Hide Forgot
Description of problem: This bug found during the sssd test day for rhel 7.3 features. Multiple mistakes in sssd.conf : a. typo: id provider (sid provider) b. domains: default (removed) Error: no domains configured # sssctl config-check (Tue Sep 13 14:59:27:675033 2016) [sssd] [confdb_get_domains] (0x0010): No domains configured, fatal error! Answer (Michal): This is expected in the current version. No sssctl commands can be run (including config-check) if the configuration has fatal errors (errors preventing SSSD from starting). This is suboptimal, especially for command like config-check. Please file a BZ or upstream ticket, so that we enhance this in the future version. Version-Release number of selected component (if applicable): sssd-1.14.0-43.el7.x86_64.rpm
Upstream ticket: https://fedorahosted.org/sssd/ticket/3209
master: * cbee11e912bb391ba254b0bac8c1159c1f634533 sssd-1-14: * ec1829de7cd529c2c68b4bdb9b6d43ac6bb545d3
Tested with: sssd-1.15.2-37.el7.x86_64 sssd-tools-1.15.2-37.el7.x86_64 Steps followed during verification: 1. Installed sssd and sssd-tools package. 2. Created the sssd configuration file with following multiple mistakes a. typo: id provider (sid provider) b. domains: default (removed) 3. Ran # sssctl config-check # cat /etc/sssd/sssd.conf [sssd] config_file_version = 2 domains = LDAP services = nss, pam ldap_search_base = dc=example,dc=com debug_level = 9 sid_provider = ldap auth_provider = ldap ldap_user_home_directory = /home/%u ldap_uri = ldaps://server.example.com:636 ldap_tls_cacert = /etc/openldap/certs/cacert.pem use_fully_qualified_names = True [nss] [pam] # sssctl config-check Issues identified by validators: 7 [rule/allowed_sssd_options]: Attribute 'ldap_search_base' is not allowed in section 'sssd'. Check for typos. [rule/allowed_sssd_options]: Attribute 'sid_provider' is not allowed in section 'sssd'. Check for typos. [rule/allowed_sssd_options]: Attribute 'auth_provider' is not allowed in section 'sssd'. Check for typos. [rule/allowed_sssd_options]: Attribute 'ldap_user_home_directory' is not allowed in section 'sssd'. Check for typos. [rule/allowed_sssd_options]: Attribute 'ldap_uri' is not allowed in section 'sssd'. Check for typos. [rule/allowed_sssd_options]: Attribute 'ldap_tls_cacert' is not allowed in section 'sssd'. Check for typos. [rule/allowed_sssd_options]: Attribute 'use_fully_qualified_names' is not allowed in section 'sssd'. Check for typos. Messages generated during configuration merging: 0 Used configuration snippet files: 0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294