#1213 Warn to syslog when dereference requests fail
Closed: Fixed None Opened 10 years ago by jhrozek.

In some cases, the dereference search might fail - for example if the server incorrectly advertizes deref support or if the attribute we try to dereference is not a DN.

SSSD should fall back to individual lookups in this case. The hard part is picking the errors that would be non-fatal for the search. "Protocol error" and "Server refused to perform" might be a good start.

This is not really a bug in SSSD so much as a misconfiguration on the server. The original report was failing because someone had changed the OID on the LDAP member attribute so that it did not report as a DN.

We should just write a descriptive error message to the syslog in this case, so the administrator is aware that there is a problem on the LDAP server.

component: SSSD => LDAP Provider
milestone: NEEDS_TRIAGE => SSSD 1.9.0
owner: somebody => jhrozek
priority: major => minor
summary: If dereference failed, retry with individual lookups => Warn to syslog when dereference requests fail

Fields changed

keywords: => easyfix

Fields changed

owner: jhrozek => arielb
status: new => assigned

Fixed by:
- 02837b3 (master)
- f93b080 (sssd-1-8)

milestone: SSSD 1.9.0 => SSSD 1.9.0 beta 2
patch: 0 => 1
resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to arielb
- Issue set to the milestone: SSSD 1.9.0 beta 2

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2255

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.