#1911 pysss_nss_idmap.getnamebysid does not raise exceptions on errors
Closed: Invalid None Opened 9 years ago by mkosek.

When testing FreeIPA 3.2 SID->name conversion feature I found out that SSSD Python binding (function pysss_nss_idmap.getnamebysid) does not raise exceptions when it fails to convert a value:

pysss_nss_idmap.getnamebysid for: ['foo']
result: {}

pysss_nss_idmap.getnamebysid for: ['foo', 'S-1-5-21-3035198329-144811719-1378114514-500']
result: {'S-1-5-21-3035198329-144811719-1378114514-500': {'type': 3, 'name': 'administrator@ad.test'}}

This makes any error very hard to investigate, as the Python function always returns just empty result in case of errors. We need to be able to direct user to the root cause of the problem.

This is what I think that getnamebysid (and similar functions) should do:
1. When SSSD detects an error preventing it to translate any SID (like when subdomains_provider in sssd.conf is not configured), function should raise an Python exception with appropriate type and error message.
2. When just some SIDs cannot be translated (for example because it cannot be found in AD domain or its invalid like "foo")), pysss_nss_idmap.getnamebysid should return both successful and unsuccessful translations (with an error message). Something like:

pysss_nss_idmap.getnamebysid for: ['foo', 'S-1-5-21-3035198329-144811719-1378114514-500']
result: {'S-1-5-21-3035198329-144811719-1378114514-500': {'type': 3, 'name': 'administrator@ad.test'}, 'foo': {'type': -1, 'error': u'Invalid SID'}}

FreeIPA will then be able to process this information and give user the real reason why translation does not work as it's supposed to.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10.0
rhbz: => 0

Fields changed

milestone: SSSD 1.10.0 => SSSD 1.10.1

Fields changed

changelog: =>
owner: somebody => mzidek

Moving tickets that didn't make 1.10.1 to the 1.10.2 bucket.

Moving tickets that didn't make 1.10.1 to 1.10.2

milestone: SSSD 1.10.1 => SSSD 1.10.2

Fields changed

milestone: SSSD 1.10.2 => SSSD 1.12 beta

Please file a ticket for FreeIPA when this work is done so that it can implement the new interface.

Fields changed

milestone: SSSD 1.12 beta => SSSD 1.12.1

Fields changed

review: 0 => 1

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

Fields changed

mark: => 0
milestone: SSSD 1.12.3 => SSSD 1.12.4

We can move this ticket to deferred. It is small change in behaviour but would probably require major refactoring of sss_nss and it's python bindings design. It has low priority and keeps slipping to later milestones. It is a "nice to have" feature so I will look at it later when there is more time.

OK, no refactoring of the Python modules, please. Given the IPA developers were not too unhappy about the current state, I agree with moving out.

milestone: SSSD 1.12.4 => SSSD Deferred

IMO the pysss interface could be removed or at least compiled out

sensitive: => 0

Not needed, therefore closing.

resolution: => wontfix
status: new => closed

Metadata Update from @mkosek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD Patches welcome

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2953

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata