Learn more about these different git repos.
Other Git URLs
In some cases, the dereference search might fail - for example if the server incorrectly advertizes deref support or if the attribute we try to dereference is not a DN.
SSSD should fall back to individual lookups in this case. The hard part is picking the errors that would be non-fatal for the search. "Protocol error" and "Server refused to perform" might be a good start.
This is not really a bug in SSSD so much as a misconfiguration on the server. The original report was failing because someone had changed the OID on the LDAP member attribute so that it did not report as a DN.
We should just write a descriptive error message to the syslog in this case, so the administrator is aware that there is a problem on the LDAP server.
component: SSSD => LDAP Provider
milestone: NEEDS_TRIAGE => SSSD 1.9.0
owner: somebody => jhrozek
priority: major => minor
summary: If dereference failed, retry with individual lookups => Warn to syslog when dereference requests fail
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=799009
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=799009 799009]
keywords: => easyfix
owner: jhrozek => arielb
status: new => assigned
- 02837b3 (master)
- f93b080 (sssd-1-8)
milestone: SSSD 1.9.0 => SSSD 1.9.0 beta 2
patch: 0 => 1
resolution: => fixed
status: assigned => closed
Metadata Update from @jhrozek:
- Issue assigned to arielb
- Issue set to the milestone: SSSD 1.9.0 beta 2
to comment on this ticket.