Issue #4161: sssctl config-check reports errors when auto_private_groups is disabled/enabled in child domains - sssd

SSSD / sssd

#4161 sssctl config-check reports errors when auto_private_groups is disabled/enabled in child domains

Closed: Fixed 4 years ago by pbrezina. Opened 4 years ago by ipedrosa.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1791892

Description of problem:
when auto private groups are enabled/disabled specifically for a child domain
in sssd.conf . sssctl config-check gives message that auto_private_groups is
not allowed in child domain section.

Version-Release number of selected component (if applicable):
sssd-2.2.3-11.el8.x86_64

How reproducible:
Have a Root domain (td5f4f77.com) and 2 child domains (one5f4f77.td5f4f77.com,
two5f4f77.td5f4f77.com)

Enable auto_private_groups in child domains specifically in sssd.conf as given
below:

[sssd]
domains = td5f4f77.com
config_file_version = 2
services = nss, pam, ifp

[domain/td5f4f77.com/two5f4f77.td5f4f77.com]
auto_private_groups = True

[domain/td5f4f77.com/one5f4f77.td5f4f77.com]
auto_private_groups = True

[pam]
debug_level = 9

[domain/td5f4f77.com]
ad_domain = td5f4f77.com
krb5_realm = TD5F4F77.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
auto_private_groups = False


[nss]
debug_level = 9


Restart sssd and run sssctl config-check
Actual results:

[root@vm-10-0-154-28 db]# sssctl config-check
Issues identified by validators: 2
[rule/allowed_subdomain_options]: Attribute 'auto_private_groups' is not
allowed in section 'domain/td5f4f77.com/two5f4f77.td5f4f77.com'. Check for
typos.
[rule/allowed_subdomain_options]: Attribute 'auto_private_groups' is not
allowed in section 'domain/td5f4f77.com/one5f4f77.td5f4f77.com'. Check for
typos.

Messages generated during configuration merging: 0

Used configuration snippet files: 0


Expected results:

auto_private_groups is a valid parameter in child domain section and hence
sssctl should not report any errors.

Additional info:

pbrezina commented 4 years ago

master
- 746d4ff - config: allowed auto_private_groups in child domains

Metadata Update from @pbrezina:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5116

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

type

None

component

None

version

None

selected

None

testsupdated

None

patch

None

rhbz

None

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#4161 sssctl config-check reports errors when auto_private_groups is disabled/enabled in child domains Closed: Fixed 4 years ago by pbrezina. Opened 4 years ago by ipedrosa.

Metadata

#4161 sssctl config-check reports errors when auto_private_groups is disabled/enabled in child domains

Closed: Fixed 4 years ago by pbrezina. Opened 4 years ago by ipedrosa.