On Tue, Jun 30, 2015 at 11:28:39PM +0200, Lukas Slebodnik wrote: > >- Running sssd in environment where all actions complete successfully > > should emit no debug messages. Default log level should be moved to > > SSSDBG_OP_FAILURE or CRIT_FAILURE. (This basically amounts to checking > > all OP, FATAL and CRIT failure messages..) > > > > The reason is that sometimes sssd fails, but because logging is > > totally silent, we don't know what happened at all. Currently we have > > a couple of small bugs where we might print a loud DEBUG message just > > because we search for an entry which is not there etc. > > > This one is not doable in short term. > Please consider AD provider and error causedb by "replacing" groups > after tokengroups. But I agree that in long term we shoudl do it.
Maybe not all, but we could do a lot here even in short term. > > > >- anything that causes SSSD to fail to start should also emit a syslog > > message. Admins don't really know about sssd debug logs. > We just need to enable logging to journald by default > + change debug level. But it requires to fix previous point. > > >- our man pages are not structured well, especially the LDAP man page is > > too big and contains too many options. > Do you have an idea how to split man pages? > > We do not have one long man page. > sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), > sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8), > sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), > sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), > sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), > sss_ssh_knownhostsproxy(8),sssd-ifp(5),pam_sss(8). sss_rpcidmapd(5) > > The main problem is that people needn't know about them > and/or they needn't know where to start. I think most man pages are not that bad, I mostly have issue with sssd.conf(5) and sssd-ldap(5). Especially sssd-ldap would much more readable if we grouped the options. At least having a section for user attribute mappings, group attribute mappings, ... would be very helpful. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel