It would probably be useful to employ OnFailure handler in systemd. See http://northernlightlabs.se/systemd.status.mail.on.unit.failure for an example of its use.

It would probably be useful to employ OnFailure handler in systemd. See http://northernlightlabs.se/systemd.status.mail.on.unit.failure for an example of its use.

@abbra I have no idea what do you suggest here.
Sending messages to journald using OnFailure is a little bit overkill. And sending mails by default as well especially if we would need to create our ouwn unit file for sending mails unit-status-mail@.service

I have not proposed to send messages to journald via this method. Instead, I have proposed to use the OnFailure method to communicate with a user session.

One can use OnFailure helper to send a notification to org.freedesktop.Notifications on a user DBus session. If that fails, it can use other message delivery strategies, including at final a write to a journal.

The point here is to cleanly separate delivery of the warning. Execution of OnFailure method will already be recorded in the journal by the systemd, so we already would have a way to tell to admins to watch it. However, looking up how to reach this particular user can and should be done outside of SSSD itself. That was my point.

Thank you very much for explanation and opinion. But I do not think that proposed solution would here. sssd-secrets should not fail if quota for some user is reached. it would be DOS for other users. sssd-secrets need to run and block just problematic user.

KCM is no longer using sssd-secrets.

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4450

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.