#4161 sssctl config-check reports errors when auto_private_groups is disabled/enabled in child domains
Closed: Fixed 10 months ago by pbrezina. Opened 10 months ago by ipedrosa.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1791892

Description of problem:
when auto private groups are enabled/disabled specifically for a child domain
in sssd.conf . sssctl config-check gives message that auto_private_groups is
not allowed in child domain section.

Version-Release number of selected component (if applicable):

How reproducible:
Have a Root domain (td5f4f77.com) and 2 child domains (one5f4f77.td5f4f77.com,

Enable auto_private_groups in child domains specifically in sssd.conf as given

domains = td5f4f77.com
config_file_version = 2
services = nss, pam, ifp

auto_private_groups = True

auto_private_groups = True

debug_level = 9

ad_domain = td5f4f77.com
krb5_realm = TD5F4F77.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
auto_private_groups = False

debug_level = 9

Restart sssd and run sssctl config-check
Actual results:

[root@vm-10-0-154-28 db]# sssctl config-check
Issues identified by validators: 2
[rule/allowed_subdomain_options]: Attribute 'auto_private_groups' is not
allowed in section 'domain/td5f4f77.com/two5f4f77.td5f4f77.com'. Check for
[rule/allowed_subdomain_options]: Attribute 'auto_private_groups' is not
allowed in section 'domain/td5f4f77.com/one5f4f77.td5f4f77.com'. Check for

Messages generated during configuration merging: 0

Used configuration snippet files: 0

Expected results:

auto_private_groups is a valid parameter in child domain section and hence
sssctl should not report any errors.

Additional info:

  • master
    • 746d4ff - config: allowed auto_private_groups in child domains

Metadata Update from @pbrezina:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

10 months ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5116

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.