Ticket #1258 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

SSSD should attempt to get the RootDSE after binding

Reported by: sgallagh Owned by: jhrozek
Priority: major Milestone: SSSD 1.8.3 (LTM)
Component: LDAP Provider Version: 1.8.1
Keywords: Cc:
Blocked By: Blocking:
Sensitive: Tests Updated: no
Coverity Bug: Patch Submitted: yes
Red Hat Bugzilla: 805924 Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:
Temp mark:


In some situations, a server will disallow retrieving the RootDSE to an anonymous user (or one who is not using a sufficiently high SSF).

In those situations, we should continue as we do currently, binding with reasonable defaults, and then attempt again to retrieve the RootDSE, which may now be available to the properly-bound user.

Change History

comment:1 Changed 5 years ago by dpal

  • Type changed from enhancement to defect
  • Milestone changed from NEEDS_TRIAGE to SSSD 1.9.0

comment:2 Changed 5 years ago by dpal

  • Red Hat Bugzilla set to [https://bugzilla.redhat.com/show_bug.cgi?id=805924 805924]

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=805924

comment:3 Changed 5 years ago by sgallagh

  • Milestone changed from SSSD 1.9.0 to NEEDS_TRIAGE

Dropping back into NEEDS_TRIAGE. We may need to fix this sooner.

We have users of IPA following the instructions at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/disabling-anon-binds.html which results in the RootDSE being unavailable. This means that we cannot read the availability of the DEREF control into our id_ctx, and lookups are failing.

It seems to me that we need to solve this immediately.

comment:4 Changed 5 years ago by jhrozek

  • Owner changed from somebody to jhrozek
  • Status changed from new to assigned

comment:5 Changed 5 years ago by dpal

  • Milestone changed from NEEDS_TRIAGE to SSSD 1.8.3 (LTM)

comment:6 Changed 5 years ago by jhrozek

  • Patch Submitted set

comment:7 Changed 5 years ago by sgallagh

  • Status changed from assigned to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.