[SSSD] Re: [PATCH] confdb: Check for config file errors on sssd startup

Fri, 24 Jun 2016 01:10:02 -0700 

On 06/24/2016 09:56 AM, Jakub Hrozek wrote:

On Thu, Jun 23, 2016 at 11:10:57AM +0200, Lukas Slebodnik wrote:

ehlo

The first patch is sligtly modified version of Michal's patch.
It depends on patch for config snippet. Because config
validation is optional if it isn't supported in libini_config.
And detection for new libini_config is in patch for config snippets

You might see "typos" in sssd.log
e.g.
(Thu Jun 23 10:48:39:370079 2016) [sssd] [sss_ini_call_validators] (0x0020): 
[rule/allowed_domain_options]: Attribute 'ldapi_uri' is not allowed in section 
'domain/example.com'. Check for typos.

BTW don't forget to build with ding-libs-0.6 (libini_config 1.3.0)

LS



 From 76d0ab2784d341e5204d63ddebcfec2012f01016 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Wed, 22 Jun 2016 19:11:42 +0200
Subject: [PATCH 1/2] confdb: Check for config file errors on sssd startup


ACK


 From 0436bd95ceafed4ce1c9173fa001c5aee064b29e Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Thu, 23 Jun 2016 08:52:18 +0200
Subject: [PATCH 2/2] Prepare ini schema with rules for validation

Resolves:
https://fedorahosted.org/sssd/ticket/2028
---
  Makefile.am               |   5 +-
  contrib/sssd.spec.in      |   1 +
  src/confdb/confdb_setup.c |   2 +-
  src/config/cfg_rules.ini  | 615 ++++++++++++++++++++++++++++++++++++++++++++++


we need to allow entry_negative_timeout local_negative_timeout and
get_domains_timeout for
all responders. Also 'timeout' for all services (this one is more
important, many users set timeout especially if they use enumeration).

user_attributes is also possible for the NSS responder and used to get
attributes of trusted users. We also seem to be reading override_space
from the monitor section.

Should I open a ticket so that we can fix these later and not delay the
beta any longer?


Yes, please do.
Just copy the above to the ticket description. Maybe I will
fix the ticket even today, but right now I am doing something
else.

Michal
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

Reply via email to