To test, trigger any NSS operation with SSSD configured with a domain that can't yield subdomains. The current git HEAD returns an error when parsing the message returned from the Data Provider.
The patch also renames the "done" label to "immediate" because "done" is mostly used for both success and failure cases and refactors some DEBUG statements that were too long to fit into the 80-characters limit (enforced by our code guidelines as well as the fact that lines too long don't fit into vertical split on my laptop screen)
On Wed, 2012-05-09 at 00:13 +0200, Jakub Hrozek wrote:
To test, trigger any NSS operation with SSSD configured with a domain that can't yield subdomains. The current git HEAD returns an error when parsing the message returned from the Data Provider.
The patch also renames the "done" label to "immediate" because "done" is mostly used for both success and failure cases and refactors some DEBUG statements that were too long to fit into the 80-characters limit (enforced by our code guidelines as well as the fact that lines too long don't fit into vertical split on my laptop screen)
Nack
This is much too noisy. Right now, for any NSS action that goes to the back-end for a domain that doesn't implement subdomain support, we're seeing:
(Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains] (0x0400): Got get subdomains [not forced][] (Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains] (0x0020): Undefined backend target. (Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains] (0x1000): Request processed. Returned 3,19,Subdomains back end target is not configured
We should not be calling be_get_subdomains() this often, but I realize that may not be feasible to change right now. However, we REALLY need to make sure we're not failing at debug level 2 (SSSDBG_CRIT_FAILURE) when we have an undefined backend target for subdomains.
Maybe we should just add a dummy subdomain provider that just returns no subdomains and make that the default?
On Wed, May 09, 2012 at 07:39:46PM -0400, Stephen Gallagher wrote:
On Wed, 2012-05-09 at 00:13 +0200, Jakub Hrozek wrote:
To test, trigger any NSS operation with SSSD configured with a domain that can't yield subdomains. The current git HEAD returns an error when parsing the message returned from the Data Provider.
The patch also renames the "done" label to "immediate" because "done" is mostly used for both success and failure cases and refactors some DEBUG statements that were too long to fit into the 80-characters limit (enforced by our code guidelines as well as the fact that lines too long don't fit into vertical split on my laptop screen)
Nack
This is much too noisy. Right now, for any NSS action that goes to the back-end for a domain that doesn't implement subdomain support, we're seeing:
(Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains] (0x0400): Got get subdomains [not forced][] (Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains] (0x0020): Undefined backend target. (Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains] (0x1000): Request processed. Returned 3,19,Subdomains back end target is not configured
We should not be calling be_get_subdomains() this often, but I realize that may not be feasible to change right now. However, we REALLY need to make sure we're not failing at debug level 2 (SSSDBG_CRIT_FAILURE) when we have an undefined backend target for subdomains.
I know, I complained during the subdomains review. I should have been more persistent. New patch with this fix is attached.
Maybe we should just add a dummy subdomain provider that just returns no subdomains and make that the default?
I agree we should do this for all providers byt IPA. For IPA, I think it is convenient to detect the subdomains at runtime in case a trust is added.
sssd-devel@lists.fedorahosted.org