1754624 – [RFE] automatically use all defined domains

Bug 1754624 - [RFE] automatically use all defined domains

Summary: [RFE] automatically use all defined domains

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sssd
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	---
Assignee:	sssd-maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-09-23 18:17 UTC by Pat Riehecky
Modified:	2020-07-08 11:33 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-07-08 11:33:38 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Pat Riehecky 2019-09-23 18:17:37 UTC

Description of problem:
Right now if SSSD has no domains defined in [sssd], it does not start.  I'd like to request this behavior change slightly.

If there are no domains defined in [sssd], then sssd looks for all defined '[domain/*]' domains and loads them alphabetically.  If there are still no domains loaded then error out and don't start.

Folks with required order or who wish to exclude some domains they've defined will still retain their existing behavior, but this common error is avoided and need to edit sssd.conf is removed.

Version-Release number of selected component (if applicable):
sssd-2.2.2-1.fc31.x86_64

How reproducible:
100%

Steps to Reproduce:
1. No way to automatically import domains without editing sssd.conf
2.
3.

Actual results:
Must add domain [sssd] \n domains

Expected results:
Able to let SSSD import all defined domains if none were requested via sssd.conf


Additional info:

Comment 1 Lukas Slebodnik 2019-09-23 20:39:52 UTC

sssd has always at least one domain on fedora: `implicit_files`. So it would never fail.

It is not required to modify sssd.conf. You can can put snippet files into directory /etc/sssd/conf.d/

Sure you still need to "modify" the option domains in section `[sssd]` but the last match wins.

e.g.

[sssd]
services = nss, sudo, pam, autofs, ssh
services = nss, sudo, pam, autofs, ssh, ifp
services = nss, pam, ssh
debug_level = 0xBFF0

domains = default
domains = default, example.com
domains = idm.lab.example.com
domains = ldapkrb5
domains = BZ1062232
domains = refLDAP
domains = ldap-rfc2307
domains = example.com, LOCAL

The following services `nss, pam, ssh` and domains `example.com, LOCAL` will be used.

You can generate 10 snippet files for 10 domains and then 11th snippet which override
the option domains in the `[sssd]` section. It is not ideal but reasonable workaround
which will work even in el7


IIRC there was a plan to add boolean option to the domain section `enabled` ut you would need to check upstream issues.
https://pagure.io/SSSD/sssd/issues

Comment 2 Fedora Admin user for bugzilla script actions 2020-06-18 14:59:12 UTC

This package has changed maintainer in the Fedora.
Reassigning to the new maintainer of this component.

Comment 3 Pavel Březina 2020-07-08 11:33:38 UTC

There is a PR for the 'enabled' option Lukas mentioned: https://github.com/SSSD/sssd/pull/5213

I'm going to close this RFE BZ. Once the PR is merged and released in Fedora, you'll be enable to just drop in domain to /etc/sssd/sssd.conf and enable them via this attribute.

If you want to track the status of the PR in this BZ, feel free to reopen it and change the description to reflect it.

Note You need to log in before you can comment on or make changes to this bug.