[Freeipa-devel] [PATCHES 0172-0176] ipa_range_check improvements
Alexander Bokovoy
abokovoy at redhat.com
Thu Apr 17 12:47:59 UTC 2014
On Thu, 17 Apr 2014, Tomas Babej wrote:
>>From ed60bd0e865aad85eb1ffa02d8aea7f76220c65c Mon Sep 17 00:00:00 2001
>From: Tomas Babej <tbabej at redhat.com>
>Date: Wed, 16 Apr 2014 17:26:07 +0200
>Subject: [PATCH] ipa_range_check: Do not fail when no trusted domain is
> available
>
>When building the domain to forest root map, we need to take the case
>of IPA server having no trusted domains configured at all. Do not abort
>the checks, but return an empty map instead.
>
>Part of: https://fedorahosted.org/freeipa/ticket/4137
>---
> daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
>diff --git a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
>index e2affbd47dc54fb6180cffe842dc2395cf482f52..b05b121f0e9cbc6fb6422b4d50f96cb7e86cda07 100644
>--- a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
>+++ b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
>@@ -173,6 +173,8 @@ static int build_domain_to_forest_root_map(struct domain_info **head,
> int search_result;
> int ret = 0;
>
>+ LOG("Building forest root map \n");
>+
> /* Set the base DN for the search to cn=ad, cn=trusts, $SUFFIX */
> ret = asprintf(&base, "cn=ad,cn=trusts,%s", ctx->base_dn);
> if (ret == -1) {
>@@ -211,8 +213,14 @@ static int build_domain_to_forest_root_map(struct domain_info **head,
>
> ret = slapi_pblock_get(trusted_domain_search_pb, SLAPI_PLUGIN_INTOP_RESULT, &search_result);
> if (ret != 0 || search_result != LDAP_SUCCESS) {
>- LOG_FATAL("Internal search failed.\n");
>- ret = LDAP_OPERATIONS_ERROR;
>+
>+ /* If the search for the trusted domains fails,
>+ * AD Trust support on IPA server is not available */
>+
>+ LOG("No trusts support on IPA server.\n");
Please expand the message here, may be something like
LOG("Empty forest root map as trusts are not enabled on this IPA server\n");
>+ ret = 0;
>+ *head = NULL;
>+
> goto done;
> }
Otherwise ACK.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list