Bug 824244 – sssd does not warn into sssd.log for broken configurations

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 824244 - sssd does not warn into sssd.log for broken configurations

Summary:	sssd does not warn into sssd.log for broken configurations

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd (Show other bugs)
Sub Component:
Version:	6.3
Hardware:	Unspecified Unspecified

Priority	medium Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Jakub Hrozek
QA Contact:	Kaushik Banerjee
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	881827
	Show dependency tree / graph

Reported:	2012-05-23 00:39 EDT by Kaushik Banerjee
Modified:	2013-02-21 04:23 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	sssd-1.9.2-27.el6
Doc Type:	Bug Fix
Doc Text:	No documentation needed.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-02-21 04:23:51 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0508	normal	SHIPPED_LIVE	Low: sssd security, bug fix and enhancement update	2013-02-20 16:30:10 EST

Groups: None (edit)

Description Kaushik Banerjee 2012-05-23 00:39:06 EDT

Description of problem:
sssd does not warn into sssd.log for broken configurations

Version-Release number of selected component (if applicable):
1.8.0-28

How reproducible:
Always

Steps to Reproduce:
1. Configure sssd with the following in sssd, domain section:
[sssd]
config_file_version = 2
services = nss, pam
domains = LOCAL
debug_level = 0xFFF0
 
[domain/LOCAL]
max_id = 1999
min_id = 2000
debug_level = 0xFFF0
id_provider = local

2. Try to start sssd:
# service sssd start
Starting sssd:                                             [FAILED]

  
Actual results:
/var/log/sssd/sssd.log doesn't show any errors/output

Expected results:
/var/log/sssd/sssd.log should show appropriate error messages.

Additional info:
Running sssd from cmdline shows appropriate error.
# sssd -i -d 0xFFF0
(Tue May 22 15:14:06:921929 2012) [sssd] [check_file] (0x0020): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory].
(Tue May 22 15:14:06:922464 2012) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse!
(Tue May 22 15:14:06:922987 2012) [sssd] [confdb_get_domain_internal] (0x0020): No enumeration for [LOCAL]!
(Tue May 22 15:14:06:923036 2012) [sssd] [confdb_get_domain_internal] (0x0010): Invalid domain range
(Tue May 22 15:14:06:923066 2012) [sssd] [confdb_get_domains] (0x0010): Error (22 [Invalid argument]) retrieving domain [LOCAL], skipping!
(Tue May 22 15:14:06:923092 2012) [sssd] [confdb_get_domains] (0x0010): No properly configured domains, fatal error!
(Tue May 22 15:14:06:923115 2012) [sssd] [get_monitor_config] (0x0010): No domains configured.
(Tue May 22 15:14:06:923187 2012) [sssd] [main] (0x0020): Error loading configuration database: [2]: No such file or directory

Comment 3 Stephen Gallagher 2012-05-23 07:21:53 EDT

Upstream ticket:
https://fedorahosted.org/sssd/ticket/1345

Comment 6 Kaushik Banerjee 2012-11-08 10:07:09 EST

Re-opening. The issue is not fixed in version 1.9.2-7

Comment 7 Jakub Hrozek 2012-11-14 15:45:39 EST

Kaushik, can you re-test? I think we fixed this issue again while fixing the startup bugs. At least it works for me, when I break the domains configuration with bogus min_id/max_id and attempt to start the sssd, I see a DEBUG message in the logs:

(Wed Nov 14 21:41:52:786778 2012) [sssd] [main] (0x0020): Error loading configuration database: [2]: No such file or directory

Not exactly verbose, but at least gives a hint that something is up with configuration..

Comment 8 Kaushik Banerjee 2012-11-15 01:11:08 EST

Tested with sssd-1.9.2-13.

With debug level set to 0xFFF0 in the [sssd] section, I do see only the "Error loading configu... ". But, shouldn't we get the same errors/output in sssd.log as what we get by running "sssd -i -d 0xFFF0"?

We used to get the similar output in sssd.log before it broke in 1.8

Comment 9 Kaushik Banerjee 2012-11-15 10:00:02 EST

Re-opening bug to get this fixed.

Comment 11 Kaushik Banerjee 2012-12-10 09:38:42 EST

Verified in version 1.9.2-37.el6. All mis-configurations are now logged to sssd.log.

Report from beaker automation run.

   [   PASS   ]      SSSD_mis-configuration_001 max_id less than min_id
   [   PASS   ]      SSSD_mis-configuration_002 Invalid provider value
   [   PASS   ]      SSSD_mis-configuration_003 Negative min_id
   [   PASS   ]      SSSD_mis-configuration_004 Negative max_id
   [   PASS   ]      SSSD_mis-configuration_005 duplicate defined parameters, last read wins
   [   PASS   ]      SSSD_mis-configuration_006 Segmentation Fault
   [   PASS   ]      SSSD_mis-configuration_007 Required Key provider Not Defined
   [   PASS   ]      SSSD_mis-configuration_008 Enumeration defined with Integer
   [   PASS   ]      SSSD_mis-configuration_009 Enumeration defined with non boolean
   [   PASS   ]      SSSD_mis-configuration_010 Use Fully Qualified Names defined with a string
   [   PASS   ]      SSSD_mis-configuration_011 Use Fully Qualified Names defined with an integer
   [   PASS   ]      SSSD_mis-configuration_012 Invalid Authentication provider with LOCAL Identity provider
   [   PASS   ]      SSSD_mis-configuration_013 Invalid sssd.conf file permissions - 0644
   [   PASS   ]      SSSD_mis-configuration_014 Invalid sssd.conf file permissions - 0200
   [   PASS   ]      SSSD_mis-configuration_015 Invalid sssd.conf file permissions - 0066
   [   PASS   ]      SSSD_mis-configuration_016 Invalid sssd.conf file ownership
   [   PASS   ]      SSSD_mis-configuration_017 Invalid dp Service
   [   PASS   ]      SSSD_mis-configuration_018 Duplicate defined parameters for offline authentication- last one read win

Comment 12 errata-xmlrpc 2013-02-21 04:23:51 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0508.html

Note You need to log in before you can comment on or make changes to this bug.