[autobackport: sssd-2-13] sdap: let callers mark SSSD as offline if kinit fails

[sssd-bot]

This is an automatic backport of PR#8675 sdap: let callers mark SSSD as offline if kinit fails to branch sssd-2-13, created by @pbrezina.

Please make sure this backport is correct.

Note

The commits were cherry-picked without conflicts.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr8675-to-sssd-2-13
git checkout SSSD-sssd-backport-pr8675-to-sssd-2-13
git push sssd-bot SSSD-sssd-backport-pr8675-to-sssd-2-13 --force

---

Original commits
c5b631e - sdap: let callers mark SSSD as offline if kinit fails

Backported commits

• 805235a - sdap: let callers mark SSSD as offline if kinit fails

---

Original Pull Request Body

The callers expected that ret == EIO and can_retry == false to bring
SSSD to an offline state.

[gemini-code-assist]

Code Review

This pull request modifies the LDAP provider's connection handling to ensure SSSD enters an offline state upon failing to obtain a Kerberos TGT by setting the retry flag to false and returning an EIO error. It also introduces new system tests to validate that SSSD correctly transitions to offline status when Kerberos or LDAP services are unreachable. I have no feedback to provide.

[sumit-bose]

Hi,

backport and original patch match, ACK.

bye,
Sumit

[sssd-bot]

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

---

🟢 rpm-build:centos-stream-10-x86_64:upstream (success)
🟢 rpm-build:fedora-42-x86_64:upstream (success)
🟢 rpm-build:fedora-43-x86_64:upstream (success)
🟢 rpm-build:fedora-44-x86_64:upstream (success)
🟢 rpm-build:fedora-rawhide-x86_64:upstream (success)
🟢 Build / freebsd (success)
🟢 Build / make-distcheck (success)

---

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.