On Mon, 2015-03-16 at 21:06 +0100, Michael Ströder wrote:
Stephen Gallagher wrote:
> On Mon, 2015-03-16 at 10:33 +0100, Michael Ströder wrote:
>> BTW: I consider it to be a bug that sssd tries to read the rootDSE
>> before binding.
> Why do you consider this a bug? The RootDSE contains information to
> allow SSSD to learn what mechanisms it's allowed to use when binding.
> That's one of its primary purposes.
> That said, if we can't reach it, we just guess, connect and then
> reread the rootDSE after binding.
Ouch! A client MUST NOT assume that anything security relevant is really true
when reading the rootDSE. The client has to obey its configuration. Period.
Can you explain what is your worry here ?
Simo Sorce * Red Hat, Inc * New York