Hi,
if we request e.g. the shadow password policy but a user does not have the
corresponding attributes the following log message is shown:
(Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [find_password_expiration_attributes] (1): No shadow password attributes found, but shadow password policy was requested.
(Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [get_user_dn] (1): find_password_expiration_attributes failed.
(Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [sdap_handle_release] (8): Trace: sh[0x241b610], connected[1], ops[(nil)], ldap[0x241e270], destructor_lock[0], release_memory[0]
(Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [remove_connection_callback] (9): Successfully removed connection callback.
(Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
Kaushik mentioned that "Backend returned: (3, 4, <NULL>) [Internal Error
(System error)]" might irritate the admin who tries to find out why the access
was denied. The attached patch changes this to:
(Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [find_password_expiration_attributes] (1): No shadow password attributes found, but shadow password policy was requested. Access will be denied.
(Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [get_user_dn] (1): find_password_expiration_attributes failed.
(Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [sdap_handle_release] (8): Trace: sh[0x87d3b28], connected[1], ops[(nil)], ldap[0x87d4a58], destructor_lock[0], release_memory[0]
(Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [remove_connection_callback] (9): Successfully removed connection callback.
(Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [be_pam_handler_callback] (4): Backend returned: (0, 6, <NULL>) [Success]
bye,
Sumit