#4149 SSSDConfig::save_domain() weird behavior
Closed: Fixed a year ago by pbrezina. Opened a year ago by fcami.

When removing two options:
https://github.com/freeipa/freeipa/blob/7862e9bec5133b7416b649a84e2ef5b3d906f2ea/ipaclient/install/ipa_client_automount.py#L356
only one of them gets removed.

We need to call save_domain() twice as shown in this patch:
https://bugzilla.redhat.com/show_bug.cgi?id=1790886#c4

Is this expected (e.g. should we change the way we are using the save_domain() method) or is it a bug?


I'm not able to reproduce the problem. I have a simple ipa.conf file to test:

[sssd]
services = nss, pam, sudo, ssh, autofs
domains = EXAMPLE.COM

[domain/EXAMPLE.COM]
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_hostname = fqdn.for.machine
sudo_provider = ipa
subdomains_provider = ipa
session_provider = ipa
ipa_automount_location = default
hostid_provider = ipa
autofs_provider = ipa
[autofs]

and the Python code shown below removes both option and provider with just one save:

import SSSDConfig
config = SSSDConfig.SSSDConfig()
config.import_config('/home/fedora/ipa.conf')

domain = None 
domain = config.get_domain('EXAMPLE.COM')
domain.remove_option('ipa_automount_location')
domain.remove_provider('autofs')
config.save_domain(domain)
config.write('/home/fedora/ipa_test.conf')

Can you put "ipa_automount_location = default" after "autofs_provider = ipa" and try again? IIRC the ipa_automount_location was the last entry in [domain/EXAMPLE.COM] in my reproducer.

@fcami I did that and nothing has changed. The code still works.

Can you try with the following as input file:

[domain/laptop.example.org]

id_provider = ipa
ipa_server = _srv_, ipa0.laptop.example.org
ipa_domain = laptop.example.org
ipa_hostname = ipa8.laptop.example.org
auth_provider = ipa
chpass_provider = ipa
access_provider = ipa
cache_credentials = True
ldap_tls_cacert = /etc/ipa/ca.crt
krb5_store_password_if_offline = True
sudo_provider = ipa
subdomains_provider = ipa
session_provider = ipa
hostid_provider = ipa
autofs_provider = ipa
ipa_automount_location = default
[sssd]
services = nss, pam, ssh, sudo, autofs

domains = laptop.example.org
[nss]
homedir_substring = /home

[pam]

[sudo]

[autofs]

[ssh]

[pac]

[ifp]

[secrets]

[session_recording]

The only diff I get running your snippet is:

--- /etc/sssd/sssd.conf 2020-01-31 13:48:52.399802297 +0100
+++ sssd.conf   2020-01-31 13:50:40.266796482 +0100
@@ -17 +16,0 @@
-autofs_provider = ipa

which means ipa_automount_location does not get removed.

@fcami thanks. I was able to reproduce a problem with that configuration file. Let me take a look at what is going on here...

@fcami I have a fix for you. PR https://github.com/SSSD/sssd/pull/981.

When you will have that fix, you should not use "domain.remove_option('ipa_automount_location')", only "domain.remove_provider('autofs')". If you take a look at sssd/src/config/etc/sssd.api.d/sssd-ipa.conf, you will see that ipa_automount_location option is part of provider/ipa/autofs schema. So all options listed there will be deleted once you call "domain.remove_provider('autofs')".

Everything works just fine on my server with that fix.

  • master

Metadata Update from @pbrezina:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5107

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata