SDAP: Remove user from cache for missing user in LDAP

Function sysdb_get_real_name overrode reurned code LDAP and thus user was not removed from cache after removing it from LDAP. This patch also do not try to set initgroups flag if user does not exist. It reduce some error message. Resolves: https://fedorahosted.org/sssd/ticket/2681 Reviewed-by: Michal Židek <mzidek@redhat.com>
SSSD · Jun 19, 2015 · 9fc96a4 · 9fc96a4
1 parent 827a016
commit 9fc96a4
Showing 1 changed file with 26 additions and 21 deletions.
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
@@ -1172,32 +1172,37 @@ static void groups_by_user_done(struct tevent_req *subreq)
     }
     state->sdap_ret = ret;
 
-    if (ret && ret != ENOENT) {
-        state->dp_error = dp_error;
-        tevent_req_error(req, ret);
-        return;
-    }
-
-    /* state->name is still the name used for the original request. The cached
-     * object might have a different name, e.g. a fully-qualified name. */
-    ret = sysdb_get_real_name(state, state->domain, state->name, &cname);
-    if (ret != EOK) {
-        cname = state->name;
-        DEBUG(SSSDBG_OP_FAILURE, "Failed to canonicalize name, using [%s].\n",
-                                 cname);
+    if (ret == EOK || ret == ENOENT) {
+        /* state->name is still the name used for the original req. The cached
+         * object might have a different name, e.g. a fully-qualified name. */
+        ret = sysdb_get_real_name(state, state->domain, state->name, &cname);
+        if (ret != EOK) {
+            cname = state->name;
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "Failed to canonicalize name, using [%s].\n", cname);
+        }
     }
 
-    if (ret == ENOENT && state->noexist_delete == true) {
-        ret = sysdb_delete_user(state->domain, cname, 0);
-        if (ret != EOK && ret != ENOENT) {
+    switch (state->sdap_ret) {
+    case ENOENT:
+        if (state->noexist_delete == true) {
+            ret = sysdb_delete_user(state->domain, cname, 0);
+            if (ret != EOK && ret != ENOENT) {
+                tevent_req_error(req, ret);
+                return;
+            }
+        }
+        break;
+    case EOK:
+        ret = set_initgroups_expire_attribute(state->domain, cname);
+        if (ret != EOK) {
+            state->dp_error = DP_ERR_FATAL;
             tevent_req_error(req, ret);
             return;
         }
-    }
-
-    ret = set_initgroups_expire_attribute(state->domain, cname);
-    if (ret != EOK) {
-        state->dp_error = DP_ERR_FATAL;
+        break;
+    default:
+        state->dp_error = dp_error;
         tevent_req_error(req, ret);
         return;
     }