[PATCH] LDAP: Don't abort request if no id mapping domain matches
by Jakub Hrozek
Hi,
During further testing, Kaushik found out that requesting an ID that
doesn't match any configured ID mapping domain still emits strange error
messages:
(Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]]
[ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed
request(Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]]
[acctinfo_callback] (0x0100): Request processed. Returned 3,5,Internal
Error (Memory buffer error)
This is related to https://fedorahosted.org/sssd/ticket/2200
I noticed that we treat any error from ID mapping functions as equally
fatal, including NO_DOMAIN. The attached patch treats NO_DOMAIN as if
search went through but found nothing.
I have two questions I wasn't sure about:
* Is it OK to keep calling the label in users_get_send() and
groups_get_send() fail even if we use this label for "soft failure"?
I simply didn't want to make the patch bigger by renaming the label
* sss_idmap_unix_to_sid() is also called in ad_account_can_shortcut()
where I didn't change anything, but in retrospective, I think it would
be nicer if ad_account_can_shortcut() simply returned a boolean. If
noone opposes, I'll prepare a patch for master only (or ask someone to
do that :-))
10 years, 3 months
sssd and rpc
by Yassir Elley
It seems that the only network protocols used by SSSD are LDAP, KRB5, and DNS. On the other hand, Samba makes RPC calls all over the place (for authentication, etc).
* Does sssd make any RPC calls (e.g. when interacting with a Domain Controller)?
* Does Microsoft require clients to use RPC calls to access certain DC functionality?
* If not, why does Samba use RPC calls rather than LDAP/KRB5?
Regards,
Yassir.
10 years, 3 months