https://fedorahosted.org/sssd/ticket/1440
Looks like some LDAP servers are able to store empty attribute values. For some servers it results in syntax error, so it is probably a rare case (if not an error) to have such values. LDB seems to be unable to handle such values too, so in this patch we skip empty values and do not store them to local cache.
Patch is attached.
Thanks Michal
On Thu, Sep 20, 2012 at 02:27:03PM +0200, Michal Židek wrote:
https://fedorahosted.org/sssd/ticket/1440
Looks like some LDAP servers are able to store empty attribute values. For some servers it results in syntax error, so it is probably a rare case (if not an error) to have such values. LDB seems to be unable to handle such values too, so in this patch we skip empty values and do not store them to local cache.
Patch is attached.
Thanks Michal
I double checked this scenario with Rich.
Technically an "empty" value could have been legal for cases where the string was an octet string with a single zero byte. Treating such attribute as if it was missing is probably the right thing to do. For the objects we care about, this value is possible only with old server that don't do syntaxt validation.
Ack!
On Thu, Sep 20, 2012 at 08:28:25PM +0200, Jakub Hrozek wrote:
On Thu, Sep 20, 2012 at 02:27:03PM +0200, Michal Židek wrote:
https://fedorahosted.org/sssd/ticket/1440
Looks like some LDAP servers are able to store empty attribute values. For some servers it results in syntax error, so it is probably a rare case (if not an error) to have such values. LDB seems to be unable to handle such values too, so in this patch we skip empty values and do not store them to local cache.
Patch is attached.
Thanks Michal
I double checked this scenario with Rich.
Technically an "empty" value could have been legal for cases where the string was an octet string with a single zero byte. Treating such attribute as if it was missing is probably the right thing to do. For the objects we care about, this value is possible only with old server that don't do syntaxt validation.
Ack!
Pushed to master.
On Fri, Sep 21, 2012 at 11:38:55AM +0200, Jakub Hrozek wrote:
On Thu, Sep 20, 2012 at 08:28:25PM +0200, Jakub Hrozek wrote:
On Thu, Sep 20, 2012 at 02:27:03PM +0200, Michal Židek wrote:
https://fedorahosted.org/sssd/ticket/1440
Looks like some LDAP servers are able to store empty attribute values. For some servers it results in syntax error, so it is probably a rare case (if not an error) to have such values. LDB seems to be unable to handle such values too, so in this patch we skip empty values and do not store them to local cache.
Patch is attached.
Thanks Michal
I double checked this scenario with Rich.
Technically an "empty" value could have been legal for cases where the string was an octet string with a single zero byte. Treating such attribute as if it was missing is probably the right thing to do. For the objects we care about, this value is possible only with old server that don't do syntaxt validation.
Ack!
Pushed to master.
The commit was pushed to sssd-1-9 at the same time it was pushed to master. I also pushed it to sssd-1-8 now as we just had a user hitting the problem on #sssd apparently.
sssd-devel@lists.fedorahosted.org