sssd-devel January 2014

sssd-devel@lists.fedorahosted.org

22 participants
74 discussions

[PATCH] LDAP: Don't abort request if no id mapping domain matches

by Jakub Hrozek

Hi, During further testing, Kaushik found out that requesting an ID that doesn't match any configured ID mapping domain still emits strange error messages: (Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]] [ad_account_info_complete] (0x0010): Bug: dp_error is OK on failed request(Wed Jan 22 11:35:58 2014) [sssd[be[sssdad2012.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 3,5,Internal Error (Memory buffer error) This is related to https://fedorahosted.org/sssd/ticket/2200 I noticed that we treat any error from ID mapping functions as equally fatal, including NO_DOMAIN. The attached patch treats NO_DOMAIN as if search went through but found nothing. I have two questions I wasn't sure about: * Is it OK to keep calling the label in users_get_send() and groups_get_send() fail even if we use this label for "soft failure"? I simply didn't want to make the patch bigger by renaming the label * sss_idmap_unix_to_sid() is also called in ad_account_can_shortcut() where I didn't change anything, but in retrospective, I think it would be nicer if ad_account_can_shortcut() simply returned a boolean. If noone opposes, I'll prepare a patch for master only (or ask someone to do that :-))

10 years, 3 months

2
6
0 / 0

sssd_be should hint about increasing the krb5_auth_timeout

by Pavel Reichl

Hello, please see attached patch. PR

10 years, 3 months

3
3
0 / 0

sssd and rpc

by Yassir Elley

It seems that the only network protocols used by SSSD are LDAP, KRB5, and DNS. On the other hand, Samba makes RPC calls all over the place (for authentication, etc). * Does sssd make any RPC calls (e.g. when interacting with a Domain Controller)? * Does Microsoft require clients to use RPC calls to access certain DC functionality? * If not, why does Samba use RPC calls rather than LDAP/KRB5? Regards, Yassir.

10 years, 3 months