On (11/08/15 18:36), Pavel Reichl wrote:
Hello,
I'm investigating log file with debug_level 9 that contains following lines
[sssd[be[dom]]] [sysdb_update_members_ex] (0x0020): Could not add member
[user@dom] to group [somedn]. Skipping.
[sssd[be[dom]]] [sysdb_update_members_ex] (0x0020): Could not add member
[user@dom] to group [somedn2]. Skipping.
[sssd[be[dom]]] [sysdb_update_members_ex] (0x0020): Could not add member
[user@dom] to group [somedn3]. Skipping.
It's hard to see what went wrong. Attached patch should add more information.
>From 9ea7017e0244ce3db56e0bedd8b1ca0b8b206d78 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Tue, 11 Aug 2015 12:25:22 -0400
Subject: [PATCH] SYSDB: add more debug msgs. to group membership code
---
src/db/sysdb_ops.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index d1d43ebe6c71611f3371b2f4ccf5f7911909c9de..c551418094311be76acad2882f6a44ec20dedfb9 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2171,11 +2171,13 @@ sysdb_group_membership_mod(struct sss_domain_info *domain,
} else if (type == SYSDB_MEMBER_GROUP) {
member_dn = sysdb_group_dn(tmp_ctx, domain, member);
} else {
+ DEBUG(SSSDBG_MINOR_FAILURE, "Unsupported member_type: %d\n", type);
ret = EINVAL;
goto done;
}
if (!member_dn) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "Failed to create member_dn.\n");
ret = ENOMEM;
Here is a small problem.
Allocation failed but debug_fn might allocate some memory especially
with enabled journald. So debug messge needn't be printed.
It would be good to release all unused resources (tmp_ctx if available)
or do not print such messages at all.
I added the freeing of tmp context, but I think that in case we are
really out of memory this might not be enough. The more probable
scenario to end up in this branch is IMO that sanitizing DN fails or
some other failure.