| Summary: | No sssctl commands can be run if the configuration has fatal errors | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Steeve Goveas <sgoveas> |
| Component: | sssd | Assignee: | Michal Zidek <mzidek> |
| Status: | CLOSED ERRATA | QA Contact: | Madhuri <mupadhye> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | grajaiya, jhrozek, lslebodn, mkosek, mzidek, pbrezina, sssd-qe |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.15.0-2.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 09:00:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Upstream ticket: https://fedorahosted.org/sssd/ticket/3209 master: * cbee11e912bb391ba254b0bac8c1159c1f634533 sssd-1-14: * ec1829de7cd529c2c68b4bdb9b6d43ac6bb545d3 Tested with:
sssd-1.15.2-37.el7.x86_64
sssd-tools-1.15.2-37.el7.x86_64
Steps followed during verification:
1. Installed sssd and sssd-tools package.
2. Created the sssd configuration file with following multiple mistakes
a. typo: id provider (sid provider)
b. domains: default (removed)
3. Ran # sssctl config-check
# cat /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
domains = LDAP
services = nss, pam
ldap_search_base = dc=example,dc=com
debug_level = 9
sid_provider = ldap
auth_provider = ldap
ldap_user_home_directory = /home/%u
ldap_uri = ldaps://server.example.com:636
ldap_tls_cacert = /etc/openldap/certs/cacert.pem
use_fully_qualified_names = True
[nss]
[pam]
# sssctl config-check
Issues identified by validators: 7
[rule/allowed_sssd_options]: Attribute 'ldap_search_base' is not allowed in section 'sssd'. Check for typos.
[rule/allowed_sssd_options]: Attribute 'sid_provider' is not allowed in section 'sssd'. Check for typos.
[rule/allowed_sssd_options]: Attribute 'auth_provider' is not allowed in section 'sssd'. Check for typos.
[rule/allowed_sssd_options]: Attribute 'ldap_user_home_directory' is not allowed in section 'sssd'. Check for typos.
[rule/allowed_sssd_options]: Attribute 'ldap_uri' is not allowed in section 'sssd'. Check for typos.
[rule/allowed_sssd_options]: Attribute 'ldap_tls_cacert' is not allowed in section 'sssd'. Check for typos.
[rule/allowed_sssd_options]: Attribute 'use_fully_qualified_names' is not allowed in section 'sssd'. Check for typos.
Messages generated during configuration merging: 0
Used configuration snippet files: 0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294 |
Description of problem: This bug found during the sssd test day for rhel 7.3 features. Multiple mistakes in sssd.conf : a. typo: id provider (sid provider) b. domains: default (removed) Error: no domains configured # sssctl config-check (Tue Sep 13 14:59:27:675033 2016) [sssd] [confdb_get_domains] (0x0010): No domains configured, fatal error! Answer (Michal): This is expected in the current version. No sssctl commands can be run (including config-check) if the configuration has fatal errors (errors preventing SSSD from starting). This is suboptimal, especially for command like config-check. Please file a BZ or upstream ticket, so that we enhance this in the future version. Version-Release number of selected component (if applicable): sssd-1.14.0-43.el7.x86_64.rpm