URL:
https://github.com/SSSD/sssd/pull/5881
Title: #5881: SDAP: Do not fail ASQ search when parsing a referenced entry fails
alexey-tikhonov commented:
"""
I'm wondering what would be a good default? If we try to be
secure by default we have to assume that the LDAP permissions are unintentional and SSSD
should fail. But this would break existing setup which use `ldap_deref_threshold = 0` as a
workaround.
Isn't this a good thing users will be made aware about a bug in their setup?
And if configuration is intentional, this will be an easy fix (setting change). We just
need to give a good hint in a log & journal.
The latter would mean that we might want to wait with this change of
behavior until 2.7. @pbrezina , @alexey-tikhonov what do you think?
Nonetheless, I agree this should target 2.7.
@sgoveas , @sidecontrol , do we have any tests that could be easily extended to cover
those cases?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/5881#issuecomment-979140238