#2164 "System Error" when invalid ad_access_filter is used
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1033133

Description of problem:
"System Error" when invalid ad_access_filter is used

Version-Release number of selected component (if applicable):
sssd-1.11.2-1.el7

How reproducible:
Always

Steps to Reproduce:
1. Add an invalid search filter like "ad_access_filter = group1_dom1" in
sssd.conf

2. Try to login as a user.

Actual results:
Login fails, but system error appears in logs:

(Thu Nov 21 17:15:07 2013)
[sssd[be[sssdad.com]]][sdap_access_filter_get_access_done] (0x0020):
sdap_get_generic_send() returned error [5][Input/output error]
(Thu Nov 21 17:15:07 2013) [sssd[be[sssdad.com]]]
[sdap_access_filter_done] (0x0020): Error retrieving access check
result.
(Thu Nov 21 17:15:07 2013) [sssd[be[sssdad.com]]] [ad_access_done]
(0x0040): Error retrieving access check result: Input/output error
(Thu Nov 21 17:15:07 2013) [sssd[be[sssdad.com]]]
[be_pam_handler_callback] (0x0100): Backend returned: (3, 4,
Input/output error) [Internal Error (System error)]

Expected results:
Instead of "System Error" print a nicer error message to syslog.

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.11.3
review: True => 0
selected: =>
testsupdated: => 0

Moving tickets that didn't make 1.11.3 to 1.11.4

milestone: SSSD 1.11.3 => SSSD 1.11.4

Fields changed

owner: somebody => jhrozek
patch: 0 => 1

resolution: => fixed
status: new => closed

Fields changed

changelog: => Just a bugfix, see the title and description

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.11.4

2 years ago

Login to comment on this ticket.

Metadata