In some situations, a server will disallow retrieving the RootDSE to an anonymous user (or one who is not using a sufficiently high SSF).
In those situations, we should continue as we do currently, binding with reasonable defaults, and then attempt again to retrieve the RootDSE, which may now be available to the properly-bound user.
milestone: NEEDS_TRIAGE => SSSD 1.9.0
type: enhancement => defect
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=805924
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=805924 805924]
Dropping back into NEEDS_TRIAGE. We may need to fix this sooner.
We have users of IPA following the instructions at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/disabling-anon-binds.html which results in the RootDSE being unavailable. This means that we cannot read the availability of the DEREF control into our id_ctx, and lookups are failing.
It seems to me that we need to solve this immediately.
milestone: SSSD 1.9.0 => NEEDS_TRIAGE
owner: somebody => jhrozek
status: new => assigned
milestone: NEEDS_TRIAGE => SSSD 1.8.3 (LTM)
patch: 0 => 1
- 7070641527c4bf94f77a3756ba24824cf664b959 (master)
- dd639efc0d13512b837cfaad3d8e61f596f89be2 (sssd-1-8)
resolution: => fixed
status: assigned => closed
Metadata Update from @sgallagh:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.8.3 (LTM)
to comment on this ticket.
Copyright © 2014-2017 Red Hat
2.15.1 — Documentation