On Wed, May 09, 2012 at 07:39:46PM -0400, Stephen Gallagher wrote:
On Wed, 2012-05-09 at 00:13 +0200, Jakub Hrozek wrote:
> To test, trigger any NSS operation with SSSD configured with a domain
> that can't yield subdomains. The current git HEAD returns an error when
> parsing the message returned from the Data Provider.
>
> The patch also renames the "done" label to "immediate" because
"done"
> is mostly used for both success and failure cases and refactors some
> DEBUG statements that were too long to fit into the 80-characters limit
> (enforced by our code guidelines as well as the fact that lines too long
> don't fit into vertical split on my laptop screen)
Nack
This is much too noisy. Right now, for any NSS action that goes to the
back-end for a domain that doesn't implement subdomain support, we're
seeing:
(Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains]
(0x0400): Got get subdomains [not forced][]
(Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains]
(0x0020): Undefined backend target.
(Wed May 9 19:35:40 2012) [sssd[be[adtest]]] [be_get_subdomains]
(0x1000): Request processed. Returned 3,19,Subdomains back end target is
not configured
We should not be calling be_get_subdomains() this often, but I realize
that may not be feasible to change right now. However, we REALLY need to
make sure we're not failing at debug level 2 (SSSDBG_CRIT_FAILURE) when
we have an undefined backend target for subdomains.
I know, I complained during the subdomains review. I should have been
more persistent. New patch with this fix is attached.
Maybe we should just add a dummy subdomain provider that just returns no
subdomains and make that the default?
I agree we should do this for all providers byt IPA. For IPA, I think it
is convenient to detect the subdomains at runtime in case a trust is
added.