SSSD / sssd

Clone

#860 [RFE] SSSD should chase referrals explicitly
Closed: wontfix 4 years ago by pbrezina. Opened 12 years ago by sgallagh.

Closed: wontfix
Reopen Issue

Currently, we enable the internal referral-chasing feature of the openldap libraries for all searches. This means that the openldap libraries process the new connections automatically and return only the final results.

We should change the SSSD to trace referrals explicitly instead, for several reasons:

  1. The OpenLDAP upstream strongly advises against using the internal referral chasing feature.
  2. Using the internal referral feature results in much added complexity right now, as it requires us to jump through quite a few hoops to make sure that our mainloop is correctly monitoring all new file-descriptors.
  3. Due to recent changes to the openldap libraries to address a mutex issue, a bind requiring a referral (such as during authentication) no longer works properly with the internal referral-chasing, causing a regression in SSSD's behavior.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.7.0
priority: critical => minor

Related ticket: https://fedorahosted.org/sssd/ticket/875

User had trouble doing password changes because the operation was referred from a read-only replica.

Raising the priority on this to major. This should not be deferred.

priority: minor => major

Fields changed

milestone: SSSD 1.8.0 => SSSD 1.7.0
priority: major => critical

Fields changed

rhbz: =>
summary: SSSD should chase referrals explicitly => [RFE] SSSD should chase referrals explicitly
type: defect => enhancement

Fields changed

milestone: SSSD 1.7.0 => Referrals

Fields changed

rhbz: => 0

Please also see the following discussion on the list to make sure additional test cases and scenarios are considered https://fedorahosted.org/pipermail/sssd-devel/2012-March/009002.html

blockedby: =>
blocking: =>
feature_milestone: =>

Red Hat bugzilla :: https://bugzilla.redhat.com/show_bug.cgi?id=741264

design: =>
design_review: => 0
fedora_test_page: =>
selected: =>

Fields changed

cc: => jkt@flaska.net
changelog: =>
review: => 0

Metadata Update from @sgallagh:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD Referrals Feature
7 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from 0)
- Custom field patch reset (from 0)
- Custom field review reset (from 0)
- Custom field testsupdated reset (from 0)
- Issue close_status updated to: None
- Issue set to the milestone: SSSD Patches welcome (was: SSSD Referrals Feature)
5 years ago

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

Metadata Update from @pbrezina:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)
4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1902

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
critical
enhancement
LDAP Provider
1.5.7
None
false
false
0
false
false
None
Regression
None
None
None
None
None
jkt@flaska.net
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.