From 3319d964721396c07daba383ded6aaaf33ed6e3b Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Sep 14 2016 09:11:38 +0000
Subject: LDAP: Return partial results from adminlimit exceeded


Resolves:
    https://fedorahosted.org/sssd/ticket/3185

Since commit c420ce830ac0b0b288a2a887ec2cfce5c748018c we try to move to
the next server on any error on the connection, which in case there is
only one server sends SSSD offline.

It's more graceful to try to process the results, same as we already do
with sizelimit exceeded.

Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

---

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index e9ce2d5..f374112 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -1526,7 +1526,8 @@ static void sdap_get_generic_op_finished(struct sdap_op *op,
                   sss_ldap_err2string(result), result,
                   errmsg ? errmsg : "no errmsg set");
 
-        if (result == LDAP_SIZELIMIT_EXCEEDED) {
+        if (result == LDAP_SIZELIMIT_EXCEEDED
+                || result == LDAP_ADMINLIMIT_EXCEEDED) {
             /* Try to return what we've got */
 
             if ( ! (state->flags & SDAP_SRCH_FLG_SIZELIMIT_SILENT)) {