[Freeipa-devel] [PATCHES 0172-0176] ipa_range_check improvements

Alexander Bokovoy abokovoy at redhat.com
Thu Apr 17 12:47:59 UTC 2014 

On Thu, 17 Apr 2014, Tomas Babej wrote:
>>From ed60bd0e865aad85eb1ffa02d8aea7f76220c65c Mon Sep 17 00:00:00 2001
>From: Tomas Babej <tbabej at redhat.com>
>Date: Wed, 16 Apr 2014 17:26:07 +0200
>Subject: [PATCH] ipa_range_check: Do not fail when no trusted domain is
> available
>
>When building the domain to forest root map, we need to take the case
>of IPA server having no trusted domains configured at all. Do not abort
>the checks, but return an empty map instead.
>
>Part of: https://fedorahosted.org/freeipa/ticket/4137
>---
> daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
>diff --git a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
>index e2affbd47dc54fb6180cffe842dc2395cf482f52..b05b121f0e9cbc6fb6422b4d50f96cb7e86cda07 100644
>--- a/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
>+++ b/daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c
>@@ -173,6 +173,8 @@ static int build_domain_to_forest_root_map(struct domain_info **head,
>     int search_result;
>     int ret = 0;
> 
>+    LOG("Building forest root map \n");
>+
>     /* Set the base DN for the search to cn=ad, cn=trusts, $SUFFIX */
>     ret = asprintf(&base, "cn=ad,cn=trusts,%s", ctx->base_dn);
>     if (ret == -1) {
>@@ -211,8 +213,14 @@ static int build_domain_to_forest_root_map(struct domain_info **head,
> 
>     ret = slapi_pblock_get(trusted_domain_search_pb, SLAPI_PLUGIN_INTOP_RESULT, &search_result);
>     if (ret != 0 || search_result != LDAP_SUCCESS) {
>-        LOG_FATAL("Internal search failed.\n");
>-        ret = LDAP_OPERATIONS_ERROR;
>+
>+        /* If the search for the trusted domains fails,
>+         * AD Trust support on IPA server is not available */
>+
>+        LOG("No trusts support on IPA server.\n");
Please expand the message here, may be something like
   LOG("Empty forest root map as trusts are not enabled on this IPA server\n");

>+        ret = 0;
>+        *head = NULL;
>+
>         goto done;
>     }
Otherwise ACK.

-- 
/ Alexander Bokovoy

More information about the Freeipa-devel mailing list