URL: https://github.com/SSSD/sssd/pull/5881 Title: #5881: SDAP: Do not fail ASQ search when parsing a referenced entry fails
sumit-bose commented: """ Hi, thanks, so the behavior is insistent, depending on the value of `ldap_deref_threshold`. I guess the reason is https://github.com/SSSD/sssd/blob/master/src/providers/ldap/sdap_async_nested_groups.c#L1576 in the branch which is taken if `ldap_deref_threshold = 0`. So the new option should be evaluated here as well to make the behavior consistent. I'm wondering what would be a good default? If we try to be secure by default we have to assume that the LDAP permissions are unintentional and SSSD should fail. But this would break existing setup which use `ldap_deref_threshold = 0` as a workaround. The latter would mean that we might want to wait with this change of behavior until 2.7. @pbrezina , @alexey-tikhonov what do you think? bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5881#issuecomment-975573308
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
