Ticket #1258 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

SSSD should attempt to get the RootDSE after binding

Reported by: sgallagh Owned by: jhrozek
Priority: major Milestone: SSSD 1.8.3 (LTM)
Component: LDAP Provider Version: 1.8.1
Keywords: Cc:
Blocked By: Blocking:
Tests Updated: no Coverity Bug:
Patch Submitted: yes Red Hat Bugzilla: 805924
Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:

Description

In some situations, a server will disallow retrieving the RootDSE to an anonymous user (or one who is not using a sufficiently high SSF).

In those situations, we should continue as we do currently, binding with reasonable defaults, and then attempt again to retrieve the RootDSE, which may now be available to the properly-bound user.

Change History

comment:1 Changed 2 years ago by dpal

  • Milestone changed from NEEDS_TRIAGE to SSSD 1.9.0
  • Type changed from enhancement to defect

comment:2 Changed 2 years ago by dpal

  • Red Hat Bugzilla set to [https://bugzilla.redhat.com/show_bug.cgi?id=805924 805924]

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=805924

comment:3 Changed 2 years ago by sgallagh

  • Milestone changed from SSSD 1.9.0 to NEEDS_TRIAGE

Dropping back into NEEDS_TRIAGE. We may need to fix this sooner.

We have users of IPA following the instructions at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/disabling-anon-binds.html which results in the RootDSE being unavailable. This means that we cannot read the availability of the DEREF control into our id_ctx, and lookups are failing.

It seems to me that we need to solve this immediately.

comment:4 Changed 2 years ago by jhrozek

  • Owner changed from somebody to jhrozek
  • Status changed from new to assigned

comment:5 Changed 2 years ago by dpal

  • Milestone changed from NEEDS_TRIAGE to SSSD 1.8.3 (LTM)

comment:6 Changed 2 years ago by jhrozek

  • Patch Submitted set

comment:7 Changed 2 years ago by sgallagh

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.