Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
Apq
/
389-ds-base
mirror de https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Ficheiros Problemas 0 Wiki
Ver Fonte

Ticket 620 - Better logging of error messages for 389-ds-base

    Bug Description:  In a replication environment, if you have one master set with
                      passwordIsGlobalpolicy to on, and another master does not, then
                      the password policy updates are rejected.  However, there is no
                      clear logging to tell you why the operatoin was rejected.

    Fix Description:  Write a clear message in the error log stating what was the cause
                      of the failure.

    https://fedorahosted.org/389/ticket/620

    Reviewed by: nhosoi & nkinder (Thanks!!)
Mark Reynolds há 12 anos atrás
pai
ac8ceb91e4
commit
a4c4daaa54
1 ficheiros alterados com 28 adições e 18 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 28 18
      ldap/servers/slapd/modify.c

+ 28 - 18
ldap/servers/slapd/modify.c
Ver Ficheiro 

@@ -128,22 +128,22 @@ static struct attr_value_check {
 
 void
 
 do_modify( Slapi_PBlock *pb )
 
 {
 
-	Slapi_Operation *operation;
 
-	BerElement			*ber;
 
-	char				*last, *type = NULL;
 
-	ber_tag_t			tag;
 
-	ber_len_t			len;
 
-	LDAPMod				*mod;
 
-	LDAPMod				**mods;
 
-	Slapi_Mods			smods;
 
-	int				err;
 
-	int				pw_change = 0; 	/* 0= no password change */
 
-	int				ignored_some_mods = 0;
 
-	int				has_password_mod = 0; /* number of password mods */
 
-	char				*old_pw = NULL;	/* remember the old password */
 
-	char				*rawdn = NULL;
 
-	int				minssf_exclude_rootdse = 0;
 
-	LDAPMod         **normalized_mods = NULL;
 
+	Slapi_Operation	*operation;
 
+	Slapi_Mods	smods;
 
+	BerElement	*ber;
 
+	ber_tag_t	tag;
 
+	ber_len_t	len;
 
+	LDAPMod		**normalized_mods = NULL;
 
+	LDAPMod		*mod;
 
+	LDAPMod		**mods;
 
+	char		*last, *type = NULL;
 
+	char		*old_pw = NULL;	/* remember the old password */
 
+	char		*rawdn = NULL;
 
+	int		minssf_exclude_rootdse = 0;
 
+	int		ignored_some_mods = 0;
 
+	int		has_password_mod = 0; /* number of password mods */
 
+	int		pw_change = 0; 	/* 0 = no password change */
 
+	int		err;
 
 
 	LDAPDebug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 );
 
 
@@ -291,8 +291,10 @@ do_modify( Slapi_PBlock *pb )
 
 		/* check if user is allowed to modify the specified attribute */
 
 		if (!op_shared_is_allowed_attr (mod->mod_type, pb->pb_conn->c_isreplication_session))
 
 		{
 
-            /* for now we just ignore attributes that client is not allowed
 
-               to modify so not to break existing clients */
 
+			/*
 
+			 * For now we just ignore attributes that client is not allowed
 
+			 * to modify so not to break existing clients
 
+			 */
 
 			++ignored_some_mods;
 
 			ber_bvecfree(mod->mod_bvalues);
 
 			slapi_ch_free((void **)&(mod->mod_type));
 
@@ -310,6 +312,14 @@ do_modify( Slapi_PBlock *pb )
 
 	}
 
 
 	if (ignored_some_mods && (0 == smods.num_elements)) {
 
+		if(pb->pb_conn->c_isreplication_session){
 
+		   int connid, opid;
 
+		   slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
 
+		   slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
 
+		   LDAPDebug( LDAP_DEBUG_ANY,"Rejecting replicated password policy operation(conn=%d op=%d) for "
 
+				   "entry %s.  To allow these changes to be accepted, set passwordIsGlobalPolicy to 'on' in "
 
+				   "cn=config.\n", connid, opid, rawdn);
 
+		}
 
 		send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL );
 
 		goto free_and_return;
 
 	}