URL:
https://github.com/SSSD/sssd/pull/432
Title: #432: CACHE_REQ: Better debugging for email conflicts
mzidek-rh commented:
"""
You are wrong. As I wrote in one of the previous comments:
"Just a note, we do not use SYSDB_USER_EMAIL in getpwnam searches. We lowercase the
attribute and store it as namealias, which is then used in the filter."
The stored nameailas (generated by lowercasing the email attribute) is what triggered the
issue for the user in the BZ, not the SYSDB_USER_EMAIL itself.
Looking at the code I am not sure if using SYSDB_USER_EMAIL in
sysdb_search_user_by_upn_res is even correct (I think the search by EMAIL should be case
insensitive), but I am not sure about that and I am not going to change it now, definitely
not in this PR, because it is not related.
I think we can add the warning also to the 'by_upn' search where the
SYSDB_USER_EMAIL is used, even if it is not needed for the use case in the BZ (the user
was doing PAM authentication and the code does not get to the 'by_upn' part). I
slightly modified the DEBUG message there. It does not need to be that difficult as the
one in the getpwnam case, because this time the problem is most likely just multiple users
sharing same email and the conflict with fqdn is not relevant.
So I have two questions.
1. What do you mean if you say, the patch is not fixing the bug? (I tested it and for me
it generated the message correctly, I also tested the workaround that I suggest in the man
page and it worked for me as well)
2. If you say the message is vague, what wording do you suggest? If you (or someone else)
do not suggest anything better, then I guess you also can not come up with anything better
and I will keep it as is.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/432#issuecomment-341693096