On (10/02/15 15:39), Pavel Reichl wrote:
>Hello,
>
>While working on another patch in related code area I noticed that expected
>behaviour (denying access for expired account) is logged as failure. Please
>see attached patch.
>
>Thanks.
>From 8381c0133925d1e96012379170ce4335c6f97e0e Mon Sep 17 00:00:00 2001
>From: Pavel Reichl <preichl(a)redhat.com>
>Date: Tue, 10 Feb 2015 18:21:14 -0500
>Subject: [PATCH] SDAP: log expired accounts at lower severity level
>
>Attempts to log into expired accounts were logged as SSSDBG_CRIT_FAILURE
>which is misleading as no real failures were happening.
>---
> src/providers/ldap/sdap_access.c | 20 ++++++++++++++++----
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
>diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c
>index
a6c882cae634f080b200fe75f51867e39192bcd9..52ea50ae22dcddde41d9567b21d726e35f8ed542 100644
>--- a/src/providers/ldap/sdap_access.c
>+++ b/src/providers/ldap/sdap_access.c
>@@ -668,26 +668,38 @@ static errno_t sdap_account_expired(struct sdap_access_ctx
*access_ctx,
> } else {
> if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) {
> ret = sdap_account_expired_shadow(pd, user_entry);
>- if (ret != EOK) {
>+ if (ret == ERR_ACCOUNT_EXPIRED) {
>+ DEBUG(SSSDBG_TRACE_FUNC,
>+ "sdap_account_expired_shadow: %s.\n",
sss_strerror(ret));
>+ } else if (ret != EOK) {
> DEBUG(SSSDBG_CRIT_FAILURE,
Make sense.
http://sssd-ci.duckdns.org/logs/job/8/39/summary.html
ACK
LS