If there is a timeout during a request to SSSD the extdom plugin might return LDAP_NO_SUCH_OBJECT because in some code paths this is the default error code.
If SSSD on the client receives LDAP_NO_SUCH_OBJECT is will remove the related object (if any) from the local cache. If due to a timeout on the server LDAP_NO_SUCH_OBJECT is received and the existing user is removed from the cache this might cause authentication failures or other unexpected behavior on the client.
See https://bugzilla.redhat.com/show_bug.cgi?id=1717008 for additional details.
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1717008
Metadata Update from @abbra: - Issue set to the milestone: FreeIPA 4.6.7
master:
Metadata Update from @abbra: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-8:
ipa-4-6:
ipa-4-7:
Login to comment on this ticket.