ldap_group_type should be string and not integer

[tobias-gruenewald]

We have the following line in our sssd.conf:
ldap_group_type = groupType

This leads to an error message (e.g. when running authconfig):
TypeError: Expected <type 'int'> for ldap_group_type, received <type 'str'>

The manpage actually states that an integer is required, but at the same time describes the value of this parameter as follows:

       ldap_group_type (integer)
           The LDAP attribute that contains an integer value indicating the type of the group and maybe other flags.

           This attribute is currently only used by the AD provider to determine if a group is a domain local groups and has to be filtered out for trusted domains.

           Default: groupType in the AD provider, otherwise not set

So the default value for AD provider is actually a string ("groupType") and the description also implies a string, as LDAP attribute names are rarely integers. The content of the LDAP attribute indeed should be a integer, but not the attribute name itself.

This is observed with SSSD version 1.16.5 on CentOS but I think the current code branch still has the same issue.

[sumit-bose]

Hi,

thanks for the report. It looks like the man page entry is already fixed https://github.com/SSSD/sssd/blob/master/src/man/sssd-ldap-attributes.5.xml#L742 .

But the python API used by authconfig still has int (https://github.com/SSSD/sssd/blob/master/src/config/etc/sssd.api.d/sssd-ldap.conf#L105 , https://github.com/SSSD/sssd/blob/master/src/config/etc/sssd.api.d/sssd-ad.conf#L120 , https://github.com/SSSD/sssd/blob/master/src/config/etc/sssd.api.d/sssd-ipa.conf#L111 ).

I wonder if you would be interested to send a pull-request to fix this?

bye,
Sumit

[tobias-gruenewald]

Hi,

thanks for the report. It looks like the man page entry is already fixed https://github.com/SSSD/sssd/blob/master/src/man/sssd-ldap-attributes.5.xml#L742 .

But the python API used by authconfig still has int (https://github.com/SSSD/sssd/blob/master/src/config/etc/sssd.api.d/sssd-ldap.conf#L105 , https://github.com/SSSD/sssd/blob/master/src/config/etc/sssd.api.d/sssd-ad.conf#L120 , https://github.com/SSSD/sssd/blob/master/src/config/etc/sssd.api.d/sssd-ipa.conf#L111 ).

I wonder if you would be interested to send a pull-request to fix this?

bye,
Sumit

Hi Sumit,

I am not sure if I did this correctly. My experiences with code management in GitHub are very limited.
Also I just found out that every reference to this bug report in a commit is spammed here, that was not my intention.
Apparently it would have been sufficient to add this to the comment of the pull request.

Best regards,
Tobias

[pbrezina]

Fixed by 2786071