Learn more about these different git repos.
Other Git URLs
I see that sssd supports enabling referral support in libldap, but sssd doesn't seem to be registering a rebind callback (with ldap_set_rebind_proc) for libldap to use when it needs to bind to a new server.
If sssd doesn't do that, then referrals to other servers will be done anonymously, which I don't think is going to provide the desired results if sssd has been configured to authenticate to its primary server.
My personal preference would be for sssd to not depend on libldap's ability to chase referrals, but to queue up referral responses itself for following after processing results of the currently-executing search, and handling server binds directly as a part of that. That said, providing a callback may simply be more expedient.
A note of warning: beware of reintroducing CVE-2005-2069 when you're following referrals.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.4.0
owner: somebody => jhrozek
Raising priority to critical.
This issue is hitting Active Directory users particularly hard, since forests are almost always configured to require authentication for referrals.
priority: major => critical
owner: jhrozek => sbose
priority: critical => blocker
fixed by bfb9e9c
resolution: => fixed status: new => closed
rhbz: => 0
Metadata Update from @nalin: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.5.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1537
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.