SSSD should set up multiple search bases for multiple namingContexts entries #2197
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1155
Currently, SSSD cannot handle the existence of multiple namingContexts entries in the RootDSE without a corresponding defaultNamingContext attribute telling it which one it should use.
This is done for historical reasons, before we supported multiple search bases. We should update this code to generate a multiple search base for missing {{{ldap_*_search_base}}} entries.
Comments
Comment from sgallagh at 2012-01-26 21:31:23
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=784984
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=784984 784984]
Comment from sgallagh at 2012-01-26 21:59:53
After lengthy discussion with Simo, I've been convinced that this is an unsafe idea. We will instead simply disable features whose bases are not available with a warning.
resolution: => wontfix
status: new => closed
Comment from sgallagh at 2012-01-26 22:02:00
(In #1152) Ok, a third and better option was proposed by Simo on IRC.
Instead of failing if we cannot auto-detect a search base, we will simply disable LDAP lookups for any feature (sudo, services, etc.) for which we do not have a search base set. We'll do this by leaving the {{{ldap_*_search_base}}} as NULL and carefully checking for it at the start of any relevant lookup requests (we'll just return ENOENT and log a warning message at level zero).
blockedby: 1152 =>
Comment from simo at 2012-03-08 15:25:48
Fields changed
milestone: NEEDS_TRIAGE => void
Comment from sgallagh at 2017-02-24 14:45:01
Metadata Update from @sgallagh:
The text was updated successfully, but these errors were encountered: