> On Fri, 2011-04-01 at 16:46 +0200, Jan Zelený wrote: > > These changes are all related to the following ticket: > > https://fedorahosted.org/sssd/ticket/763 > > > > Changes in SSSDConfig.py merge old and new domain record instead of just > > deleting the old and inserting the new one. The old approach let to loss > > of some information like comments and blank lines in the config file. > > > > Changes in API config were performed so our Python scripts (like > > sss_obfuscate) don't add extra config options to the config file. > > Nack. > > As we discussed on IRC, the 'services' option in [sssd] must be left as > mandatory. > > Similarly, do not make krb5_realm optional. It must exist if using the > kerberos provider. > krb5_realm (string) > The name of the Kerberos realm. This option is required > and must be specified. > > Also, the SSSDConfigTest.py tests are failing due to these changes. > Please fix this.
Sending corrected patch. Jan
From 5918e831f7eeb646d6e96a1efdbee53968a1ec35 Mon Sep 17 00:00:00 2001 From: Jan Zeleny <jzel...@redhat.com> Date: Wed, 30 Mar 2011 08:38:41 -0400 Subject: [PATCH] Configuration parsing updates These changes are all related to following ticket: https://fedorahosted.org/sssd/ticket/763 Changes in SSSDConfig.py merge old and new domain record instead of just deleting the old and inserting the new one. The old approach let to loss of some information like comments and blank lines in the config file. Changes in API config were performed so our Python scripts (like sss_obfuscate) don't add extra config options to the config file. --- src/config/SSSDConfig.py | 25 +++++++++------------ src/config/SSSDConfigTest.py | 33 +---------------------------- src/config/etc/sssd.api.conf | 4 +- src/config/etc/sssd.api.d/sssd-ipa.conf | 2 +- src/config/etc/sssd.api.d/sssd-ldap.conf | 4 +- src/config/etc/sssd.api.d/sssd-local.conf | 4 +- 6 files changed, 19 insertions(+), 53 deletions(-) diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 5135174a87d13b2f0817a99e1b1d9f63e73d5673..c3d9ed40879347fd5ce73c27714346d9b89bfcf9 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -1739,23 +1739,20 @@ class SSSDConfig(SSSDChangeConf): domain.oldname = None; sectionname = 'domain/%s' % name - # Ensure that the existing section is removed - # This way we ensure that we are getting a - # complete copy of the service. - # delete_option() is a noop if the section - # does not exist. - index = self.delete_option('section', sectionname) - addkw = [] + section_subtree = self.findOpts(self.opts, 'section', sectionname) + + if name not in self.list_domains(): + self.add_section(sectionname, []); + + for option in self.options(sectionname): + if option['type'] == 'option': + if option['name'] not in domain.get_all_options(): + self.delete_option_subtree(section_subtree, 'option', option['name'], True) + for option,value in domain.get_all_options().items(): if (type(value) == list): value = ', '.join(value) - addkw.append( { 'type' : 'option', - 'name' : option, - 'value' : str(value) } ) - if oldindex: - self.add_section(sectionname, addkw, oldindex) - else: - self.add_section(sectionname, addkw, index) + self.set(sectionname, option, str(value)) if domain.active: self.activate_domain(name) diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index cad183ea00722f86c59c4c66705634836dee6c40..af32acc67ee47a016863b4a674d1208e77f29a68 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -599,33 +599,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): # First test default options options = domain.list_mandatory_options() - control_list = [ - 'cache_credentials', - 'id_provider', - 'auth_provider'] - - self.assertTrue(type(options) == dict, - "Options should be a dictionary") - - # Ensure that all of the expected defaults are there - for option in control_list: - self.assertTrue(option in options.keys(), - "Option [%s] missing" % - option) - - # Ensure that there aren't any unexpected options listed - for option in options.keys(): - self.assertTrue(option in control_list, - 'Option [%s] unexpectedly found' % - option) - - # Add a provider and verify that the new options appear - domain.add_provider('local', 'id') - control_list.extend( - ['default_shell', - 'base_directory']) - - options = domain.list_mandatory_options() + control_list = ['id_provider'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -1000,11 +974,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): def testRemoveOption(self): domain = SSSDConfig.SSSDDomain('sssd', self.schema) - # Positive test - Remove existing option - self.assertTrue('cache_credentials' in domain.get_all_options().keys()) - domain.remove_option('cache_credentials') - self.assertFalse('cache_credentials' in domain.get_all_options().keys()) - # Positive test - Remove unset but valid option self.assertFalse('max_id' in domain.get_all_options().keys()) domain.remove_option('max_id') diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index e91597166c07fcf945726dad528082768aabc3ef..975cd2d1fa46953fd662fdd96e7f8b2f74b99fb7 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -40,7 +40,7 @@ pam_pwd_expiration_warning = int, None, false [provider] #Available provider types id_provider = str, None, true -auth_provider = str, None, true +auth_provider = str, None, false access_provider = str, None, false chpass_provider = str, None, false @@ -53,7 +53,7 @@ min_id = int, None, false max_id = int, None, false timeout = int, None, false enumerate = bool, None, false -cache_credentials = bool, None, true, false +cache_credentials = bool, None, false store_legacy_passwords = bool, None, false use_fully_qualified_names = bool, None, false entry_cache_timeout = int, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 31b7dc9beee007d0969d1a2f1750674345cf2eb3..7719069c79c25e88b638ee986f387d1b377d7c50 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -1,5 +1,5 @@ [provider/ipa] -ipa_domain = str, None, true +ipa_domain = str, None, false ipa_server = str, None, false ipa_hostname = str, None, false ipa_dyndns_update = bool, None, false diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 5fd0cfb589e348241cf725e4cbe2fe639e542a58..8672f0b24fb698881f0d1d8d2c705c7acda6e198 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -1,7 +1,7 @@ [provider/ldap] ldap_uri = str, None, false ldap_search_base = str, None, false -ldap_schema = str, None, true, rfc2307 +ldap_schema = str, None, false ldap_default_bind_dn = str, None, false ldap_default_authtok_type = str, None, false ldap_default_authtok = str, None, false @@ -33,7 +33,7 @@ ldap_search_timeout = int, None, false ldap_enumeration_search_timeout = int, None, false ldap_enumeration_refresh_timeout = int, None, false ldap_purge_cache_timeout = int, None, false -ldap_id_use_start_tls = bool, None, true, false +ldap_id_use_start_tls = bool, None, false ldap_user_search_base = str, None, false ldap_user_search_scope = str, None, false ldap_user_search_filter = str, None, false diff --git a/src/config/etc/sssd.api.d/sssd-local.conf b/src/config/etc/sssd.api.d/sssd-local.conf index 0686f08232c289ab67e1813bfe282bb29a5bc9bb..f740b5ba157deca7e19c4ae565400897b7f0a3e0 100644 --- a/src/config/etc/sssd.api.d/sssd-local.conf +++ b/src/config/etc/sssd.api.d/sssd-local.conf @@ -1,8 +1,8 @@ [provider/local] [provider/local/id] -default_shell = str, None, true, /bin/bash -base_directory = str, None, true, /home +default_shell = str, None, false +base_directory = str, None, false [provider/local/auth] -- 1.7.4.1
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
