Fields changed

description: {{{
(Tue Jan 24 15:30:20 2012) [sssd[be[EXAMPLE.COM]]] [sysdb_search_users]
(0x0400): Search users with filter:
(&(objectclass=user)(originalDN=CN=U329266,OU=site,OU=Users,OU=Accounts,DC=example,DC=com))
(Tue Jan 24 15:30:20 2012) [sssd[be[EXAMPLE.COM]]] [sysdb_search_users]
(0x0400): No such entry
(Tue Jan 24 15:30:20 2012) [sssd[be[EXAMPLE.COM]]] [sysdb_attrs_primary_name]
(0x0020): Could not determine primary name: [22][Invalid argument]
(Tue Jan 24 15:30:20 2012) [sssd[be[EXAMPLE.COM]]]
[sdap_nested_group_populate_users] (0x0020): User entry 7 has no name attribute
}}}

In this case, we are talking to an Active Directory server that had some entries in its search filter that were missing the msSFU30Name attribute. When we were processing a group that contained this user, we would encounter the "Could not determine primary name: [22][Invalid argument]" error and fail. The proper behaviour should be to skip incomplete POSIX entries. => {{{
(Tue Jan 24 15:30:20 2012) [sssd[be[EXAMPLE.COM]]] [sysdb_search_users]
(0x0400): Search users with filter:
(&(objectclass=user)(originalDN=CN=U329266,OU=site,OU=Users,OU=Accounts,DC=example,DC=com))
(Tue Jan 24 15:30:20 2012) [sssd[be[EXAMPLE.COM]]] [sysdb_search_users]
(0x0400): No such entry
(Tue Jan 24 15:30:20 2012) [sssd[be[EXAMPLE.COM]]] [sysdb_attrs_primary_name]
(0x0020): Could not determine primary name: [22][Invalid argument]
(Tue Jan 24 15:30:20 2012) [sssd[be[EXAMPLE.COM]]]
[sdap_nested_group_populate_users] (0x0020): User entry 7 has no name attribute
}}}

In this case, we are talking to an Active Directory server that had some entries in its search filter that were missing the msSFU30Name attribute. When we were processing a group that contained this user, we would encounter the {{{"Could not determine primary name: [22][Invalid argument]"}}} error and fail. The proper behaviour should be to skip incomplete POSIX entries.
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=735827 735827]

IIRC group entries are filtered on the server side. Perhaps modifying filter for users in the same way could do the trick.

Modifying the filter is probably the easiest approach to this, yes. We need to be aware that RFC2307bis may need some extra care, though.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.8.0 (LTM)
priority: major => critical

Fields changed

owner: somebody => sgallagh
status: new => assigned

Removing link to incorrect Bugzilla

rhbz: [https://bugzilla.redhat.com/show_bug.cgi?id=735827 735827] =>

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=791208

rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=791208 791208]

Fixed by:
- 477cb03 (master)
- 42a3cee (sssd-1-8)

patch: 0 => 1
resolution: => fixed
status: assigned => closed

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2211

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.