42bd89d IPA: Retry fetching keytab if IPA user lookup fails

Authored and Committed by jhrozek 5 years ago
    IPA: Retry fetching keytab if IPA user lookup fails
    
    Required for:
        https://fedorahosted.org/sssd/ticket/2639
    
    Instead of calling ipa_get_ad_acct_send directly, call a new request
    ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and
    either tries to request a new keytab every time the lookup fails but the
    domain is online.
    
    be_mark_dom_offline() is called when the retry fails with the new code.
    
    The retry tries to re-setup the trusted domain. With two-way setups, the
    request is a no-op. With one-way trust setups, the request re-fetches
    new keytab unconditionally.
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
    
        
file modified
+0 -9