Bug 1754624

Summary: [RFE] automatically use all defined domains
Product: [Fedora] Fedora Reporter: Pat Riehecky <riehecky>
Component: sssdAssignee: sssd-maintainers <sssd-maintainers>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: rawhideCC: abokovoy, jhrozek, lslebodn, mzidek, pbrezina, rharwood, sbose, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-08 11:33:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pat Riehecky 2019-09-23 18:17:37 UTC 
Description of problem:
Right now if SSSD has no domains defined in [sssd], it does not start.  I'd like to request this behavior change slightly.

If there are no domains defined in [sssd], then sssd looks for all defined '[domain/*]' domains and loads them alphabetically.  If there are still no domains loaded then error out and don't start.

Folks with required order or who wish to exclude some domains they've defined will still retain their existing behavior, but this common error is avoided and need to edit sssd.conf is removed.

Version-Release number of selected component (if applicable):
sssd-2.2.2-1.fc31.x86_64

How reproducible:
100%

Steps to Reproduce:
1. No way to automatically import domains without editing sssd.conf
2.
3.

Actual results:
Must add domain [sssd] \n domains

Expected results:
Able to let SSSD import all defined domains if none were requested via sssd.conf


Additional info:
Comment 1 Lukas Slebodnik 2019-09-23 20:39:52 UTC 
sssd has always at least one domain on fedora: `implicit_files`. So it would never fail.

It is not required to modify sssd.conf. You can can put snippet files into directory /etc/sssd/conf.d/

Sure you still need to "modify" the option domains in section `[sssd]` but the last match wins.

e.g.

[sssd]
services = nss, sudo, pam, autofs, ssh
services = nss, sudo, pam, autofs, ssh, ifp
services = nss, pam, ssh
debug_level = 0xBFF0

domains = default
domains = default, example.com
domains = idm.lab.example.com
domains = ldapkrb5
domains = BZ1062232
domains = refLDAP
domains = ldap-rfc2307
domains = example.com, LOCAL

The following services `nss, pam, ssh` and domains `example.com, LOCAL` will be used.

You can generate 10 snippet files for 10 domains and then 11th snippet which override
the option domains in the `[sssd]` section. It is not ideal but reasonable workaround
which will work even in el7


IIRC there was a plan to add boolean option to the domain section `enabled` ut you would need to check upstream issues.
https://pagure.io/SSSD/sssd/issues
Comment 2 Fedora Admin user for bugzilla script actions 2020-06-18 14:59:12 UTC 
This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.
Comment 3 Pavel Březina 2020-07-08 11:33:38 UTC 
There is a PR for the 'enabled' option Lukas mentioned: https://github.com/SSSD/sssd/pull/5213

I'm going to close this RFE BZ. Once the PR is merged and released in Fedora, you'll be enable to just drop in domain to /etc/sssd/sssd.conf and enable them via this attribute.

If you want to track the status of the PR in this BZ, feel free to reopen it and change the description to reflect it.