Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When ldap_sasl_minssf is assigned large values, appropriate error message should be logged sssd_DOMAIN log #2464

Closed
sssd-bot opened this issue May 2, 2020 · 0 comments
Closed

When ldap_sasl_minssf is assigned large values, appropriate error message should be logged sssd_DOMAIN log #2464

sssd-bot opened this issue May 2, 2020 · 0 comments
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1422

https://bugzilla.redhat.com/show_bug.cgi?id=825837 (Red Hat Enterprise Linux 6)

Description of problem:
When sssd.conf is configured with ldap_sasl_minssf = 999 (high values), user
lookups via sssd should display error message. An "Unknown authentication
method" error message should be logged in sssd domain log file which is not
happening s390x and ppc64 architectures. However, user lookups using ldapsearch
command displays proper error message.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Setup sssd client as given below:

[sssd]
config_file_version = 2
sbus_timeout = 30
services = nss, pam
domains = LDAP-KRB5

[nss]
filter_groups = root
filter_users = root
debug_level=0xFFF0

[pam]

[domain/LDAP-KRB5]
debug_level=0xFFF0
id_provider = ldap
ldap_uri = ldap://URI
ldap_search_base = dc=example,dc=com
auth_provider = krb5
krb5_server = <KRB-SERVER>
krb5_realm = EXAMPLE.COM
ldap_sasl_mech = GSSAPI
ldap_sasl_authid = host/<client>
ldap_sasl_minssf=999

2. Clear the cache and restart SSSD service

3. Verify if ldap user lookup works fine without any error by running the below
command:
   # id ldapuser
   uid=1001(ldapuser) gid=1001 groups=1001

4. Now, run ldapsearch against the same user, as given below:
   # ldapsearch -Y GSSAPI -h <ldap-server> -b "dc=example,dc=com" -O minssf=999
uid=ldapuser
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available: No worthy mechs
found

Actual results:
Following error message is not logged in the sssd_DOMAIN.log file:
"ldap_sasl_bind failed (-6)[Unknown authentication method]"

At the same time, ldapsearch command displays appropriate error message for the
same user.

Expected results:
Appropriate error message in the sssd_DOMAIN.log file.

Comments

Comment from sgallagh at 2012-07-16 15:14:42

Fields changed

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
patch: 0 => 1
tests: => 0
testsupdated: => 0
upgrade: => 0

Comment from jhrozek at 2012-07-18 13:05:02

Patch is on list, can be moved to beta 5, due today.

milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 5

Comment from jhrozek at 2012-07-18 13:15:47

master: bc76428

resolution: => fixed
status: new => closed

Comment from sgallagh at 2017-02-24 14:35:21

Metadata Update from @sgallagh:
@sssd-bot sssd-bot added Bugzilla Closed: Fixed Issue was closed as fixed. labels May 2, 2020
@sssd-bot sssd-bot closed this as completed May 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sssd-bot