From c487f42b91038106ed27dfca3d0d3d8d5a917f05 Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Aug 06 2013 14:19:14 +0000
Subject: sudo: print better debug message when a rule has multiple cn values


---

diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c
index 39ebbed..99a10db 100644
--- a/src/providers/ldap/sdap_sudo_cache.c
+++ b/src/providers/ldap/sdap_sudo_cache.c
@@ -68,7 +68,11 @@ sdap_save_native_sudorule(TALLOC_CTX *mem_ctx,
 
     ret = sysdb_attrs_get_string(attrs, map[SDAP_AT_SUDO_NAME].sys_name,
                                  &rule_name);
-    if (ret != EOK) {
+    if (ret == ERANGE) {
+        DEBUG(SSSDBG_OP_FAILURE, ("Warning: found rule that contains none "
+              "or multiple CN values. It will be skipped.\n"));
+        return ret;
+    } else if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Could not get rule name [%d]: %s\n",
               ret, strerror(ret)));
         return ret;