88f07a4375dd7a6960b0f909d4a9431bad5bd15 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Mon, 11 Apr 2016 12:31:05 +0200
Subject: [PATCH] GPO: Process GPOS in offline mode if ldap search failed

Initgroup requests use global catalog for LDAP queries.
Only port for global catalog is marked as offline
if request fails due to problems with connection.
However, GPO code uses standard LDAP port for
retrieving of target DNs and other information.

Previously, GPOs were processed in offline mode only
if there were issues with connection to AD server.
But connection can be cached and ldap search can still fail.

Resolves:
https://fedorahosted.org/sssd/ticket/2964
---
 src/providers/ad/ad_gpo.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index 
3bd9ab0372de67f4f17459797c34f5242f84e879..3029ffe138598b603b23a8dc49b6a5914e0efed4
 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -1821,6 +1821,26 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req 
*subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         ret = sdap_id_op_done(state->sdap_op, ret, &dp_error);
+        if (ret == EAGAIN && dp_error == DP_ERR_OFFLINE) {
+            DEBUG(SSSDBG_TRACE_FUNC, "Preparing for offline operation.\n");
+            ret = process_offline_gpos(state,
+                                       state->user,
+                                       state->gpo_mode,
+                                       state->user_domain,
+                                       state->host_domain,
+                                       state->gpo_map_type);
+
+            if (ret == EOK) {
+                DEBUG(SSSDBG_TRACE_FUNC, "process_offline_gpos succeeded\n");
+                tevent_req_done(req);
+                goto done;
+            } else {
+                DEBUG(SSSDBG_OP_FAILURE,
+                      "process_offline_gpos failed [%d](%s)\n",
+                      ret, sss_strerror(ret));
+                goto done;
+            }
+        }
 
         DEBUG(SSSDBG_OP_FAILURE,
               "Unable to get policy target's DN: [%d](%s)\n",
-- 
2.7.3


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org