Learn more about these different git repos.
Other Git URLs
Using SSSD configuration snippets in conf.d is currently only possible when sssd.conf exists (even empty sssd.conf is OK).
This is not desired limitation, because in upstream we already support scenario with no sssd.conf and the snippets should be working in that case as well.
I think this is absolutely a great goal for Fedora, but I'm not sure if we can make it for F-27.
@mzidek can you asses how much work this would be? So far, I'm putting the ticket into the backlog, but in downstream it's something we really need in the next release.
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.15 backlog
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1466503
Issue linked to Bugzilla: Bug 1466503
This should not be much work.
We can do the following.
Create an internal empty config (that will be read from buffer, not a file). If needed the config can contain the implicit files domain.
Then we can check for the sssd.conf and treat it the same way as snippets from conf.d . If the file exists, we merge it with the "defaukt" config, if ssd.conf does not exist, we just continue with the snippets from conf.d normally.
Metadata Update from @jhrozek: - Issue priority set to: minor - Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15 backlog)
Since we are required to release a new upstream tarball no later than Friday Oct-20, I'm moving tickets that will not be closed by that date to the next milestone, 1.16.1
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.16.0)
Metadata Update from @jhrozek: - Issue tagged with: postpone-to-2-0
Metadata Update from @jhrozek: - Issue untagged with: postpone-to-2-0 - Issue set to the milestone: SSSD 2.0 (was: SSSD 1.16.1)
Metadata Update from @jhrozek: - Issue priority set to: critical (was: minor)
So I discussed this ticket with @mzidek and here's what he proposed: on no config file, instead of writing the default configuration directly to confdb, create an in-memory default INI config file using ini_config_file_from_mem.
ini_config_file_from_mem
This sounds like a relatively easy thing to do..
Alternatively, we could even default in sssd's file provider to also watching the altfiles, but making it possible to use the snippets sounds like a more generic approach.
We should also provide a way how to add domain from snippet to enabled domains. Since if you create a snippet with a configured domain and there is no sssd.conf, domains= must be set inside the snippet.
Ideally, libini should support += operator. But on sssd side, we can create "enabled" option under [domain/*] section.
@mzidek -- don't we track what @pbrezina was proposing in another ticket?
@jhrozek I thought we have a ticket for it, but I could not find it. Maybe we just talked about it and the ticket was not created?
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)
The merging of snippets was implemeted in: * b66f8dc * 8a3517c
@mzidek I'll leave it up to you whether you want to use this ticket to track the domain-enabled work or if you want to use another ticket. I'd personally prefer another ticket, but do as you prefer.
@jhrozek I will close this ticket.
Metadata Update from @mzidek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4466
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.