#1258 SSSD should attempt to get the RootDSE after binding
Closed: Fixed None Opened 10 years ago by sgallagh.

In some situations, a server will disallow retrieving the RootDSE to an anonymous user (or one who is not using a sufficiently high SSF).

In those situations, we should continue as we do currently, binding with reasonable defaults, and then attempt again to retrieve the RootDSE, which may now be available to the properly-bound user.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0
type: enhancement => defect

Dropping back into NEEDS_TRIAGE. We may need to fix this sooner.

We have users of IPA following the instructions at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/disabling-anon-binds.html which results in the RootDSE being unavailable. This means that we cannot read the availability of the DEREF control into our id_ctx, and lookups are failing.

It seems to me that we need to solve this immediately.

milestone: SSSD 1.9.0 => NEEDS_TRIAGE

Fields changed

owner: somebody => jhrozek
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.8.3 (LTM)

Fields changed

patch: 0 => 1

Fixed by:
- 7070641 (master)
- dd639ef (sssd-1-8)

resolution: => fixed
status: assigned => closed

Metadata Update from @sgallagh:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.8.3 (LTM)

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2300

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.