Ticket #3814 (closed defect: fixed)

Opened 9 months ago

Last modified 9 months ago

Ignore referrals when converting to LDAPEntry

Reported by: tbabej Owned by: tbabej
Priority: major Milestone: FreeIPA 3.3 - 2013/07
Component: IPA Version:
Keywords: Cc:
Blocked By: Blocking:
Affects Documentation: no Patch posted for review: yes
Red Hat Bugzilla: 0 Patch review by:
External tracker: Design link:
Needs UI design: Fedora test page:
Feature: Source:
Expertise:
Release Notes:

Description

LDAP server (in this case AD DC) can return referrals. Our wrapper around python-ldap is not ready for that and fails which leads to dubious errors like this.

This can cause a regression like this one:

[root@vm-155 yum.repos.d]# ipa group-add-member ad_admins_external --external 'AD\Domain Admins'
[member user]: 
[member group]: 
  Group name: ad_admins_external
  Description: ad admins external map
  Failed members: 
    member user: 
    member group: AD\Domain Admins: trusted domain object not found

Debugging shows that the command fails due to the referral entry, which is not of the form (dn, attrs) but of the form (None, referred_ldap_uri).

[Wed Jul 24 23:11:00.095849 2013] [:error] [pid 29973] ipa: INFO: raw ldap result : [('CN=Domain Admins,CN=Users,DC=AD,DC=EXAMPLE,DC=COM', {'objectSid': ['\\x01\\x05\\x00\\x00\\x00\\x00\\x00\\x05\\x15\\x00\\x00\\x00\\xf8(\\x80\\xbd\\xa2Xb\\x93\\x18!\\xa7T\\x00\\x02\\x00\\x00']})]
[Wed Jul 24 23:11:00.101747 2013] [:error] [pid 29973] ipa: INFO: raw ldap result : [(None, ['ldap://ForestDnsZones.AD.EXAMPLE.COM/DC=ForestDnsZones,DC=AD,DC=EXAMPLE,DC=COM'])]
[Wed Jul 24 23:11:00.104495 2013] [:error] [pid 29973] ipa: ERROR: non-public: TypeError: must be str,unicode,tuple, or RDN, got NoneType instead
[Wed Jul 24 23:11:00.104928 2013] [:error] [pid 29973] ipa: INFO: admin@IPATEST.EXAMPLE.COM: group_add_member(u'ad_admins_external', ipaexternalmember=(u'AD\\\\Domain Admins',), all=False, raw=False, version=u'2.62', no_members=False): TypeError

Change History

comment:1 Changed 9 months ago by tbabej

  • Owner changed from someone to tbabej
  • Status changed from new to assigned
  • Patch posted for review set

comment:2 Changed 9 months ago by mkosek

  • Red Hat Bugzilla set to 0
  • Milestone changed from 0.0 NEEDS_TRIAGE to 2013 Month 07 - July (3.3)

Regression in 3.3 development, moving to appropriate milestone.

comment:3 Changed 9 months ago by mkosek

  • Status changed from assigned to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.