Learn more about these different git repos.
Other Git URLs
Setting up a minimal config for an application domain inheriting from a posix domain as described in the manpage of sssd.conf leads to the appdomain not being read appropriately:
sssd.conf
[sssd] config_file_version = 2 services = nss, pam, ssh, sudo, ifp domains = domtest, apptest [nss] [domain/domtest] id_provider = ldap ldap_uri = ldap://ldap.example.com ldap_search_base = dc=example,dc=com [application/apptest] inherit_from = domtest
# record 1 dn: cn=sssd,cn=config cn: sssd config_file_version: 2 domains: domtest, apptest services: nss, pam, ssh, sudo, ifp distinguishedName: cn=sssd,cn=config # record 2 dn: cn=config version: 2 lastUpdate: 1520365646 distinguishedName: cn=config # record 3 dn: cn=nss,cn=config cn: nss distinguishedName: cn=nss,cn=config # record 4 dn: cn=domtest,cn=domain,cn=config cn: domtest id_provider: ldap ldap_search_base: dc=example,dc=com ldap_uri: ldap://ldap.example.com distinguishedName: cn=domtest,cn=domain,cn=config # record 5 dn: cn=apptest,cn=application,cn=config cn: apptest inherit_from: domtest distinguishedName: cn=apptest,cn=application,cn=config # returned 5 records # 5 entries # 0 referrals
root@lb-test /etc/sssd (git)-[master] # sssctl domain-list -v (Tue Mar 6 20:50:02:884067 2018) [sssd] [confdb_get_domain_internal] (0x0010): Unknown domain [apptest] (Tue Mar 6 20:50:02:884106 2018) [sssd] [confdb_get_domains] (0x0010): Error (2 [No such file or directory]) retrieving domain [apptest], skipping! Primary domain: domtest Primary domain: apptest
Setting debug_level=9 lead to the attached logfile. <img alt="sssd.unsanitized.log" src="/SSSD/sssd/issue/raw/2af6f0dc265eb4c0a22089addaaf108b78d3cbe3979c62365b3bc88a87770428-sssd.unsanitized.log" />
debug_level=9
Metadata Update from @fidencio: - Issue assigned to fidencio
@lukasjuhrich, thanks for the report.
We've been discussing this issue on #sssd IRC channel and basically what happens is that from sssctl the confdb does seem to the support application domains.
While it looks like a simple "confdb_expand_app_domains()" call in sss_tool_domains_init() should solve the problem ... it doesn't seem to be the right path to take as I'm seeing some errors on ldb_wait() when calling confdb_merge_parent_domain().
@jhrozek, do you think that modifying the confdb_get_domains() to also iterate over the app domains would be a valid approach? Or do you know what I may be doing wrong that causes an error with the first approach?
PR: https://github.com/SSSD/sssd/pull/537
Metadata Update from @fidencio: - Custom field patch adjusted to on
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.2
Metadata Update from @jhrozek: - Issue tagged with: PR, bug
Fixed as a part of: 14b485b 885da2c a73d70f f405a4a e5c74ab
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4678
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.