Learn more about these different git repos.
Other Git URLs
We added support for the Simple Paged Search in ticket #658 and SSSD 1.5.8. When we did so, we chose to default to always requesting paged searches for all requests. However, it turns out that RFC 2696 does not mandate that the LDAP server supports more than one paging search at a time on the same connection. Some LDAP servers (notably 389 DS 1.2.9 and older) allow only a single paged search to be in progress on a request at one time. This results in receiving an error from LDAP that the server refuses to perform the operation. Once ticket #1201 is fixed, this will result in offline operation (right now it's misbehaving as if it received zero results). We need to avoid both of these events.
RFC 2696 does specify that if the result size being returned is smaller than the requested page size that the paging control should be ignored. This would mitigate the problem, but it appears that 389 DS also chooses to not ignore the control in this case.
In general, we need to find ways to minimize our usage of the paging control where available. I propose the following changes:
{{{[1]}}}: This will likely introduce apparent performance issues when performing initgroups() requests, since they will no longer be able to run in parallel. We must always assume that the user may belong to many groups.
{{{[2]}}}: I'm not 100% sure about this one. It's possible for a server to manually set its page size smaller than 500, though I doubt very many would do so. On the other hand, I can't come up with any ideas offhand for lookups of greater than a single entry that could not therefore result in a potentially-infinite set of results. So this may be a moot point.
Fields changed
status: new => assigned version: 1.8.0 beta 2 => 1.8.0 beta 3
milestone: NEEDS_TRIAGE => SSSD 1.8.0 (LTM)
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=796307
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=796307 796307]
blocking: => 1207
I have split this into two tickets. The mitigation pieces (1 and 2 above) will be resolved by this ticket. The more complete portion will be resolved in Ticket #1207
patch: 0 => 1
Fixed by: - 2f3ee3f (master) - 3828873 (sssd-1-8)
resolution: => fixed status: assigned => closed
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=782221 (Red Hat Enterprise Linux 5)
rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=796307 796307] => [https://bugzilla.redhat.com/show_bug.cgi?id=796307 796307], [https://bugzilla.redhat.com/show_bug.cgi?id=782221 782221]
Metadata Update from @sgallagh: - Issue assigned to sgallagh - Issue marked as blocked by: #1207 - Issue set to the milestone: SSSD 1.8.0 (LTM)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2244
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.