On Tue, Jun 04, 2013 at 04:11:51PM +0200, Ondrej Kos wrote:
Hi,
Attached patch adresses issue
https://fedorahosted.org/sssd/ticket/1816
I thought about ignoring these right after fetching from ldap, but
the solution to just ignore the range while updating sysdb seems
more appropriate, than going through whole range list.
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
From 119b9674e087378efb450906b07712dce076224b Mon Sep 17 00:00:00
2001
From: Ondrej Kos <okos(a)redhat.com>
Date: Tue, 4 Jun 2013 14:54:05 +0200
Subject: [PATCH] DB: Don't add invalid ranges
https://fedorahosted.org/sssd/ticket/1816
When saving or updating ranges, skip those which are invalid (not
provided ipaNTTrustedDomainSID or ipaSecondaryBaseRID)
---
src/db/sysdb_ranges.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/db/sysdb_ranges.c b/src/db/sysdb_ranges.c
index 07f53ac1f3a098671eaf947d8e0b02352de19ede..edea7f06a53a7a7258ac6b9ef0df31c21289274c
100644
--- a/src/db/sysdb_ranges.c
+++ b/src/db/sysdb_ranges.c
@@ -158,6 +158,15 @@ errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct
range_info *range)
int ret;
TALLOC_CTX *tmp_ctx;
+ if (range->trusted_dom_sid == NULL &&
+ range->secondary_base_rid == 0) {
+
if an idrange has both of these set it is invalid as well, can you add a
condition for this, too?
bye,
Sumit
+ DEBUG(SSSDBG_TRACE_FUNC, ("Neither
[ipaNTTrustedDomainSID] or "
+ "[ipaSecondaryBaseRID] was provided for range [%s], "
+ "skipping.\n", range->name));
+ return EOK;
+ }
+
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
--
1.8.1.4
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel