[sssd PR#432][comment] CACHE_REQ: Better debugging for email conflicts
by mzidek-rh
URL: https://github.com/SSSD/sssd/pull/432
Title: #432: CACHE_REQ: Better debugging for email conflicts
mzidek-rh commented:
"""
You are wrong. As I wrote in one of the previous comments:
"Just a note, we do not use SYSDB_USER_EMAIL in getpwnam searches. We lowercase the attribute and store it as namealias, which is then used in the filter."
The stored nameailas (generated by lowercasing the email attribute) is what triggered the issue for the user in the BZ, not the SYSDB_USER_EMAIL itself.
Looking at the code I am not sure if using SYSDB_USER_EMAIL in sysdb_search_user_by_upn_res is even correct (I think the search by EMAIL should be case insensitive), but I am not sure about that and I am not going to change it now, definitely not in this PR, because it is not related.
I think we can add the warning also to the 'by_upn' search where the SYSDB_USER_EMAIL is used, even if it is not needed for the use case in the BZ (the user was doing PAM authentication and the code does not get to the 'by_upn' part). I slightly modified the DEBUG message there. It does not need to be that difficult as the one in the getpwnam case, because this time the problem is most likely just multiple users sharing same email and the conflict with fqdn is not relevant.
So I have two questions.
1. What do you mean if you say, the patch is not fixing the bug? (I tested it and for me it generated the message correctly, I also tested the workaround that I suggest in the man page and it worked for me as well)
2. If you say the message is vague, what wording do you suggest? If you (or someone else) do not suggest anything better, then I guess you also can not come up with anything better and I will keep it as is.
"""
See the full comment at https://github.com/SSSD/sssd/pull/432#issuecomment-341693096
6 years, 6 months
[sssd PR#425][comment] Fix issue #3451
by fidencio
URL: https://github.com/SSSD/sssd/pull/425
Title: #425: Fix issue #3451
fidencio commented:
"""
Sure:
```
diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c
index 1bb151833..a3b1480aa 100644
--- a/src/providers/ldap/ldap_auth.c
+++ b/src/providers/ldap/ldap_auth.c
@@ -674,7 +674,7 @@ fail:
static struct tevent_req *auth_connect_send(struct tevent_req *req)
{
- struct tevent_req *next_req;
+ struct tevent_req *subreq;
struct auth_state *state = tevent_req_data(req,
struct auth_state);
bool use_tls;
@@ -690,19 +690,19 @@ static struct tevent_req *auth_connect_send(struct tevent_req *req)
"for debugging purposes only.");
}
- next_req = sdap_cli_connect_send(state, state->ev, state->ctx->opts,
- state->ctx->be,
- state->sdap_service, false,
- use_tls ? CON_TLS_ON : CON_TLS_OFF, false);
+ subreq = sdap_cli_connect_send(state, state->ev, state->ctx->opts,
+ state->ctx->be,
+ state->sdap_service, false,
+ use_tls ? CON_TLS_ON : CON_TLS_OFF, false);
- if (next_req == NULL) {
+ if (subreq == NULL) {
tevent_req_error(req, ENOMEM);
return NULL;
}
- tevent_req_set_callback(next_req, auth_connect_done, req);
+ tevent_req_set_callback(subreq, auth_connect_done, req);
- return next_req;
+ return subreq;
}
```
Patch has been updated with the follow-up mentioned above squashed to patch.
"""
See the full comment at https://github.com/SSSD/sssd/pull/425#issuecomment-341685353
6 years, 6 months