Learn more about these different git repos.
Other Git URLs
In some cases, the dereference search might fail - for example if the server incorrectly advertizes deref support or if the attribute we try to dereference is not a DN.
SSSD should fall back to individual lookups in this case. The hard part is picking the errors that would be non-fatal for the search. "Protocol error" and "Server refused to perform" might be a good start.
This is not really a bug in SSSD so much as a misconfiguration on the server. The original report was failing because someone had changed the OID on the LDAP member attribute so that it did not report as a DN.
We should just write a descriptive error message to the syslog in this case, so the administrator is aware that there is a problem on the LDAP server.
component: SSSD => LDAP Provider milestone: NEEDS_TRIAGE => SSSD 1.9.0 owner: somebody => jhrozek priority: major => minor summary: If dereference failed, retry with individual lookups => Warn to syslog when dereference requests fail
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=799009
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=799009 799009]
Fields changed
keywords: => easyfix
owner: jhrozek => arielb status: new => assigned
Fixed by: - 02837b3 (master) - f93b080 (sssd-1-8)
milestone: SSSD 1.9.0 => SSSD 1.9.0 beta 2 patch: 0 => 1 resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to arielb - Issue set to the milestone: SSSD 1.9.0 beta 2
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2255
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.