#1194 when nesting limit is reached, the LDAP provider tries to establish link to members outside the nesting limit
Closed: Fixed None Opened 7 years ago by jhrozek.

When SSSD is processing nested group memberships, the back end keeps an array of parents group in LDAP for every group. However, it does save the parents group even when the LDAP nesting level is reached.

The effect is that we would save the deepest nesting level and then attempt to link it to its parents that we never downloaded because they are out of the allowed nesting. Luckily the code is robust so all we get is an error message. The memberships are saved correctly.


Fields changed

summary: when nesting limit is reached, the LDAP provider tries to save members outside the nestig limit => when nesting limit is reached, the LDAP provider tries to establish link to members outside the nestig limit

Fields changed

summary: when nesting limit is reached, the LDAP provider tries to establish link to members outside the nestig limit => when nesting limit is reached, the LDAP provider tries to establish link to members outside the nesting limit

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0
priority: major => minor

Fields changed

owner: somebody => mzidek
status: new => assigned

Fields changed

patch: 0 => 1

Fields changed

resolution: => fixed
status: assigned => closed

Fields changed

resolution: fixed =>
status: closed => reopened

Fields changed

description: When SSSD is processing nested group memberships, the back end keeps an array of parents group in LDAP for every group. However, it does save the parents group even when the LDAP nesting level is reached.

The effect is that we would save the deepest nesting level and then attempt to link it to its parents that we never downloaded because they are out of the allowed nesting. Luckily the code is robust so all we get is an error message. The memberships are saved correctly. => When SSSD is processing nested group memberships, the back end keeps an array of parents group in LDAP for every group. However, it does save the parents group even when the LDAP nesting level is reached.

The effect is that we would save the deepest nesting level and then attempt to link it to its parents that we never downloaded because they are out of the allowed nesting. Luckily the code is robust so all we get is an error message. The memberships are saved correctly.

mzidek's note: I closed this ticket by mistake, that's why the status is now "reopened".

fb5abb2
fixed in master

description: When SSSD is processing nested group memberships, the back end keeps an array of parents group in LDAP for every group. However, it does save the parents group even when the LDAP nesting level is reached.

The effect is that we would save the deepest nesting level and then attempt to link it to its parents that we never downloaded because they are out of the allowed nesting. Luckily the code is robust so all we get is an error message. The memberships are saved correctly.

mzidek's note: I closed this ticket by mistake, that's why the status is now "reopened". => When SSSD is processing nested group memberships, the back end keeps an array of parents group in LDAP for every group. However, it does save the parents group even when the LDAP nesting level is reached.

The effect is that we would save the deepest nesting level and then attempt to link it to its parents that we never downloaded because they are out of the allowed nesting. Luckily the code is robust so all we get is an error message. The memberships are saved correctly.
milestone: SSSD 1.9.0 => SSSD 1.9.0 RC1
resolution: => fixed
status: reopened => closed

Metadata Update from @jhrozek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.9.0 beta 7

2 years ago

Login to comment on this ticket.

Metadata