freeipa

Clone
Source Code
GIT

#4315 ipa-client-install --preserve-sssd does not seem to preserve the sssd configuration
Closed: wontfix 5 years ago Opened 10 years ago by mkosek.

Closed: wontfix
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1088683

Description of problem:
If the user chooses to preserve the sssd configuration, IPA will overwrite the
existing configuration even with specifying --preserve-sssd

Version-Release number of selected component (if applicable):
ipa-client-3.0.0-25.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. create a sssd configuration in /etc/sssd/sssd.conf.
2. ipa-client-install --server=$MASTER --password=$ADMINPW --unattended
--realm=$RELM --domain=$DOMAIN --principal=$ADMINID --preserve-sssd
3. Observe that the contents of sssd.conf have been cleared.

Actual results:

The sssd config was wiped out and replaced.

Expected results:
I expect ipa to either error out, and not continue, or to integrate it's config
with the running config where possible.

Additional info:

For a valid, easy to set up sssd.conf, I suggest adding the following to
/etc/sssd/sssd.conf

[nss]
filter_users = root
filter_groups = root

We should update this section:

    try:
        domain = sssdconfig.new_domain(cli_domain)
    except SSSDConfig.DomainAlreadyExistsError:
        root_logger.info("Domain %s is already configured in existing SSSD " +
            "config, creating a new one.", cli_domain)
        root_logger.info("The old /etc/sssd/sssd.conf is backed up and will " +
            "be restored during uninstall.")
        sssdconfig = SSSDConfig.SSSDConfig()
        sssdconfig.new_config()
        domain = sssdconfig.new_domain(cli_domain)

To error out when creating new sssd.conf because of conflicting domain and when --preserve-sssd is passed, instead of overwriting it.

This fix is not a priority at the moment. Preferred solution is to have a drop-in snippet configuration for sssd without a need to merge or override global sssd.conf.

Moving to ticket backlog, patches welcome.

Metadata Update from @mkosek:
- Issue assigned to someone
- Issue set to the milestone: Ticket Backlog
7 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Client
None
0
easyfix
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1088683
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.