Stephen Gallagher wrote:
On Mon, 2015-03-16 at 10:33 +0100, Michael Ströder wrote:
> BTW: I consider it to be a bug that sssd tries to read the rootDSE
> before binding.
Why do you consider this a bug? The RootDSE contains information to
allow SSSD to learn what mechanisms it's allowed to use when binding.
That's one of its primary purposes.
That said, if we can't reach it, we just guess, connect and then
reread the rootDSE after binding.
Ouch! A client MUST NOT assume that anything security relevant is really true
when reading the rootDSE. The client has to obey its configuration. Period.