On (01/07/15 10:03), Jakub Hrozek wrote: >On Tue, Jun 30, 2015 at 11:28:39PM +0200, Lukas Slebodnik wrote: >> >- Running sssd in environment where all actions complete successfully >> > should emit no debug messages. Default log level should be moved to >> > SSSDBG_OP_FAILURE or CRIT_FAILURE. (This basically amounts to checking >> > all OP, FATAL and CRIT failure messages..) >> > >> > The reason is that sometimes sssd fails, but because logging is >> > totally silent, we don't know what happened at all. Currently we have >> > a couple of small bugs where we might print a loud DEBUG message just >> > because we search for an entry which is not there etc. >> > >> This one is not doable in short term. >> Please consider AD provider and error causedb by "replacing" groups >> after tokengroups. But I agree that in long term we shoudl do it. > >Maybe not all, but we could do a lot here even in short term. > >> >> >> >- anything that causes SSSD to fail to start should also emit a syslog >> > message. Admins don't really know about sssd debug logs. >> We just need to enable logging to journald by default >> + change debug level. But it requires to fix previous point. >> >> >- our man pages are not structured well, especially the LDAP man page is >> > too big and contains too many options. >> Do you have an idea how to split man pages? >> >> We do not have one long man page. >> sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), >> sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8), >> sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), >> sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), >> sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), >> sss_ssh_knownhostsproxy(8),sssd-ifp(5),pam_sss(8). sss_rpcidmapd(5) >> >> The main problem is that people needn't know about them >> and/or they needn't know where to start. > >I think most man pages are not that bad, I mostly have issue with >sssd.conf(5) and sssd-ldap(5). Especially sssd-ldap would much more readable >if we grouped the options. At least having a section for user attribute >mappings, group attribute mappings, ... would be very helpful. Sections are good idea.
Do we have a ticket? LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
