Ticket #1155 (closed defect: wontfix)

Opened 3 years ago

Last modified 3 years ago

SSSD should set up multiple search bases for multiple namingContexts entries

Reported by: sgallagh Owned by: somebody
Priority: major Milestone: void
Component: LDAP Provider Version: 1.7.0
Keywords: Cc:
Blocked By: Blocking:
Tests Updated: no Coverity Bug:
Patch Submitted: no Red Hat Bugzilla: 784984
Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:
Temp mark:

Description

Currently, SSSD cannot handle the existence of multiple namingContexts entries in the RootDSE without a corresponding defaultNamingContext attribute telling it which one it should use.

This is done for historical reasons, before we supported multiple search bases. We should update this code to generate a multiple search base for missing ldap_*_search_base entries.

Change History

comment:1 Changed 3 years ago by sgallagh

  • Red Hat Bugzilla set to [https://bugzilla.redhat.com/show_bug.cgi?id=784984 784984]

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=784984

comment:2 Changed 3 years ago by sgallagh

  • Status changed from new to closed
  • Resolution set to wontfix

After lengthy discussion with Simo, I've been convinced that this is an unsafe idea. We will instead simply disable features whose bases are not available with a warning.

comment:3 Changed 3 years ago by sgallagh

  • Blocked By 1152 deleted

(In #1152) Ok, a third and better option was proposed by Simo on IRC.

Instead of failing if we cannot auto-detect a search base, we will simply disable LDAP lookups for any feature (sudo, services, etc.) for which we do not have a search base set. We'll do this by leaving the ldap_*_search_base as NULL and carefully checking for it at the start of any relevant lookup requests (we'll just return ENOENT and log a warning message at level zero).

comment:7 Changed 3 years ago by simo

  • Milestone changed from NEEDS_TRIAGE to void
Note: See TracTickets for help on using tickets.