Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1490501

Summary: sssd incorrectly checks 'try_inotify' thinking it is the wrong section
Product: Red Hat Enterprise Linux 7 Reporter: Eugene Keck <ekeck>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: Amith <apeetham>
Severity: low Docs Contact:
Priority: low    
Version: 7.3CC: fidencio, grajaiya, jhrozek, lslebodn, mkosek, mzidek, pbrezina, sgoveas, tscherf
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: sssd-1.16.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 17:16:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eugene Keck 2017-09-11 19:18:31 UTC 
Description of problem:
[rule/allowed_sssd_options]: Attribute 'try_inotify' is not allowed in section 'sssd'. Check for typos.

Version-Release number of selected component (if applicable):
sssd-1.15.2-50.el7

How reproducible:
Always

Steps to Reproduce:
1. add try_inotify option to the [sssd] section

Actual results:
(Mon Sep 11 15:02:52:190955 2017) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sssd_options]: Attribute 'try_inotify' is not allowed in section 'sssd'. Check for typos.

Additional info:
It does correctly set the option.

[sssd]
services = sudo, nss, ifp, pam, ssh
domains = example.local
try_inotify = false

(Mon Sep 11 15:02:52:190955 2017) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sssd_options]: Attribute 'try_inotify' is not allowed in section 'sssd'. Check for typos.
(Mon Sep 11 15:02:52:191688 2017) [sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [try_inotify]
(Mon Sep 11 15:02:52:191706 2017) [sssd] [sss_confdb_create_ldif] (0x4000): try_inotify: false


[sssd]
services = sudo, nss, ifp, pam, ssh
domains = example.local
try_inotify = true

(Mon Sep 11 15:05:02:859450 2017) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sssd_options]: Attribute 'try_inotify' is not allowed in section 'sssd'. Check for typos.
(Mon Sep 11 15:05:02:860188 2017) [sssd] [sss_confdb_create_ldif] (0x0400): Processing attribute [try_inotify]
(Mon Sep 11 15:05:02:860206 2017) [sssd] [sss_confdb_create_ldif] (0x4000): try_inotify: true
Comment 2 Jakub Hrozek 2017-09-12 06:45:40 UTC 
Upstream ticket:
https://pagure.io/SSSD/sssd/issue/3511
Comment 3 Lukas Slebodnik 2017-09-13 08:18:38 UTC 
master:
* 895584001760e8188db486bc39f9938624822d35

sssd-1-14:
* 69e61a52493a8c143f83763c2dd783cabea5c9f4
Comment 5 Amith 2017-11-30 16:11:37 UTC 
Verified the bug on SSSD Version : sssd-1.16.0-7.el7.x86_64

Steps followed during verification:

1. Install an older sssd build, for example sssd-1.15.2-50.el7_4.8, to reproduce the problem.

2. Configure sssd.conf as follows:

[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
debug_level = 0xFFF0
try_inotify = false

[pam]

[domain/LDAP]
debug_level = 0xFFF0
id_provider = ldap
ldap_uri = ldap://hubcap.lab.eng.pnq.redhat.com
ldap_search_base = dc=example,dc=com
ldap_tls_cacert = /etc/openldap/certs/cacert.asc

3. Start SSSD service and grep for inotify in sssd.log file. You should see the typo error.

# grep inotify sssd.log
[sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sssd_options]: Attribute 'try_inotify' is not allowed in section 'sssd'. Check for typos.
[sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sssd_options]: Attribute 'try_inotify' is not allowed in section 'sssd'. Check for typos.

4. Upgrade SSSD to the latest version and restart sssd service.

# rpm -q sssd
sssd-1.16.0-7.el7.x86_64

5. Repeat the grep command and the typo error vanished.

# grep inotify sssd.log
[sssd] [snotify_watch] (0x2000): Opened inotify fd 0
[sssd] [_snotify_create] (0x0400): Added a watch for /etc/resolv.conf with inotify flags 0x8D88 internal flags 0x1 using function resolv_conf_inotify_cb after delay 1.0
[sssd] [watch_ctx_destructor] (0x2000): Closing inotify fd 0
Comment 8 errata-xmlrpc 2018-04-10 17:16:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:0929