Hello,
While working on another patch in related code area I noticed that expected behaviour (denying access for expired account) is logged as failure. Please see attached patch.
Thanks.
On (10/02/15 15:39), Pavel Reichl wrote:
Hello,
While working on another patch in related code area I noticed that expected behaviour (denying access for expired account) is logged as failure. Please see attached patch.
Thanks.
From 8381c0133925d1e96012379170ce4335c6f97e0e Mon Sep 17 00:00:00 2001 From: Pavel Reichl preichl@redhat.com Date: Tue, 10 Feb 2015 18:21:14 -0500 Subject: [PATCH] SDAP: log expired accounts at lower severity level
Attempts to log into expired accounts were logged as SSSDBG_CRIT_FAILURE which is misleading as no real failures were happening.
src/providers/ldap/sdap_access.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index a6c882cae634f080b200fe75f51867e39192bcd9..52ea50ae22dcddde41d9567b21d726e35f8ed542 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -668,26 +668,38 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx, } else { if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) { ret = sdap_account_expired_shadow(pd, user_entry);
if (ret != EOK) {
if (ret == ERR_ACCOUNT_EXPIRED) {DEBUG(SSSDBG_TRACE_FUNC,"sdap_account_expired_shadow: %s.\n", sss_strerror(ret));} else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE,
Make sense.
http://sssd-ci.duckdns.org/logs/job/8/39/summary.html
ACK
LS
On Fri, Feb 27, 2015 at 05:51:28PM +0100, Lukas Slebodnik wrote:
On (10/02/15 15:39), Pavel Reichl wrote:
Hello,
While working on another patch in related code area I noticed that expected behaviour (denying access for expired account) is logged as failure. Please see attached patch.
Thanks.
From 8381c0133925d1e96012379170ce4335c6f97e0e Mon Sep 17 00:00:00 2001 From: Pavel Reichl preichl@redhat.com Date: Tue, 10 Feb 2015 18:21:14 -0500 Subject: [PATCH] SDAP: log expired accounts at lower severity level
Attempts to log into expired accounts were logged as SSSDBG_CRIT_FAILURE which is misleading as no real failures were happening.
src/providers/ldap/sdap_access.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index a6c882cae634f080b200fe75f51867e39192bcd9..52ea50ae22dcddde41d9567b21d726e35f8ed542 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -668,26 +668,38 @@ static errno_t sdap_account_expired(struct sdap_access_ctx *access_ctx, } else { if (strcasecmp(expire, LDAP_ACCOUNT_EXPIRE_SHADOW) == 0) { ret = sdap_account_expired_shadow(pd, user_entry);
if (ret != EOK) {
if (ret == ERR_ACCOUNT_EXPIRED) {DEBUG(SSSDBG_TRACE_FUNC,"sdap_account_expired_shadow: %s.\n", sss_strerror(ret));} else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE,Make sense.
http://sssd-ci.duckdns.org/logs/job/8/39/summary.html
ACK
LS
* master: c820e6db26426c9f74a0e8f8ff9d9cf79d57406a
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Lukas Slebodnik -
Pavel Reichl