Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.1

Fields changed

rhbz: => 0

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

Fields changed

mark: => 0
priority: critical => major

Fields changed

owner: somebody => pbrezina

We need to finish some rootless sssd tasks first, then Pavel will do an assesment of this ticket.

Fields changed

milestone: SSSD 1.12.3 => SSSD 1.12.4

The sbus-related patches are landing on the list, but we realized during review that they're too big for 1.12, at least for the time being. We're going to commit them to master only for now and backport on request to avoid breaking 1.12.

milestone: SSSD 1.12.4 => Tools Deferred

Sorry, wrong milestone.

milestone: Tools Deferred => SSSD 1.13 alpha

Fields changed

summary: The openlmi interface should use a system message bus helper and does not belong in infopipe => The config manipulation interface should use a system message bus helper and does not belong in infopipe

Fields changed

milestone: SSSD 1.13 alpha => SSSD 1.13 backlog
sensitive: => 0

We should just rip out the config management API from SSSD completely..

milestone: SSSD 1.13 backlog => SSSD 1.14 alpha

Replying to [comment:13 jhrozek]:

We should just rip out the config management API from SSSD completely..

Can you please elaborate?

Replying to [comment:14 dpal]:

Replying to [comment:13 jhrozek]:

We should just rip out the config management API from SSSD completely..

Can you please elaborate?

We have a config API exposed on D-Bus. Because sssd.conf is currently writable as root only, this limits the IFP API to run as root as well. Now we have two options:
1. leave the D-Bus configuration API around, but move it to another D-Bus service started on demand. This is what simo was proposing earlier
2. Remove this D-Bus config API from SSSD completely.

Because AFAIK this API is only used by OpenLMI which is more or less dead, I was leaning towards 2. But whatever we do, I would really like the IFP responder to not run as root in 1.14. Implementing 1. would just be a bit more work and I'm not sure there would be any users.

I think we would still need the configuration API. Moving it to a service but not completing the work on that service until we need this API is fine but just ripping it out is IMO the wrong approach as this is how SSSD should be configured via tools like ansible and cockpit. I also suspect we will use it in future to manage SSSD configuration remotely via cockpit.

This needs a fair amount of work which is not in the scope of 1.14 unfortunately.

milestone: SSSD 1.14 alpha => SSSD 1.15 beta

We actually removed the config manipulation completely.

resolution: => wontfix
status: new => closed

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3437

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.