From 800d24dccbf655b2c65521727256c4e6c4a540d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 30 May 2019 12:51:47 +0200 Subject: [PATCH 40/44] ad: set enabled=false attribute for subdomains that no longer exists Only forest root domain needs to be disabled because it has to be available for other tasks. All other non-root domains are removed from cache completely so it does not make sense for them. Resolves: https://pagure.io/SSSD/sssd/issue/4009 Reviewed-by: Sumit Bose (cherry picked from commit 6882bc5f5c8805abff3511d55c0ed60cad84faab) --- src/providers/ad/ad_subdomains.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index a3906e994..57438fdd5 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -696,6 +696,13 @@ static errno_t ad_subdomains_refresh(struct be_ctx *be_ctx, if (sss_domain_is_forest_root(dom)) { DEBUG(SSSDBG_TRACE_ALL, "Skipping removal of forest root sdap data.\n"); + + ret = sysdb_domain_set_enabled(dom->sysdb, dom->name, false); + if (ret != EOK && ret != ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, "Unable to disable domain %s " + "[%d]: %s\n", dom->name, ret, sss_strerror(ret)); + goto done; + } continue; } @@ -864,6 +871,12 @@ static errno_t ad_subdomains_process(TALLOC_CTX *mem_ctx, } else { DEBUG(SSSDBG_TRACE_FUNC, "Disabling forest root domain %s\n", root_name); + ret = sysdb_domain_set_enabled(domain->sysdb, root_name, false); + if (ret != EOK && ret != ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, "Unable to disable domain %s " + "[%d]: %s\n", root_name, ret, sss_strerror(ret)); + goto fail; + } } } -- 2.20.1