#8044 Extdom plugin should not return LDAP_NO_SUCH_OBJECT if there are timeout or other errors
Closed: fixed 4 years ago by abbra. Opened 4 years ago by sbose.

If there is a timeout during a request to SSSD the extdom plugin might return LDAP_NO_SUCH_OBJECT because in some code paths this is the default error code.

If SSSD on the client receives LDAP_NO_SUCH_OBJECT is will remove the related object (if any) from the local cache. If due to a timeout on the server LDAP_NO_SUCH_OBJECT is received and the existing user is removed from the cache this might cause authentication failures or other unexpected behavior on the client.

See https://bugzilla.redhat.com/show_bug.cgi?id=1717008 for additional details.


Metadata Update from @sbose:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1717008

4 years ago

Metadata Update from @abbra:
- Issue set to the milestone: FreeIPA 4.6.7

4 years ago

master:

  • 9fe984f extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
  • c78cb94 ipa-extdom-extop: test timed out getgrgid_r

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

ipa-4-8:

  • 3bb7254 extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
  • 0ead6f5 ipa-extdom-extop: test timed out getgrgid_r

ipa-4-6:

  • 574a615 extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
  • 387ed98 ipa-extdom-extop: test timed out getgrgid_r

ipa-4-7:

  • a0a16df extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
  • f87ee14 ipa-extdom-extop: test timed out getgrgid_r

master:

  • e5e0693 Extdom plugin should not return error (32)/'No such object'

ipa-4-8:

  • 1b1e719 Extdom plugin should not return error (32)/'No such object'

ipa-4-7:

  • 83e3f5d Extdom plugin should not return error (32)/'No such object'

ipa-4-6:

  • 17536af Extdom plugin should not return error (32)/'No such object'

Login to comment on this ticket.

Metadata