Bug 1072458
Summary: | [RFE] SSSD configuration file test tool (sssd_check) | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Mark Heslin 🎸 <mheslin> |
Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | grajaiya, jhrozek, lslebodn, mheslin, mkosek, mupadhye, pbrezina, prd-fedora, sbose, sgoveas |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | 7.1 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sssd-1.14.0-2.el7 | Doc Type: | Enhancement |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 07:10:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1290382 | ||
Bug Blocks: | 1292074, 1296125, 1313485 |
Description
Mark Heslin 🎸
2014-03-04 15:46:55 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/2269 Moving to 7.1 for now as discussed on the SSSD meeting. Hi Jakub, I just wanted to check in and find out what the status is for this - is it still targeted to RHEL 7.1? I've had several customers with munged configuration files recently which reminded me to reach out for an update. Thanks, -m (In reply to Mark Heslin from comment #4) > Hi Jakub, > > I just wanted to check in and find out what the status is for this - is it > still targeted to RHEL 7.1? > > I've had several customers with munged configuration files recently which > reminded me to reach out for an update. > > Thanks, > > -m No it's not, sorry. Currently it's 7.2 at the earliest. It would be helpful if you could link the customer cases to the BZ so we know how many customers request the feature and plan accordingly. master: * e088912418fd4db750f2097dfde8ef9b77303f05 * 199984c7972272f8162a356cda139c22f6f08556 Tested with sssd-1.14.0-27.el7.x86_64 Steps followed during verification: 1) Install the sssd-tools package. 2) Create the sssd.conf. 3) Run sssctl config-check. config-check detects typos in option name (not value), typos in section name and misplaced options. Additionally the config-check also reports when something unexpected happens during configuration merging but does not check which option is missing. ------------------------------------------------------------- sssd.conf without any typos in option name and section name ------------------------------------------------------------- #cat /etc/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = LDAP [domain/LDAP] ldap_search_base = dc=example,dc=com id_provider = ldap auth_provider = ldap ldap_uri = ldaps://server.example.com ldap_tls_cacert = /etc/openldap/certs/cacert.asc debug_level = 10 [root@server ~]# sssctl config-check Issues identified by validators: 0 Messages generated during configuration merging: 0 Used configuration snippet files: 0 ------------------------------------------------- sssd.conf with typos in option name ------------------------------------------------- #cat /etc/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = LDAP [domain/LDAP] search_base = dc=example,dc=com id_provider = ldap auth_provider = ldap ldap_uri = ldaps://server.example.com ldap_tls_cacert = /etc/openldap/certs/cacert.asc debug_level = 10 [root@server ~]# sssctl config-check Issues identified by validators: 1 [rule/allowed_domain_options]: Attribute 'search_base' is not allowed in section 'domain/LDAP'. Check for typos. Messages generated during configuration merging: 0 Used configuration snippet files: 0 ------------------------------------------------ sssd.conf with typos in section name ------------------------------------------------ #cat /etc/sssd/sssd.conf [sssd] services = nss, pam config_file_version = 2 domains = LDAP [domain/LAP] search_base = dc=example,dc=com id_provider = ldap auth_provider = ldap ldap_uri = ldaps://server.example.com ldap_tls_cacert = /etc/openldap/certs/cacert.asc debug_level = 10 [root@server ~]# sssctl config-check (Fri Sep 2 11:40:43:603218 2016) [sssd] [confdb_get_domain_internal] (0x0010): Unknown domain [LDAP] (Fri Sep 2 11:40:43:603339 2016) [sssd] [confdb_get_domains] (0x0010): Error (2 [No such file or directory]) retrieving domain [LDAP], skipping! (Fri Sep 2 11:40:43:603361 2016) [sssd] [confdb_get_domains] (0x0010): No properly configured domains, fatal error! . ------------------------------------------------ sssd.conf with misplaced option ------------------------------------------------ #cat /etc/sssd/sssd.conf [sssd] config_file_version = 2 domains = LDAP [domain/LDAP] services = nss, pam search_base = dc=example,dc=com id_provider = ldap auth_provider = ldap ldap_uri = ldaps://server.example.com ldap_tls_cacert = /etc/openldap/certs/cacert.asc debug_level = 10 [root@server sssd]# sssctl config-check Issues identified by validators: 1 [rule/allowed_domain_options]: Attribute 'services' is not allowed in section 'domain/LDAP'. Check for typos. Messages generated during configuration merging: 0 Used configuration snippet files: 0 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2476.html |