GPO: Improve logging of GPO security filtering
GPO security filtering is as critical as the actual logon policy rights
checking. Administrators should not only be able to figure out, why GPO
access check granted or denied a user login, but also why a GPO access
check was not performed due to security filtering.
GPO access check can be logged using debug level Function Data, whereas GPO
security filtering can only be logged with lowest level tracing.
- Debug the main security filtering activities on level Function Data
- Debug missing security descriptor as minor failure, because it terminates
GPO security filtering.
Resolves:
https://pagure.io/SSSD/sssd/issue/3324
Signed-off-by: REIM THOMAS <reimth@gmail.com>
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>