Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1072458
Description of problem: The sssd.conf file has many parameters and options but no clean, efficient way to check the file for correctness - typos, incorrect parameter contexts, leading spaces, etc. Some checking is done when sssd is started but if problems are encountered, the usual result is sssd fails to start and any warnings, errors are logged but not always useful. Having a stand-alone utility "sssd_check" (similar to the testparm tool included with Samba) has the potential to save much troubleshooting time for all. This makes good business sense given the fact that SSSD is installed by default on RHEL, and its interest and use continues to grow. Version-Release number of selected component (if applicable): RHEL 6.5+, RHEL 7+ How reproducible: n/a Steps to Reproduce: 1. n/a 2. 3. Actual results: n/a Expected results: n/a Additional info: From a high level sssd_check could operate (similar to Samba testparm) as follows: # sssd_check --help Usage: [OPTION...] <config_file> -v, --verbose Show default options -l, --skip-logic-checks Skip the global checks --show-all-parameters Show the parameters, type, possible values --parameter-name=STRING Limit testparm to a named parameter --section-name=STRING Limit testparm to a named section Help options: -?, --help Show this help message --usage Display brief usage message Common sssd options: -V, --version Print version Common sssd debugging: -d, --debuglevel=DEBUGLEVEL Set debug level Common sssd commandline config: --option=name=value Set sssd.conf option from command line Notes: 1. If no config_file is specified then the default /etc/sssd/sssd.conf is used 2. Comments are stripped out of the output Using the following file as an example: [sssd] config_file_version = 2 debug_level = 0 domains = refarch-ad.cloud.lab.eng.bos.redhat.com services = nss, pam # Uncomment/adjust as needed if IMU is not used: #override_homedir = /home/%d/%u #default_shell = /bin/bash [domain/refarch-ad.cloud.lab.eng.bos.redhat.com] id_provider = ad access_provider = ad # Permits offline logins: # cache_credentials = true # Use when service discovery not working: # ad_server = win-srv1.refarch-ad.cloud.lab.eng.bos.redhat.com # Enables use of POSIX UID's and GID's: ldap_id_mapping = false the examples below demonstrate it usage and output. ---------------------------- Example 1 - display version: ---------------------------- # check_sssd --version Version 1.2.3-456.el6.5 ------------------------------- Example 2 - check on good file: ------------------------------- # check_sssd Loading sssd config file from /etc/sssd/sssd.conf Loaded file OK. Server role: DOMAIN_MEMBER Press enter to see a dump of your service definitions [sssd] config_file_version = 2 debug_level = 0 domains = refarch-ad.cloud.lab.eng.bos.redhat.com services = nss, pam [domain/refarch-ad.cloud.lab.eng.bos.redhat.com] id_provider = ad access_provider = ad ldap_id_mapping = false --------------------------------------------------------------------- Example 3 - check on non-default file with bad parameter (foo = bar): --------------------------------------------------------------------- # check_sssd -f /etc/sssd/sssd.conf.bad Loading sssd config file from /etc/sssd/sssd.conf.bad Unknown parameter encountered: "foo" Ignoring unknown parameter "foo" Loaded file OK. Server role: DOMAIN_MEMBER Press enter to see a dump of your service definitions [sssd] config_file_version = 2 debug_level = 0 domains = refarch-ad.cloud.lab.eng.bos.redhat.com services = nss, pam [domain/refarch-ad.cloud.lab.eng.bos.redhat.com] id_provider = ad access_provider = ad ldap_id_mapping = false
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => milestone: NEEDS_TRIAGE => SSSD 1.14 beta review: True => 0 selected: => testsupdated: => 0
Ticket #416 was marked as duplicate of this ticket.
mark: => 0
Ticket #1621 was marked as duplicate of this ticket.
cc: => mzidek@redhat.com sensitive: => 0
milestone: SSSD 1.14 beta => SSSD 1.14 alpha owner: somebody => mzidek
design: => https://fedorahosted.org/sssd/wiki/DesignDocs/ConfigCheckTool
I need to release the Alpha tarball today, moving to Beta.
milestone: SSSD 1.14 alpha => SSSD 1.14 beta
The config checks themselves will be part of the beta, but not the tool.
milestone: SSSD 1.14 beta => SSSD 1.14.0
Downstream BZ -> increase in priority.
priority: major => critical
patch: 0 => 1
We decided to not create a separate tool with this functionality, but add it as a new command for the sssctl tool.
master:
resolution: => fixed status: new => closed
Metadata Update from @jhrozek: - Issue assigned to mzidek - Issue set to the milestone: SSSD 1.14.0
since no sssd_check is created, but we plan to update sssctl, I feel it should be closed=>wontfix instead of closed=>fixed.
@amitkumar25nov. It is implemented in sssctl config-check
sssctl config-check
Metadata Update from @lslebodn: - Custom field design_review reset - Custom field mark reset - Custom field patch adjusted to on (was: 1) - Custom field review reset - Custom field sensitive reset - Custom field testsupdated reset
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3311
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.