Learn more about these different git repos.
Other Git URLs
Unless the ldap_*_entry_usn options are manually specified in the sssd.conf, the first request after the LDAP provider startup will not be saved with a valid entryUSN in any cache entries it touches.
The reason for this is that we autodetect the USN scheme available during the RootDSE lookup on the first connection. The problem with this is that the RootDSE request occurs AFTER we've already specified the set of attributes we're requesting from the LDAP server using the {{{build_attrs_from_map()}}} routine.
This only affects requests that are started prior to the first query of the RootDSE. All subsequent requests are handled properly.
This does mean that if enumeration is enabled on this domain, it will result in TWO full enumeration passes, rather than just one (because the second pass will not be able to compare against nonexistent entryUSN values in the sysdb).
As near as I can tell, this has been an undetected issue for many releases, so I'm setting the priority to minor.
Reducing priority further. I discovered that it does NOT in fact affect enumerations (because we set up the attributes for the user and group enumerations after the RootDSE). Since the lastUSN value isn't used for anything in the non-enumeration cases, I'm dropping the prioriy to trivial and tossing this in the deferred milestone.
component: SSSD => LDAP Provider milestone: NEEDS_TRIAGE => SSSD Deferred priority: minor => trivial
Fields changed
rhbz: => 0
I would just close this ticket since as far as I know lastUSN is used correctly.
changelog: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: => 0 review: => 1 selected: => sensitive: => 0
resolution: => worksforme status: new => closed
Metadata Update from @sgallagh: - Issue set to the milestone: SSSD Patches welcome
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2199
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.