Merge pull request #434 from sallyom/bug1802719

Bug 1838838: oc adm group sync - search outside base dn warning - RFC 2307
openshift · May 25, 2020 · b7ee856 · b7ee856
2 parents 44354e2 + acefd90
commit b7ee856
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/pkg/helpers/groupsync/rfc2307/ldapinterface.go b/pkg/helpers/groupsync/rfc2307/ldapinterface.go
@@ -6,6 +6,7 @@ import (
 	"gopkg.in/ldap.v2"
 
 	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/klog"
 
 	"github.com/openshift/library-go/pkg/security/ldapclient"
 	ldapquery "github.com/openshift/library-go/pkg/security/ldapquery"
@@ -94,6 +95,12 @@ func (e *LDAPInterface) ExtractMembers(ldapGroupUID string) ([]*ldap.Entry, erro
 			continue
 		}
 
+		if ldapquery.IsQueryOutOfBoundsError(err) {
+			// Ignore OutOfBounds and continue, don't return or handle error here to allow for extracting other members
+			klog.Infof("membership lookup for user %q in group %q skipped because of %q", ldapGroupUID, ldapMemberUID, err.Error())
+			continue
+		}
+
 		err = syncerror.NewMemberLookupError(ldapGroupUID, ldapMemberUID, err)
 		handled, fatalErr := e.errorHandler.HandleError(err)
 		if fatalErr != nil {