s3/ldap: don't continue if we couldn't get the domain info on startup

while some things work without the domain info, some important things don't,
which is highly irritating. As even calls like EnumTrustDom fail and
thus clients' domain logins fail we are sufficiently broken to refuse to go on.

Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Thu Aug 18 12:48:37 CEST 2011 on sn-devel-104

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 74dcceca4ee481daab38e863347c25e424d97481..8b6f07c025cf2707cc2ffac169b3f98841c413a5 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6576,13 +6576,10 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
                                               ldap_state->domain_name, True);
 
        if ( !NT_STATUS_IS_OK(nt_status) ) {
-               DEBUG(2, ("pdb_init_ldapsam: WARNING: Could not get domain "
-                         "info, nor add one to the domain\n"));
-               DEBUGADD(2, ("pdb_init_ldapsam: Continuing on regardless, "
-                            "will be unable to allocate new users/groups, "
-                            "and will risk BDCs having inconsistent SIDs\n"));
-               sid_copy(&ldap_state->domain_sid, get_global_sam_sid());
-               return NT_STATUS_OK;
+               DEBUG(0, ("pdb_init_ldapsam: WARNING: Could not get domain "
+                         "info, nor add one to the domain. "
+                         "We cannot work reliably without it.\n"));
+               return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
        }
 
        /* Given that the above might fail, everything below this must be