Re: [SSSD] [PATCH] Improve password policy error code and message

On Thu, 2011-08-25 at 14:21 +0200, Sumit Bose wrote: > Hi, > > if we request e.g. the shadow password policy but a user does not have the > corresponding attributes the following log message is shown: > > (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [find_password_expiration_attributes] (1): No shadow password attributes found, but shadow password policy was requested. > (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [get_user_dn] (1): find_password_expiration_attributes failed. > (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [sdap_handle_release] (8): Trace: sh[0x241b610], connected[1], ops[(nil)], ldap[0x241e270], destructor_lock[0], release_memory[0] > (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [remove_connection_callback] (9): Successfully removed connection callback. > (Thu Aug 25 06:22:59 2011) [sssd[be[LDAP]]] [be_pam_handler_callback] (4): Backend returned: (3, 4, <NULL>) [Internal Error (System error)] > > Kaushik mentioned that "Backend returned: (3, 4, <NULL>) [Internal Error > (System error)]" might irritate the admin who tries to find out why the access > was denied. The attached patch changes this to: > > (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [find_password_expiration_attributes] (1): No shadow password attributes found, but shadow password policy was requested. Access will be denied. > (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [get_user_dn] (1): find_password_expiration_attributes failed. > (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [sdap_handle_release] (8): Trace: sh[0x87d3b28], connected[1], ops[(nil)], ldap[0x87d4a58], destructor_lock[0], release_memory[0] > (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [remove_connection_callback] (9): Successfully removed connection callback. > (Thu Aug 25 13:06:15 2011) [sssd[be[ldap]]] [be_pam_handler_callback] (4): Backend returned: (0, 6, <NULL>) [Success] Ack.