#1258 SSSD should attempt to get the RootDSE after binding

Created 5 years ago by sgallagh
Modified 11 months ago

In some situations, a server will disallow retrieving the RootDSE to an anonymous user (or one who is not using a sufficiently high SSF).

In those situations, we should continue as we do currently, binding with reasonable defaults, and then attempt again to retrieve the RootDSE, which may now be available to the properly-bound user.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0
type: enhancement => defect

Dropping back into NEEDS_TRIAGE. We may need to fix this sooner.

We have users of IPA following the instructions at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/disabling-anon-binds.html which results in the RootDSE being unavailable. This means that we cannot read the availability of the DEREF control into our id_ctx, and lookups are failing.

It seems to me that we need to solve this immediately.

milestone: SSSD 1.9.0 => NEEDS_TRIAGE

Fields changed

owner: somebody => jhrozek
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.8.3 (LTM)

Fields changed

patch: 0 => 1

Fixed by:
- 7070641 (master)
- dd639ef (sssd-1-8)

resolution: => fixed
status: assigned => closed

11 months ago

Metadata Update from @sgallagh:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.8.3 (LTM)

Login to comment on this ticket.


LDAP Provider