On Thu, Jun 23, 2016 at 11:10:57AM +0200, Lukas Slebodnik wrote: > ehlo > > The first patch is sligtly modified version of Michal's patch. > It depends on patch for config snippet. Because config > validation is optional if it isn't supported in libini_config. > And detection for new libini_config is in patch for config snippets > > You might see "typos" in sssd.log > e.g. > (Thu Jun 23 10:48:39:370079 2016) [sssd] [sss_ini_call_validators] (0x0020): > [rule/allowed_domain_options]: Attribute 'ldapi_uri' is not allowed in > section 'domain/example.com'. Check for typos. > > BTW don't forget to build with ding-libs-0.6 (libini_config 1.3.0) > > LS
> From 76d0ab2784d341e5204d63ddebcfec2012f01016 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com> > Date: Wed, 22 Jun 2016 19:11:42 +0200 > Subject: [PATCH 1/2] confdb: Check for config file errors on sssd startup ACK > From 0436bd95ceafed4ce1c9173fa001c5aee064b29e Mon Sep 17 00:00:00 2001 > From: Lukas Slebodnik <lsleb...@redhat.com> > Date: Thu, 23 Jun 2016 08:52:18 +0200 > Subject: [PATCH 2/2] Prepare ini schema with rules for validation > > Resolves: > https://fedorahosted.org/sssd/ticket/2028 > --- > Makefile.am | 5 +- > contrib/sssd.spec.in | 1 + > src/confdb/confdb_setup.c | 2 +- > src/config/cfg_rules.ini | 615 > ++++++++++++++++++++++++++++++++++++++++++++++ we need to allow entry_negative_timeout local_negative_timeout and get_domains_timeout for all responders. Also 'timeout' for all services (this one is more important, many users set timeout especially if they use enumeration). user_attributes is also possible for the NSS responder and used to get attributes of trusted users. We also seem to be reading override_space from the monitor section. Should I open a ticket so that we can fix these later and not delay the beta any longer? _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
