#3439 Snippets are not used when sssd.conf does not exist
Closed: Fixed 5 months ago by mzidek. Opened 2 years ago by mzidek.

Using SSSD configuration snippets in conf.d is currently only possible when sssd.conf exists (even empty sssd.conf is OK).

This is not desired limitation, because in upstream we already support scenario with no sssd.conf and the snippets should be working in that case as well.


I think this is absolutely a great goal for Fedora, but I'm not sure if we can make it for F-27.

@mzidek can you asses how much work this would be? So far, I'm putting the ticket into the backlog, but in downstream it's something we really need in the next release.

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.15 backlog

2 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1466503

2 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1466503

2 years ago

This should not be much work.

We can do the following.

Create an internal empty config (that will be read from buffer, not a file). If needed the config can contain the implicit files domain.

Then we can check for the sssd.conf and treat it the same way as snippets from conf.d . If the file exists, we merge it with the "defaukt" config, if ssd.conf does not exist, we just continue with the snippets from conf.d normally.

Metadata Update from @jhrozek:
- Issue priority set to: minor
- Issue set to the milestone: SSSD 1.16.0 (was: SSSD 1.15 backlog)

2 years ago

Since we are required to release a new upstream tarball no later than Friday Oct-20, I'm moving tickets that will not be closed by that date to the next milestone, 1.16.1

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.16.0)

2 years ago

Metadata Update from @jhrozek:
- Issue tagged with: postpone-to-2-0

a year ago

Metadata Update from @jhrozek:
- Issue untagged with: postpone-to-2-0
- Issue set to the milestone: SSSD 2.0 (was: SSSD 1.16.1)

a year ago

Metadata Update from @jhrozek:
- Issue priority set to: critical (was: minor)

a year ago

So I discussed this ticket with @mzidek and here's what he proposed: on no config file, instead of writing the default configuration directly to confdb, create an in-memory default INI config file using ini_config_file_from_mem.

This sounds like a relatively easy thing to do..

Alternatively, we could even default in sssd's file provider to also watching the altfiles, but making it possible to use the snippets sounds like a more generic approach.

We should also provide a way how to add domain from snippet to enabled domains. Since if you create a snippet with a configured domain and there is no sssd.conf, domains= must be set inside the snippet.

Ideally, libini should support += operator. But on sssd side, we can create "enabled" option under [domain/*] section.

We should also provide a way how to add domain from snippet to enabled domains. Since if you create a snippet with a configured domain and there is no sssd.conf, domains= must be set inside the snippet.

Ideally, libini should support += operator. But on sssd side, we can create "enabled" option under [domain/*] section.

@mzidek -- don't we track what @pbrezina was proposing in another ticket?

@jhrozek I thought we have a ticket for it, but I could not find it. Maybe we just talked about it and the ticket was not created?

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

10 months ago

The merging of snippets was implemeted in:
* b66f8dc
* 8a3517c

@mzidek I'll leave it up to you whether you want to use this ticket to track the domain-enabled work or if you want to use another ticket. I'd personally prefer another ticket, but do as you prefer.

Metadata Update from @mzidek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

5 months ago

Login to comment on this ticket.

Metadata