From 800d24dccbf655b2c65521727256c4e6c4a540d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 30 May 2019 12:51:47 +0200
Subject: [PATCH 40/44] ad: set enabled=false attribute for subdomains that no
longer exists
Only forest root domain needs to be disabled because it has to be available
for other tasks. All other non-root domains are removed from cache completely
so it does not make sense for them.
Resolves:
https://pagure.io/SSSD/sssd/issue/4009
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 6882bc5f5c8805abff3511d55c0ed60cad84faab)
---
src/providers/ad/ad_subdomains.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
index a3906e994..57438fdd5 100644
--- a/src/providers/ad/ad_subdomains.c
+++ b/src/providers/ad/ad_subdomains.c
@@ -696,6 +696,13 @@ static errno_t ad_subdomains_refresh(struct be_ctx *be_ctx,
if (sss_domain_is_forest_root(dom)) {
DEBUG(SSSDBG_TRACE_ALL,
"Skipping removal of forest root sdap data.\n");
+
+ ret = sysdb_domain_set_enabled(dom->sysdb, dom->name, false);
+ if (ret != EOK && ret != ENOENT) {
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to disable domain %s "
+ "[%d]: %s\n", dom->name, ret, sss_strerror(ret));
+ goto done;
+ }
continue;
}
@@ -864,6 +871,12 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx,
} else {
DEBUG(SSSDBG_TRACE_FUNC, "Disabling forest root domain %s\n",
root_name);
+ ret = sysdb_domain_set_enabled(domain->sysdb, root_name, false);
+ if (ret != EOK && ret != ENOENT) {
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to disable domain %s "
+ "[%d]: %s\n", root_name, ret, sss_strerror(ret));
+ goto fail;
+ }
}
}
--
2.20.1