#1660 LDAP_CONTROL_X_DEREF: sssd should fallback if server returns LDAP_UNAVAILABLE_CRITICAL_EXTENSION error
Closed: Fixed None Opened 6 years ago by ralf.

Based on the supportedControls value of the RootDSE sssd decides whether to use the LDAP_CONTROL_X_DEREF control to speed up group member lookups.

The "supportedControls" Attribute is however not really authoritative about whether the specific database backend of the LDAP Server where that deref query ends up does really support that control. E.g. with OpenLDAP you need to explicitly enable deref support per database by adding some configuration (slapo-deref).
Hence it would be really helpful if sssd could, when the LDAP Server returns LDAP_UNAVAILABLE_CRITICAL_EXTENSION for deref query, fallback to a mode that doesn't use the LDAP_CONTROL_X_DEREF control.


I thought we already did that. I agree we should be doing a fallback, Thanks for the bug report!

Fields changed

owner: somebody => jcholast
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta
rhbz: => todo

ralf, can you please check if the attached patch fixes the issue for you?

Replying to [comment:4 jcholast]:

ralf, can you please check if the attached patch fixes the issue for you?
Yes that fixes the problem. Thanks!

Fields changed

selected: => Not need

Moving tickets that are not a priority for SSSD 1.10 into the next release.

milestone: SSSD 1.10 beta => SSSD 1.11 beta

This ticket actually had a patch before it was moved to 1.11. We just reviewed it now.

_comment0: This ticket actually had a patch before it was moved to 1.10. We just reviewed it now.

  • master: 4709ff4 => 1363885703348049
    milestone: SSSD 1.11 beta => SSSD 1.10 beta
    resolution: => fixed
    review: => 0
    status: assigned => closed

No clone needed, RHEL QE doesn't test against eDirectory

rhbz: todo => 0

Metadata Update from @ralf:
- Issue assigned to jcholast
- Issue set to the milestone: SSSD 1.10 beta

2 years ago

Login to comment on this ticket.

Metadata