On Thu, 2011-08-25 at 10:23 -0400, Stephen Gallagher wrote:
On Thu, 2011-08-25 at 14:21 +0200, Sumit Bose wrote:
> Hi,
>
> if we request e.g. the shadow password policy but a user does not have the
> corresponding attributes the following log message is shown:
>
> (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [find_password_expiration_attributes]
(1): No shadow password attributes found, but shadow password policy was requested.
> (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [get_user_dn] (1):
find_password_expiration_attributes failed.
> (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [sdap_handle_release] (8): Trace:
sh[0x241b610], connected[1], ops[(nil)], ldap[0x241e270], destructor_lock[0],
release_memory[0]
> (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [remove_connection_callback] (9):
Successfully removed connection callback.
> (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend
returned: (3, 4, <NULL>) [Internal Error (System error)]
>
> Kaushik mentioned that "Backend returned: (3, 4, <NULL>) [Internal Error
> (System error)]" might irritate the admin who tries to find out why the access
> was denied. The attached patch changes this to:
>
> (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [find_password_expiration_attributes]
(1): No shadow password attributes found, but shadow password policy was requested. Access
will be denied.
> (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [get_user_dn] (1):
find_password_expiration_attributes failed.
> (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [sdap_handle_release] (8): Trace:
sh[0x87d3b28], connected[1], ops[(nil)], ldap[0x87d4a58], destructor_lock[0],
release_memory[0]
> (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [remove_connection_callback] (9):
Successfully removed connection callback.
> (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [be_pam_handler_callback] (4): Backend
returned: (0, 6, <NULL>) [Success]
Ack.
Pushed to master, sssd-1-6 and sssd-1-5.